package eu.cec.digit.ecas.client.validation;

import eu.cec.digit.ecas.client.constants.Strength;
import eu.cec.digit.ecas.client.constants.ValidationError;
import eu.cec.digit.ecas.client.jaas.EcasProxyCommunicationException;
import eu.cec.digit.ecas.client.jaas.ExtendedUserDetails;
import eu.cec.digit.ecas.client.jaas.FailedTicketValidationException;
import eu.cec.digit.ecas.client.jaas.InternalEcasServerException;
import eu.cec.digit.ecas.client.jaas.InvalidLoginDateException;
import eu.cec.digit.ecas.client.jaas.InvalidProxyException;
import eu.cec.digit.ecas.client.jaas.InvalidRequestException;
import eu.cec.digit.ecas.client.jaas.InvalidServiceException;
import eu.cec.digit.ecas.client.jaas.InvalidSignatureException;
import eu.cec.digit.ecas.client.jaas.InvalidStrengthException;
import eu.cec.digit.ecas.client.jaas.InvalidTicketException;
import eu.cec.digit.ecas.client.jaas.InvalidUserException;
import eu.cec.digit.ecas.client.jaas.UnexpectedLoginException;
import eu.cec.digit.ecas.client.logging.Logger;
import eu.cec.digit.ecas.client.resolver.logging.LoggerFactory;
import eu.cec.digit.ecas.client.signature.AuthenticatedMessage;
import eu.cec.digit.ecas.client.signature.AuthenticationInfo;
import eu.cec.digit.ecas.client.signature.MessageInfo;
import eu.cec.digit.ecas.client.signature.SignatureInfo;
import eu.cec.digit.ecas.client.signature.SignatureTypeRegistry;
import eu.cec.digit.ecas.client.signature.SignerInfo;
import eu.cec.digit.ecas.client.signature.UserConfirmationMessage;
import eu.cec.digit.ecas.client.signature.VerifiedAuthenticatedMessage;
import eu.cec.digit.ecas.client.signature.VerifiedUserConfirmationMessage;
import eu.cec.digit.ecas.client.signature.impl.AbstractExtraSignatureParametersRegistryFactory;
import eu.cec.digit.ecas.client.signature.verify.AbstractVerifierFactory;
import eu.cec.digit.ecas.client.signature.verify.InvalidCertificateException;
import eu.cec.digit.ecas.client.signature.verify.InvalidDigestException;
import eu.cec.digit.ecas.client.signature.verify.VerificationException;
import eu.cec.digit.ecas.client.validation.ProxyAuthenticationSuccess;
import eu.cec.digit.ecas.client.validation.ValidatedUserImpl;
import eu.cec.digit.ecas.util.Line;
import eu.cec.digit.ecas.util.StringArrays;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Collections;
import java.util.List;

/* loaded from: input_file:eu/cec/digit/ecas/client/validation/UserValidatorHelper.class */
public final class UserValidatorHelper implements DesktopUserValidator {
    private static final Logger LOG;
    private final EcasValidationConfigIntf ecasValidationConfig;
    private final ProxyTicketValidator proxyTicketValidator;
    private final SignatureTypeRegistry signatureTypeRegistry = AbstractExtraSignatureParametersRegistryFactory.newRegistry();
    static Class class$eu$cec$digit$ecas$client$validation$UserValidatorHelper;

    public UserValidatorHelper(EcasValidationConfigIntf ecasValidationConfigIntf) {
        this.ecasValidationConfig = ecasValidationConfigIntf;
        this.proxyTicketValidator = new ProxyTicketValidator(ecasValidationConfigIntf);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EcasValidationConfigIntf getEcasValidationConfig() {
        return this.ecasValidationConfig;
    }

    ProxyTicketValidator getProxyTicketValidator() {
        return this.proxyTicketValidator;
    }

    @Override // eu.cec.digit.ecas.client.validation.DesktopUserValidator
    public final ValidatedUser validate(String str, String str2) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException {
        try {
            return new ValidatedUserView((DetailedValidatedUser) internalValidate(str, str2, InetAddress.getLocalHost().getHostAddress()));
        } catch (UnknownHostException e) {
            throw new UnexpectedLoginException(e);
        }
    }

    @Override // eu.cec.digit.ecas.client.validation.DesktopUserValidator
    public ValidatedUser validateSignedUserConfirmationMessage(UserConfirmationMessage userConfirmationMessage, String str) throws InvalidSignatureException, InvalidStrengthException, ExtraGroupHandlingException, InvalidLoginDateException, UnexpectedLoginException {
        try {
            return new ValidatedUserView((DetailedValidatedUser) internalValidateSignedUserConfirmationMessage(userConfirmationMessage, str));
        } catch (TypeMappingException e) {
            throw new UnexpectedLoginException(e);
        }
    }

    @Override // eu.cec.digit.ecas.client.validation.DesktopUserValidator
    public ValidatedUser validateSignedAuthenticatedMessage(AuthenticatedMessage authenticatedMessage, String str) throws InvalidSignatureException, InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, UnexpectedLoginException {
        try {
            return new ValidatedUserView((DetailedValidatedUser) internalValidateSignedAuthenticatedMessage(authenticatedMessage, str));
        } catch (TypeMappingException e) {
            throw new UnexpectedLoginException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v36, types: [eu.cec.digit.ecas.client.validation.ValidationResult] */
    /* JADX WARN: Type inference failed for: r0v98, types: [eu.cec.digit.ecas.client.validation.ValidationResult] */
    public ValidatedUser internalValidate(String str, String str2, String str3, boolean z, String str4, String str5, AuthenticationSuccessCallbackHandlerV2 authenticationSuccessCallbackHandlerV2) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException {
        String str6;
        AuthenticationSuccess authenticationSuccess = null;
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": validating [ticket='").append(str).append("', targetService='").append(str2).append("', clientFingerprintEnabled='").append(z).append("', clientFingerprint='").append(str4).append("', sessionIdHash='").append(str5).append("']").toString());
            }
            AuthenticationSuccess validate = z ? this.proxyTicketValidator.validate((PrivateTicketInfo) new PrivateServiceTicketInfo(str, str2, str3, str4, str5)) : this.proxyTicketValidator.validate(new ServiceTicketInfo(str, str2, str3));
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": finished validation [ticket='").append(str).append("']").toString());
            }
            if (validate.isSuccessful()) {
                AuthenticationSuccess authenticationSuccess2 = validate;
                if (z && null == str4 && ((null == authenticationSuccess2.getProxies() || authenticationSuccess2.getProxies().isEmpty()) && !isClientCertStrength(authenticationSuccess2))) {
                    if (LOG.isDebugEnabled()) {
                        LOG.debug(new StringBuffer().append("validate").append(": refusing ticket='").append(str).append("' of user='").append(authenticationSuccess2.getUser()).append("' because: ").append("could not find the clientFingerprint corresponding to this login transaction and ticket is not a proxy ticket").toString());
                    }
                    throw new InvalidTicketException("could not find the clientFingerprint corresponding to this login transaction and ticket is not a proxy ticket", str);
                }
                if (null != authenticationSuccessCallbackHandlerV2) {
                    authenticationSuccess2 = authenticationSuccessCallbackHandlerV2.handle(authenticationSuccess2);
                }
                ValidatedUser validateAuthenticationSuccess = validateAuthenticationSuccess(authenticationSuccess2);
                if (LOG.isDebugEnabled()) {
                    LOG.debug(new StringBuffer().append("validate").append(": authenticated user validation succeeded: ").append(validateAuthenticationSuccess).toString());
                }
                return validateAuthenticationSuccess;
            }
            AuthenticationFailure authenticationFailure = (AuthenticationFailure) validate;
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": validation failed [ticket='").append(str).append("'] because: ").append(authenticationFailure.getErrorCode()).toString());
            }
            if (ValidationError.INVALID_TICKET.toString().equals(authenticationFailure.getErrorCode())) {
                throw new InvalidTicketException(authenticationFailure.getErrorMessage(), str);
            }
            if (ValidationError.INVALID_USER.toString().equals(authenticationFailure.getErrorCode())) {
                throw new InvalidUserException(authenticationFailure.getErrorMessage());
            }
            if (ValidationError.INVALID_SERVICE.toString().equals(authenticationFailure.getErrorCode())) {
                throw new InvalidServiceException(authenticationFailure.getErrorMessage(), str2);
            }
            if (ValidationError.INVALID_REQUEST.toString().equals(authenticationFailure.getErrorCode())) {
                throw new InvalidRequestException(authenticationFailure.getErrorMessage());
            }
            if (ValidationError.ECAS_PROXY_COMMUNICATION_ERROR.toString().equals(authenticationFailure.getErrorCode())) {
                throw new EcasProxyCommunicationException(authenticationFailure.getErrorMessage());
            }
            if (ValidationError.INTERNAL_ERROR.toString().equals(authenticationFailure.getErrorCode())) {
                throw new InternalEcasServerException(authenticationFailure.getErrorMessage());
            }
            throw new FailedTicketValidationException(new StringBuffer().append("ECAS authentication error [code='").append(authenticationFailure.getErrorCode()).append("', message='").append(authenticationFailure.getErrorMessage()).append("']").toString());
        } catch (FailedTicketValidationException e) {
            throw e;
        } catch (InvalidLoginDateException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": loginDate refused [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(e2.getMessage()).toString());
            }
            throw e2;
        } catch (InvalidProxyException e3) {
            if (LOG.isErrorEnabled()) {
                Logger logger = LOG;
                StringBuffer append = new StringBuffer().append("validate").append(": refused to allow untrusted proxy to access this service:").append(Line.EOL).append("[ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("']").append(Line.EOL);
                if (0 == 0 || null == authenticationSuccess.getProxies()) {
                    str6 = "";
                } else {
                    str6 = new StringBuffer().append("--received proxy chain:").append(Line.EOL).append(StringArrays.renderStringArray((String[]) authenticationSuccess.getProxies().toArray(new String[authenticationSuccess.getProxies().size()]), "ChainProxy")).append(Line.EOL).append(null == this.ecasValidationConfig.getProxyChainTrustHandler() ? "--but this application does not accept proxy tickets" : new StringBuffer().append("--list of authorized proxies:").append(Line.EOL).append(StringArrays.renderStringArray(this.ecasValidationConfig.getProxyChainTrustHandler().getTrustedProxies(), "TrustedProxy")).toString()).toString();
                }
                logger.error(append.append(str6).toString());
            }
            throw e3;
        } catch (InvalidStrengthException e4) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": strength refused [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(e4.getMessage()).toString());
            }
            throw e4;
        } catch (ExtraGroupHandlingException e5) {
            if (LOG.isErrorEnabled()) {
                LOG.error(new StringBuffer().append("validate").append(": extra groups could not be retreieved [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(e5).toString(), e5);
            }
            throw new UnexpectedLoginException(e5);
        } catch (TypeMappingException e6) {
            if (LOG.isErrorEnabled()) {
                LOG.error(new StringBuffer().append("validate").append(": user type could not be mapped [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(e6).toString(), e6);
            }
            throw new UnexpectedLoginException(e6);
        } catch (ValidationException e7) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": error [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(e7).toString(), e7);
            }
            throw new UnexpectedLoginException(e7);
        } catch (Throwable th) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": unexpected error [ticket='").append(str).append(0 == 0 ? "" : new StringBuffer().append("', user='").append(authenticationSuccess.getUser()).toString()).append("'] because: ").append(th).toString(), th);
            }
            throw new UnexpectedLoginException(th);
        }
    }

    private boolean isClientCertStrength(AuthenticationSuccess authenticationSuccess) {
        List strengths = authenticationSuccess.getStrengths();
        return null != strengths && strengths.size() == 1 && Strength.CLIENT_CERT.getName().equals(strengths.get(0));
    }

    private ValidatedUser internalValidate(String str, String str2, String str3) throws FailedTicketValidationException, InvalidStrengthException, InvalidProxyException, InvalidLoginDateException, UnexpectedLoginException {
        return internalValidate(str, str2, str3, false, null, null, null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValidatedUser validateAuthenticationSuccess(AuthenticationSuccess authenticationSuccess) throws InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, TypeMappingException {
        StrengthManagerIntf strengthManager = this.ecasValidationConfig.getStrengthManager();
        List retainAcceptable = strengthManager.retainAcceptable(authenticationSuccess.getStrengths());
        if (retainAcceptable.isEmpty()) {
            String obj = retainAcceptable.toString();
            throw new InvalidStrengthException(new StringBuffer().append("ECAS authentication strengths \"").append(obj).append("\" are not acceptable for this application which requires \"").append(strengthManager.getAcceptedStrengthsAsCSVString()).append("\"").toString(), obj);
        }
        List valuesOf = Strength.valuesOf(retainAcceptable);
        List proxies = authenticationSuccess.getProxies();
        if (null != proxies && proxies.size() != 0) {
            ProxyChainTrustHandlerIntf proxyChainTrustHandler = this.ecasValidationConfig.getProxyChainTrustHandler();
            String[] strArr = (String[]) proxies.toArray(new String[proxies.size()]);
            if (null == proxyChainTrustHandler) {
                throw new InvalidProxyException("This application does not accept ECAS proxies", strArr);
            }
            proxyChainTrustHandler.validate(strArr);
        }
        ExtendedUserDetailsTypeMapper extendedUserDetailsTypeMapper = null;
        if (this.ecasValidationConfig instanceof DetailedValidationConfigIntf) {
            DetailedValidationConfigIntf detailedValidationConfigIntf = (DetailedValidationConfigIntf) this.ecasValidationConfig;
            LoginDateValidatorIntf loginDateValidator = detailedValidationConfigIntf.getLoginDateValidator();
            if (null != loginDateValidator && !loginDateValidator.validate(authenticationSuccess.getLoginDate())) {
                throw new InvalidLoginDateException(new StringBuffer().append("ECAS login date \"").append(authenticationSuccess.getLoginDate()).append("\" is too old - a new authentication is required").toString(), authenticationSuccess.getLoginDate());
            }
            extendedUserDetailsTypeMapper = detailedValidationConfigIntf.getExtendedUserDetailsTypeMapper();
        }
        DetailedAuthenticationSuccess detailedAuthenticationSuccess = (DetailedAuthenticationSuccess) authenticationSuccess;
        ExtraGroupHandlerIntf extraGroupHandler = this.ecasValidationConfig.getExtraGroupHandler();
        List groups = authenticationSuccess.getGroups();
        List list = null;
        if (extraGroupHandler instanceof UserDetailsExtraGroupHandlerIntf) {
            list = ((UserDetailsExtraGroupHandlerIntf) extraGroupHandler).getGroups(detailedAuthenticationSuccess);
        } else if (null != extraGroupHandler) {
            list = extraGroupHandler.getGroups(authenticationSuccess.getUser());
        }
        if (null == list || list.isEmpty()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validate").append(": user: ").append(authenticationSuccess.getUser()).append(" has no extra group").toString());
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug(new StringBuffer().append("validate").append(": user: ").append(authenticationSuccess.getUser()).append(" has extra groups: ").append(list).toString());
        }
        ExtendedUserDetails extendedUserDetails = null;
        if (null != extendedUserDetailsTypeMapper) {
            try {
                extendedUserDetails = extendedUserDetailsTypeMapper.map(detailedAuthenticationSuccess);
            } catch (TypeMappingException e) {
                if (LOG.isErrorEnabled()) {
                    LOG.error(new StringBuffer().append("validate").append(": unable to map user: ").append(authenticationSuccess.getUser()).append(" with configured ExtendedUserDetailsTypeMapper: ").append(extendedUserDetailsTypeMapper.getClass().getName()).append(" due to ").append(e).toString(), e);
                }
                throw e;
            }
        }
        return new ValidatedUserImpl.Builder(detailedAuthenticationSuccess.getUser()).groups(groups).strengths(valuesOf).loginDate(detailedAuthenticationSuccess.getLoginDate().getTime()).ticketType(detailedAuthenticationSuccess.getTicketType()).proxies(detailedAuthenticationSuccess.getProxies()).proxyGrantingProtocol(detailedAuthenticationSuccess.getProxyGrantingProtocol()).pgtIou(detailedAuthenticationSuccess.getPgtIou()).pgtId(detailedAuthenticationSuccess.getPgtId()).extraGroups(list).departmentNumber(detailedAuthenticationSuccess.getDepartmentNumber()).email(detailedAuthenticationSuccess.getEmail()).employeeNumber(detailedAuthenticationSuccess.getEmployeeNumber()).employeeType(detailedAuthenticationSuccess.getEmployeeType()).firstName(detailedAuthenticationSuccess.getFirstName()).lastName(detailedAuthenticationSuccess.getLastName()).domain(detailedAuthenticationSuccess.getDomain()).domainUsername(detailedAuthenticationSuccess.getDomainUsername()).telephoneNumber(detailedAuthenticationSuccess.getTelephoneNumber()).userManager(detailedAuthenticationSuccess.getUserManager()).timeZone(detailedAuthenticationSuccess.getTimeZone()).locale(detailedAuthenticationSuccess.getLocale()).assuranceLevel(detailedAuthenticationSuccess.getAssuranceLevel()).mobilePhoneNumber(detailedAuthenticationSuccess.getMobilePhoneNumber()).orgId(detailedAuthenticationSuccess.getOrgId()).storkId(detailedAuthenticationSuccess.getStorkId()).tokenCramId(detailedAuthenticationSuccess.getTokenCramId()).tokenId(detailedAuthenticationSuccess.getTokenId()).registrationLevelVersions(detailedAuthenticationSuccess.getRegistrationLevelVersions()).deviceName(detailedAuthenticationSuccess.getDeviceName()).extendedAttributes(detailedAuthenticationSuccess.getExtendedAttributes()).extendedUserDetails(extendedUserDetails).build();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValidatedUser internalValidateSignedAuthenticatedMessage(AuthenticatedMessage authenticatedMessage, String str) throws InvalidSignatureException, InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, TypeMappingException {
        try {
            return validateVerifiedAuthenticatedMessage(AbstractVerifierFactory.getFactory().newVerifier(this.signatureTypeRegistry).verifySignedAuthenticatedMessage(authenticatedMessage), str);
        } catch (InvalidCertificateException e) {
            throw new InvalidSignatureException(e);
        } catch (InvalidDigestException e2) {
            throw new InvalidSignatureException(e2);
        } catch (eu.cec.digit.ecas.client.signature.verify.InvalidSignatureException e3) {
            throw new InvalidSignatureException(e3);
        } catch (VerificationException e4) {
            throw new InvalidSignatureException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValidatedUser validateVerifiedAuthenticatedMessage(VerifiedAuthenticatedMessage verifiedAuthenticatedMessage, String str) throws InvalidStrengthException, InvalidProxyException, ExtraGroupHandlingException, InvalidLoginDateException, TypeMappingException {
        String str2;
        ServiceAuthenticationSuccess serviceAuthenticationSuccess = null;
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedAuthenticatedMessage").append(": verifying[verifiedAuthenticatedMessage='").append(verifiedAuthenticatedMessage).append("',targetService='").append(str).append("']").toString());
            }
            MessageInfo messageInfo = verifiedAuthenticatedMessage.getMessageAuthenticationSignature().getMessageInfo();
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedAuthenticatedMessage").append(": finished transaction verification [transaction='").append(messageInfo).append("']: result = ").append(messageInfo).toString());
            }
            AuthenticationInfo authenticationInfo = messageInfo.getAuthenticationInfo();
            serviceAuthenticationSuccess = new ProxyAuthenticationSuccess.Builder(authenticationInfo.getUsername()).groups(authenticationInfo.getGroups()).loginDate(authenticationInfo.getLoginTimeStamp()).strengths(Collections.singletonList(authenticationInfo.getLoginStrength())).proxies(authenticationInfo.getProxies()).build();
            ValidatedUser validateAuthenticationSuccess = validateAuthenticationSuccess(serviceAuthenticationSuccess);
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedAuthenticatedMessage").append(": authenticated message validation succeeded: ").append(validateAuthenticationSuccess).toString());
            }
            return validateAuthenticationSuccess;
        } catch (InvalidProxyException e) {
            if (LOG.isErrorEnabled()) {
                Logger logger = LOG;
                StringBuffer append = new StringBuffer().append("validateSignedAuthenticatedMessage").append(": refused to allow untrusted proxy to access this service:").append(Line.EOL).append("[verifiedAuthenticatedMessage='").append(verifiedAuthenticatedMessage).append("']").append(Line.EOL);
                if (null == serviceAuthenticationSuccess || null == serviceAuthenticationSuccess.getProxies()) {
                    str2 = "";
                } else {
                    str2 = new StringBuffer().append("--received proxy chain:").append(Line.EOL).append(StringArrays.renderStringArray((String[]) serviceAuthenticationSuccess.getProxies().toArray(new String[serviceAuthenticationSuccess.getProxies().size()]), "ChainProxy")).append(Line.EOL).append(null == this.ecasValidationConfig.getProxyChainTrustHandler() ? "--but this application does not accept proxy tickets" : new StringBuffer().append("--list of authorized proxies:").append(Line.EOL).append(StringArrays.renderStringArray(this.ecasValidationConfig.getProxyChainTrustHandler().getTrustedProxies(), "TrustedProxy")).toString()).toString();
                }
                logger.error(append.append(str2).toString());
            }
            throw e;
        } catch (InvalidStrengthException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedAuthenticatedMessage").append(": strength refused [verifiedAuthenticatedMessage='").append(verifiedAuthenticatedMessage).append("'] because: ").append(e2.getMessage()).toString());
            }
            throw e2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValidatedUser internalValidateSignedUserConfirmationMessage(UserConfirmationMessage userConfirmationMessage, String str) throws InvalidSignatureException, InvalidStrengthException, ExtraGroupHandlingException, UnexpectedLoginException, InvalidLoginDateException, TypeMappingException {
        try {
            return validateVerifiedUserConfirmationMessage(AbstractVerifierFactory.getFactory().newVerifier(this.signatureTypeRegistry).verifySignedUserConfirmationMessage(userConfirmationMessage), str);
        } catch (InvalidCertificateException e) {
            throw new InvalidSignatureException(e);
        } catch (InvalidDigestException e2) {
            throw new InvalidSignatureException(e2);
        } catch (eu.cec.digit.ecas.client.signature.verify.InvalidSignatureException e3) {
            throw new InvalidSignatureException(e3);
        } catch (VerificationException e4) {
            throw new InvalidSignatureException(e4);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ValidatedUser validateVerifiedUserConfirmationMessage(VerifiedUserConfirmationMessage verifiedUserConfirmationMessage, String str) throws InvalidStrengthException, ExtraGroupHandlingException, UnexpectedLoginException, InvalidLoginDateException, TypeMappingException {
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedUserConfirmationMessage").append(":verifying[verifiedUserConfirmationMessage='").append(verifiedUserConfirmationMessage).append("',targetService='").append(str).append("']").toString());
            }
            SignatureInfo signatureInfo = verifiedUserConfirmationMessage.getUserConfirmationSignature().getSignatureInfo();
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedUserConfirmationMessage").append(": finished verifiedUserConfirmationMessage verification [parsed signatureInfo='").append(signatureInfo).append("']").toString());
            }
            SignerInfo signerInfo = signatureInfo.getSignerInfo();
            ValidatedUser validateAuthenticationSuccess = validateAuthenticationSuccess(new ProxyAuthenticationSuccess.Builder(signerInfo.getUsername()).domain(signerInfo.getDomain()).domainUsername(signerInfo.getMoniker()).email(signerInfo.getEmail()).firstName(signerInfo.getFirstName()).lastName(signerInfo.getLastName()).loginDate(signerInfo.getSignTimeStamp()).mobilePhoneNumber(signerInfo.getMobilePhoneNumber()).storkId(signerInfo.getStorkId()).strengths(Collections.singletonList(signerInfo.getSignStrength())).tokenCramId(signerInfo.getTokenCramId()).tokenId(signerInfo.getTokenId()).deviceName(signerInfo.getDeviceName()).build());
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedUserConfirmationMessage").append(": verifiedUserConfirmationMessage validation succeeded: ").append(validateAuthenticationSuccess).toString());
            }
            return validateAuthenticationSuccess;
        } catch (InvalidProxyException e) {
            throw new UnexpectedLoginException(e);
        } catch (InvalidStrengthException e2) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("validateSignedUserConfirmationMessage").append(": strength refused [verifiedUserConfirmationMessage='").append(verifiedUserConfirmationMessage).append("'] because: ").append(e2.getMessage()).toString());
            }
            throw e2;
        }
    }

    public int hashCode() {
        if (this.ecasValidationConfig == null) {
            return 0;
        }
        return this.ecasValidationConfig.hashCode();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        LoggerFactory loggerFactory = LoggerFactory.getInstance();
        if (class$eu$cec$digit$ecas$client$validation$UserValidatorHelper == null) {
            cls = class$("eu.cec.digit.ecas.client.validation.UserValidatorHelper");
            class$eu$cec$digit$ecas$client$validation$UserValidatorHelper = cls;
        } else {
            cls = class$eu$cec$digit$ecas$client$validation$UserValidatorHelper;
        }
        LOG = loggerFactory.getLogger(cls);
    }
}
