package com.ibm.ws.wssecurity.saml.saml11.assertion.utils;

import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.common.TraceLog;
import com.ibm.ws.wssecurity.saml.saml11.assertion.Assertion;
import com.ibm.ws.wssecurity.saml.security.impl.SAMLSignatureVerification;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.util.Date;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/saml/saml11/assertion/utils/SAMLVerifier.class */
public class SAMLVerifier {
    private static final TraceLog log = new TraceLog(SAMLVerifier.class);

    public static boolean verifySAMLSignature(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        log.entry("verifySAMLSignature(OMElement, ConsumerConfig)");
        KeyStoreManager.KeyInformation keyInformation = null;
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance();
        if (consumerConfig.getKeyInformationConfig() != null && consumerConfig.getKeyInformationConfig().getAlias() != null && !consumerConfig.getKeyInformationConfig().getAlias().isEmpty()) {
            keyInformation = keyStoreManager.getKeyInformation(consumerConfig.getTrustStoreConfig().getPath(), consumerConfig.getTrustStoreConfig().getType(), consumerConfig.getTrustStoreConfig().getPassword().toCharArray(), consumerConfig.getTrustStoreConfig().getKsRef(), consumerConfig.getKeyInformationConfig().getAlias(), null, consumerConfig.getKeyInformationConfig().getName());
        }
        boolean verify = SAMLSignatureVerification.verify(oMElement, keyInformation, null);
        log.exit("verifySAMLSignature(OMElement, ConsumerConfig)");
        return verify;
    }

    public static boolean verifySAMLCondition(Assertion assertion) {
        log.entry("verifySAMLCondition(Assertion)");
        Date notBefore = assertion.getConditions().getNotBefore();
        Date notOnOrAfter = assertion.getConditions().getNotOnOrAfter();
        Date date = new Date();
        boolean z = true;
        if (date.getTime() + 180000 < notBefore.getTime()) {
            log.debug(Constants.TOKEN_MSG2);
            z = false;
        }
        if (date.getTime() - 180000 > notOnOrAfter.getTime()) {
            log.debug(Constants.TOKEN_MSG3);
            z = false;
        }
        log.exit("verifySAMLCondition(Assertion)");
        return z;
    }

    public static boolean verifySAMLAssertion(Assertion assertion) throws SoapSecurityException {
        return assertion.validate();
    }
}
