package eu.unicore.samly2.validators;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.samly2.trust.SamlTrustChecker;
import org.apache.log4j.spi.LoggingEventFieldResolver;
import org.apache.xmlbeans.XmlObject;
import xmlbeans.org.oasis.saml2.protocol.StatusCodeType;
import xmlbeans.org.oasis.saml2.protocol.StatusResponseType;
import xmlbeans.org.oasis.saml2.protocol.StatusType;

/* loaded from: input_file:eu/unicore/samly2/validators/StatusResponseValidator.class */
public class StatusResponseValidator {
    protected String consumerEndpointUri;
    protected String requestId;
    protected SamlTrustChecker trustChecker;

    public StatusResponseValidator(String str, String str2, SamlTrustChecker samlTrustChecker) {
        this.consumerEndpointUri = str;
        this.requestId = str2;
        if (samlTrustChecker == null) {
            throw new IllegalArgumentException("The SAMLTrustChecker can not be null");
        }
        this.trustChecker = samlTrustChecker;
    }

    public void validate(XmlObject xmlObject, StatusResponseType statusResponseType) throws SAMLValidationException {
        checkMandatoryElements(statusResponseType);
        String inResponseTo = statusResponseType.getInResponseTo();
        if (this.requestId != null && inResponseTo != null && !inResponseTo.equals(this.requestId)) {
            throw new SAMLValidationException("InResponseTo value " + inResponseTo + " is not matching expected requestId: " + this.requestId);
        }
        String destination = statusResponseType.getDestination();
        if (destination != null && this.consumerEndpointUri != null && !destination.equals(this.consumerEndpointUri)) {
            throw new SAMLValidationException("Destination value " + destination + " is not matching consumer URI: " + this.consumerEndpointUri);
        }
        checkStatus(statusResponseType);
        if (statusResponseType.getSignature() == null || statusResponseType.getSignature().isNil()) {
            return;
        }
        this.trustChecker.checkTrust(xmlObject, statusResponseType);
    }

    protected void checkMandatoryElements(StatusResponseType statusResponseType) throws SAMLValidationException {
        if (statusResponseType.getID() == null || statusResponseType.getID().equals(LoggingEventFieldResolver.EMPTY_STRING)) {
            throw new SAMLValidationException("Response must posses an ID");
        }
        if (statusResponseType.getVersion() == null || !statusResponseType.getVersion().equals(SAMLConstants.SAML2_VERSION)) {
            throw new SAMLValidationException("Response must posses 2.0 version");
        }
        if (statusResponseType.getIssueInstant() == null) {
            throw new SAMLValidationException("Response must posses an IssueInstant");
        }
        if (statusResponseType.getStatus() == null || statusResponseType.getStatus().isNil()) {
            throw new SAMLValidationException("Response must have a status set");
        }
    }

    protected void checkStatus(StatusResponseType statusResponseType) throws SAMLValidationException {
        StatusType status = statusResponseType.getStatus();
        if (status.getStatusCode() == null || status.getStatusCode().isNil()) {
            throw new SAMLValidationException("Response must have status code set");
        }
        String value = status.getStatusCode().getValue();
        if (value == null) {
            throw new SAMLValidationException("Response must have status code's value set");
        }
        if (value.equals(SAMLConstants.Status.STATUS_OK.toString())) {
            return;
        }
        if (!value.equals(SAMLConstants.Status.STATUS_REQUESTER.toString()) && !value.equals(SAMLConstants.Status.STATUS_RESPONDER.toString()) && !value.equals(SAMLConstants.Status.STATUS_VERSION_MISMATCH.toString())) {
            throw new SAMLValidationException("Response has illegal status value: " + value);
        }
        StringBuilder sb = new StringBuilder();
        sb.append("Got error in the response. Caused by ");
        sb.append(value.substring(value.lastIndexOf(":") + 1));
        StatusCodeType statusCode = status.getStatusCode().getStatusCode();
        if (statusCode != null && statusCode.getValue() != null) {
            String value2 = statusCode.getValue();
            if (value2.startsWith(SAMLConstants.STAT_P)) {
                value2 = value2.substring(SAMLConstants.STAT_P.length());
            }
            sb.append(" Error type: " + value2);
        }
        if (status.getStatusMessage() != null) {
            sb.append(" Message: " + status.getStatusMessage());
        }
        if (statusCode != null && statusCode.getValue() != null) {
            throw new SAMLServerException(SAMLConstants.Status.fromString(value), SAMLConstants.SubStatus.fromString(statusCode.getValue()), sb.toString());
        }
        throw new SAMLServerException(SAMLConstants.Status.fromString(value), sb.toString());
    }
}
