package eu.unicore.samly2.validators;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLRequesterException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.trust.SamlTrustChecker;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;

/* loaded from: input_file:eu/unicore/samly2/validators/SSOAuthnRequestValidator.class */
public class SSOAuthnRequestValidator extends AbstractRequestValidator {
    public SSOAuthnRequestValidator(String str, SamlTrustChecker samlTrustChecker, long j, ReplayAttackChecker replayAttackChecker) {
        super(str, samlTrustChecker, j, replayAttackChecker);
    }

    public void validate(AuthnRequestDocument authnRequestDocument) throws SAMLServerException {
        AuthnRequestType authnRequest = authnRequestDocument.getAuthnRequest();
        super.validate(authnRequestDocument, authnRequest);
        validateIssuer(authnRequest);
        if (this.trustChecker.isSignatureRequired()) {
            if (authnRequest.getSignature() == null || authnRequest.getSignature().isNil()) {
                throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, "The request is not signed");
            }
        }
    }

    protected void validateIssuer(AuthnRequestType authnRequestType) throws SAMLServerException {
        NameIDType issuer = authnRequestType.getIssuer();
        if (issuer == null) {
            throw new SAMLRequesterException("Issuer of SAML request must be present in SSO AuthN");
        }
        if (issuer.getFormat() != null && !issuer.getFormat().equals(SAMLConstants.NFORMAT_ENTITY)) {
            throw new SAMLRequesterException("Issuer of SAML request must be of Entity type in SSO AuthN. It is: " + issuer.getFormat());
        }
        if (issuer.getStringValue() == null) {
            throw new SAMLRequesterException("Issuer value of SAML request must be present in SSO AuthN");
        }
    }
}
