package eu.unicore.samly2.validators;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLRequesterException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.samly2.exceptions.SAMLVersionException;
import eu.unicore.samly2.trust.SamlTrustChecker;
import java.net.URI;
import java.net.URISyntaxException;
import org.apache.log4j.spi.LoggingEventFieldResolver;
import org.apache.xmlbeans.XmlObject;
import xmlbeans.org.oasis.saml2.protocol.RequestAbstractType;

/* loaded from: input_file:eu/unicore/samly2/validators/AbstractRequestValidator.class */
public class AbstractRequestValidator {
    protected URI responderEndpointUri;
    protected SamlTrustChecker trustChecker;
    protected long requestValidity;
    protected ReplayAttackChecker replayChecker;

    public AbstractRequestValidator(String str, SamlTrustChecker samlTrustChecker, long j, ReplayAttackChecker replayAttackChecker) {
        try {
            this.responderEndpointUri = new URI(str);
            this.trustChecker = samlTrustChecker;
            this.requestValidity = j;
            this.replayChecker = replayAttackChecker;
        } catch (URISyntaxException e) {
            throw new IllegalArgumentException("responderURI '" + str + "' is not a valid URI: " + e, e);
        }
    }

    public void validate(XmlObject xmlObject, RequestAbstractType requestAbstractType) throws SAMLServerException {
        checkMandatoryElements(requestAbstractType);
        String destination = requestAbstractType.getDestination();
        if (destination != null) {
            try {
                if (!new URI(destination).equals(this.responderEndpointUri)) {
                    throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, "Destination value " + destination + " is not matching the responder's URI: " + this.responderEndpointUri);
                }
            } catch (URISyntaxException e) {
                throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, "Destination value " + destination + " is not a valid URI: " + e.toString());
            }
        }
        if (requestAbstractType.getSignature() != null && !requestAbstractType.getSignature().isNil()) {
            try {
                this.trustChecker.checkTrust(xmlObject, requestAbstractType);
            } catch (SAMLValidationException e2) {
                throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, e2.getMessage(), e2.getCause());
            }
        }
        if (requestAbstractType.getIssueInstant().getTimeInMillis() + this.requestValidity < System.currentTimeMillis()) {
            throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, "Request is too old. It was issued at " + requestAbstractType.getIssueInstant() + " and the validity timeframe is " + this.requestValidity + "ms");
        }
        try {
            this.replayChecker.checkAndStore(requestAbstractType.getID(), this.requestValidity);
        } catch (SAMLValidationException e3) {
            throw new SAMLRequesterException(SAMLConstants.SubStatus.STATUS2_REQUEST_DENIED, e3.getMessage());
        }
    }

    protected void checkMandatoryElements(RequestAbstractType requestAbstractType) throws SAMLServerException {
        if (requestAbstractType.getID() == null || requestAbstractType.getID().equals(LoggingEventFieldResolver.EMPTY_STRING)) {
            throw new SAMLRequesterException("Request must posses an ID");
        }
        if (requestAbstractType.getVersion() == null || !requestAbstractType.getVersion().equals(SAMLConstants.SAML2_VERSION)) {
            throw new SAMLVersionException("Request must posses 2.0 version");
        }
        if (requestAbstractType.getIssueInstant() == null) {
            throw new SAMLRequesterException("Request must posses an IssueInstant");
        }
    }
}
