package org.wso2.carbon.appmgt.gateway.handlers.security.saml2;

import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.joda.time.DateTime;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.LogoutRequest;
import org.opensaml.saml2.core.LogoutResponse;
import org.opensaml.saml2.core.RequestAbstractType;
import org.opensaml.saml2.core.StatusResponseType;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import org.wso2.carbon.appmgt.api.model.AuthenticatedIDP;

/* loaded from: input_file:org/wso2/carbon/appmgt/gateway/handlers/security/saml2/IDPMessage.class */
public class IDPMessage {
    private static final Log log = LogFactory.getLog(IDPMessage.class);
    private RequestAbstractType samlRequest;
    private StatusResponseType samlResponse;
    private List<AuthenticatedIDP> authenticatedIDPs;
    private String relayState;
    private String rawSAMLResponse;
    private String rawSAMLRequest;

    public RequestAbstractType getSAMLRequest() {
        return this.samlRequest;
    }

    public void setSAMLRequest(RequestAbstractType requestAbstractType) {
        this.samlRequest = requestAbstractType;
    }

    public StatusResponseType getSAMLResponse() {
        return this.samlResponse;
    }

    public void setSAMLResponse(StatusResponseType statusResponseType) {
        this.samlResponse = statusResponseType;
    }

    public List<AuthenticatedIDP> getAuthenticatedIDPs() {
        return this.authenticatedIDPs;
    }

    public void setAuthenticatedIDPs(List<AuthenticatedIDP> list) {
        this.authenticatedIDPs = list;
    }

    public void setRelayState(String str) {
        this.relayState = str;
    }

    public String getRelayState() {
        return this.relayState;
    }

    public void setRawSAMLResponse(String str) {
        this.rawSAMLResponse = str;
    }

    public String getRawSAMLResponse() {
        return this.rawSAMLResponse;
    }

    public String getRawSAMLRequest() {
        return this.rawSAMLRequest;
    }

    public void setRawSAMLRequest(String str) {
        this.rawSAMLRequest = str;
    }

    public boolean isSLOResponse() {
        return this.samlResponse != null && (this.samlResponse instanceof LogoutResponse);
    }

    public boolean isSLORequest() {
        return this.samlRequest != null && (this.samlRequest instanceof LogoutRequest);
    }

    public boolean isResponseValidityPeriodExpired() {
        Assertion assertion;
        DateTime dateTime = null;
        if (this.samlResponse != null && (assertion = (Assertion) this.samlResponse.getAssertions().get(0)) != null) {
            dateTime = assertion.getConditions().getNotOnOrAfter();
        }
        return dateTime != null && dateTime.compareTo(new DateTime()) < 1;
    }

    public boolean validateSignature(Credential credential) {
        SignatureValidator signatureValidator = new SignatureValidator(credential);
        Signature signature = null;
        if (isResponse()) {
            signature = getSAMLResponse().getSignature();
        } else if (isRequest()) {
            signature = getSAMLRequest().getSignature();
        }
        if (signature == null) {
            if (!log.isDebugEnabled()) {
                return true;
            }
            log.debug("SAML message has not been singed.");
            return true;
        }
        try {
            signatureValidator.validate(signature);
            return true;
        } catch (ValidationException e) {
            log.warn("Signature of the SAML message can't be validated.", e);
            return false;
        }
    }

    private boolean isRequest() {
        return this.samlRequest != null;
    }

    private boolean isResponse() {
        return this.samlResponse != null;
    }
}
