package org.wso2.carbon.identity.sso.saml.cloud.validators;

import java.io.IOException;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.AuthnRequest;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.sso.saml.cloud.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.cloud.context.SAMLMessageContext;
import org.wso2.carbon.identity.sso.saml.cloud.exception.SAML2ClientException;
import org.wso2.carbon.identity.sso.saml.cloud.request.SAMLIdpInitRequest;
import org.wso2.carbon.identity.sso.saml.cloud.util.SAMLSSOUtil;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/cloud/validators/IdPInitSSOAuthnRequestValidator.class */
public class IdPInitSSOAuthnRequestValidator implements SSOAuthnRequestValidator {
    private static Log log = LogFactory.getLog(IdPInitSSOAuthnRequestValidator.class);
    private SAMLMessageContext messageContext;
    private String spEntityID;

    public IdPInitSSOAuthnRequestValidator(SAMLMessageContext sAMLMessageContext) throws IdentityException {
        this.messageContext = sAMLMessageContext;
        this.spEntityID = ((SAMLIdpInitRequest) sAMLMessageContext.m10getRequest()).getSpEntityID();
    }

    @Override // org.wso2.carbon.identity.sso.saml.cloud.validators.SSOAuthnRequestValidator
    public boolean validate(AuthnRequest authnRequest) throws IdentityException, IOException {
        if (!StringUtils.isNotBlank(this.spEntityID)) {
            if (log.isDebugEnabled()) {
                log.debug("spEntityID parameter not found in request");
            }
            this.messageContext.setValid(false);
            throw SAML2ClientException.error(SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, "spEntityID parameter not found in request", null));
        }
        this.messageContext.setIssuer(this.spEntityID);
        if (!SAMLSSOUtil.isSAMLIssuerExists(this.spEntityID, SAMLSSOUtil.getTenantDomainFromThreadLocal())) {
            String str = "A Service Provider with the Issuer '" + this.spEntityID + "' is not registered. Service Provider should be registered in advance";
            SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str, null);
            if (log.isDebugEnabled()) {
                log.debug(str);
            }
            this.messageContext.setValid(false);
            throw SAML2ClientException.error(SAMLSSOUtil.buildErrorResponse(SAMLSSOConstants.StatusCodes.REQUESTOR_ERROR, str, null));
        }
        if (StringUtils.isBlank(SAMLSSOUtil.getTenantDomainFromThreadLocal())) {
            try {
                SAMLSSOUtil.setTenantDomainInThreadLocal("carbon.super");
            } catch (UserStoreException e) {
                if (log.isDebugEnabled()) {
                    log.debug("Error occured while setting tenant domain to thread local.", e);
                }
            }
        }
        this.messageContext.setValid(true);
        if (!log.isDebugEnabled()) {
            return true;
        }
        log.debug("IdP Initiated SSO request validation is successful");
        return true;
    }
}
