package org.wso2.carbon.identity.sso.saml.cloud.handler.validator;

import java.io.IOException;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.LogoutRequest;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.cloud.SAMLSSOConstants;
import org.wso2.carbon.identity.sso.saml.cloud.context.SAMLMessageContext;
import org.wso2.carbon.identity.sso.saml.cloud.request.SAMLSpInitRequest;
import org.wso2.carbon.identity.sso.saml.cloud.util.SAMLSSOUtil;
import org.wso2.carbon.identity.sso.saml.cloud.validators.SPInitSSOAuthnRequestValidator;
import org.wso2.carbon.user.api.UserStoreException;

/* loaded from: input_file:org/wso2/carbon/identity/sso/saml/cloud/handler/validator/SPInitSAMLValidator.class */
public class SPInitSAMLValidator extends SAMLValidator {
    private static final Log log = LogFactory.getLog(SPInitSAMLValidator.class);

    @Override // org.wso2.carbon.identity.sso.saml.cloud.handler.validator.SAMLValidator
    public boolean canHandle(SAMLMessageContext sAMLMessageContext) {
        return sAMLMessageContext.m10getRequest() instanceof SAMLSpInitRequest;
    }

    @Override // org.wso2.carbon.identity.sso.saml.cloud.handler.validator.SAMLValidator
    public boolean validateRequest(SAMLMessageContext sAMLMessageContext) throws IdentityException, IOException {
        SAMLSpInitRequest sAMLSpInitRequest = (SAMLSpInitRequest) sAMLMessageContext.m10getRequest();
        AuthnRequest unmarshall = SAMLSSOUtil.unmarshall(sAMLSpInitRequest.isRedirect() ? SAMLSSOUtil.decode(sAMLSpInitRequest.getSamlRequest()) : SAMLSSOUtil.decodeForPost(sAMLSpInitRequest.getSamlRequest()));
        if (unmarshall instanceof AuthnRequest) {
            sAMLMessageContext.setDestination(unmarshall.getDestination());
            sAMLMessageContext.setId(unmarshall.getID());
            sAMLMessageContext.setAssertionConsumerUrl(unmarshall.getAssertionConsumerServiceURL());
            sAMLMessageContext.setIsPassive(unmarshall.isPassive().booleanValue());
            sAMLMessageContext.setTenantDomain(sAMLMessageContext.m10getRequest().getTenantDomain());
            try {
                SAMLSSOUtil.setTenantDomainInThreadLocal(sAMLMessageContext.m10getRequest().getTenantDomain());
            } catch (UserStoreException e) {
                log.error("Error occurred while setting tenant domain to thread local.");
            }
            return new SPInitSSOAuthnRequestValidator(sAMLMessageContext).validate(unmarshall);
        }
        if (!(unmarshall instanceof LogoutRequest)) {
            return false;
        }
        ((Map) IdentityUtil.threadLocalProperties.get()).remove(SAMLSSOConstants.IS_LOGOUT_REQUEST_THREAD_LOCAL_KEY);
        ((Map) IdentityUtil.threadLocalProperties.get()).put(SAMLSSOConstants.IS_LOGOUT_REQUEST_THREAD_LOCAL_KEY, true);
        sAMLMessageContext.setIssuer(((LogoutRequest) unmarshall).getIssuer().getValue());
        sAMLMessageContext.setDestination(((LogoutRequest) unmarshall).getDestination());
        sAMLMessageContext.setId(((LogoutRequest) unmarshall).getID());
        sAMLMessageContext.setTenantDomain(sAMLMessageContext.m10getRequest().getTenantDomain());
        try {
            SAMLSSOUtil.setTenantDomainInThreadLocal(sAMLMessageContext.m10getRequest().getTenantDomain());
            return false;
        } catch (UserStoreException e2) {
            log.error("Error occurred while setting tenant domain to thread local.");
            return false;
        }
    }
}
