package org.wso2.carbon.identity.tools.saml.validator.processors;

import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.AuthnRequest;
import org.opensaml.saml2.core.Issuer;
import org.opensaml.saml2.core.Subject;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.model.SAMLSSOServiceProviderDO;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.sso.saml.util.SAMLSSOUtil;
import org.wso2.carbon.identity.tools.saml.validator.dto.ValidatedItemDTO;
import org.wso2.carbon.identity.tools.saml.validator.util.SAMLValidatorConstants;
import org.wso2.carbon.identity.tools.saml.validator.util.SAMLValidatorUtil;

/* loaded from: input_file:org/wso2/carbon/identity/tools/saml/validator/processors/SAMLAuthnRequestValidator.class */
public class SAMLAuthnRequestValidator {
    private static Log log = LogFactory.getLog(SAMLAuthnRequestValidator.class);
    private AuthnRequest authnRequest;
    private boolean isPost = false;
    private String queryString = null;
    private String issuerStr = null;

    public SAMLAuthnRequestValidator(AuthnRequest authnRequest) {
        setAuthnRequest(authnRequest);
    }

    public void validate(List<ValidatedItemDTO> list) throws IdentityException {
        if (!this.authnRequest.getVersion().equals(SAMLVersion.VERSION_20)) {
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_VERSION, false, String.format(SAMLValidatorConstants.ValidationMessage.VAL_VERSION_FAIL, this.authnRequest.getVersion())));
            throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
        }
        list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_VERSION, true, SAMLValidatorConstants.ValidationMessage.VAL_VERSION_SUCCESS));
        Issuer issuer = this.authnRequest.getIssuer();
        Subject subject = this.authnRequest.getSubject();
        if (issuer.getValue() == null && issuer.getSPProvidedID() == null) {
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_ISSUER, false, SAMLValidatorConstants.ValidationMessage.VAL_ISSUER_FAIL));
            throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
        }
        this.issuerStr = issuer.getValue() != null ? issuer.getValue() : issuer.getSPProvidedID();
        list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_ISSUER, true, SAMLValidatorConstants.ValidationMessage.VAL_ISSUER_SUCCESS));
        if (issuer.getFormat() != null) {
            if (!issuer.getFormat().equals(SAMLValidatorConstants.Attribute.ISSUER_FORMAT)) {
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_ISSUER_FORMAT, false, SAMLValidatorConstants.ValidationMessage.VAL_ISSUER_FMT_FAIL));
                throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
            }
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_ISSUER_FORMAT, true, SAMLValidatorConstants.ValidationMessage.VAL_ISSUER_FMT_SUCCESS));
        }
        try {
            SAMLSSOServiceProviderDO serviceProviderConfig = SAMLValidatorUtil.getServiceProviderConfig(issuer.getValue());
            if (serviceProviderConfig == null) {
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_IDP_CONFIGS, false, String.format("A Service Provider with the Issuer '%s' is not registered.", this.authnRequest.getIssuer().getValue())));
                throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
            }
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_IDP_CONFIGS, true, String.format(SAMLValidatorConstants.ValidationMessage.VAL_IDP_CONFIGS_SUCCESS, this.authnRequest.getIssuer().getValue())));
            String assertionConsumerServiceURL = this.authnRequest.getAssertionConsumerServiceURL();
            if (assertionConsumerServiceURL == null || !serviceProviderConfig.getAssertionConsumerUrl().equals(assertionConsumerServiceURL)) {
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_CONSUM_URL, false, String.format(SAMLValidatorConstants.ValidationMessage.VAL_CONSUM_URL_FAIL, assertionConsumerServiceURL, serviceProviderConfig.getAssertionConsumerUrl())));
                throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
            }
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_CONSUM_URL, true, String.format(SAMLValidatorConstants.ValidationMessage.VAL_CONSUM_URL_SUCCESS, assertionConsumerServiceURL)));
            if (subject != null && subject.getNameID() != null && subject.getNameID().getFormat() != null && serviceProviderConfig.getNameIDFormat() != null && subject.getNameID().getFormat().equals(serviceProviderConfig.getNameIDFormat())) {
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_SUB_NAMEID_FMT, true, SAMLValidatorConstants.ValidationMessage.VAL_SUB_NAMEID_SUCCESS));
            }
            if (subject != null && subject.getSubjectConfirmations() != null) {
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_SUB_CONF_MTHD, false, SAMLValidatorConstants.ValidationMessage.VAL_SUB_CONF_MTHD_FAIL));
            }
            if (serviceProviderConfig.isDoValidateSignatureInRequests()) {
                String property = IdentityUtil.getProperty("SSOService.IdentityProviderURL");
                if (StringUtils.isBlank(property)) {
                    property = IdentityUtil.getServerURL("/samlsso");
                }
                if (this.authnRequest.getDestination() == null || !property.equals(this.authnRequest.getDestination())) {
                    list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DESTINATION, false, String.format(SAMLValidatorConstants.ValidationMessage.VAL_DESTINATION_FAIL, this.authnRequest.getDestination(), property)));
                    throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
                }
                list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_DESTINATION, true, String.format(SAMLValidatorConstants.ValidationMessage.VAL_DESTINATION_SUCCESS, this.authnRequest.getDestination())));
                String certAlias = serviceProviderConfig.getCertAlias();
                String tenantDomain = CarbonContext.getThreadLocalCarbonContext().getTenantDomain();
                try {
                    if (this.isPost ? SAMLSSOUtil.validateXMLSignature(this.authnRequest, certAlias, tenantDomain) : SAMLSSOUtil.validateDeflateSignature(this.queryString, this.issuerStr, certAlias, tenantDomain)) {
                        list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_SIGNATURE, true, SAMLValidatorConstants.ValidationMessage.VAL_SIGNATURE_SUCCESS));
                    } else {
                        list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_SIGNATURE, false, SAMLValidatorConstants.ValidationMessage.VAL_SIGNATURE_FAIL));
                    }
                } catch (IdentityException e) {
                    list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_SIGNATURE, false, String.format(SAMLValidatorConstants.ValidationMessage.VAL_SIGNATURE_ERROR, e.getMessage())));
                    throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
                }
            }
        } catch (IdentityException e2) {
            log.error(e2.getMessage());
            list.add(new ValidatedItemDTO(SAMLValidatorConstants.ValidationType.VAL_IDP_CONFIGS, false, String.format("A Service Provider with the Issuer '%s' is not registered.", this.authnRequest.getIssuer().getValue())));
            throw new IdentityException(SAMLValidatorConstants.ValidationMessage.EXIT_WITH_ERROR);
        }
    }

    public AuthnRequest getAuthnRequest() {
        return this.authnRequest;
    }

    public void setAuthnRequest(AuthnRequest authnRequest) {
        this.authnRequest = authnRequest;
    }

    public void setPost(boolean z) {
        this.isPost = z;
    }

    public void setQueryString(String str) {
        this.queryString = str;
    }
}
