package org.opensaml.ws.security.provider;

import org.opensaml.ws.message.MessageContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.SecurityPolicyRule;
import org.opensaml.ws.transport.http.HTTPTransport;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-2.6.4.wso2v5.jar:org/opensaml/ws/security/provider/HTTPRule.class */
public class HTTPRule implements SecurityPolicyRule {
    private final Logger log = LoggerFactory.getLogger(HTTPRule.class);
    private String requiredContentType;
    private String requiredRequestMethod;
    private boolean requireSecured;

    public HTTPRule(String str, String str2, boolean z) {
        this.requiredContentType = DatatypeHelper.safeTrimOrNullString(str);
        this.requiredRequestMethod = DatatypeHelper.safeTrimOrNullString(str2);
        this.requireSecured = z;
    }

    @Override // org.opensaml.ws.security.SecurityPolicyRule
    public void evaluate(MessageContext messageContext) throws SecurityPolicyException {
        if (messageContext.getInboundMessageTransport() instanceof HTTPTransport) {
            doEvaluate(messageContext);
        } else {
            this.log.debug("Message context was did not contain an HTTP transport, unable to evaluate security rule");
        }
    }

    protected void doEvaluate(MessageContext messageContext) throws SecurityPolicyException {
        HTTPTransport hTTPTransport = (HTTPTransport) messageContext.getInboundMessageTransport();
        evaluateContentType(hTTPTransport);
        evaluateRequestMethod(hTTPTransport);
        evaluateSecured(hTTPTransport);
    }

    protected void evaluateContentType(HTTPTransport hTTPTransport) throws SecurityPolicyException {
        String headerValue = hTTPTransport.getHeaderValue("Content-Type");
        if (this.requiredContentType == null || headerValue.startsWith(this.requiredContentType)) {
            return;
        }
        this.log.error("Invalid content type, expected " + this.requiredContentType + " but was " + headerValue);
        throw new SecurityPolicyException("Invalid content type, expected " + this.requiredContentType + " but was " + headerValue);
    }

    protected void evaluateRequestMethod(HTTPTransport hTTPTransport) throws SecurityPolicyException {
        String hTTPMethod = hTTPTransport.getHTTPMethod();
        if (this.requiredRequestMethod == null || hTTPMethod.equalsIgnoreCase(this.requiredRequestMethod)) {
            return;
        }
        this.log.error("Invalid request method, expected " + this.requiredRequestMethod + " but was " + hTTPMethod);
        throw new SecurityPolicyException("Invalid request method, expected " + this.requiredRequestMethod + " but was " + hTTPMethod);
    }

    protected void evaluateSecured(HTTPTransport hTTPTransport) throws SecurityPolicyException {
        if (!this.requireSecured || hTTPTransport.isConfidential()) {
            return;
        }
        this.log.error("Request was required to be secured but was not");
        throw new SecurityPolicyException("Request was required to be secured but was not");
    }
}
