package pl.edu.icm.unity.saml.validator;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLResponderException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.messages.SAMLVerifiableElement;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.samly2.validators.ReplayAttackChecker;
import eu.unicore.samly2.validators.SSOAuthnRequestValidator;
import java.util.HashSet;
import java.util.Set;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;
import xmlbeans.org.oasis.saml2.protocol.NameIDPolicyType;

/* loaded from: input_file:pl/edu/icm/unity/saml/validator/UnityAuthnRequestValidator.class */
public class UnityAuthnRequestValidator extends SSOAuthnRequestValidator {
    protected Set<String> knownRequesters;

    public UnityAuthnRequestValidator(String str, SamlTrustChecker samlTrustChecker, long j, ReplayAttackChecker replayAttackChecker) {
        super(str, samlTrustChecker, j, replayAttackChecker);
        this.knownRequesters = new HashSet();
    }

    public void addKnownRequester(String str) {
        this.knownRequesters.add(str);
    }

    public void validate(AuthnRequestDocument authnRequestDocument, SAMLVerifiableElement sAMLVerifiableElement) throws SAMLServerException {
        super.validate(authnRequestDocument, sAMLVerifiableElement);
        AuthnRequestType authnRequest = authnRequestDocument.getAuthnRequest();
        if (authnRequest.getSubject() != null) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "This implementation doesn't support authn requests with Subject set.");
        }
        if (authnRequest.getRequestedAuthnContext() != null) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "This implementation doesn't support authn requests with RequestedAuthnContext set.");
        }
        if (authnRequest.isSetAssertionConsumerServiceIndex()) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "This implementation doesn't support authn requests with AssertionConsumerServiceIndex set.");
        }
        if (authnRequest.isSetAttributeConsumingServiceIndex()) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "This implementation doesn't support authn requests with AttributeConsumingServiceIndex set.");
        }
        if (!authnRequest.isSetAssertionConsumerServiceURL() && !this.knownRequesters.contains(authnRequest.getIssuer().getStringValue())) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "AssertionConsumingServiceURL is not set and the requester's response endpoint is not configured.");
        }
    }

    protected String getRequestedFormat(AuthnRequestType authnRequestType) {
        String str = null;
        NameIDPolicyType nameIDPolicy = authnRequestType.getNameIDPolicy();
        if (nameIDPolicy != null) {
            str = nameIDPolicy.getFormat();
        }
        if (str == null) {
            return "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
        }
        if (str.equals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified")) {
            str = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity";
        }
        return str;
    }
}
