package uk.gov.ida.saml.hub.validators.response.idp.components;

import org.opensaml.saml.saml2.core.Assertion;
import uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory;
import uk.gov.ida.saml.core.validation.assertion.IdentityProviderAssertionValidator;
import uk.gov.ida.saml.core.validators.assertion.AuthnStatementAssertionValidator;
import uk.gov.ida.saml.core.validators.assertion.IPAddressValidator;
import uk.gov.ida.saml.core.validators.assertion.MatchingDatasetAssertionValidator;
import uk.gov.ida.saml.hub.exception.SamlValidationException;
import uk.gov.ida.saml.security.validators.ValidatedAssertions;
import uk.gov.ida.saml.security.validators.ValidatedResponse;

/* loaded from: input_file:uk/gov/ida/saml/hub/validators/response/idp/components/ResponseAssertionsFromIdpValidator.class */
public class ResponseAssertionsFromIdpValidator {
    private final IdentityProviderAssertionValidator identityProviderAssertionValidator;
    private final MatchingDatasetAssertionValidator matchingDatasetAssertionValidator;
    private final AuthnStatementAssertionValidator authnStatementAssertionValidator;
    private final IPAddressValidator ipAddressValidator;
    private String hubEntityId;

    public ResponseAssertionsFromIdpValidator(IdentityProviderAssertionValidator identityProviderAssertionValidator, MatchingDatasetAssertionValidator matchingDatasetAssertionValidator, AuthnStatementAssertionValidator authnStatementAssertionValidator, IPAddressValidator iPAddressValidator, String str) {
        this.identityProviderAssertionValidator = identityProviderAssertionValidator;
        this.matchingDatasetAssertionValidator = matchingDatasetAssertionValidator;
        this.authnStatementAssertionValidator = authnStatementAssertionValidator;
        this.ipAddressValidator = iPAddressValidator;
        this.hubEntityId = str;
    }

    public void validate(ValidatedResponse validatedResponse, ValidatedAssertions validatedAssertions) {
        validatedAssertions.getAssertions().forEach(assertion -> {
            this.identityProviderAssertionValidator.validate(assertion, validatedResponse.getInResponseTo(), this.hubEntityId);
        });
        if (validatedResponse.isSuccess()) {
            Assertion matchingDatasetAssertion = getMatchingDatasetAssertion(validatedAssertions);
            Assertion authnStatementAssertion = getAuthnStatementAssertion(validatedAssertions);
            if (authnStatementAssertion.getAuthnStatements().size() > 1) {
                throw new SamlValidationException(SamlTransformationErrorFactory.multipleAuthnStatements());
            }
            this.matchingDatasetAssertionValidator.validate(matchingDatasetAssertion, validatedResponse.getIssuer().getValue());
            this.authnStatementAssertionValidator.validate(authnStatementAssertion);
            this.identityProviderAssertionValidator.validateConsistency(authnStatementAssertion, matchingDatasetAssertion);
            this.ipAddressValidator.validate(authnStatementAssertion);
        }
    }

    private Assertion getAuthnStatementAssertion(ValidatedAssertions validatedAssertions) {
        return (Assertion) validatedAssertions.getAuthnStatementAssertion().orElseThrow(() -> {
            return new SamlValidationException(SamlTransformationErrorFactory.missingAuthnStatement());
        });
    }

    private Assertion getMatchingDatasetAssertion(ValidatedAssertions validatedAssertions) {
        return (Assertion) validatedAssertions.getMatchingDatasetAssertion().orElseThrow(() -> {
            return new SamlValidationException(SamlTransformationErrorFactory.missingMatchingMds());
        });
    }
}
