package uk.gov.ida.saml.core.validation.assertion;

import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.xmlsec.signature.Signature;
import uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory;
import uk.gov.ida.saml.core.validation.SamlTransformationErrorException;
import uk.gov.ida.saml.core.validation.SamlValidationSpecificationFailure;
import uk.gov.ida.saml.core.validation.subjectconfirmation.BasicAssertionSubjectConfirmationValidator;
import uk.gov.ida.saml.core.validators.subject.AssertionSubjectValidator;
import uk.gov.ida.saml.security.validators.issuer.IssuerValidator;
import uk.gov.ida.saml.security.validators.signature.SamlSignatureUtil;

/* loaded from: input_file:uk/gov/ida/saml/core/validation/assertion/AssertionValidator.class */
public class AssertionValidator {
    private final IssuerValidator issuerValidator;
    private final AssertionSubjectValidator subjectValidator;
    protected final AssertionAttributeStatementValidator assertionAttributeStatementValidator;
    private final BasicAssertionSubjectConfirmationValidator basicAssertionSubjectConfirmationValidator;

    public AssertionValidator(IssuerValidator issuerValidator, AssertionSubjectValidator assertionSubjectValidator, AssertionAttributeStatementValidator assertionAttributeStatementValidator, BasicAssertionSubjectConfirmationValidator basicAssertionSubjectConfirmationValidator) {
        this.issuerValidator = issuerValidator;
        this.subjectValidator = assertionSubjectValidator;
        this.assertionAttributeStatementValidator = assertionAttributeStatementValidator;
        this.basicAssertionSubjectConfirmationValidator = basicAssertionSubjectConfirmationValidator;
    }

    public boolean isAssertionUnsigned(Assertion assertion) {
        return assertion.getSignature() == null;
    }

    public void validate(Assertion assertion, String str, String str2) {
        Signature signature = assertion.getSignature();
        if (signature == null) {
            SamlValidationSpecificationFailure assertionSignatureMissing = SamlTransformationErrorFactory.assertionSignatureMissing(assertion.getID());
            throw new SamlTransformationErrorException(assertionSignatureMissing.getErrorMessage(), assertionSignatureMissing.getLogLevel());
        }
        validateSignaturePresent(signature, assertion);
        validateAssertonProperties(assertion, str, str2);
    }

    public void validateEidas(Assertion assertion, String str, String str2) {
        Signature signature = assertion.getSignature();
        if (signature != null) {
            validateSignaturePresent(signature, assertion);
        }
        validateAssertonProperties(assertion, str, str2);
    }

    private void validateAssertonProperties(Assertion assertion, String str, String str2) {
        if (assertion.getID() == null) {
            SamlValidationSpecificationFailure missingId = SamlTransformationErrorFactory.missingId();
            throw new SamlTransformationErrorException(missingId.getErrorMessage(), missingId.getLogLevel());
        }
        if (assertion.getIssueInstant() == null) {
            SamlValidationSpecificationFailure missingIssueInstant = SamlTransformationErrorFactory.missingIssueInstant(assertion.getID());
            throw new SamlTransformationErrorException(missingIssueInstant.getErrorMessage(), missingIssueInstant.getLogLevel());
        }
        if (assertion.getVersion() == null) {
            SamlValidationSpecificationFailure missingVersion = SamlTransformationErrorFactory.missingVersion(assertion.getID());
            throw new SamlTransformationErrorException(missingVersion.getErrorMessage(), missingVersion.getLogLevel());
        }
        if (!assertion.getVersion().equals(SAMLVersion.VERSION_20)) {
            SamlValidationSpecificationFailure illegalVersion = SamlTransformationErrorFactory.illegalVersion(assertion.getID());
            throw new SamlTransformationErrorException(illegalVersion.getErrorMessage(), illegalVersion.getLogLevel());
        }
        this.issuerValidator.validate(assertion.getIssuer());
        this.assertionAttributeStatementValidator.validate(assertion);
        validateSubject(assertion, str, str2);
        this.basicAssertionSubjectConfirmationValidator.validate((SubjectConfirmation) assertion.getSubject().getSubjectConfirmations().get(0));
    }

    private void validateSignaturePresent(Signature signature, Assertion assertion) {
        if (SamlSignatureUtil.isSignaturePresent(signature)) {
            return;
        }
        SamlValidationSpecificationFailure assertionNotSigned = SamlTransformationErrorFactory.assertionNotSigned(assertion.getID());
        throw new SamlTransformationErrorException(assertionNotSigned.getErrorMessage(), assertionNotSigned.getLogLevel());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void validateSubject(Assertion assertion, String str, String str2) {
        this.subjectValidator.validate(assertion.getSubject(), assertion.getID());
    }
}
