package uk.gov.ida.saml.core.transformers;

import java.util.Optional;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import uk.gov.ida.saml.core.domain.AssertionRestrictions;
import uk.gov.ida.saml.core.domain.IdentityProviderAssertion;
import uk.gov.ida.saml.core.domain.IdentityProviderAuthnStatement;
import uk.gov.ida.saml.core.domain.MatchingDataset;
import uk.gov.ida.saml.core.domain.PersistentId;

/* loaded from: input_file:uk/gov/ida/saml/core/transformers/IdentityProviderAssertionUnmarshaller.class */
public class IdentityProviderAssertionUnmarshaller {
    private final VerifyMatchingDatasetUnmarshaller verifyMatchingDatasetUnmarshaller;
    private final IdentityProviderAuthnStatementUnmarshaller identityProviderAuthnStatementUnmarshaller;
    private final String hubEntityId;

    public IdentityProviderAssertionUnmarshaller(VerifyMatchingDatasetUnmarshaller verifyMatchingDatasetUnmarshaller, IdentityProviderAuthnStatementUnmarshaller identityProviderAuthnStatementUnmarshaller, String str) {
        this.verifyMatchingDatasetUnmarshaller = verifyMatchingDatasetUnmarshaller;
        this.identityProviderAuthnStatementUnmarshaller = identityProviderAuthnStatementUnmarshaller;
        this.hubEntityId = str;
    }

    public IdentityProviderAssertion fromVerifyAssertion(Assertion assertion) {
        MatchingDataset matchingDataset = null;
        IdentityProviderAuthnStatement identityProviderAuthnStatement = null;
        if (assertionContainsMatchingDataset(assertion) && !containsAuthnStatement(assertion)) {
            matchingDataset = this.verifyMatchingDatasetUnmarshaller.fromAssertion(assertion);
        } else if (containsAuthnStatement(assertion) && isNotCycle3AssertionFromHub(assertion)) {
            identityProviderAuthnStatement = this.identityProviderAuthnStatementUnmarshaller.fromAssertion(assertion);
        }
        return getIdentityProviderAssertion(assertion, matchingDataset, identityProviderAuthnStatement);
    }

    @Deprecated
    public IdentityProviderAssertion fromAssertion(Assertion assertion) {
        return fromVerifyAssertion(assertion);
    }

    private IdentityProviderAssertion getIdentityProviderAssertion(Assertion assertion, MatchingDataset matchingDataset, IdentityProviderAuthnStatement identityProviderAuthnStatement) {
        SubjectConfirmationData subjectConfirmationData = ((SubjectConfirmation) assertion.getSubject().getSubjectConfirmations().get(0)).getSubjectConfirmationData();
        AssertionRestrictions assertionRestrictions = new AssertionRestrictions(subjectConfirmationData.getNotOnOrAfter(), subjectConfirmationData.getInResponseTo(), subjectConfirmationData.getRecipient());
        return new IdentityProviderAssertion(assertion.getID(), assertion.getIssuer().getValue(), assertion.getIssueInstant(), new PersistentId(assertion.getSubject().getNameID().getValue()), assertionRestrictions, Optional.ofNullable(matchingDataset), Optional.ofNullable(identityProviderAuthnStatement));
    }

    private boolean assertionContainsMatchingDataset(Assertion assertion) {
        return doesAssertionContainAttributes(assertion) && isNotCycle3AssertionFromHub(assertion);
    }

    private boolean containsAuthnStatement(Assertion assertion) {
        return !assertion.getAuthnStatements().isEmpty();
    }

    private boolean doesAssertionContainAttributes(Assertion assertion) {
        return !assertion.getAttributeStatements().isEmpty();
    }

    private boolean isNotCycle3AssertionFromHub(Assertion assertion) {
        return !assertion.getIssuer().getValue().equals(this.hubEntityId);
    }
}
