package uk.gov.ida.saml.core.validators.assertion;

import com.google.inject.Inject;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import uk.gov.ida.saml.core.errors.SamlTransformationErrorFactory;
import uk.gov.ida.saml.hub.exception.SamlValidationException;
import uk.gov.ida.saml.hub.validators.authnrequest.IdExpirationCache;

/* loaded from: input_file:uk/gov/ida/saml/core/validators/assertion/DuplicateAssertionValidatorImpl.class */
public class DuplicateAssertionValidatorImpl implements DuplicateAssertionValidator {
    private final IdExpirationCache<String> idExpirationCache;

    @Inject
    public DuplicateAssertionValidatorImpl(IdExpirationCache<String> idExpirationCache) {
        this.idExpirationCache = idExpirationCache;
    }

    @Override // uk.gov.ida.saml.core.validators.assertion.DuplicateAssertionValidator
    public void validateAuthnStatementAssertion(Assertion assertion) {
        if (!valid(assertion)) {
            throw new SamlValidationException(SamlTransformationErrorFactory.authnStatementAlreadyReceived(assertion.getID()));
        }
    }

    @Override // uk.gov.ida.saml.core.validators.assertion.DuplicateAssertionValidator
    public void validateMatchingDataSetAssertion(Assertion assertion, String str) {
        if (!valid(assertion)) {
            throw new SamlValidationException(SamlTransformationErrorFactory.duplicateMatchingDataset(assertion.getID(), str));
        }
    }

    private boolean valid(Assertion assertion) {
        if (isDuplicateNonExpired(assertion)) {
            return false;
        }
        this.idExpirationCache.setExpiration(assertion.getID(), ((SubjectConfirmation) assertion.getSubject().getSubjectConfirmations().get(0)).getSubjectConfirmationData().getNotOnOrAfter());
        return true;
    }

    private boolean isDuplicateNonExpired(Assertion assertion) {
        return this.idExpirationCache.contains(assertion.getID()) && this.idExpirationCache.getExpiration(assertion.getID()).isAfterNow();
    }
}
