package pl.edu.icm.unity.saml.validator;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLResponderException;
import eu.unicore.samly2.exceptions.SAMLServerException;
import eu.unicore.samly2.messages.SAMLVerifiableElement;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.samly2.validators.ReplayAttackChecker;
import java.time.Duration;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestDocument;
import xmlbeans.org.oasis.saml2.protocol.AuthnRequestType;

/* loaded from: input_file:pl/edu/icm/unity/saml/validator/WebAuthRequestValidator.class */
public class WebAuthRequestValidator extends UnityAuthnRequestValidator {
    public WebAuthRequestValidator(String str, SamlTrustChecker samlTrustChecker, Duration duration, ReplayAttackChecker replayAttackChecker) {
        super(str, samlTrustChecker, duration, replayAttackChecker);
    }

    @Override // pl.edu.icm.unity.saml.validator.UnityAuthnRequestValidator
    public void validate(AuthnRequestDocument authnRequestDocument, SAMLVerifiableElement sAMLVerifiableElement) throws SAMLServerException {
        AuthnRequestType authnRequest = authnRequestDocument.getAuthnRequest();
        super.validate(authnRequestDocument, sAMLVerifiableElement);
        if (authnRequest.getProtocolBinding() != null && !authnRequest.getProtocolBinding().equals("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST")) {
            throw new SAMLResponderException("Received SAML request requiring " + authnRequest.getProtocolBinding() + ". This is not supported, this implementation can only send responses withHTTP-POST binding");
        }
        if (authnRequest.isSetIsPassive() && authnRequest.getIsPassive()) {
            throw new SAMLResponderException("Received a SAML request requiring a passive authentication, but it is unsupported.");
        }
        if (!authnRequest.isSetAssertionConsumerServiceURL() && !this.knownRequesters.contains(authnRequest.getIssuer().getStringValue())) {
            throw new SAMLResponderException(SAMLConstants.SubStatus.STATUS2_REQUEST_UNSUPP, "Received a SAML request without AssertionConsumingServiceURL and the requester's response endpoint is not configured.");
        }
    }
}
