package org.opensaml.saml.common.binding.security.impl;

import javax.annotation.Nonnull;
import javax.servlet.http.HttpServletRequest;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.annotation.constraint.NotEmpty;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.net.URIComparator;
import net.shibboleth.utilities.java.support.net.URIException;
import net.shibboleth.utilities.java.support.net.impl.BasicURLComparator;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.MessageException;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-4.1.1.jar:org/opensaml/saml/common/binding/security/impl/ReceivedEndpointSecurityHandler.class */
public class ReceivedEndpointSecurityHandler extends AbstractMessageHandler {

    @Nonnull
    private Logger log = LoggerFactory.getLogger((Class<?>) ReceivedEndpointSecurityHandler.class);

    @Nonnull
    private URIComparator uriComparator = new BasicURLComparator();

    @NonnullAfterInit
    private HttpServletRequest httpServletRequest;

    @Nonnull
    public URIComparator getURIComparator() {
        return this.uriComparator;
    }

    public void setURIComparator(@Nonnull URIComparator uRIComparator) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.uriComparator = (URIComparator) Constraint.isNotNull(uRIComparator, "URIComparator cannot be null");
    }

    @NonnullAfterInit
    public HttpServletRequest getHttpServletRequest() {
        return this.httpServletRequest;
    }

    public void setHttpServletRequest(@Nonnull HttpServletRequest httpServletRequest) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.httpServletRequest = (HttpServletRequest) Constraint.isNotNull(httpServletRequest, "HttpServletRequest cannot be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (this.uriComparator == null) {
            throw new ComponentInitializationException("URIComparator cannot be null");
        }
        if (this.httpServletRequest == null) {
            throw new ComponentInitializationException("HttpServletRequest cannot be null");
        }
    }

    @Override // org.opensaml.messaging.handler.AbstractMessageHandler
    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        checkEndpointURI(messageContext, getURIComparator());
    }

    protected boolean compareEndpointURIs(@NotEmpty @Nonnull String str, @NotEmpty @Nonnull String str2, @Nonnull URIComparator uRIComparator) throws URIException {
        Constraint.isNotNull(str, "Message destination URI was null");
        Constraint.isNotNull(str2, "Receiver endpoint URI was null");
        Constraint.isNotNull(uRIComparator, "URIComparator was null");
        return uRIComparator.compare(str, str2);
    }

    protected void checkEndpointURI(@Nonnull MessageContext messageContext, @Nonnull URIComparator uRIComparator) throws MessageHandlerException {
        Constraint.isNotNull(uRIComparator, "URIComparator may not be null");
        this.log.debug("{} Checking SAML message intended destination endpoint against receiver endpoint", getLogPrefix());
        try {
            String trimOrNull = StringSupport.trimOrNull(SAMLBindingSupport.getIntendedDestinationEndpointURI(messageContext));
            boolean isIntendedDestinationEndpointURIRequired = SAMLBindingSupport.isIntendedDestinationEndpointURIRequired(messageContext);
            if (trimOrNull == null) {
                if (isIntendedDestinationEndpointURIRequired) {
                    this.log.error("{} SAML message intended destination endpoint URI required by binding was empty", getLogPrefix());
                    throw new MessageHandlerException("SAML message intended destination (required by binding) was not present");
                }
                this.log.debug("{} SAML message intended destination endpoint was empty, not required by binding, skipping", getLogPrefix());
                return;
            }
            try {
                String trimOrNull2 = StringSupport.trimOrNull(SAMLBindingSupport.getActualReceiverEndpointURI(messageContext, getHttpServletRequest()));
                this.log.debug("{} Intended message destination endpoint: {}", getLogPrefix(), trimOrNull);
                this.log.debug("{} Actual message receiver endpoint: {}", getLogPrefix(), trimOrNull2);
                try {
                    if (compareEndpointURIs(trimOrNull, trimOrNull2, uRIComparator)) {
                        this.log.debug("{} SAML message intended destination endpoint matched recipient endpoint", getLogPrefix());
                    } else {
                        this.log.error("{} SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'", getLogPrefix(), trimOrNull, trimOrNull2);
                        throw new MessageHandlerException("SAML message failed received endpoint check");
                    }
                } catch (URIException e) {
                    throw new MessageHandlerException("Error comparing endpoint URI's", e);
                }
            } catch (MessageException e2) {
                throw new MessageHandlerException("Error obtaining message received endpoint URI", e2);
            }
        } catch (MessageException e3) {
            throw new MessageHandlerException("Error obtaining message intended destination endpoint URI", e3);
        }
    }
}
