package org.opensaml.common.binding.decoding;

import org.opensaml.common.SAMLObject;
import org.opensaml.common.SignableSAMLObject;
import org.opensaml.common.binding.SAMLMessageContext;
import org.opensaml.ws.message.decoder.BaseMessageDecoder;
import org.opensaml.ws.message.decoder.MessageDecodingException;
import org.opensaml.ws.transport.InTransport;
import org.opensaml.ws.transport.http.HttpServletRequestAdapter;
import org.opensaml.xml.parse.ParserPool;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:lib/opensaml/opensaml-2.6.3.jar:org/opensaml/common/binding/decoding/BaseSAMLMessageDecoder.class */
public abstract class BaseSAMLMessageDecoder extends BaseMessageDecoder implements SAMLMessageDecoder {
    private final Logger log;
    private URIComparator uriComparator;

    public BaseSAMLMessageDecoder() {
        this.log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
        setURIComparator(new BasicURLComparator());
    }

    public BaseSAMLMessageDecoder(ParserPool parserPool) {
        super(parserPool);
        this.log = LoggerFactory.getLogger(BaseSAMLMessageDecoder.class);
        setURIComparator(new BasicURLComparator());
    }

    public void setURIComparator(URIComparator uRIComparator) {
        if (uRIComparator == null) {
            throw new IllegalArgumentException("URI comparator may not be null");
        }
        this.uriComparator = uRIComparator;
    }

    public URIComparator getURIComparator() {
        return this.uriComparator;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isMessageSigned(SAMLMessageContext sAMLMessageContext) {
        SAMLObject inboundSAMLMessage = sAMLMessageContext.getInboundSAMLMessage();
        if (inboundSAMLMessage instanceof SignableSAMLObject) {
            return ((SignableSAMLObject) inboundSAMLMessage).isSigned();
        }
        return false;
    }

    protected abstract boolean isIntendedDestinationEndpointURIRequired(SAMLMessageContext sAMLMessageContext);

    protected abstract String getIntendedDestinationEndpointURI(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException;

    protected String getActualReceiverEndpointURI(SAMLMessageContext sAMLMessageContext) throws MessageDecodingException {
        InTransport inboundMessageTransport = sAMLMessageContext.getInboundMessageTransport();
        if (inboundMessageTransport instanceof HttpServletRequestAdapter) {
            return ((HttpServletRequestAdapter) inboundMessageTransport).getWrappedRequest().getRequestURL().toString();
        }
        this.log.error("Message context InTransport instance was an unsupported type: {}", inboundMessageTransport.getClass().getName());
        throw new MessageDecodingException("Message context InTransport instance was an unsupported type");
    }

    protected boolean compareEndpointURIs(String str, String str2) throws MessageDecodingException {
        return getURIComparator().compare(str, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkEndpointURI(SAMLMessageContext sAMLMessageContext) throws SecurityException, MessageDecodingException {
        this.log.debug("Checking SAML message intended destination endpoint against receiver endpoint");
        String safeTrimOrNullString = DatatypeHelper.safeTrimOrNullString(getIntendedDestinationEndpointURI(sAMLMessageContext));
        boolean isIntendedDestinationEndpointURIRequired = isIntendedDestinationEndpointURIRequired(sAMLMessageContext);
        if (safeTrimOrNullString == null) {
            if (isIntendedDestinationEndpointURIRequired) {
                this.log.error("SAML message intended destination endpoint URI required by binding was empty");
                throw new SecurityException("SAML message intended destination (required by binding) was not present");
            }
            this.log.debug("SAML message intended destination endpoint in message was empty, not required by binding, skipping");
            return;
        }
        String safeTrimOrNullString2 = DatatypeHelper.safeTrimOrNullString(getActualReceiverEndpointURI(sAMLMessageContext));
        this.log.debug("Intended message destination endpoint: {}", safeTrimOrNullString);
        this.log.debug("Actual message receiver endpoint: {}", safeTrimOrNullString2);
        if (compareEndpointURIs(safeTrimOrNullString, safeTrimOrNullString2)) {
            this.log.debug("SAML message intended destination endpoint matched recipient endpoint");
        } else {
            this.log.error("SAML message intended destination endpoint '{}' did not match the recipient endpoint '{}'", safeTrimOrNullString, safeTrimOrNullString2);
            throw new SecurityException("SAML message intended destination endpoint did not match recipient endpoint");
        }
    }
}
