package org.apache.wss4j.dom.validate;

import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.Timestamp;

/* loaded from: input_file:lib/wss4j-ws-security-dom-2.2.0.jar:org/apache/wss4j/dom/validate/TimestampValidator.class */
public class TimestampValidator implements Validator {
    @Override // org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        if (credential == null || credential.getTimestamp() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
        }
        if (requestData.getWssConfig() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSSConfig cannot be null"});
        }
        boolean isTimeStampStrict = requestData.isTimeStampStrict();
        int timeStampTTL = requestData.getTimeStampTTL();
        int timeStampFutureTTL = requestData.getTimeStampFutureTTL();
        Timestamp timestamp = credential.getTimestamp();
        if (isTimeStampStrict && timestamp.isExpired()) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED, "invalidTimestamp", new Object[]{"The message timestamp has expired"});
        }
        if (!timestamp.verifyCreated(timeStampTTL, timeStampFutureTTL)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED, "invalidTimestamp", new Object[]{"The message timestamp is out of range"});
        }
        if (requestData.isRequireTimestampExpires() && timestamp.getExpires() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_ERROR, "invalidTimestamp", new Object[]{"The received Timestamp does not contain an expires Element"});
        }
        return credential;
    }
}
