package org.mule.compatibility.module.cxf.wssec;

import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.SamlAssertionValidator;

/* loaded from: input_file:org/mule/compatibility/module/cxf/wssec/SAMLCustomValidator.class */
public class SAMLCustomValidator extends SamlAssertionValidator {
    private boolean requireSenderVouches = true;

    public void setRequireSenderVouches(boolean z) {
        this.requireSenderVouches = z;
    }

    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        Credential validate = super.validate(credential, requestData);
        AssertionWrapper assertion = credential.getAssertion();
        if (!"www.example.com".equals(assertion.getIssuerString())) {
            throw new WSSecurityException(0, "invalidSAMLsecurity");
        }
        if (assertion.getSaml2() == null) {
            throw new WSSecurityException(0, "invalidSAMLsecurity");
        }
        String str = (String) assertion.getConfirmationMethods().get(0);
        if (str == null) {
            throw new WSSecurityException(0, "invalidSAMLsecurity");
        }
        if (this.requireSenderVouches && !OpenSAMLUtil.isMethodSenderVouches(str)) {
            throw new WSSecurityException(0, "invalidSAMLsecurity");
        }
        if (!this.requireSenderVouches && !OpenSAMLUtil.isMethodHolderOfKey(str)) {
            throw new WSSecurityException(0, "invalidSAMLsecurity");
        }
        if ("uid=joe,ou=people,ou=saml-demo,o=example.com".equals(assertion.getSaml2().getSubject().getNameID().getValue())) {
            return validate;
        }
        throw new WSSecurityException(0, "invalidSAMLsecurity");
    }
}
