package org.apache.wss4j.dom.common;

import java.util.Iterator;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AuthorizationDecisionStatement;
import org.opensaml.saml1.core.Statement;
import org.opensaml.saml1.core.Subject;

/* loaded from: input_file:org/apache/wss4j/dom/common/CustomSamlAssertionValidator.class */
public class CustomSamlAssertionValidator extends SamlAssertionValidator {
    @Override // org.apache.wss4j.dom.validate.SamlAssertionValidator, org.apache.wss4j.dom.validate.SignatureTrustValidator, org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        Credential validate = super.validate(credential, requestData);
        SamlAssertionWrapper samlAssertion = credential.getSamlAssertion();
        if (!"www.example.com".equals(samlAssertion.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
        }
        if (samlAssertion.getSaml1() != null) {
            Subject subject = null;
            Iterator<Statement> it = samlAssertion.getSaml1().getStatements().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Statement next = it.next();
                if (next instanceof AttributeStatement) {
                    subject = ((AttributeStatement) next).getSubject();
                    break;
                }
                if (next instanceof AuthenticationStatement) {
                    subject = ((AuthenticationStatement) next).getSubject();
                    break;
                }
                subject = ((AuthorizationDecisionStatement) next).getSubject();
            }
            if (subject == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken", new Object[]{"for Signature (no Subject)"});
            }
            String nameIdentifier = subject.getNameIdentifier().getNameIdentifier();
            if (nameIdentifier == null || !nameIdentifier.contains("uid=joe")) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
            }
        } else {
            String value = samlAssertion.getSaml2().getSubject().getNameID().getValue();
            if (value == null || !value.contains("uid=joe")) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
            }
        }
        return validate;
    }
}
