package org.apache.cxf.systest.ws.saml;

import java.util.List;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.opensaml.saml2.core.Assertion;

/* loaded from: input_file:org/apache/cxf/systest/ws/saml/CustomSaml2Validator.class */
public class CustomSaml2Validator extends SamlAssertionValidator {
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        Credential validate = super.validate(credential, requestData);
        SamlAssertionWrapper samlAssertion = validate.getSamlAssertion();
        if (!"sts".equals(samlAssertion.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
        }
        String str = (String) samlAssertion.getConfirmationMethods().get(0);
        if (!OpenSAMLUtil.isMethodSenderVouches(str) && !OpenSAMLUtil.isMethodHolderOfKey(str)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
        }
        Assertion saml2 = samlAssertion.getSaml2();
        if (saml2 == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
        }
        List attributeStatements = saml2.getAttributeStatements();
        if (attributeStatements == null || attributeStatements.isEmpty()) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[0]);
        }
        return validate;
    }
}
