package org.apache.wss4j.dom.common;

import java.util.Iterator;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.validate.Credential;
import org.apache.wss4j.dom.validate.SamlAssertionValidator;
import org.opensaml.saml.saml1.core.AttributeStatement;
import org.opensaml.saml.saml1.core.AuthenticationStatement;
import org.opensaml.saml.saml1.core.AuthorizationDecisionStatement;
import org.opensaml.saml.saml1.core.Statement;
import org.opensaml.saml.saml1.core.Subject;

/* loaded from: input_file:org/apache/wss4j/dom/common/CustomSamlAssertionValidator.class */
public class CustomSamlAssertionValidator extends SamlAssertionValidator {
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        Credential validate = super.validate(credential, requestData);
        SamlAssertionWrapper samlAssertion = credential.getSamlAssertion();
        if (!"www.example.com".equals(samlAssertion.getIssuerString())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
        }
        if (samlAssertion.getSaml1() != null) {
            Subject subject = null;
            Iterator it = samlAssertion.getSaml1().getStatements().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                AuthorizationDecisionStatement authorizationDecisionStatement = (Statement) it.next();
                if (authorizationDecisionStatement instanceof AttributeStatement) {
                    subject = ((AttributeStatement) authorizationDecisionStatement).getSubject();
                    break;
                }
                if (authorizationDecisionStatement instanceof AuthenticationStatement) {
                    subject = ((AuthenticationStatement) authorizationDecisionStatement).getSubject();
                    break;
                }
                subject = authorizationDecisionStatement.getSubject();
            }
            if (subject == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLToken", new Object[]{"for Signature (no Subject)"});
            }
            String value = subject.getNameIdentifier().getValue();
            if (value == null || !value.contains("uid=joe")) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
            }
        } else {
            String value2 = samlAssertion.getSaml2().getSubject().getNameID().getValue();
            if (value2 == null || !value2.contains("uid=joe")) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
            }
        }
        return validate;
    }
}
