package org.opensaml.saml.common.binding.security.impl;

import java.time.Duration;
import java.time.Instant;
import java.time.temporal.TemporalAmount;
import javax.annotation.Nonnull;
import net.shibboleth.utilities.java.support.annotation.constraint.NonnullAfterInit;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.component.ComponentSupport;
import net.shibboleth.utilities.java.support.logic.Constraint;
import net.shibboleth.utilities.java.support.primitive.StringSupport;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.messaging.context.SAMLMessageInfoContext;
import org.opensaml.saml.common.messaging.context.SAMLPeerEntityContext;
import org.opensaml.storage.ReplayCache;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opensaml/saml/common/binding/security/impl/MessageReplaySecurityHandler.class */
public class MessageReplaySecurityHandler extends AbstractMessageHandler {

    @NonnullAfterInit
    private ReplayCache replayCache;

    @Nonnull
    private final Logger log = LoggerFactory.getLogger(MessageReplaySecurityHandler.class);
    private boolean requiredRule = true;

    @Nonnull
    private Duration expires = Duration.ofMinutes(3);

    @NonnullAfterInit
    public ReplayCache getReplayCache() {
        return this.replayCache;
    }

    public void setReplayCache(@Nonnull ReplayCache replayCache) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.replayCache = (ReplayCache) Constraint.isNotNull(replayCache, "ReplayCache cannot be null");
    }

    public void setRequiredRule(boolean z) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        this.requiredRule = z;
    }

    @Nonnull
    public Duration getExpires() {
        return this.expires;
    }

    public void setExpires(@Nonnull Duration duration) {
        ComponentSupport.ifInitializedThrowUnmodifiabledComponentException(this);
        Constraint.isNotNull(duration, "Lifetime cannot be null");
        Constraint.isFalse(duration.isNegative(), "Lifetime cannot be negative");
        this.expires = duration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
    public void doInitialize() throws ComponentInitializationException {
        super.doInitialize();
        if (getReplayCache() == null) {
            throw new ComponentInitializationException("ReplayCache cannot be null");
        }
    }

    @Override // org.opensaml.messaging.handler.AbstractMessageHandler
    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        String trimOrNull = StringSupport.trimOrNull(((SAMLPeerEntityContext) messageContext.getSubcontext(SAMLPeerEntityContext.class, true)).getEntityId());
        if (trimOrNull == null) {
            trimOrNull = "(unknown)";
        }
        SAMLMessageInfoContext sAMLMessageInfoContext = (SAMLMessageInfoContext) messageContext.getSubcontext(SAMLMessageInfoContext.class, true);
        String trimOrNull2 = StringSupport.trimOrNull(sAMLMessageInfoContext.getMessageId());
        if (trimOrNull2 == null) {
            if (this.requiredRule) {
                this.log.warn("{} Message contained no ID, replay check not possible", getLogPrefix());
                throw new MessageHandlerException("SAML message from issuer " + trimOrNull + " did not contain an ID");
            }
            this.log.debug("{} Message contained no ID, rule is optional, skipping further processing", getLogPrefix());
            return;
        }
        Instant messageIssueInstant = sAMLMessageInfoContext.getMessageIssueInstant();
        if (messageIssueInstant == null) {
            messageIssueInstant = Instant.now();
        }
        this.log.debug("{} Evaluating message replay for message ID '{}', issue instant '{}', entityID '{}'", new Object[]{getLogPrefix(), trimOrNull2, messageIssueInstant, trimOrNull});
        if (getReplayCache().check(getClass().getName(), trimOrNull2, messageIssueInstant.plus((TemporalAmount) this.expires))) {
            return;
        }
        this.log.warn("{} Replay detected of message '{}' from issuer '{}'", new Object[]{getLogPrefix(), trimOrNull2, trimOrNull});
        throw new MessageHandlerException("Rejecting replayed message ID '" + trimOrNull2 + "' from issuer " + trimOrNull);
    }
}
