package com.mulesoft.modules.wss.api.incoming;

import com.mulesoft.modules.wss.api.constants.SamlConfirmationMethod;
import com.mulesoft.modules.wss.api.constants.SamlVersion;
import com.mulesoft.modules.wss.internal.error.WssException;
import com.mulesoft.modules.wss.internal.incoming.SamlAssertionValidator;
import java.util.concurrent.TimeUnit;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.processor.SAMLTokenProcessor;
import org.mule.runtime.api.meta.ExpressionSupport;
import org.mule.runtime.extension.api.annotation.Expression;
import org.mule.runtime.extension.api.annotation.param.Optional;
import org.mule.runtime.extension.api.annotation.param.Parameter;
import org.mule.runtime.extension.api.annotation.param.display.Summary;

/* loaded from: input_file:com/mulesoft/modules/wss/api/incoming/VerifySamlConfig.class */
public class VerifySamlConfig implements IncomingWss {

    @Optional(defaultValue = "SAML10")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SamlVersion samlVersion = SamlVersion.SAML10;

    @Optional(defaultValue = "1800")
    @Parameter
    @Summary("The time in seconds within which a SAML Assertion is valid, if it does not contain a NotOnOrAfter Condition. The default is 30 minutes.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private Integer timeToLive = 1800;

    @Optional(defaultValue = "60")
    @Parameter
    @Summary("The time difference between server and client. The default is 60 seconds.")
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private Integer skewTime = 60;

    @Optional(defaultValue = "SECONDS")
    @Parameter
    @Summary("Time unit to be used in the timeToLive and skewTime configuration")
    private TimeUnit timeUnit = TimeUnit.SECONDS;

    @Optional(defaultValue = "false")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private boolean requireStandardSubjectConfirmationMethod;

    @Optional(defaultValue = "false")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private boolean requireBearerSignature;

    @Optional(defaultValue = "false")
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private boolean validateSignatureAgainstProfile;

    @Optional
    @Parameter
    @Expression(ExpressionSupport.NOT_SUPPORTED)
    private SamlConfirmationMethod requiredSubjectConfirmationMethod;

    @Override // com.mulesoft.modules.wss.api.incoming.IncomingWss
    public void setUp(WSSConfig wSSConfig, RequestData requestData) throws WssException {
        SamlAssertionValidator samlAssertionValidator = new SamlAssertionValidator();
        samlAssertionValidator.setTtl((int) this.timeUnit.convert(this.timeToLive.intValue(), TimeUnit.SECONDS));
        samlAssertionValidator.setFutureTTL((int) this.timeUnit.convert(this.skewTime.intValue(), TimeUnit.SECONDS));
        samlAssertionValidator.setValidateSignatureAgainstProfile(this.validateSignatureAgainstProfile);
        samlAssertionValidator.setRequireStandardSubjectConfirmationMethod(this.requireStandardSubjectConfirmationMethod);
        samlAssertionValidator.setRequireBearerSignature(this.requireBearerSignature);
        if (this.requiredSubjectConfirmationMethod != null) {
            samlAssertionValidator.setRequiredSubjectConfirmationMethod(this.requiredSubjectConfirmationMethod.getMethodStringForSAML(this.samlVersion));
        }
        if (requestData.getSigVerCrypto() != null) {
            samlAssertionValidator.setValidateTrustChain(true);
            requestData.setValidateSamlSubjectConfirmation(true);
        }
        wSSConfig.setProcessor(WSConstants.SAML_TOKEN, SAMLTokenProcessor.class);
        wSSConfig.setValidator(WSConstants.SAML_TOKEN, samlAssertionValidator);
        wSSConfig.setProcessor(WSConstants.SAML2_TOKEN, SAMLTokenProcessor.class);
        wSSConfig.setValidator(WSConstants.SAML2_TOKEN, samlAssertionValidator);
    }
}
