package org.jasig.portal.security.provider.saml;

import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/delegated-saml-authentication-1.1.2.jar:org/jasig/portal/security/provider/saml/AssertionIdpResolverImpl.class */
public class AssertionIdpResolverImpl implements IdPEPRResolver {
    private final XPathExpressionExecutor xPathExpressionPool;

    public AssertionIdpResolverImpl(XPathExpressionExecutor xPathExpressionExecutor) {
        this.xPathExpressionPool = xPathExpressionExecutor;
    }

    @Override // org.jasig.portal.security.provider.saml.IdPEPRResolver
    public void resolve(SAMLSession sAMLSession, DelegatedSAMLAuthenticationState delegatedSAMLAuthenticationState) {
        try {
            Node node = (Node) this.xPathExpressionPool.evaluate("/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:liberty:ssos:2006-08']", sAMLSession.getSamlAssertionDom(), XPathConstants.NODE);
            if (node == null) {
                throw new DelegatedAuthenticationRuntimeException("No saml2:Attribute containing IdP Endpoint Reference found in the SAML assertion.");
            }
            if (((Node) this.xPathExpressionPool.evaluate("./saml2:AttributeValue/wsa:EndpointReference/wsa:Metadata[disco:ServiceType='urn:liberty:ssos:2006-08']", node, XPathConstants.NODE)) == null) {
                throw new DelegatedAuthenticationRuntimeException("No matching ServiceType URI found in the Endpoint Reference");
            }
            if (((Node) this.xPathExpressionPool.evaluate("./saml2:AttributeValue/wsa:EndpointReference/wsa:Metadata[disco:ProviderID='" + delegatedSAMLAuthenticationState.getIdp() + "']", node, XPathConstants.NODE)) == null) {
                throw new DelegatedAuthenticationRuntimeException("Provider ID in the Endpoint Reference does not match the IdP previously established");
            }
            if (((Node) this.xPathExpressionPool.evaluate("./saml2:AttributeValue/wsa:EndpointReference/wsa:Metadata/sbf:Framework[@version>=2.0]", node, XPathConstants.NODE)) == null) {
                throw new DelegatedAuthenticationRuntimeException("Framework version must be at least 2.0");
            }
            Node node2 = (Node) this.xPathExpressionPool.evaluate("./saml2:AttributeValue/wsa:EndpointReference/wsa:Address", node, XPathConstants.NODE);
            if (node2 == null) {
                throw new DelegatedAuthenticationRuntimeException("Endpoint Reference Address node not present");
            }
            delegatedSAMLAuthenticationState.setIdpEndpoint(node2.getTextContent());
        } catch (XPathExpressionException e) {
            throw new DelegatedAuthenticationRuntimeException("XPath processing error with expression:/saml2:Assertion/saml2:AttributeStatement/saml2:Attribute[@Name='urn:liberty:ssos:2006-08']", e);
        }
    }
}
