package org.opensaml.common.binding.security;

import javax.servlet.ServletRequest;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.util.storage.ReplayCache;
import org.opensaml.ws.security.SecurityPolicyContext;
import org.opensaml.ws.security.SecurityPolicyException;
import org.opensaml.ws.security.SecurityPolicyRule;
import org.opensaml.ws.security.SecurityPolicyRuleFactory;
import org.opensaml.xml.XMLObject;

/* loaded from: input_file:org/opensaml/common/binding/security/ReplayRuleFactory.class */
public class ReplayRuleFactory implements SecurityPolicyRuleFactory<ServletRequest> {
    private int clockSkew;
    private int expires;
    private ReplayCache replayCache;

    /* loaded from: input_file:org/opensaml/common/binding/security/ReplayRuleFactory$ReplayRule.class */
    public class ReplayRule implements SecurityPolicyRule<ServletRequest> {
        private int clockSkew;
        private int expires;
        private ReplayCache replayCache;

        public ReplayRule(int i, int i2, ReplayCache replayCache) {
            this.clockSkew = i;
            this.expires = i2;
            this.replayCache = replayCache;
        }

        public void evaluate(ServletRequest servletRequest, XMLObject xMLObject, SecurityPolicyContext securityPolicyContext) throws SecurityPolicyException {
            Logger logger = Logger.getLogger(ReplayRule.class);
            if (this.replayCache == null) {
                logger.warn("No replay cache configured, skipping message replay check");
                return;
            }
            SAMLSecurityPolicyContext sAMLSecurityPolicyContext = (SAMLSecurityPolicyContext) securityPolicyContext;
            if (sAMLSecurityPolicyContext == null) {
                logger.error("Supplied context was not an instance of SAMLSecurityPolicyContext");
                throw new IllegalArgumentException("Supplied context was not an instance of SAMLSecurityPolicyContext");
            }
            if (sAMLSecurityPolicyContext.getMessageID() == null) {
                logger.debug("Message contained no ID, replay check not possible");
                return;
            }
            DateTime issueInstant = sAMLSecurityPolicyContext.getIssueInstant();
            if (issueInstant == null) {
                logger.debug("Message did not contain issue instant, using current time for replay checking");
                issueInstant = new DateTime();
            }
            if (this.replayCache.isReplay(sAMLSecurityPolicyContext.getMessageID(), issueInstant.plusSeconds(this.clockSkew + this.expires))) {
                logger.error("Replay detected of message '" + sAMLSecurityPolicyContext.getMessageID() + "'");
                throw new SecurityPolicyException("Rejecting replayed message ID '" + sAMLSecurityPolicyContext.getMessageID() + "'");
            }
        }
    }

    public int getClockSkew() {
        return this.clockSkew;
    }

    public void setClockSkew(int i) {
        this.clockSkew = i;
    }

    public int getExpires() {
        return this.expires;
    }

    public void setExpires(int i) {
        this.expires = i;
    }

    public ReplayCache getReplayCache() {
        return this.replayCache;
    }

    public void setReplayCache(ReplayCache replayCache) {
        this.replayCache = replayCache;
    }

    public SecurityPolicyRule<ServletRequest> createRuleInstance() {
        return new ReplayRule(this.clockSkew, this.expires, this.replayCache);
    }
}
