package org.apereo.cas.support.saml.sts;

import java.time.Instant;
import lombok.Generated;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.token.validator.SAMLTokenValidator;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.saml.common.SAMLVersion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Deprecated(since = "6.6.0")
/* loaded from: input_file:org/apereo/cas/support/saml/sts/SamlTokenValidator.class */
public class SamlTokenValidator extends SAMLTokenValidator {

    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger(SamlTokenValidator.class);

    protected boolean validateConditions(SamlAssertionWrapper samlAssertionWrapper, ReceivedToken receivedToken) {
        Instant notBefore;
        Instant notOnOrAfter;
        Instant issueInstant;
        if (samlAssertionWrapper.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
            notBefore = samlAssertionWrapper.getSaml2().getConditions().getNotBefore();
            notOnOrAfter = samlAssertionWrapper.getSaml2().getConditions().getNotOnOrAfter();
            issueInstant = samlAssertionWrapper.getSaml2().getIssueInstant();
        } else {
            notBefore = samlAssertionWrapper.getSaml1().getConditions().getNotBefore();
            notOnOrAfter = samlAssertionWrapper.getSaml1().getConditions().getNotOnOrAfter();
            issueInstant = samlAssertionWrapper.getSaml1().getIssueInstant();
        }
        Instant now = Instant.now();
        if (notBefore != null && notBefore.isAfter(now)) {
            LOGGER.warn("SAML Token condition not met - valid-from is after now");
            return false;
        }
        if (notOnOrAfter != null && notOnOrAfter.isBefore(now)) {
            LOGGER.warn("SAML Token condition not met- - valid-until is before now");
            receivedToken.setState(ReceivedToken.STATE.EXPIRED);
            return false;
        }
        if (issueInstant == null || !issueInstant.isAfter(now)) {
            return true;
        }
        LOGGER.warn("SAML Token IssueInstant not met - it is after now");
        return false;
    }
}
