package org.apereo.cas.support.wsfederation.authentication.principal;

import java.time.ZonedDateTime;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.apache.commons.lang3.builder.ToStringStyle;
import org.apereo.cas.authentication.Credential;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apereo/cas/support/wsfederation/authentication/principal/WsFederationCredential.class */
public class WsFederationCredential implements Credential {
    private static final long serialVersionUID = -824605020472810939L;
    private static final Logger LOGGER = LoggerFactory.getLogger(WsFederationCredential.class);
    private String audience;
    private String authenticationMethod;
    private String id;
    private String issuer;
    private ZonedDateTime issuedOn;
    private ZonedDateTime notBefore;
    private ZonedDateTime notOnOrAfter;
    private ZonedDateTime retrievedOn;
    private Map<String, List<Object>> attributes;

    public String getAuthenticationMethod() {
        return this.authenticationMethod;
    }

    public void setAuthenticationMethod(String str) {
        this.authenticationMethod = str;
    }

    public String getAudience() {
        return this.audience;
    }

    public void setAudience(String str) {
        this.audience = str;
    }

    public Map<String, List<Object>> getAttributes() {
        return this.attributes;
    }

    public void setAttributes(Map<String, List<Object>> map) {
        this.attributes = map;
    }

    public String getId() {
        return this.id;
    }

    public void setId(String str) {
        this.id = str;
    }

    public ZonedDateTime getIssuedOn() {
        return this.issuedOn;
    }

    public void setIssuedOn(ZonedDateTime zonedDateTime) {
        this.issuedOn = zonedDateTime;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }

    public ZonedDateTime getNotBefore() {
        return this.notBefore;
    }

    public void setNotBefore(ZonedDateTime zonedDateTime) {
        this.notBefore = zonedDateTime;
    }

    public ZonedDateTime getNotOnOrAfter() {
        return this.notOnOrAfter;
    }

    public void setNotOnOrAfter(ZonedDateTime zonedDateTime) {
        this.notOnOrAfter = zonedDateTime;
    }

    public ZonedDateTime getRetrievedOn() {
        return this.retrievedOn;
    }

    public void setRetrievedOn(ZonedDateTime zonedDateTime) {
        this.retrievedOn = zonedDateTime;
    }

    public String toString() {
        return new ToStringBuilder(this, ToStringStyle.NO_CLASS_NAME_STYLE).append("ID", this.id).append("Issuer", this.issuer).append("Audience", this.audience).append("Authentication Method", this.authenticationMethod).append("Issued On", this.issuedOn).append("Valid After", this.notBefore).append("Valid Before", this.notOnOrAfter).append("Attributes", this.attributes).build();
    }

    public boolean isValid(String str, String str2, long j) {
        if (!getAudience().equalsIgnoreCase(str)) {
            LOGGER.warn("Audience is invalid: [{}]", getAudience());
            return false;
        }
        if (!this.issuer.equalsIgnoreCase(str2)) {
            LOGGER.warn("Issuer is invalid: [{}]", this.issuer);
            return false;
        }
        ZonedDateTime minus = getRetrievedOn().minus(j, (TemporalUnit) ChronoUnit.MILLIS);
        if (this.issuedOn.isBefore(minus)) {
            LOGGER.warn("Ticket is issued before the allowed drift. Issued on [{}] while allowed drift is [{}]", this.issuedOn, minus);
            return false;
        }
        ZonedDateTime plus = this.retrievedOn.plus(j, (TemporalUnit) ChronoUnit.MILLIS);
        if (this.issuedOn.isAfter(plus)) {
            LOGGER.warn("Ticket is issued after the allowed drift. Issued on [{}] while allowed drift is [{}]", this.issuedOn, plus);
            return false;
        }
        if (this.retrievedOn.isAfter(this.notOnOrAfter)) {
            LOGGER.warn("Ticket is too late because it's retrieved on [{}] which is after [{}].", this.retrievedOn, this.notOnOrAfter);
            return false;
        }
        LOGGER.debug("WsFed Credential is validated for [{}] and [{}].", str, str2);
        return true;
    }
}
