package org.apache.wss4j.stax.validate;

import java.time.Instant;
import java.time.ZonedDateTime;
import java.time.format.DateTimeParseException;
import org.apache.wss4j.binding.wsu10.TimestampType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-stax-2.3.0.jar:org/apache/wss4j/stax/validate/TimestampValidatorImpl.class */
public class TimestampValidatorImpl implements TimestampValidator {
    private static final transient Logger LOG = LoggerFactory.getLogger((Class<?>) TimestampValidatorImpl.class);

    @Override // org.apache.wss4j.stax.validate.TimestampValidator
    public void validate(TimestampType timestampType, TokenContext tokenContext) throws WSSecurityException {
        if (timestampType.getCreated() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "missingCreated");
        }
        try {
            ZonedDateTime zonedDateTime = null;
            if (timestampType.getCreated() != null) {
                try {
                    zonedDateTime = ZonedDateTime.parse(timestampType.getCreated().getValue());
                    LOG.debug("Timestamp created: {}", zonedDateTime.toString());
                } catch (DateTimeParseException e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
                }
            }
            ZonedDateTime zonedDateTime2 = null;
            if (timestampType.getExpires() != null) {
                try {
                    zonedDateTime2 = ZonedDateTime.parse(timestampType.getExpires().getValue());
                    LOG.debug("Timestamp expires: {}", zonedDateTime2.toString());
                } catch (DateTimeParseException e2) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e2);
                }
            } else if (tokenContext.getWssSecurityProperties().isRequireTimestampExpires()) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "invalidTimestamp", new Object[]{"The received Timestamp does not contain an expires Element"});
            }
            int intValue = tokenContext.getWssSecurityProperties().getTimestampTTL().intValue();
            int intValue2 = tokenContext.getWssSecurityProperties().getTimeStampFutureTTL().intValue();
            Instant now = Instant.now();
            if (zonedDateTime2 != null && tokenContext.getWssSecurityProperties().isStrictTimestampCheck() && zonedDateTime2.toInstant().isBefore(now)) {
                LOG.debug("Time now: {}", now.toString());
                throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED, "invalidTimestamp", new Object[]{"The security semantics of the message have expired"});
            }
            if (zonedDateTime == null || DateUtil.verifyCreated(zonedDateTime.toInstant(), intValue, intValue2)) {
                return;
            }
            LOG.debug("Time now: {}", now.toString());
            throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED, "invalidTimestamp", new Object[]{"The security semantics of the message have expired"});
        } catch (IllegalArgumentException e3) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e3);
        }
    }
}
