package org.opensaml.saml.saml2.assertion.impl;

import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.Arrays;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.opensaml.saml.common.assertion.ValidationContext;
import org.opensaml.saml.common.assertion.ValidationResult;
import org.opensaml.saml.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/opensaml-saml-impl-4.2.0.jar:org/opensaml/saml/saml2/assertion/impl/AssertionValidationSupport.class */
public final class AssertionValidationSupport {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) AssertionValidationSupport.class);

    private AssertionValidationSupport() {
    }

    @Nonnull
    public static ValidationResult checkAddress(@Nonnull ValidationContext validationContext, @Nullable String str, @Nonnull String str2, @Nonnull Assertion assertion, @Nonnull String str3) {
        if (str == null) {
            return ValidationResult.VALID;
        }
        LOG.debug("Evaluating {} value of: {}", str3, str);
        try {
            InetAddress[] allByName = InetAddress.getAllByName(str);
            if (LOG.isDebugEnabled()) {
                LOG.debug("{} was resolved to addresses: {}", str3, Arrays.asList(allByName));
            }
            try {
                Set set = (Set) validationContext.getStaticParameters().get(str2);
                if (set == null || set.isEmpty()) {
                    LOG.warn("Set of valid addresses was not available from the validation context, unable to evaluate {}", str3);
                    validationContext.setValidationFailureMessage(String.format("Unable to determine list of valid values for %s", str3));
                    return ValidationResult.INDETERMINATE;
                }
                for (InetAddress inetAddress : allByName) {
                    if (set.contains(inetAddress)) {
                        LOG.debug("Matched {} '{}' to valid address", str3, inetAddress.getHostAddress());
                        return ValidationResult.VALID;
                    }
                }
                LOG.debug("Failed to match {} to any supplied valid addresses: {}", str3, set);
                validationContext.setValidationFailureMessage(String.format("%s for assertion '%s' did not match any valid addresses", str3, assertion.getID()));
                return ValidationResult.INVALID;
            } catch (ClassCastException e) {
                LOG.warn("The value of the static validation parameter '{}' was not a java.util.Set<InetAddress>", str2);
                validationContext.setValidationFailureMessage(String.format("Unable to determine list of valid values for %s", str3));
                return ValidationResult.INDETERMINATE;
            }
        } catch (UnknownHostException e2) {
            LOG.warn("The {} value '{}' in assertion '{}' can not be resolved to a valid set of IP address(s)", str3, str, assertion.getID());
            validationContext.setValidationFailureMessage(String.format("%s '%s' is not resolvable to hostname or IP address", str3, str));
            return ValidationResult.INDETERMINATE;
        }
    }
}
