package com.ibm.ws.security.web.saml.util;

import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.security.web.saml.ReplayManagerConfig;
import com.ibm.ws.wssecurity.saml.binding.saml20.ReplayManager;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/security/web/saml/util/ReplayManagerImpl.class */
public class ReplayManagerImpl implements ReplayManager {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(ReplayManagerImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = ReplayManagerImpl.class.getName();
    private ReplayCache cache;

    public ReplayManagerImpl(ReplayManagerConfig replayManagerConfig) {
        this.cache = null;
        this.cache = new ReplayCache(replayManagerConfig.getReplayAttackCacheEntry(), replayManagerConfig.getReplayAttackTimeWindow(), replayManagerConfig.useDistributedCache());
    }

    public ReplayCache getReplayCache() {
        return this.cache;
    }

    @Override // com.ibm.ws.wssecurity.saml.binding.saml20.ReplayManager
    public boolean validate(SAMLToken sAMLToken) throws SoapSecurityException {
        return validate(sAMLToken.getSamlID(), sAMLToken.getSAMLIssuerName());
    }

    @Override // com.ibm.ws.wssecurity.saml.binding.saml20.ReplayManager
    public boolean validate(String str, String str2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate(" + str + ")");
        }
        if (this.cache.contain(str + str2, str)) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SAML Assertion with ID: " + str + " has been received in previous request.");
            }
            Tr.error(tc, "security.wssecurity.CWWSS8036E", str);
            throw SoapSecurityException.format("security.wssecurity.CWWSS8036E", str);
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "validate(" + str + ") return true");
        return true;
    }
}
