package org.opensaml.saml.common.binding.security.impl;

import java.net.URI;
import javax.annotation.Nonnull;
import org.opensaml.messaging.context.MessageContext;
import org.opensaml.messaging.handler.AbstractMessageHandler;
import org.opensaml.messaging.handler.MessageHandlerException;
import org.opensaml.saml.common.binding.BindingException;
import org.opensaml.saml.common.binding.SAMLBindingSupport;
import org.opensaml.saml.common.messaging.SAMLMessageSecuritySupport;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-396-02.zip:modules/system/layers/fuse/org/opensaml/3.1/opensaml-saml-impl-3.1.1.jar:org/opensaml/saml/common/binding/security/impl/EndpointURLSchemeSecurityHandler.class */
public class EndpointURLSchemeSecurityHandler extends AbstractMessageHandler {

    @Nonnull
    private Logger log = LoggerFactory.getLogger(EndpointURLSchemeSecurityHandler.class);

    protected void doInvoke(@Nonnull MessageContext messageContext) throws MessageHandlerException {
        try {
            URI endpointURL = SAMLBindingSupport.getEndpointURL(messageContext);
            this.log.debug("{} Checking outbound endpoint for allowed URL scheme: {}", getLogPrefix(), endpointURL);
            if (!SAMLMessageSecuritySupport.checkURLScheme(endpointURL.getScheme())) {
                throw new MessageHandlerException("Relying party endpoint used the untrusted URL scheme " + endpointURL.getScheme());
            }
        } catch (BindingException e) {
            throw new MessageHandlerException("Could not obtain message endpoint URL", e);
        }
    }
}
