package pl.edu.icm.unicore.saml;

import java.io.IOException;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Random;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.utils.RFC2253Parser;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.SAXException;
import pl.edu.icm.unicore.security.dsig.DSigException;
import pl.edu.icm.unicore.security.dsig.DigSignatureUtil;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.AttributeStatementType;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.assertion.ConditionAbstractType;
import xmlbeans.org.oasis.saml2.assertion.ConditionsType;
import xmlbeans.org.oasis.saml2.assertion.KeyInfoConfirmationDataType;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.assertion.ProxyRestrictionType;
import xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType;
import xmlbeans.org.oasis.saml2.assertion.SubjectType;
import xmlbeans.org.w3.x2000.x09.xmldsig.KeyInfoType;
import xmlbeans.org.w3.x2000.x09.xmldsig.SignatureType;
import xmlbeans.org.w3.x2000.x09.xmldsig.X509DataType;

/* loaded from: input_file:pl/edu/icm/unicore/saml/SAMLAssertion.class */
public class SAMLAssertion implements Serializable {
    private static final long serialVersionUID = 1;
    private AssertionType assertion;
    private AssertionDocument assertionDoc;
    private ConditionsType conditions;
    ProxyRestrictionType proxyRestriction;
    private boolean modified;
    private int conditionsCount;
    private String issuerDN;
    private String subjectDN;

    public SAMLAssertion() {
        this("_SAMLassertion_");
    }

    public SAMLAssertion(String str) {
        this.modified = true;
        this.proxyRestriction = null;
        this.conditionsCount = 0;
        this.assertionDoc = AssertionDocument.Factory.newInstance();
        this.assertion = AssertionType.Factory.newInstance();
        this.assertion.setVersion(SAMLConstants.VERSION);
        this.assertion.setIssueInstant(Calendar.getInstance());
        Random random = new Random(new Date().getTime());
        StringBuffer stringBuffer = new StringBuffer(str);
        for (int i = 0; i < 3; i++) {
            stringBuffer.append(Long.toHexString(random.nextLong()));
        }
        this.assertion.setID(stringBuffer.toString());
        this.conditions = ConditionsType.Factory.newInstance();
    }

    public SAMLAssertion(AssertionDocument assertionDocument) throws SAMLParseException, XmlException, IOException {
        this.modified = true;
        this.assertionDoc = AssertionDocument.Factory.parse(assertionDocument.newReader());
        this.assertion = this.assertionDoc.getAssertion();
        if (this.assertion == null) {
            this.assertion = AssertionType.Factory.newInstance();
        }
        this.conditions = this.assertion.getConditions();
        this.proxyRestriction = null;
        if (this.conditions != null) {
            ProxyRestrictionType[] proxyRestrictionArray = this.conditions.getProxyRestrictionArray();
            if (proxyRestrictionArray.length > 0) {
                this.proxyRestriction = proxyRestrictionArray[0];
            }
        } else {
            this.conditions = ConditionsType.Factory.newInstance();
        }
        NameIDType issuer = this.assertion.getIssuer();
        if (issuer == null) {
            throw new SAMLParseException("No issuer in statement");
        }
        if (!SAMLConstants.DN_FORMAT.equals(issuer.getFormat())) {
            throw new SAMLParseException("Unsupported issuer format: " + issuer.getFormat());
        }
        XmlCursor newCursor = issuer.newCursor();
        newCursor.toFirstContentToken();
        this.issuerDN = newCursor.getTextValue();
        SubjectType subject = this.assertion.getSubject();
        if (subject == null || subject.getNameID() == null) {
            return;
        }
        NameIDType nameID = subject.getNameID();
        if (!SAMLConstants.DN_FORMAT.equals(nameID.getFormat())) {
            throw new SAMLParseException("Unsupported subject format: " + nameID.getFormat());
        }
        XmlCursor newCursor2 = nameID.newCursor();
        newCursor2.toFirstContentToken();
        this.subjectDN = newCursor2.getTextValue();
    }

    public void setX509Issuer(String str) {
        String rfc2253toXMLdsig = RFC2253Parser.rfc2253toXMLdsig(str);
        NameIDType newInstance = NameIDType.Factory.newInstance();
        newInstance.setFormat(SAMLConstants.DN_FORMAT);
        newInstance.setStringValue(rfc2253toXMLdsig);
        this.assertion.setIssuer(newInstance);
        this.issuerDN = rfc2253toXMLdsig;
        this.modified = true;
    }

    public void setX509Subject(String str) {
        String rfc2253toXMLdsig = RFC2253Parser.rfc2253toXMLdsig(str);
        NameIDType newInstance = NameIDType.Factory.newInstance();
        newInstance.setFormat(SAMLConstants.DN_FORMAT);
        newInstance.setStringValue(rfc2253toXMLdsig);
        SubjectType newInstance2 = SubjectType.Factory.newInstance();
        newInstance2.setNameID(newInstance);
        this.assertion.setSubject(newInstance2);
        this.subjectDN = rfc2253toXMLdsig;
        this.modified = true;
    }

    public void setSenderVouchesX509Confirmation(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        SubjectConfirmationType addNewSubjectConfirmation = this.assertion.getSubject().addNewSubjectConfirmation();
        addNewSubjectConfirmation.setMethod(SAMLConstants.CONFIRMATION_SENDER_VOUCHES);
        KeyInfoConfirmationDataType newInstance = KeyInfoConfirmationDataType.Factory.newInstance();
        newInstance.setKeyInfoArray(new KeyInfoType[]{DigSignatureUtil.generateX509KeyInfo(x509CertificateArr)});
        addNewSubjectConfirmation.setSubjectConfirmationData(newInstance);
    }

    public void updateIssueTime() {
        this.assertion.setIssueInstant(Calendar.getInstance());
    }

    public void setTimeConditions(Date date, Date date2) {
        Calendar calendar = Calendar.getInstance();
        if (date != null) {
            if (!this.conditions.isSetNotBefore()) {
                this.conditionsCount++;
            }
            calendar.setTime(date);
            this.conditions.setNotBefore(calendar);
        } else if (this.conditions.isSetNotBefore()) {
            this.conditionsCount--;
            this.conditions.unsetNotBefore();
        }
        if (date2 != null) {
            if (!this.conditions.isSetNotOnOrAfter()) {
                this.conditionsCount++;
            }
            calendar.setTime(date2);
            this.conditions.setNotOnOrAfter(calendar);
            this.conditionsCount++;
        } else if (this.conditions.isSetNotOnOrAfter()) {
            this.conditionsCount--;
            this.conditions.unsetNotOnOrAfter();
        }
        this.modified = true;
    }

    public boolean checkTimeConditions(Date date) {
        long time = date.getTime();
        if (getNotBefore() == null || getNotBefore().getTime() <= time) {
            return getNotOnOrAfter() == null || getNotOnOrAfter().getTime() > time;
        }
        return false;
    }

    public boolean checkTimeConditions() {
        return checkTimeConditions(new Date());
    }

    public void setProxyRestriction(int i) {
        if (i > 0) {
            if (this.proxyRestriction == null) {
                this.proxyRestriction = this.conditions.addNewProxyRestriction();
                this.conditionsCount++;
            }
            this.proxyRestriction.setCount(BigInteger.valueOf(i));
        } else if (this.proxyRestriction != null) {
            this.conditions.removeProxyRestriction(0);
            this.proxyRestriction = null;
            this.conditionsCount--;
        }
        this.modified = true;
    }

    public void addCustomCondition(XmlObject xmlObject) {
        ConditionAbstractType addNewCondition = this.conditions.addNewCondition();
        addNewCondition.set(xmlObject);
        XmlCursor newCursor = addNewCondition.newCursor();
        newCursor.toNextToken();
        QName name = xmlObject.schemaType().getName();
        if (name == null) {
            name = xmlObject.schemaType().getDocumentElementName();
        }
        String prefixForNamespace = newCursor.prefixForNamespace(name.getNamespaceURI());
        newCursor.insertNamespace(prefixForNamespace, name.getNamespaceURI());
        newCursor.insertAttributeWithValue("type", "http://www.w3.org/2001/XMLSchema-instance", prefixForNamespace + ":" + name.getLocalPart());
        newCursor.dispose();
        this.conditionsCount++;
        this.modified = true;
    }

    public void addAttribute(String str, String str2, XmlObject[] xmlObjectArr) {
        AttributeType newInstance = AttributeType.Factory.newInstance();
        newInstance.setName(str);
        newInstance.setNameFormat(str2);
        AttributeStatementType addNewAttributeStatement = this.assertion.addNewAttributeStatement();
        newInstance.setAttributeValueArray(xmlObjectArr);
        addNewAttributeStatement.setAttributeArray(new AttributeType[]{newInstance});
    }

    public void removeAttribute(int i) {
        this.assertion.removeAttributeStatement(i);
    }

    public void sign(PrivateKey privateKey) throws DSigException {
        sign(privateKey, null);
    }

    public void sign(PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws DSigException {
        DigSignatureUtil digSignatureUtil = new DigSignatureUtil();
        AssertionDocument xml = getXML();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Document parse = newInstance.newDocumentBuilder().parse(xml.newInputStream());
            NodeList childNodes = parse.getFirstChild().getChildNodes();
            Node node = null;
            int i = 0;
            while (true) {
                if (i >= childNodes.getLength()) {
                    break;
                }
                Node item = childNodes.item(i);
                if (item.getLocalName().equals("Subject")) {
                    node = item;
                    break;
                }
                i++;
            }
            digSignatureUtil.genEnvelopedSignature(privateKey, null, x509CertificateArr, parse, node);
            try {
                this.assertionDoc = AssertionDocument.Factory.parse(parse);
                this.assertion = this.assertionDoc.getAssertion();
            } catch (XmlException e) {
                throw new DSigException("Parsing signed document failed", e);
            }
        } catch (IOException e2) {
            throw new DSigException("IO Exception while parsing DOM ??", e2);
        } catch (ParserConfigurationException e3) {
            throw new DSigException("Can't configure DOM parser", e3);
        } catch (SAXException e4) {
            throw new DSigException("DOM parse exception", e4);
        }
    }

    public boolean isSigned() {
        return (this.assertionDoc.getAssertion().getSignature() == null || this.assertionDoc.getAssertion().getSignature().isNil()) ? false : true;
    }

    public boolean isCorrectlySigned(PublicKey publicKey) throws DSigException {
        if (isSigned()) {
            return new DigSignatureUtil().verifyEnvelopedSignature((Document) getXML().getDomNode(), publicKey);
        }
        return false;
    }

    public X509Certificate[] getIssuerFromSignature() {
        KeyInfoType keyInfo;
        X509DataType[] x509DataArray;
        SignatureType signature = this.assertion.getSignature();
        if (signature == null || (keyInfo = signature.getKeyInfo()) == null || (x509DataArray = keyInfo.getX509DataArray()) == null) {
            return null;
        }
        for (int i = 0; i < x509DataArray.length; i++) {
            if (x509DataArray[i].getX509CertificateArray().length > 0) {
                return Utils.deserializeCertificateChain(x509DataArray[i].getX509CertificateArray());
            }
        }
        return null;
    }

    public X509Certificate[] getSubjectFromConfirmation() {
        SubjectConfirmationType[] subjectConfirmationArray;
        SubjectConfirmationType subjectConfirmationType;
        KeyInfoType keyInfoArray;
        X509DataType[] x509DataArray;
        SubjectType subject = this.assertion.getSubject();
        if (subject == null || (subjectConfirmationArray = subject.getSubjectConfirmationArray()) == null || subjectConfirmationArray.length == 0 || (subjectConfirmationType = subjectConfirmationArray[0]) == null) {
            return null;
        }
        try {
            KeyInfoConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData();
            if (subjectConfirmationData == null || (keyInfoArray = subjectConfirmationData.getKeyInfoArray(0)) == null || (x509DataArray = keyInfoArray.getX509DataArray()) == null) {
                return null;
            }
            for (int i = 0; i < x509DataArray.length; i++) {
                if (x509DataArray[i].getX509CertificateArray().length > 0) {
                    return Utils.deserializeCertificateChain(x509DataArray[i].getX509CertificateArray());
                }
            }
            return null;
        } catch (ClassCastException e) {
            return null;
        }
    }

    public AssertionDocument getXML() {
        if (this.modified) {
            if (this.conditionsCount > 0) {
                this.assertion.setConditions(this.conditions);
            }
            this.assertionDoc.setAssertion(this.assertion);
            this.modified = false;
        }
        return this.assertionDoc;
    }

    public String getIssuer() {
        return this.issuerDN;
    }

    public String getSubject() {
        return this.subjectDN;
    }

    public int getProxyRestriction() {
        if (this.proxyRestriction == null) {
            return -1;
        }
        return this.proxyRestriction.getCount().intValue();
    }

    public Date getNotBefore() {
        Calendar notBefore = this.conditions.getNotBefore();
        if (notBefore == null) {
            return null;
        }
        return notBefore.getTime();
    }

    public Date getNotOnOrAfter() {
        Calendar notOnOrAfter = this.conditions.getNotOnOrAfter();
        if (notOnOrAfter == null) {
            return null;
        }
        return notOnOrAfter.getTime();
    }

    public ConditionAbstractType[] getCustomConditions() {
        return this.conditions.getConditionArray();
    }

    public AttributeStatementType[] getAttributes() {
        return this.assertion.getAttributeStatementArray();
    }
}
