package pl.edu.icm.unicore.security.consignor;

import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import org.apache.xml.security.utils.RFC2253Parser;
import pl.edu.icm.unicore.saml.SAMLConstants;
import pl.edu.icm.unicore.security.ValidationResult;
import pl.edu.icm.unicore.security.dsig.DSigException;

/* loaded from: input_file:pl/edu/icm/unicore/security/consignor/ConsignorImpl.class */
public class ConsignorImpl implements ConsignorAPI {
    @Override // pl.edu.icm.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, SAMLConstants.AuthNClasses authNClasses) throws DSigException {
        ConsignorAssertion consignorAssertion = new ConsignorAssertion();
        consignorAssertion.setX509Issuer(str);
        if (x509CertificateArr != null) {
            consignorAssertion.setX509Subject(x509CertificateArr[0].getSubjectX500Principal().getName());
            try {
                consignorAssertion.setSenderVouchesX509Confirmation(x509CertificateArr);
            } catch (CertificateEncodingException e) {
                throw new DSigException(e);
            }
        }
        if (authNClasses.equals(SAMLConstants.AuthNClasses.NONE) || authNClasses.equals(SAMLConstants.AuthNClasses.TLS)) {
        }
        Date date = null;
        Date date2 = null;
        if (i >= 0) {
            Calendar calendar = Calendar.getInstance();
            calendar.add(13, -i);
            date = calendar.getTime();
        }
        if (i2 >= 0) {
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(13, i2);
            date2 = calendar2.getTime();
        }
        if (date != null || date2 != null) {
            consignorAssertion.setTimeConditions(date, date2);
        }
        if (privateKey != null) {
            consignorAssertion.sign(privateKey);
        }
        return consignorAssertion;
    }

    @Override // pl.edu.icm.unicore.security.consignor.ConsignorAPI
    public ValidationResult verifyConsignorToken(ConsignorAssertion consignorAssertion, X509Certificate x509Certificate) {
        if (!consignorAssertion.getIssuer().equals(RFC2253Parser.rfc2253toXMLdsig(x509Certificate.getSubjectX500Principal().getName()))) {
            return new ValidationResult(false, "Wrong issuer");
        }
        if (!consignorAssertion.checkTimeConditions()) {
            return new ValidationResult(false, "Lifetime conditions are not met");
        }
        try {
            return (!consignorAssertion.isSigned() || consignorAssertion.isCorrectlySigned(x509Certificate.getPublicKey())) ? new ValidationResult(true, "OK") : new ValidationResult(false, "Signature is invalid");
        } catch (DSigException e) {
            return new ValidationResult(false, e.getMessage());
        }
    }

    @Override // pl.edu.icm.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, X509Certificate[] x509CertificateArr, SAMLConstants.AuthNClasses authNClasses) {
        try {
            return generateConsignorToken(str, x509CertificateArr, null, -1, -1, authNClasses);
        } catch (DSigException e) {
            return null;
        }
    }

    @Override // pl.edu.icm.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, int i, int i2, PrivateKey privateKey) throws DSigException {
        return generateConsignorToken(str, null, privateKey, i, i2, SAMLConstants.AuthNClasses.NONE);
    }

    @Override // pl.edu.icm.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str) {
        try {
            return generateConsignorToken(str, null, null, -1, -1, SAMLConstants.AuthNClasses.NONE);
        } catch (DSigException e) {
            return null;
        }
    }
}
