package org.picketlink.identity.federation.core.saml.v2.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.net.URI;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.common.PicketLinkLogger;
import org.picketlink.common.PicketLinkLoggerFactory;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.IssueInstantMissingException;
import org.picketlink.common.util.StaxUtil;
import org.picketlink.config.federation.SPType;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.class */
public class AssertionUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    public static String asString(AssertionType assertionType) throws ProcessingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)).write(assertionType);
        return new String(byteArrayOutputStream.toByteArray());
    }

    public static Document asDocument(AssertionType assertionType) throws ProcessingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(byteArrayOutputStream)).write(assertionType);
        try {
            return org.picketlink.common.util.DocumentUtil.getDocument(new ByteArrayInputStream(byteArrayOutputStream.toByteArray()));
        } catch (Exception e) {
            throw logger.processingError(e);
        }
    }

    public static SAML11AssertionType createSAML11Assertion(String str, XMLGregorianCalendar xMLGregorianCalendar, String str2) {
        SAML11AssertionType sAML11AssertionType = new SAML11AssertionType(str, xMLGregorianCalendar);
        sAML11AssertionType.setIssuer(str2);
        return sAML11AssertionType;
    }

    public static AssertionType createAssertion(String str, NameIDType nameIDType) {
        try {
            AssertionType assertionType = new AssertionType(str, XMLTimeUtil.getIssueInstant());
            assertionType.setIssuer(nameIDType);
            return assertionType;
        } catch (ConfigurationException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public static SubjectType createAssertionSubject(String str) {
        SubjectType subjectType = new SubjectType();
        SubjectType.STSubType sTSubType = new SubjectType.STSubType();
        NameIDType nameIDType = new NameIDType();
        nameIDType.setValue(str);
        sTSubType.addBaseID(nameIDType);
        subjectType.setSubType(sTSubType);
        return subjectType;
    }

    public static AttributeType createAttribute(String str, String str2, Object... objArr) {
        AttributeType attributeType = new AttributeType(str);
        attributeType.setNameFormat(str2);
        if (objArr != null && objArr.length > 0) {
            for (Object obj : objArr) {
                attributeType.addAttributeValue(obj);
            }
        }
        return attributeType;
    }

    public static void createTimedConditions(AssertionType assertionType, long j) throws ConfigurationException, IssueInstantMissingException {
        XMLGregorianCalendar issueInstant = assertionType.getIssueInstant();
        if (issueInstant == null) {
            throw new IssueInstantMissingException("PL00088: Null IssueInstant");
        }
        XMLGregorianCalendar add = XMLTimeUtil.add(issueInstant, j);
        ConditionsType conditionsType = new ConditionsType();
        conditionsType.setNotBefore(issueInstant);
        conditionsType.setNotOnOrAfter(add);
        assertionType.setConditions(conditionsType);
    }

    public static void createTimedConditions(AssertionType assertionType, long j, long j2) throws ConfigurationException, IssueInstantMissingException {
        XMLGregorianCalendar issueInstant = assertionType.getIssueInstant();
        if (issueInstant == null) {
            throw logger.samlIssueInstantMissingError();
        }
        XMLGregorianCalendar add = XMLTimeUtil.add(issueInstant, j + j2);
        ConditionsType conditionsType = new ConditionsType();
        conditionsType.setNotBefore(XMLTimeUtil.subtract(issueInstant, j2));
        conditionsType.setNotOnOrAfter(add);
        assertionType.setConditions(conditionsType);
    }

    public static void createSAML11TimedConditions(SAML11AssertionType sAML11AssertionType, long j, long j2) throws ConfigurationException, IssueInstantMissingException {
        XMLGregorianCalendar issueInstant = sAML11AssertionType.getIssueInstant();
        if (issueInstant == null) {
            throw new IssueInstantMissingException("PL00088: Null IssueInstant");
        }
        XMLGregorianCalendar add = XMLTimeUtil.add(issueInstant, j + j2);
        SAML11ConditionsType sAML11ConditionsType = new SAML11ConditionsType();
        sAML11ConditionsType.setNotBefore(XMLTimeUtil.subtract(issueInstant, j2));
        sAML11ConditionsType.setNotOnOrAfter(add);
        sAML11AssertionType.setConditions(sAML11ConditionsType);
    }

    public static boolean isSignatureValid(Element element, PublicKey publicKey) {
        try {
            Document createDocument = org.picketlink.common.util.DocumentUtil.createDocument();
            createDocument.appendChild(createDocument.importNode(element, true));
            return new SAML2Signature().validate(createDocument, publicKey);
        } catch (Exception e) {
            logger.signatureAssertionValidationError(e);
            return false;
        }
    }

    public static boolean hasExpired(AssertionType assertionType) throws ConfigurationException {
        boolean z = false;
        ConditionsType conditions = assertionType.getConditions();
        if (conditions != null) {
            XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditions.getNotBefore();
            XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
            if (notBefore != null) {
                logger.trace("Assertion: " + assertionType.getID() + " ::Now=" + issueInstant.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat());
            }
            if (notOnOrAfter != null) {
                logger.trace("Assertion: " + assertionType.getID() + " ::Now=" + issueInstant.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
            }
            z = !XMLTimeUtil.isValid(issueInstant, notBefore, notOnOrAfter);
            if (z) {
                logger.samlAssertionExpired(assertionType.getID());
            }
        }
        return z;
    }

    public static boolean hasExpired(AssertionType assertionType, long j) throws ConfigurationException {
        boolean z = false;
        ConditionsType conditions = assertionType.getConditions();
        if (conditions != null) {
            XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditions.getNotBefore();
            XMLGregorianCalendar subtract = XMLTimeUtil.subtract(notBefore, j);
            XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
            XMLGregorianCalendar add = XMLTimeUtil.add(notOnOrAfter, j);
            logger.trace("Now=" + issueInstant.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
            z = !XMLTimeUtil.isValid(issueInstant, subtract, add);
            if (z) {
                logger.samlAssertionExpired(assertionType.getID());
            }
        }
        return z;
    }

    public static boolean isAudience(AssertionType assertionType, SPType sPType) {
        List<ConditionAbstractType> conditions;
        ConditionsType conditions2 = assertionType.getConditions();
        if (conditions2 == null || (conditions = conditions2.getConditions()) == null) {
            return true;
        }
        for (ConditionAbstractType conditionAbstractType : conditions) {
            if (AudienceRestrictionType.class.isInstance(conditionAbstractType)) {
                List<URI> audience = ((AudienceRestrictionType) conditionAbstractType).getAudience();
                if (audience != null) {
                    Iterator<URI> it = audience.iterator();
                    while (it.hasNext()) {
                        String uri = it.next().toString();
                        if (uri.startsWith(sPType.getServiceURL()) || uri.equals(sPType.getEntityId())) {
                            return true;
                        }
                    }
                }
                String str = sPType.getEntityId() != null ? " or " + sPType.getEntityId() : "";
                logger.warn("Assertion [" + assertionType.getID() + "] does not contain [" + sPType.getServiceURL() + str + "] in audience list [" + audience + "]. Expected audience is [" + sPType.getServiceURL() + str + "].");
                return false;
            }
        }
        return true;
    }

    public static boolean hasExpired(SAML11AssertionType sAML11AssertionType) throws ConfigurationException {
        boolean z = false;
        SAML11ConditionsType conditions = sAML11AssertionType.getConditions();
        if (conditions != null) {
            XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditions.getNotBefore();
            XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
            logger.trace("Now=" + issueInstant.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
            z = !XMLTimeUtil.isValid(issueInstant, notBefore, notOnOrAfter);
            if (z) {
                logger.samlAssertionExpired(sAML11AssertionType.getID());
            }
        }
        return z;
    }

    public static boolean hasExpired(SAML11AssertionType sAML11AssertionType, long j) throws ConfigurationException {
        boolean z = false;
        SAML11ConditionsType conditions = sAML11AssertionType.getConditions();
        if (conditions != null) {
            XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
            XMLGregorianCalendar notBefore = conditions.getNotBefore();
            XMLGregorianCalendar subtract = XMLTimeUtil.subtract(notBefore, j);
            XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
            XMLGregorianCalendar add = XMLTimeUtil.add(notOnOrAfter, j);
            logger.trace("Now=" + issueInstant.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + " ::notOnOrAfter=" + notOnOrAfter);
            z = !XMLTimeUtil.isValid(issueInstant, subtract, add);
            if (z) {
                logger.samlAssertionExpired(sAML11AssertionType.getID());
            }
        }
        return z;
    }

    public static XMLGregorianCalendar getExpiration(AssertionType assertionType) {
        XMLGregorianCalendar xMLGregorianCalendar = null;
        ConditionsType conditions = assertionType.getConditions();
        if (conditions != null) {
            xMLGregorianCalendar = conditions.getNotOnOrAfter();
        }
        return xMLGregorianCalendar;
    }

    public static List<String> getRoles(AssertionType assertionType, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (StatementAbstractType statementAbstractType : assertionType.getStatements()) {
            if (statementAbstractType instanceof AttributeStatementType) {
                Iterator<AttributeStatementType.ASTChoiceType> it = ((AttributeStatementType) statementAbstractType).getAttributes().iterator();
                while (it.hasNext()) {
                    AttributeType attribute = it.next().getAttribute();
                    if (list == null || list.size() <= 0 || list.contains(attribute.getName())) {
                        List<Object> attributeValue = attribute.getAttributeValue();
                        if (attributeValue != null) {
                            for (Object obj : attributeValue) {
                                if (obj instanceof String) {
                                    arrayList.add((String) obj);
                                } else {
                                    if (!(obj instanceof Node)) {
                                        throw logger.unknownObjectType(obj);
                                    }
                                    arrayList.add(((Node) obj).getFirstChild().getNodeValue());
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    public static List<String> getRoles(SAML11AssertionType sAML11AssertionType, List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (SAML11StatementAbstractType sAML11StatementAbstractType : sAML11AssertionType.getStatements()) {
            if (sAML11StatementAbstractType instanceof SAML11AttributeStatementType) {
                for (SAML11AttributeType sAML11AttributeType : ((SAML11AttributeStatementType) sAML11StatementAbstractType).get()) {
                    if (list == null || list.size() <= 0 || list.contains(sAML11AttributeType.getAttributeName())) {
                        List<Object> list2 = sAML11AttributeType.get();
                        if (list2 != null) {
                            for (Object obj : list2) {
                                if (obj instanceof String) {
                                    arrayList.add((String) obj);
                                } else {
                                    if (!(obj instanceof Node)) {
                                        throw logger.unknownObjectType(obj);
                                    }
                                    arrayList.add(((Node) obj).getFirstChild().getNodeValue());
                                }
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
        }
        return arrayList;
    }
}
