package eu.unicore.samly2.assertion;

import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.SAMLUtils;
import eu.unicore.samly2.elements.SAMLAttribute;
import eu.unicore.samly2.trust.SamlTrustChecker;
import eu.unicore.security.canl.TrustedIssuersProperties;
import eu.unicore.security.dsig.DSigException;
import eu.unicore.security.dsig.DigSignatureUtil;
import java.io.Serializable;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import javax.xml.namespace.QName;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.apache.xmlbeans.XmlObject;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.assertion.AuthnContextType;
import xmlbeans.org.oasis.saml2.assertion.AuthnStatementType;
import xmlbeans.org.oasis.saml2.assertion.ConditionAbstractType;
import xmlbeans.org.oasis.saml2.assertion.ConditionsType;
import xmlbeans.org.oasis.saml2.assertion.KeyInfoConfirmationDataType;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.assertion.SubjectConfirmationType;
import xmlbeans.org.oasis.saml2.assertion.SubjectLocalityType;
import xmlbeans.org.oasis.saml2.assertion.SubjectType;
import xmlbeans.org.w3.x2000.x09.xmldsig.KeyInfoType;

/* loaded from: input_file:eu/unicore/samly2/assertion/Assertion.class */
public class Assertion extends AssertionParser implements Serializable {
    private static final long serialVersionUID = 1;
    private static String ID_PREFIX = "SAMLY2lib_assert_";

    public Assertion() {
        this.assertionDoc = AssertionDocument.Factory.newInstance();
        AssertionType addNewAssertion = this.assertionDoc.addNewAssertion();
        addNewAssertion.setVersion(SAMLConstants.SAML2_VERSION);
        addNewAssertion.setIssueInstant(Calendar.getInstance());
        addNewAssertion.setID(SAMLUtils.genID(ID_PREFIX));
    }

    public Assertion(AssertionDocument assertionDocument) {
        super(assertionDocument);
    }

    public void setX509Issuer(String str) {
        String portableRFC2253Form = X500NameUtils.getPortableRFC2253Form(str);
        NameIDType newInstance = NameIDType.Factory.newInstance();
        newInstance.setFormat(SAMLConstants.NFORMAT_DN);
        newInstance.setStringValue(portableRFC2253Form);
        this.assertionDoc.getAssertion().setIssuer(newInstance);
    }

    public void setIssuer(String str, String str2) {
        NameIDType newInstance = NameIDType.Factory.newInstance();
        newInstance.setStringValue(str);
        newInstance.setFormat(str2);
        this.assertionDoc.getAssertion().setIssuer(newInstance);
    }

    public void setX509Subject(String str) {
        String portableRFC2253Form = X500NameUtils.getPortableRFC2253Form(str);
        NameIDType newInstance = NameIDType.Factory.newInstance();
        newInstance.setFormat(SAMLConstants.NFORMAT_DN);
        newInstance.setStringValue(portableRFC2253Form);
        SubjectType newInstance2 = SubjectType.Factory.newInstance();
        newInstance2.setNameID(newInstance);
        this.assertionDoc.getAssertion().setSubject(newInstance2);
    }

    public void setSubject(NameIDType nameIDType) {
        SubjectType newInstance = SubjectType.Factory.newInstance();
        newInstance.setNameID(nameIDType);
        this.assertionDoc.getAssertion().setSubject(newInstance);
    }

    public void setSubject(SubjectType subjectType) {
        if (this.assertionDoc.getAssertion().isSetSubject()) {
            this.assertionDoc.getAssertion().unsetSubject();
        }
        SubjectType addNewSubject = this.assertionDoc.getAssertion().addNewSubject();
        if (subjectType.isSetNameID()) {
            addNewSubject.setNameID(subjectType.getNameID());
        }
        if (subjectType.isSetEncryptedID()) {
            addNewSubject.setEncryptedID(subjectType.getEncryptedID());
        }
        if (subjectType.isSetBaseID()) {
            addNewSubject.setBaseID(subjectType.getBaseID());
        }
        if (subjectType.sizeOfSubjectConfirmationArray() > 0) {
            addNewSubject.setSubjectConfirmationArray(subjectType.getSubjectConfirmationArray());
        }
    }

    public void setHolderOfKeyConfirmation(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        setConfirmation(x509CertificateArr, SAMLConstants.CONFIRMATION_HOLDER_OF_KEY);
    }

    public void setSenderVouchesX509Confirmation(X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        setConfirmation(x509CertificateArr, SAMLConstants.CONFIRMATION_SENDER_VOUCHES);
    }

    private void setConfirmation(X509Certificate[] x509CertificateArr, String str) throws CertificateEncodingException {
        SubjectConfirmationType addNewSubjectConfirmation = this.assertionDoc.getAssertion().getSubject().addNewSubjectConfirmation();
        addNewSubjectConfirmation.setMethod(str);
        KeyInfoConfirmationDataType newInstance = KeyInfoConfirmationDataType.Factory.newInstance();
        newInstance.setKeyInfoArray(new KeyInfoType[]{DigSignatureUtil.generateX509KeyInfo(x509CertificateArr)});
        addNewSubjectConfirmation.setSubjectConfirmationData(newInstance);
    }

    public void updateIssueTime() {
        this.assertionDoc.getAssertion().setIssueInstant(Calendar.getInstance());
    }

    protected ConditionsType getOrCreateConditions() {
        ConditionsType conditions = this.assertionDoc.getAssertion().getConditions();
        return conditions == null ? this.assertionDoc.getAssertion().addNewConditions() : conditions;
    }

    public void setTimeConditions(Date date, Date date2) {
        Calendar calendar = Calendar.getInstance();
        ConditionsType orCreateConditions = getOrCreateConditions();
        if (date != null) {
            calendar.setTime(date);
            orCreateConditions.setNotBefore(calendar);
        } else if (orCreateConditions.isSetNotBefore()) {
            orCreateConditions.unsetNotBefore();
        }
        if (date2 != null) {
            calendar.setTime(date2);
            orCreateConditions.setNotOnOrAfter(calendar);
        } else if (orCreateConditions.isSetNotOnOrAfter()) {
            orCreateConditions.unsetNotOnOrAfter();
        }
    }

    public void setProxyRestriction(int i) {
        ConditionsType orCreateConditions = getOrCreateConditions();
        if (i > 0) {
            if (orCreateConditions.sizeOfProxyRestrictionArray() == 0) {
                orCreateConditions.addNewProxyRestriction();
            }
            orCreateConditions.getProxyRestrictionArray(0).setCount(BigInteger.valueOf(i));
        } else if (orCreateConditions.sizeOfProxyRestrictionArray() > 0) {
            orCreateConditions.removeProxyRestriction(0);
        }
    }

    public void setAudienceRestriction(String[] strArr) {
        ConditionsType orCreateConditions = getOrCreateConditions();
        if (strArr != null) {
            if (orCreateConditions.sizeOfAudienceRestrictionArray() == 0) {
                orCreateConditions.addNewAudienceRestriction();
            }
            orCreateConditions.getAudienceRestrictionArray(0).setAudienceArray(strArr);
        } else if (orCreateConditions.sizeOfAudienceRestrictionArray() != 0) {
            orCreateConditions.removeAudienceRestriction(0);
        }
    }

    public void addCustomCondition(XmlObject xmlObject) {
        ConditionAbstractType addNewCondition = getOrCreateConditions().addNewCondition();
        addNewCondition.set(xmlObject);
        XmlCursor newCursor = addNewCondition.newCursor();
        newCursor.toNextToken();
        QName name = xmlObject.schemaType().getName();
        if (name == null) {
            name = xmlObject.schemaType().getDocumentElementName();
        }
        String prefixForNamespace = newCursor.prefixForNamespace(name.getNamespaceURI());
        newCursor.insertNamespace(prefixForNamespace, name.getNamespaceURI());
        newCursor.insertAttributeWithValue(TrustedIssuersProperties.PROP_TYPE, "http://www.w3.org/2001/XMLSchema-instance", prefixForNamespace + ":" + name.getLocalPart());
        newCursor.dispose();
    }

    public void sign(PrivateKey privateKey) throws DSigException {
        sign(privateKey, null);
    }

    public void sign(PrivateKey privateKey, X509Certificate[] x509CertificateArr) throws DSigException {
        DigSignatureUtil digSignatureUtil = new DigSignatureUtil();
        Document dom = SAMLUtils.getDOM(getXMLBeanDoc());
        NodeList childNodes = dom.getFirstChild().getChildNodes();
        Node node = null;
        int i = 0;
        while (true) {
            if (i >= childNodes.getLength()) {
                break;
            }
            Node item = childNodes.item(i);
            if (item.getLocalName() != null && item.getLocalName().equals("Subject")) {
                node = item;
                break;
            }
            i++;
        }
        digSignatureUtil.genEnvelopedSignature(privateKey, null, x509CertificateArr, dom, node, SamlTrustChecker.ASSERTION_ID_QNAME);
        try {
            this.assertionDoc = AssertionDocument.Factory.parse(dom);
        } catch (XmlException e) {
            throw new DSigException("Parsing signed document failed", e);
        }
    }

    public void addAttribute(SAMLAttribute sAMLAttribute) {
        addAttribute(sAMLAttribute.getXBean());
    }

    public void addAttribute(AttributeType attributeType) {
        if (this.assertionDoc.getAssertion().getAttributeStatementArray() == null || this.assertionDoc.getAssertion().getAttributeStatementArray().length == 0) {
            this.assertionDoc.getAssertion().addNewAttributeStatement();
        }
        this.assertionDoc.getAssertion().getAttributeStatementArray(0).addNewAttribute().set(attributeType);
    }

    public void addAuthStatement(Calendar calendar, AuthnContextType authnContextType, String str, Calendar calendar2, SubjectLocalityType subjectLocalityType) {
        if (this.assertionDoc.getAssertion().getAuthnStatementArray() == null || this.assertionDoc.getAssertion().getAuthnStatementArray().length == 0) {
            this.assertionDoc.getAssertion().addNewAuthnStatement();
        }
        AuthnStatementType authnStatementArray = this.assertionDoc.getAssertion().getAuthnStatementArray(0);
        authnStatementArray.setAuthnInstant(calendar);
        authnStatementArray.setAuthnContext(authnContextType);
        if (str != null) {
            authnStatementArray.setSessionIndex(str);
        }
        if (calendar2 != null) {
            authnStatementArray.setSessionNotOnOrAfter(calendar2);
        }
        if (subjectLocalityType != null) {
            authnStatementArray.setSubjectLocality(subjectLocalityType);
        }
    }

    public void addAuthStatement(Calendar calendar, AuthnContextType authnContextType) {
        addAuthStatement(calendar, authnContextType, null, null, null);
    }
}
