package eu.unicore.security.wsutil.samlclient;

import eu.unicore.samly2.assertion.AttributeAssertionParser;
import eu.unicore.samly2.elements.NameID;
import eu.unicore.samly2.elements.SAMLAttribute;
import eu.unicore.samly2.elements.Subject;
import eu.unicore.samly2.exceptions.SAMLResponderException;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.samly2.proto.AttributeQuery;
import eu.unicore.samly2.trust.PKISamlTrustChecker;
import eu.unicore.samly2.validators.AssertionValidator;
import eu.unicore.samly2.validators.AttributeAssertionResponseValidator;
import eu.unicore.samly2.webservice.SAMLQueryInterface;
import eu.unicore.util.httpclient.IClientConfiguration;
import java.net.MalformedURLException;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.xml.ws.soap.SOAPFaultException;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.NameIDType;
import xmlbeans.org.oasis.saml2.protocol.AttributeQueryDocument;
import xmlbeans.org.oasis.saml2.protocol.ResponseDocument;

/* loaded from: input_file:eu/unicore/security/wsutil/samlclient/SAMLAttributeQueryClient.class */
public class SAMLAttributeQueryClient extends AbstractSAMLClient {
    private SAMLQueryInterface queryProxy;

    public SAMLAttributeQueryClient(String str, IClientConfiguration iClientConfiguration) throws MalformedURLException {
        super(str, iClientConfiguration, new PKISamlTrustChecker(iClientConfiguration.getValidator(), true));
        this.queryProxy = (SAMLQueryInterface) this.factory.createPlainWSProxy(SAMLQueryInterface.class, str);
    }

    public AttributeAssertionParser getAssertion(NameID nameID, NameID nameID2) throws SAMLValidationException {
        return getAssertionGeneric(nameID, nameID2, null);
    }

    public AttributeAssertionParser getAssertion(NameID nameID, NameID nameID2, SAMLAttribute sAMLAttribute) throws SAMLValidationException {
        return getAssertionGeneric(nameID, nameID2, Collections.singleton(sAMLAttribute));
    }

    public AttributeAssertionParser getAssertion(NameID nameID, NameID nameID2, Set<SAMLAttribute> set) throws SAMLValidationException {
        return getAssertionGeneric(nameID, nameID2, set);
    }

    protected AttributeAssertionParser getAssertionGeneric(NameID nameID, NameID nameID2, Set<SAMLAttribute> set) throws SAMLValidationException {
        AttributeQuery createQuery = createQuery(nameID, nameID2);
        if (set != null && set.size() > 0) {
            createQuery.setAttributes((SAMLAttribute[]) set.toArray(new SAMLAttribute[set.size()]));
        }
        return performSAMLQuery(createQuery);
    }

    protected AttributeAssertionParser performSAMLQuery(AttributeQuery attributeQuery) throws SAMLValidationException {
        try {
            ResponseDocument attributeQuery2 = this.queryProxy.attributeQuery((AttributeQueryDocument) attributeQuery.getXMLBeanDoc());
            AttributeAssertionResponseValidator attributeAssertionResponseValidator = new AttributeAssertionResponseValidator(null, null, null, AssertionValidator.DEFAULT_VALIDITY_GRACE_PERIOD, this.trustChecker, attributeQuery.getXMLBean().getSubject().getNameID());
            attributeAssertionResponseValidator.validate(attributeQuery2);
            List<AssertionDocument> attributeAssertions = attributeAssertionResponseValidator.getAttributeAssertions();
            if (attributeAssertions.size() == 0) {
                return null;
            }
            if (attributeAssertions.size() > 1) {
                throw new SAMLValidationException("More than one assertion was returned. It is OK,however this implementation supports only responses with a single assertion.");
            }
            return new AttributeAssertionParser(attributeAssertions.get(0));
        } catch (SOAPFaultException e) {
            throw new SAMLResponderException("SAML service invocation failed: " + e.getMessage(), (Throwable) e);
        }
    }

    protected AttributeQuery createQuery(NameID nameID, NameID nameID2) throws SAMLValidationException {
        NameIDType xBean = nameID.getXBean();
        Subject subject = new Subject(xBean.getStringValue(), xBean.getFormat());
        if (nameID2 == null) {
            nameID2 = getLocalIssuer();
        }
        if (nameID2 == null) {
            throw new SAMLValidationException("No SAML issuer was given and it is not possible to generate one as local credential is missing.");
        }
        return new AttributeQuery(nameID2.getXBean(), subject.getXBean());
    }
}
