package org.apache.wss4j.common.saml.builder;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.bean.ActionBean;
import org.apache.wss4j.common.saml.bean.AttributeBean;
import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.bean.KeyInfoBean;
import org.apache.wss4j.common.saml.bean.SubjectBean;
import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml1.core.Action;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.Audience;
import org.opensaml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AuthorizationDecisionStatement;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.DecisionTypeEnumeration;
import org.opensaml.saml1.core.Evidence;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectLocality;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.KeyInfo;

/* loaded from: input_file:org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.class */
public final class SAML1ComponentBuilder {
    private static volatile SAMLObjectBuilder<Assertion> assertionV1Builder;
    private static volatile SAMLObjectBuilder<Conditions> conditionsV1Builder;
    private static volatile SAMLObjectBuilder<AudienceRestrictionCondition> audienceRestrictionV1Builder;
    private static volatile SAMLObjectBuilder<Audience> audienceV1Builder;
    private static volatile SAMLObjectBuilder<AuthenticationStatement> authenticationStatementV1Builder;
    private static volatile SAMLObjectBuilder<Subject> subjectV1Builder;
    private static volatile SAMLObjectBuilder<NameIdentifier> nameIdentifierV1Builder;
    private static volatile SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationV1Builder;
    private static volatile SAMLObjectBuilder<ConfirmationMethod> confirmationMethodV1Builder;
    private static volatile SAMLObjectBuilder<AttributeStatement> attributeStatementV1Builder;
    private static volatile SAMLObjectBuilder<Attribute> attributeV1Builder;
    private static volatile XSStringBuilder stringBuilder;
    private static volatile SAMLObjectBuilder<AuthorizationDecisionStatement> authorizationDecisionStatementV1Builder;
    private static volatile SAMLObjectBuilder<Action> actionElementV1Builder;
    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    private static volatile SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;

    private SAML1ComponentBuilder() {
    }

    public static Assertion createSamlv1Assertion(String str) {
        if (assertionV1Builder == null) {
            assertionV1Builder = builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
            if (assertionV1Builder == null) {
                throw new IllegalStateException("OpenSaml engine not initialized. Please make sure to initialize the OpenSaml engine prior using it");
            }
        }
        Assertion buildObject = assertionV1Builder.buildObject(Assertion.DEFAULT_ELEMENT_NAME, Assertion.TYPE_NAME);
        buildObject.setVersion(SAMLVersion.VERSION_11);
        buildObject.setIssuer(str);
        buildObject.setIssueInstant(new DateTime());
        buildObject.setID(IDGenerator.generateID("_"));
        return buildObject;
    }

    public static Subject createSaml1v1Subject(SubjectBean subjectBean) throws SecurityException, WSSecurityException {
        if (subjectV1Builder == null) {
            subjectV1Builder = builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
        }
        if (nameIdentifierV1Builder == null) {
            nameIdentifierV1Builder = builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
        }
        if (subjectConfirmationV1Builder == null) {
            subjectConfirmationV1Builder = builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        }
        if (confirmationMethodV1Builder == null) {
            confirmationMethodV1Builder = builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
        }
        Subject buildObject = subjectV1Builder.buildObject();
        NameIdentifier buildObject2 = nameIdentifierV1Builder.buildObject();
        SubjectConfirmation buildObject3 = subjectConfirmationV1Builder.buildObject();
        ConfirmationMethod buildObject4 = confirmationMethodV1Builder.buildObject();
        buildObject2.setNameQualifier(subjectBean.getSubjectNameQualifier());
        buildObject2.setNameIdentifier(subjectBean.getSubjectName());
        buildObject2.setFormat(subjectBean.getSubjectNameIDFormat());
        String subjectConfirmationMethod = subjectBean.getSubjectConfirmationMethod();
        if (subjectConfirmationMethod == null) {
            subjectConfirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
        }
        buildObject4.setConfirmationMethod(subjectConfirmationMethod);
        buildObject3.getConfirmationMethods().add(buildObject4);
        if (subjectBean.getKeyInfo() != null) {
            buildObject3.setKeyInfo(createKeyInfo(subjectBean.getKeyInfo()));
        }
        buildObject.setNameIdentifier(buildObject2);
        buildObject.setSubjectConfirmation(buildObject3);
        return buildObject;
    }

    public static KeyInfo createKeyInfo(KeyInfoBean keyInfoBean) throws SecurityException, WSSecurityException {
        if (keyInfoBean.getElement() != null) {
            return OpenSAMLUtil.fromDom(keyInfoBean.getElement());
        }
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        if (keyInfoBean.getCertificate() != null) {
            basicX509Credential.setEntityCertificate(keyInfoBean.getCertificate());
        } else if (keyInfoBean.getPublicKey() != null) {
            basicX509Credential.setPublicKey(keyInfoBean.getPublicKey());
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        switch (keyInfoBean.getCertIdentifer()) {
            case X509_CERT:
                x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
                break;
            case KEY_VALUE:
                x509KeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
                break;
            case X509_ISSUER_SERIAL:
                x509KeyInfoGeneratorFactory.setEmitX509IssuerSerial(true);
                break;
        }
        return x509KeyInfoGeneratorFactory.newInstance().generate(basicX509Credential);
    }

    public static Conditions createSamlv1Conditions(ConditionsBean conditionsBean) {
        if (conditionsV1Builder == null) {
            conditionsV1Builder = builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
        }
        Conditions buildObject = conditionsV1Builder.buildObject();
        if (conditionsBean == null) {
            DateTime dateTime = new DateTime();
            buildObject.setNotBefore(dateTime);
            buildObject.setNotOnOrAfter(dateTime.plusMinutes(5));
            return buildObject;
        }
        int tokenPeriodMinutes = conditionsBean.getTokenPeriodMinutes();
        DateTime notBefore = conditionsBean.getNotBefore();
        DateTime notAfter = conditionsBean.getNotAfter();
        if (notBefore == null || notAfter == null) {
            DateTime dateTime2 = new DateTime();
            buildObject.setNotBefore(dateTime2);
            if (tokenPeriodMinutes <= 0) {
                tokenPeriodMinutes = 5;
            }
            buildObject.setNotOnOrAfter(dateTime2.plusMinutes(tokenPeriodMinutes));
        } else {
            if (notBefore.isAfter(notAfter)) {
                throw new IllegalStateException("The value of notBefore may not be after the value of notAfter");
            }
            buildObject.setNotBefore(notBefore);
            buildObject.setNotOnOrAfter(notAfter);
        }
        if (conditionsBean.getAudienceURI() != null) {
            buildObject.getAudienceRestrictionConditions().add(createSamlv1AudienceRestriction(conditionsBean.getAudienceURI()));
        }
        return buildObject;
    }

    public static AudienceRestrictionCondition createSamlv1AudienceRestriction(String str) {
        if (audienceRestrictionV1Builder == null) {
            audienceRestrictionV1Builder = builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
        }
        if (audienceV1Builder == null) {
            audienceV1Builder = builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME);
        }
        AudienceRestrictionCondition buildObject = audienceRestrictionV1Builder.buildObject();
        Audience buildObject2 = audienceV1Builder.buildObject();
        buildObject2.setUri(str);
        buildObject.getAudiences().add(buildObject2);
        return buildObject;
    }

    public static List<AuthenticationStatement> createSamlv1AuthenticationStatement(List<AuthenticationStatementBean> list) throws SecurityException, WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (authenticationStatementV1Builder == null) {
            authenticationStatementV1Builder = builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        }
        if (subjectLocalityBuilder == null) {
            subjectLocalityBuilder = builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
        }
        if (list != null && list.size() > 0) {
            for (AuthenticationStatementBean authenticationStatementBean : list) {
                AuthenticationStatement buildObject = authenticationStatementV1Builder.buildObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME, AuthenticationStatement.TYPE_NAME);
                buildObject.setSubject(createSaml1v1Subject(authenticationStatementBean.getSubject()));
                if (authenticationStatementBean.getAuthenticationInstant() != null) {
                    buildObject.setAuthenticationInstant(authenticationStatementBean.getAuthenticationInstant());
                } else {
                    buildObject.setAuthenticationInstant(new DateTime());
                }
                buildObject.setAuthenticationMethod(transformAuthenticationMethod(authenticationStatementBean.getAuthenticationMethod()));
                SubjectLocalityBean subjectLocality = authenticationStatementBean.getSubjectLocality();
                if (subjectLocality != null) {
                    SubjectLocality buildObject2 = subjectLocalityBuilder.buildObject();
                    buildObject2.setDNSAddress(subjectLocality.getDnsAddress());
                    buildObject2.setIPAddress(subjectLocality.getIpAddress());
                    buildObject.setSubjectLocality(buildObject2);
                }
                arrayList.add(buildObject);
            }
        }
        return arrayList;
    }

    private static String transformAuthenticationMethod(String str) {
        String str2 = "";
        if ("Password".equals(str)) {
            str2 = SAML1Constants.AUTH_METHOD_PASSWORD;
        } else if (str != null && !"".equals(str)) {
            return str;
        }
        return str2;
    }

    public static List<AttributeStatement> createSamlv1AttributeStatement(List<AttributeStatementBean> list) throws SecurityException, WSSecurityException {
        if (attributeStatementV1Builder == null) {
            attributeStatementV1Builder = builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
        }
        ArrayList arrayList = new ArrayList();
        if (list != null && list.size() > 0) {
            for (AttributeStatementBean attributeStatementBean : list) {
                AttributeStatement buildObject = attributeStatementV1Builder.buildObject();
                buildObject.setSubject(createSaml1v1Subject(attributeStatementBean.getSubject()));
                for (AttributeBean attributeBean : attributeStatementBean.getSamlAttributes()) {
                    buildObject.getAttributes().add(createSamlv1Attribute(attributeBean.getSimpleName(), attributeBean.getQualifiedName(), attributeBean.getAttributeValues()));
                }
                arrayList.add(buildObject);
            }
        }
        return arrayList;
    }

    public static Attribute createSamlv1Attribute(String str, String str2, List<Object> list) {
        if (attributeV1Builder == null) {
            attributeV1Builder = builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
        }
        if (stringBuilder == null) {
            stringBuilder = builderFactory.getBuilder(XSString.TYPE_NAME);
        }
        Attribute buildObject = attributeV1Builder.buildObject();
        buildObject.setAttributeName(str);
        buildObject.setAttributeNamespace(str2);
        for (Object obj : list) {
            if (obj instanceof String) {
                XSString buildObject2 = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                buildObject2.setValue((String) obj);
                buildObject.getAttributeValues().add(buildObject2);
            } else if (obj instanceof XMLObject) {
                buildObject.getAttributeValues().add((XMLObject) obj);
            }
        }
        return buildObject;
    }

    public static List<AuthorizationDecisionStatement> createSamlv1AuthorizationDecisionStatement(List<AuthDecisionStatementBean> list) throws SecurityException, WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (authorizationDecisionStatementV1Builder == null) {
            authorizationDecisionStatementV1Builder = builderFactory.getBuilder(AuthorizationDecisionStatement.DEFAULT_ELEMENT_NAME);
        }
        if (list != null && list.size() > 0) {
            for (AuthDecisionStatementBean authDecisionStatementBean : list) {
                AuthorizationDecisionStatement buildObject = authorizationDecisionStatementV1Builder.buildObject();
                buildObject.setSubject(createSaml1v1Subject(authDecisionStatementBean.getSubject()));
                buildObject.setResource(authDecisionStatementBean.getResource());
                buildObject.setDecision(transformDecisionType(authDecisionStatementBean.getDecision()));
                Iterator<ActionBean> it = authDecisionStatementBean.getActions().iterator();
                while (it.hasNext()) {
                    buildObject.getActions().add(createSamlv1Action(it.next()));
                }
                if (authDecisionStatementBean.getEvidence() instanceof Evidence) {
                    buildObject.setEvidence((Evidence) authDecisionStatementBean.getEvidence());
                }
                arrayList.add(buildObject);
            }
        }
        return arrayList;
    }

    public static Action createSamlv1Action(ActionBean actionBean) {
        if (actionElementV1Builder == null) {
            actionElementV1Builder = builderFactory.getBuilder(Action.DEFAULT_ELEMENT_NAME);
        }
        Action buildObject = actionElementV1Builder.buildObject();
        buildObject.setNamespace(actionBean.getActionNamespace());
        buildObject.setContents(actionBean.getContents());
        return buildObject;
    }

    private static DecisionTypeEnumeration transformDecisionType(AuthDecisionStatementBean.Decision decision) {
        DecisionTypeEnumeration decisionTypeEnumeration = DecisionTypeEnumeration.DENY;
        if (decision.equals(AuthDecisionStatementBean.Decision.PERMIT)) {
            decisionTypeEnumeration = DecisionTypeEnumeration.PERMIT;
        } else if (decision.equals(AuthDecisionStatementBean.Decision.INDETERMINATE)) {
            decisionTypeEnumeration = DecisionTypeEnumeration.INDETERMINATE;
        }
        return decisionTypeEnumeration;
    }
}
