package com.sun.identity.wss.security;

import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectLocality;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.shared.StringUtils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.wss.sts.config.FAMSTSConfiguration;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/wss/security/SAML11AssertionValidator.class */
public class SAML11AssertionValidator {
    private static Debug debug = WSSUtils.debug;
    private FAMSTSConfiguration stsConfig;
    private Map<String, String> attributeMap = new HashMap();
    private String subjectName = null;
    private X509Certificate cert = null;

    public SAML11AssertionValidator(Element element, FAMSTSConfiguration fAMSTSConfiguration) throws SecurityException {
        this.stsConfig = null;
        debug.message("SAML11AssertionValidator.constructor..");
        this.stsConfig = fAMSTSConfiguration;
        if (fAMSTSConfiguration == null) {
            throw new SecurityException(WSSUtils.bundle.getString("nullConfig"));
        }
        try {
            Assertion assertion = new Assertion(element);
            if (!assertion.isSigned()) {
                throw new SecurityException(WSSUtils.bundle.getString("assertionNotSigned"));
            }
            String issuer = assertion.getIssuer();
            if (issuer == null) {
                throw new SecurityException(WSSUtils.bundle.getString("nullIssuer"));
            }
            Set trustedIssuers = fAMSTSConfiguration.getTrustedIssuers();
            String str = null;
            boolean z = false;
            if (trustedIssuers != null && !trustedIssuers.isEmpty()) {
                Iterator it = trustedIssuers.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    String str2 = (String) it.next();
                    if (str2.length() > 0) {
                        int indexOf = str2.indexOf(":");
                        if (indexOf == -1) {
                            throw new SecurityException(WSSUtils.bundle.getString("issuerOrAliasNull"));
                        }
                        str = str2.substring(0, indexOf).trim();
                        if (str.length() > 0) {
                            String trim = str2.substring(indexOf + 1).trim();
                            if (trim.length() > 0 && issuer.equals(trim)) {
                                z = true;
                                break;
                            }
                        } else {
                            continue;
                        }
                    }
                }
            }
            if (!z) {
                throw new SecurityException(WSSUtils.bundle.getString("issuerNotTrusted"));
            }
            try {
                XMLSignatureManager xMLSignatureManager = WSSUtils.getXMLSignatureManager();
                Document newDocument = XMLUtils.newDocument();
                newDocument.appendChild(newDocument.importNode(element, true));
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("SAML11AssertionValidator: Assertion to be verified" + XMLUtils.print(element));
                }
                if (!xMLSignatureManager.verifyXMLSignature(newDocument, str)) {
                    if (WSSUtils.debug.messageEnabled()) {
                        WSSUtils.debug.message("SAML11AssertionValidator: Signature verification for the assertion failed");
                    }
                    throw new SecurityException(WSSUtils.bundle.getString("assertionSigNotVerified"));
                }
                if (WSSUtils.debug.messageEnabled()) {
                    WSSUtils.debug.message("SAML11AssertionValidator: Signature verification successful for the Assertion");
                }
                if (!assertion.isTimeValid()) {
                    throw new SecurityException(WSSUtils.bundle.getString("assertionTimeNotValid"));
                }
                Set<Statement> statement = assertion.getStatement();
                if (statement == null || statement.isEmpty()) {
                    throw new SecurityException(WSSUtils.bundle.getString("nullStatments"));
                }
                for (Statement statement2 : statement) {
                    int statementType = statement2.getStatementType();
                    if (statementType == 1) {
                        validateAuthnStatement((AuthenticationStatement) statement2);
                    } else if (statementType == 3) {
                        validateAttributeStatement((AttributeStatement) statement2);
                    }
                }
            } catch (Exception e) {
                WSSUtils.debug.error("SAML11AssertionValidator:Signature validation on Assertion failed", e);
                throw new SecurityException(WSSUtils.bundle.getString("signatureValidationFailed"));
            }
        } catch (SAMLException e2) {
            throw new SecurityException(e2.getMessage());
        }
    }

    private void validateAuthnStatement(AuthenticationStatement authenticationStatement) throws SecurityException {
        Element keyInfo;
        Subject subject = authenticationStatement.getSubject();
        if (subject == null) {
            throw new SecurityException(WSSUtils.bundle.getString("nullSubject"));
        }
        this.subjectName = subject.getNameIdentifier().getName();
        SubjectLocality subjectLocality = authenticationStatement.getSubjectLocality();
        String str = null;
        if (subjectLocality != null) {
            str = subjectLocality.getIPAddress();
        }
        if (str != null) {
        }
        SubjectConfirmation subjectConfirmation = authenticationStatement.getSubject().getSubjectConfirmation();
        if (subjectConfirmation == null || (keyInfo = subjectConfirmation.getKeyInfo()) == null) {
            return;
        }
        this.cert = WSSUtils.getCertificate(keyInfo);
    }

    private void validateAttributeStatement(AttributeStatement attributeStatement) throws SecurityException {
        Element keyInfo;
        try {
            Subject subject = attributeStatement.getSubject();
            if (subject == null) {
                throw new SecurityException(WSSUtils.bundle.getString("nullSubject"));
            }
            this.subjectName = subject.getNameIdentifier().getName();
            SubjectConfirmation subjectConfirmation = subject.getSubjectConfirmation();
            if (subjectConfirmation != null && (keyInfo = subjectConfirmation.getKeyInfo()) != null) {
                this.cert = WSSUtils.getCertificate(keyInfo);
            }
            for (Attribute attribute : attributeStatement.getAttribute()) {
                String attributeName = attribute.getAttributeName();
                List attributeValue = attribute.getAttributeValue();
                if (attributeValue != null && !attributeValue.isEmpty()) {
                    StringBuilder sb = new StringBuilder();
                    for (int i = 0; i < attributeValue.size(); i++) {
                        if (i != 0) {
                            sb.append("|");
                        }
                        sb.append(StringUtils.getEscapedValue(XMLUtils.getElementValue((Element) attributeValue.get(i))));
                    }
                    this.attributeMap.put(attributeName, sb.toString());
                }
            }
        } catch (SAMLException e) {
            throw new SecurityException(e.getMessage());
        }
    }

    public Map getAttributes() {
        return this.attributeMap;
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    public X509Certificate getKeyInfoCert() {
        return this.cert;
    }
}
