package com.sun.identity.wsfederation.profile;

import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AudienceRestrictionCondition;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectStatement;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.wsfederation.common.WSFederationConstants;
import com.sun.identity.wsfederation.common.WSFederationException;
import com.sun.identity.wsfederation.common.WSFederationUtils;
import com.sun.identity.wsfederation.jaxb.entityconfig.SPSSOConfigElement;
import com.sun.identity.wsfederation.logging.LogUtil;
import com.sun.identity.wsfederation.meta.WSFederationMetaManager;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import org.forgerock.openam.utils.Time;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:com/sun/identity/wsfederation/profile/SAML11RequestedSecurityToken.class */
public class SAML11RequestedSecurityToken implements RequestedSecurityToken {
    private static boolean removeCarriageReturns = System.getProperty("line.separator").equals("\r\n");
    private static Debug debug = WSFederationUtils.debug;
    protected Assertion assertion;
    protected String xmlString;
    protected boolean signed;
    protected Element assertionE;

    public SAML11RequestedSecurityToken(Node node) throws WSFederationException {
        this.assertion = null;
        this.xmlString = null;
        this.signed = false;
        this.assertionE = null;
        if (!node.getLocalName().equals(WSFederationConstants.RST_TAG_NAME)) {
            debug.error("Got node " + node.getLocalName() + " (expecting urn:oasis:names:tc:SAML:1.0:assertion:Assertion)");
            throw new WSFederationException(WSFederationUtils.bundle.getString("invalidToken"));
        }
        Element element = (Element) node.getFirstChild();
        if (!element.getNamespaceURI().equals("urn:oasis:names:tc:SAML:1.0:assertion") || !element.getLocalName().equals("Assertion")) {
            debug.error("Got node " + element.getLocalName() + " (expecting urn:oasis:names:tc:SAML:1.0:assertion:Assertion)");
            throw new WSFederationException(WSFederationUtils.bundle.getString("invalidToken"));
        }
        this.assertionE = element;
        try {
            this.assertion = new Assertion(element);
            if (debug.messageEnabled()) {
                debug.message("SAML11RequestedSecurityToken.SAML11RequestedSecurityToken(Node)found Assertion with issuer:" + this.assertion.getIssuer());
            }
            int size = XMLUtils.getElementsByTagNameNS1(element, "http://www.w3.org/2000/09/xmldsig#", "Signature").size();
            if (size != 1) {
                if (size != 0) {
                    if (debug.messageEnabled()) {
                        debug.message("SAML11RequestedSecurityToken.SAML11RequestedSecurityToken(Node)included more than one Signature element.");
                    }
                    throw new WSFederationException(WSFederationUtils.bundle.getString("moreElement"));
                }
                return;
            }
            this.xmlString = XMLUtils.print(element);
            this.signed = true;
            if (debug.messageEnabled()) {
                debug.message("SAML11RequestedSecurityToken.SAML11RequestedSecurityToken(Node)found signature");
            }
        } catch (SAMLException e) {
            if (debug.messageEnabled()) {
                debug.message("Caught SAMLException, rethrowing", e);
            }
            throw new WSFederationException((Throwable) e);
        }
    }

    public SAML11RequestedSecurityToken(String str, String str2, String str3, int i, int i2, String str4, String str5, Date date, NameIdentifier nameIdentifier, List list) throws WSFederationException {
        this.assertion = null;
        this.xmlString = null;
        this.signed = false;
        this.assertionE = null;
        try {
            Subject subject = new Subject(nameIdentifier);
            subject.setSubjectConfirmation(new SubjectConfirmation("urn:oasis:names:tc:SAML:1.0:cm:bearer"));
            HashSet hashSet = new HashSet();
            hashSet.add(new AuthenticationStatement(str5, date, subject, null, null));
            if (list != null && !list.isEmpty()) {
                hashSet.add(new AttributeStatement(subject, list));
            }
            Date newDate = Time.newDate();
            Date date2 = new Date(newDate.getTime() - (i * 1000));
            Date date3 = new Date(newDate.getTime() + (i2 * 1000));
            WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
            String tokenIssuerName = metaManager.getTokenIssuerName(metaManager.getEntityDescriptor(str, str3));
            ArrayList arrayList = new ArrayList();
            arrayList.add(str2);
            this.assertion = new Assertion(null, tokenIssuerName, newDate, new Conditions(date2, date3, null, new AudienceRestrictionCondition(arrayList)), hashSet);
            String assertionID = this.assertion.getAssertionID();
            if (str4 != null) {
                this.assertion.signXML(str4);
            }
            if (LogUtil.isAccessLoggable(Level.FINER)) {
                LogUtil.access(Level.FINER, "ASSERTION_CREATED", new String[]{this.assertion.toString(true, true)});
            } else {
                LogUtil.access(Level.INFO, "ASSERTION_CREATED", new String[]{assertionID});
            }
        } catch (SAMLException e) {
            throw new WSFederationException((Throwable) e);
        }
    }

    @Override // com.sun.identity.wsfederation.profile.RequestedSecurityToken
    public String getTokenId() {
        return this.assertion.getAssertionID();
    }

    @Override // com.sun.identity.wsfederation.profile.RequestedSecurityToken
    public String getIssuer() {
        return this.assertion.getIssuer();
    }

    @Override // com.sun.identity.wsfederation.profile.RequestedSecurityToken
    public List getAttributes() {
        AttributeStatement attributeStatement = null;
        Iterator it = this.assertion.getStatement().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Statement statement = (Statement) it.next();
            if (statement.getStatementType() == 3) {
                attributeStatement = (AttributeStatement) statement;
                break;
            }
        }
        if (attributeStatement == null) {
            return null;
        }
        return attributeStatement.getAttribute();
    }

    public Assertion getAssertion() {
        return this.assertion;
    }

    public String toString() {
        if (this.assertionE != null) {
            return XMLUtils.print(SAMLUtils.getCanonicalElement(this.assertionE));
        }
        StringBuffer stringBuffer = new StringBuffer();
        String assertion = this.assertion.toString(true, true);
        if (removeCarriageReturns) {
            assertion = assertion.replaceAll("\r\n", "\n");
        }
        stringBuffer.append("<wst:RequestedSecurityToken>").append(assertion).append("</wst:RequestedSecurityToken>");
        return stringBuffer.toString();
    }

    @Override // com.sun.identity.wsfederation.profile.RequestedSecurityToken
    public Map<String, Object> verifyToken(String str, String str2, int i) throws WSFederationException {
        String issuer = this.assertion.getIssuer();
        WSFederationMetaManager metaManager = WSFederationUtils.getMetaManager();
        String entityByTokenIssuerName = metaManager.getEntityByTokenIssuerName(str, issuer);
        if (!metaManager.isTrustedProvider(str, str2, entityByTokenIssuerName)) {
            String[] strArr = new String[3];
            strArr[0] = LogUtil.isErrorLoggable(Level.FINER) ? toString() : getTokenId();
            strArr[1] = str;
            strArr[2] = str2;
            LogUtil.error(Level.INFO, LogUtil.UNTRUSTED_ISSUER, strArr, null);
            throw new WSFederationException(WSFederationUtils.bundle.getString("untrustedIssuer"));
        }
        SPSSOConfigElement sPSSOConfig = metaManager.getSPSSOConfig(str, str2);
        if (sPSSOConfig == null) {
            debug.error("SAML11RequestedSecurityToken.verifyTokencannot find configuration for SP " + str2);
            throw new WSFederationException("unableToFindSPConfiguration");
        }
        String attribute = WSFederationMetaUtils.getAttribute(sPSSOConfig, WSFederationConstants.WANT_ASSERTION_SIGNED);
        if ((attribute != null ? Boolean.parseBoolean(attribute) : true) && !WSFederationUtils.isSignatureValid(this.assertion, str, entityByTokenIssuerName)) {
            throw new WSFederationException(WSFederationUtils.bundle.getString("invalidSignature"));
        }
        Subject subject = null;
        Iterator it = this.assertion.getStatement().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Statement statement = (Statement) it.next();
            if (statement.getStatementType() == 1) {
                subject = ((SubjectStatement) statement).getSubject();
                break;
            }
        }
        if (subject == null) {
            String[] strArr2 = new String[1];
            strArr2[0] = LogUtil.isErrorLoggable(Level.FINER) ? toString() : getTokenId();
            LogUtil.error(Level.INFO, LogUtil.MISSING_SUBJECT, strArr2, null);
            throw new WSFederationException(WSFederationUtils.bundle.getString("missingSubject"));
        }
        if (!WSFederationUtils.isTimeValid(this.assertion, i)) {
            throw new WSFederationException(WSFederationUtils.bundle.getString("timeInvalid"));
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this.assertion);
        HashMap hashMap = new HashMap();
        hashMap.put("Subject", subject);
        hashMap.put("assertion", this.assertion);
        hashMap.put(SAML2Constants.ASSERTIONS, arrayList);
        if (0 >= 0) {
            hashMap.put("AuthLevel", new Integer(0));
        }
        Date notOnorAfter = this.assertion.getConditions().getNotOnorAfter();
        if (notOnorAfter != null) {
            long time = (notOnorAfter.getTime() - Time.currentTimeMillis()) / 60000;
            if (time > 0) {
                hashMap.put(SAML2Constants.MAX_SESSION_TIME, new Long(time));
            }
        }
        if (debug.messageEnabled()) {
            debug.message("SAML11RequestedSecurityToken.verifyToken Attribute Map : " + hashMap);
        }
        return hashMap;
    }
}
