package org.aaaarch.gaaapi.ticktok;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import org.aaaarch.config.ConfigSecurity;
import org.aaaarch.config.ConstantsNS;
import org.aaaarch.impl.saml.SAML11AttributeAssertion;
import org.aaaarch.impl.saml.SAML11ConditionAuthzSession;
import org.aaaarch.utils.HelpersXMLsecurity;
import org.opensaml.SAMLAction;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAuthorizationDecisionStatement;
import org.opensaml.SAMLCondition;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/aaaarch/gaaapi/ticktok/SAML11AuthzTicket.class */
public class SAML11AuthzTicket {
    protected SAMLNameIdentifier nameId = null;
    public static final String DELIM_URI = ":";
    private static String configId;
    private static String Issuer;
    private static String policyref;
    private static Date notBefore;
    private static Date notOnOrAfter;
    private static String pdpdecision;
    private static String sessionid;
    private static String ticketid;
    private static String resourceId;
    private static String subjectId;
    private static String subjconfdata;
    private static String subjctx;
    private static String roles;
    public static final String SAML_NS = "urn:oasis:names:tc:SAML:1.0:assertion";
    public static final String SAMLP_NS = "urn:oasis:names:tc:SAML:1.0:protocol";
    public static final String SAML_ACTION_NS = "urn:oasis:names:tc:SAML:1.0:action";
    public static final String FORMAT_UNSPECIFIED = "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified";
    public static final String FORMAT_EMAIL = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress";
    public static final String FORMAT_X509 = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
    public static final String FORMAT_WINDOWS = "urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName";
    protected static ArrayList<String> confirmationMethods = new ArrayList<>();
    private static ArrayList sessiondata = new ArrayList();
    private static HashSet<String> policyObligations = new HashSet<>();
    private static String trustdomain = "x-urn:aaa:trust:pep";
    private static ArrayList subjset = new ArrayList();
    private static HashMap subjmap = new HashMap();
    private static HashSet<String> actset = new HashSet<>();

    public SAML11AuthzTicket() {
    }

    public SAML11AuthzTicket(SAML11AuthzTicket sAML11AuthzTicket) {
    }

    public SAML11AuthzTicket(String str, String str2, String str3, String str4, Date date, Date date2, HashMap hashMap, Collection collection, Collection collection2, ArrayList arrayList) {
        sessionid = str;
        ticketid = ticketid;
        policyref = str2;
        pdpdecision = str3;
        resourceId = str4;
        notBefore = date;
        notOnOrAfter = date2;
        if (hashMap != null) {
            subjmap.putAll(hashMap);
        }
        if (collection != null) {
            actset.addAll(collection);
        }
        if (arrayList != null) {
            sessiondata.addAll(arrayList);
        }
    }

    public SAML11AuthzTicket(Document document) throws Exception {
        SAMLCondition.regFactory(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "SAMLConditionAuthzSession"), "org.aaaarch.impl.saml.SAMLConditionAuthzSession");
        SAMLAssertion sAMLAssertion = new SAMLAssertion((Element) document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", ConstantsNS.TAG_AZTICKET_SAML).item(0));
        ticketid = sAMLAssertion.getId();
        Issuer = sAMLAssertion.getIssuer();
        notBefore = sAMLAssertion.getNotBefore();
        notOnOrAfter = sAMLAssertion.getNotOnOrAfter();
        System.out.println("\nCheck SAMLAuthzTicket: ticketID = " + ticketid + "; Issuer = " + Issuer + ";\nValid notBefore = " + notBefore + "; notOnOrAfter = " + notOnOrAfter);
        Iterator conditions = sAMLAssertion.getConditions();
        while (conditions.hasNext()) {
            SAML11ConditionAuthzSession sAML11ConditionAuthzSession = (SAML11ConditionAuthzSession) conditions.next();
            sessionid = SAML11ConditionAuthzSession.getSessionId();
            policyref = SAML11ConditionAuthzSession.getPolicyRef();
            sessiondata = sAML11ConditionAuthzSession.getSessiondata();
        }
        System.out.println("\nSAMLAuthzTicket Conditions/SAMLConditionAuthzSession: SessionID = " + sessionid + "; PolicyRef = " + policyref + "\nSessionData = " + sessiondata);
        Iterator advice = sAMLAssertion.getAdvice();
        while (advice.hasNext()) {
            Element element = (Element) advice.next();
            if (element.getNodeName().equals("PolicyObligation")) {
                policyObligations.add(element.getFirstChild().getNodeValue());
            }
        }
        System.out.println("\nSAMLAuthzTicket Advice/PolicyObligation = " + policyObligations);
        Iterator statements = sAMLAssertion.getStatements();
        SAMLAuthorizationDecisionStatement sAMLAuthorizationDecisionStatement = (SAMLAuthorizationDecisionStatement) statements.next();
        if (statements.hasNext()) {
            throw new SAMLAuthzTicketException("SAMLAuthzTicket is invalid, it should contain only one statement");
        }
        sAMLAuthorizationDecisionStatement.checkValidity();
        if (!checkAssertionType(document).equals("AuthorizationDecisionStatement")) {
            throw new SAMLAuthzTicketException("SAMLAuthzTicket is invalid, it should be of type SAMLAuthorization Assertion");
        }
        SAMLSubject subject = sAMLAuthorizationDecisionStatement.getSubject();
        subjectId = subject.getNameIdentifier().getName();
        Iterator confirmationMethods2 = subject.getConfirmationMethods();
        while (confirmationMethods2.hasNext()) {
            confirmationMethods.add(confirmationMethods2.next().toString());
        }
        subjconfdata = subject.getConfirmationData().getFirstChild().getNodeValue().toString();
        System.out.println("\nSAMLAuthzTicket (azticketDoc):  subjectID = " + subjectId);
        System.out.println("\nSAMLAuthzTicket (azticketDoc):  confirmationMethods = " + confirmationMethods + ";  \nsubjconfdata = " + subjconfdata);
        resourceId = sAMLAuthorizationDecisionStatement.getResource();
        Iterator actions = sAMLAuthorizationDecisionStatement.getActions();
        while (actions.hasNext()) {
            actset.add(((SAMLAction) actions.next()).getData());
        }
        System.out.println("\nSAMLAuthzTicket (azticketDoc):  resourceId = " + resourceId);
        System.out.println("\nSAMLAuthzTicket (azticketDoc):  actset = " + actset);
        HashSet hashSet = new HashSet();
        roles = ConfigSecurity.LOCAL_DIR_ROOT;
        Iterator evidence = sAMLAuthorizationDecisionStatement.getEvidence();
        while (evidence.hasNext()) {
            Iterator attributes = ((SAMLAttributeStatement) ((SAMLAssertion) evidence.next()).getStatements().next()).getAttributes();
            while (attributes.hasNext()) {
                Iterator values = ((SAMLAttribute) attributes.next()).getValues();
                while (values.hasNext()) {
                    String obj = values.next().toString();
                    hashSet.add(obj);
                    roles = String.valueOf(roles) + obj + ";";
                }
            }
        }
        System.out.println("\nSAMLAuthzTicket (azticketDoc):  rolset = " + hashSet + "\n" + roles);
    }

    public String checkAssertionType(Document document) throws SAMLAuthzTicketException {
        String str = null;
        Node item = document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", ConstantsNS.TAG_AZTICKET_SAML).item(0);
        for (int i = 0; i < item.getChildNodes().getLength(); i++) {
            String str2 = item.getChildNodes().item(i).getNodeName().toString();
            if (str2.equals("AuthenticationStatement") || str2.equals("AuthorizationDecisionStatement") || str2.equals("AttributeStatement")) {
                if (str == null) {
                    str = str2;
                } else {
                    if (!str.equals(str2)) {
                        throw new SAMLAuthzTicketException("Malformed SAMLAuthzTicket: only one type of statements is allowed");
                    }
                    str = str2;
                }
            }
        }
        if (!str.equals("AuthenticationStatement") && !str.equals("AuthorizationDecisionStatement") && !str.equals("AttributeStatement")) {
            throw new SAMLAuthzTicketException("SAMLAuthzTicket is invalid, must have SAMLAuthorizationDecisionStatement element");
        }
        System.out.println("\nSAMLAuthzTicket.checkAssertionType = " + str);
        return str;
    }

    public static Document createSAMLAssertion() throws Exception {
        configId = ConfigSecurity.getSecurityConfigId();
        Issuer = ConfigSecurity.getTicketAuthority(configId, trustdomain);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        HashSet hashSet6 = new HashSet();
        HashMap hashMap = new HashMap();
        hashMap.putAll(subjmap);
        Iterator it = hashMap.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            String obj2 = hashMap.get(obj).toString();
            if (obj.equals("subject-id")) {
                subjectId = obj2;
            } else if (obj.equals("subject-confdata")) {
                subjconfdata = obj2;
            } else {
                hashSet5.add(obj2);
            }
        }
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier(subjectId, ConstantsNS.AAA_SUBJECT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        confirmationMethods.add("authntoken-signed");
        Element createElementNS = newDocument.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "SubjectConfirmationData");
        createElementNS.appendChild(newDocument.createTextNode(subjconfdata));
        SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, confirmationMethods, createElementNS, (Object) null);
        Iterator<String> it2 = actset.iterator();
        while (it2.hasNext()) {
            hashSet6.add(new SAMLAction("urn:oasis:names:tc:SAML:1.0:action:x-urn:aaa:xacml:action", it2.next()));
        }
        hashSet4.add(SAML11AttributeAssertion.createAssertion(subjmap, notBefore, notOnOrAfter, null, null));
        hashSet2.add(new SAMLAuthorizationDecisionStatement(sAMLSubject, resourceId, pdpdecision, hashSet6, hashSet4));
        newDocument.appendChild(new SAMLAssertion(Issuer, notBefore, notOnOrAfter, hashSet, hashSet3, hashSet2).toDOM(newDocument));
        System.out.println("\nCheck if a new SAMLAuthzTicket not a null\n");
        HelpersXMLsecurity.printDOMdoc(newDocument);
        return newDocument;
    }

    public static Document createSAMLAssertion(String str, String str2, String str3, String str4, Date date, Date date2, HashMap hashMap, Collection collection, Collection collection2, ArrayList arrayList) throws Exception {
        configId = ConfigSecurity.getSecurityConfigId();
        Issuer = ConfigSecurity.getTicketAuthority(configId, trustdomain);
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        HashSet hashSet3 = new HashSet();
        new HashSet();
        HashSet hashSet4 = new HashSet();
        HashSet hashSet5 = new HashSet();
        HashSet hashSet6 = new HashSet();
        HashMap hashMap2 = new HashMap();
        hashMap2.putAll(hashMap);
        Iterator it = hashMap2.keySet().iterator();
        while (it.hasNext()) {
            String obj = it.next().toString();
            String obj2 = hashMap2.get(obj).toString();
            if (obj.equals("subject-id")) {
                subjectId = obj2;
            } else if (obj.equals("subject-confdata")) {
                subjconfdata = obj2;
            } else {
                hashSet5.add(obj2);
            }
        }
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        Document newDocument = newInstance.newDocumentBuilder().newDocument();
        Iterator it2 = collection2.iterator();
        while (it2.hasNext()) {
            Element createElementNS = newDocument.createElementNS("xmlns:xacml", "PolicyObligation");
            createElementNS.appendChild(newDocument.createTextNode(it2.next().toString()));
            createElementNS.setAttribute("ObligationId", "urn:oasis:names:tc:xacml:1.0:obligation");
            createElementNS.setAttribute("FulfillOn", "Permit");
            hashSet3.add(createElementNS);
        }
        hashSet.add(new SAML11ConditionAuthzSession(str, str2, arrayList));
        SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier(subjectId, ConstantsNS.AAA_SUBJECT, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        confirmationMethods.add("authntoken-signed");
        Element createElementNS2 = newDocument.createElementNS("urn:oasis:names:tc:SAML:1.0:assertion", "SubjectConfirmationData");
        createElementNS2.appendChild(newDocument.createTextNode(subjconfdata));
        SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, confirmationMethods, createElementNS2, (Object) null);
        Iterator it3 = collection.iterator();
        while (it3.hasNext()) {
            hashSet6.add(new SAMLAction("urn:oasis:names:tc:SAML:1.0:action:x-urn:aaa:xacml:action", (String) it3.next()));
        }
        hashSet4.add(SAML11AttributeAssertion.createAssertion(hashMap, date, date2, null, null));
        hashSet2.add(new SAMLAuthorizationDecisionStatement(sAMLSubject, str4, str3, hashSet6, hashSet4));
        newDocument.appendChild(new SAMLAssertion(Issuer, date, date2, hashSet, hashSet3, hashSet2).toDOM(newDocument));
        System.out.println("\nCheck if a new SAMLAuthzTicket not a null\n");
        HelpersXMLsecurity.printDOMdoc(newDocument);
        return newDocument;
    }

    public static Vector getValidityTime(SAML11AuthzTicket sAML11AuthzTicket) throws Exception {
        return null;
    }

    public static HashSet getActset() {
        return actset;
    }

    public static void setActset(HashSet hashSet) {
        actset = hashSet;
    }

    public static String getIssuer() {
        return Issuer;
    }

    public static void setIssuer(String str) {
        Issuer = str;
    }

    public static Date getNotBefore() {
        return notBefore;
    }

    public static void setNotBefore(Date date) {
        notBefore = date;
    }

    public static Date getNotOnOrAfter() {
        return notOnOrAfter;
    }

    public static void setNotOnOrAfter(Date date) {
        notOnOrAfter = date;
    }

    public static String getPdpdecision() {
        return pdpdecision;
    }

    public static void setPdpdecision(String str) {
        pdpdecision = str;
    }

    public static String getPolicyref() {
        return policyref;
    }

    public static void setPolicyref(String str) {
        policyref = str;
    }

    public static String getResourceId() {
        return resourceId;
    }

    public static void setResourceId(String str) {
        resourceId = str;
    }

    public static String getRoles() {
        return roles;
    }

    public static void setRoles(String str) {
        roles = str;
    }

    public static ArrayList getSessiondata() {
        return sessiondata;
    }

    public static void setSessiondata(ArrayList arrayList) {
        sessiondata = arrayList;
    }

    public static String getSessionid() {
        return sessionid;
    }

    public static void setSessionid(String str) {
        sessionid = str;
    }

    public static String getSubjconfdata() {
        return subjconfdata;
    }

    public static void setSubjconfdata(String str) {
        subjconfdata = str;
    }

    public static String getSubjctx() {
        return subjctx;
    }

    public static void setSubjctx(String str) {
        subjctx = str;
    }

    public static String getSubjectId() {
        return subjectId;
    }

    public static void setSubjectId(String str) {
        subjectId = str;
    }

    public static HashMap getSubjmap() {
        return subjmap;
    }

    public static void setSubjmap(HashMap hashMap) {
        subjmap = hashMap;
    }

    public static String getTicketid() {
        return ticketid;
    }

    public static void setTicketid(String str) {
        ticketid = str;
    }
}
