package de.governikus.gov.autent.common.idprovider.saml;

import de.bos_bremen.gov.autent.common.Utils;
import de.bos_bremen.gov.autent.common.XMLSignatureHandler;
import java.io.Serializable;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.xml.bind.DatatypeConverter;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMResult;
import oasis.names.tc.saml._2_0.ac.classes.x509.ObjectFactory;
import org.apache.commons.collections.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.core.config.InitializationException;
import org.opensaml.core.xml.Namespace;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.MarshallingException;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.schema.XSAny;
import org.opensaml.core.xml.schema.XSBoolean;
import org.opensaml.core.xml.schema.XSBooleanValue;
import org.opensaml.core.xml.schema.XSString;
import org.opensaml.core.xml.schema.impl.XSAnyBuilder;
import org.opensaml.core.xml.schema.impl.XSAnyImpl;
import org.opensaml.core.xml.schema.impl.XSAnyUnmarshaller;
import org.opensaml.core.xml.schema.impl.XSStringBuilder;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.opensaml.saml.saml2.core.AttributeValue;
import org.opensaml.saml.saml2.core.Audience;
import org.opensaml.saml.saml2.core.AudienceRestriction;
import org.opensaml.saml.saml2.core.AuthenticatingAuthority;
import org.opensaml.saml.saml2.core.AuthnContext;
import org.opensaml.saml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml.saml2.core.AuthnContextDecl;
import org.opensaml.saml.saml2.core.AuthnContextDeclRef;
import org.opensaml.saml.saml2.core.AuthnStatement;
import org.opensaml.saml.saml2.core.Conditions;
import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.NameID;
import org.opensaml.saml.saml2.core.ProxyRestriction;
import org.opensaml.saml.saml2.core.Subject;
import org.opensaml.saml.saml2.core.SubjectConfirmation;
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
import org.opensaml.saml.saml2.core.impl.AssertionBuilder;
import org.opensaml.saml.saml2.core.impl.AttributeBuilder;
import org.opensaml.saml.saml2.core.impl.AttributeStatementBuilder;
import org.opensaml.saml.saml2.core.impl.AudienceBuilder;
import org.opensaml.saml.saml2.core.impl.AudienceRestrictionBuilder;
import org.opensaml.saml.saml2.core.impl.AuthenticatingAuthorityBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnContextBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnContextDeclBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnContextDeclRefBuilder;
import org.opensaml.saml.saml2.core.impl.AuthnStatementBuilder;
import org.opensaml.saml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.saml.saml2.core.impl.IssuerBuilder;
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
import org.opensaml.saml.saml2.core.impl.OneTimeUseBuilder;
import org.opensaml.saml.saml2.core.impl.ProxyRestrictionBuilder;
import org.opensaml.saml.saml2.core.impl.SubjectBuilder;
import org.opensaml.saml.saml2.core.impl.SubjectConfirmationBuilder;
import org.opensaml.saml.saml2.core.impl.SubjectConfirmationDataBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/AssertionGenerator.class */
public class AssertionGenerator {
    private static JAXBContext JAXB_CONTEXT;
    private final String subjectName;
    private final String nameFormat;
    private String subjectConfirmationRecipient;
    private String requestID;
    private final String providerName;
    private final String idpName;
    private final PrivateKey key;
    private final X509Certificate cert;
    private long timeToLive = 600000;
    private final List<String> authenticatingAuthorities = new LinkedList();
    private static final Logger log = LoggerFactory.getLogger(AssertionGenerator.class);
    private static final QName QNAME_STRING = new QName("http://www.w3.org/2001/XMLSchema", "string", "xsd");
    private static final QName QNAME_BOOLEAN = new QName("http://www.w3.org/2001/XMLSchema", "boolean", "xsd");

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/AssertionGenerator$XSAnyWhitespacePreserveBuilder.class */
    public static class XSAnyWhitespacePreserveBuilder extends XSAnyBuilder {
        XSAnyWhitespacePreserveBuilder() {
        }

        /* renamed from: buildObject, reason: merged with bridge method [inline-methods] */
        public XSAny m2buildObject(String str, String str2, String str3) {
            return new XSAnyWhitespacePreserveImpl(str, str2, str3);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:de/governikus/gov/autent/common/idprovider/saml/AssertionGenerator$XSAnyWhitespacePreserveImpl.class */
    public static class XSAnyWhitespacePreserveImpl extends XSAnyImpl {
        protected XSAnyWhitespacePreserveImpl(String str, String str2, String str3) {
            super(str, str2, str3);
        }

        protected String prepareForAssignment(String str, String str2) {
            if (!StringUtils.equals(str, str2)) {
                releaseThisandParentDOM();
            }
            return str2;
        }
    }

    public AssertionGenerator(String str, String str2, String str3, String str4, PrivateKey privateKey, X509Certificate x509Certificate) {
        this.subjectName = str;
        this.nameFormat = str2;
        this.providerName = str3;
        this.idpName = str4;
        this.key = privateKey;
        this.cert = x509Certificate;
    }

    public void setAssertionTimeToLive(long j) {
        this.timeToLive = j;
    }

    public void setSubjectConfirmationData(String str, String str2) {
        this.subjectConfirmationRecipient = str;
        this.requestID = str2;
    }

    public List<String> getAuthenticatingAuthorities() {
        return this.authenticatingAuthorities;
    }

    public Assertion generate(Map<String, Object[]> map, String str, String str2, JAXBElement<?> jAXBElement, XMLSignatureHandler.SigEntryType sigEntryType, String str3, String str4, boolean z, int i) throws InitializationException, MarshallingException, CertificateEncodingException, UnmarshallingException, JAXBException {
        return generate(map, str, str2, jAXBElement, sigEntryType, str3, str4, z, i, false);
    }

    public Assertion generate(Map<String, Object[]> map, String str, String str2, JAXBElement<?> jAXBElement, XMLSignatureHandler.SigEntryType sigEntryType, String str3, String str4, boolean z, int i, boolean z2) throws InitializationException, MarshallingException, CertificateEncodingException, UnmarshallingException, JAXBException {
        Assertion buildObject = new AssertionBuilder().buildObject();
        buildObject.setID("_" + Utils.getInstance().generateUniqueID());
        buildObject.setIssueInstant(new DateTime(System.currentTimeMillis()));
        addConditions(buildObject, z, i);
        Issuer buildObject2 = new IssuerBuilder().buildObject();
        buildObject2.setValue(this.idpName);
        buildObject.setIssuer(buildObject2);
        XMLSignatureHandler.addSignature(buildObject, this.key, this.cert, sigEntryType, str3, z2);
        buildObject.setSubject(createSubject(buildObject2.getValue(), str4));
        if (str2 != null || str != null || CollectionUtils.isNotEmpty(this.authenticatingAuthorities)) {
            buildObject.getAuthnStatements().add(createAuthnStatement(str, str2, jAXBElement, buildObject.getIssueInstant(), this.authenticatingAuthorities));
        }
        if (!map.isEmpty()) {
            buildObject.getAttributeStatements().add(createAttributeStatement(map));
        }
        return buildObject;
    }

    private Subject createSubject(String str, String str2) {
        Subject buildObject = new SubjectBuilder().buildObject();
        NameID buildObject2 = new NameIDBuilder().buildObject();
        buildObject2.setFormat(this.nameFormat);
        buildObject2.setValue(this.subjectName);
        buildObject2.setNameQualifier(str);
        buildObject.setNameID(buildObject2);
        SubjectConfirmation buildObject3 = new SubjectConfirmationBuilder().buildObject();
        buildObject3.setMethod("urn:oasis:names:tc:SAML:2.0:cm:bearer");
        if (this.subjectConfirmationRecipient != null || this.requestID != null || this.timeToLive > 0) {
            SubjectConfirmationData buildObject4 = new SubjectConfirmationDataBuilder().buildObject();
            buildObject4.setRecipient(this.subjectConfirmationRecipient);
            buildObject4.setInResponseTo(this.requestID);
            buildObject4.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + this.timeToLive));
            buildObject4.setAddress(str2);
            buildObject3.setSubjectConfirmationData(buildObject4);
        }
        buildObject.getSubjectConfirmations().add(buildObject3);
        return buildObject;
    }

    private AuthnStatement createAuthnStatement(String str, String str2, JAXBElement<?> jAXBElement, DateTime dateTime, List<String> list) throws UnmarshallingException, JAXBException {
        AuthnStatement buildObject = new AuthnStatementBuilder().buildObject();
        buildObject.setAuthnInstant(dateTime);
        AuthnContext buildObject2 = new AuthnContextBuilder().buildObject();
        if (list != null) {
            for (String str3 : list) {
                AuthenticatingAuthority buildObject3 = new AuthenticatingAuthorityBuilder().buildObject();
                buildObject3.setURI(str3);
                buildObject2.getAuthenticatingAuthorities().add(buildObject3);
            }
        }
        if (str2 != null || jAXBElement != null || str != null) {
            if (str2 != null) {
                AuthnContextDeclRef buildObject4 = new AuthnContextDeclRefBuilder().buildObject();
                buildObject4.setAuthnContextDeclRef(str2);
                buildObject2.setAuthnContextDeclRef(buildObject4);
            }
            if (jAXBElement != null) {
                AuthnContextDecl buildObject5 = new AuthnContextDeclBuilder().buildObject();
                DOMResult dOMResult = new DOMResult();
                JAXB_CONTEXT.createMarshaller().marshal(jAXBElement, dOMResult);
                XSAnyUnmarshaller unmarshaller = XMLObjectProviderRegistrySupport.getUnmarshallerFactory().getUnmarshaller(((Document) dOMResult.getNode()).getDocumentElement());
                if (unmarshaller == null) {
                    unmarshaller = new XSAnyUnmarshaller();
                }
                buildObject5.getUnknownXMLObjects().add(unmarshaller.unmarshall(((Document) dOMResult.getNode()).getDocumentElement()));
                buildObject2.setAuthnContextDecl(buildObject5);
            }
            if (str != null) {
                AuthnContextClassRef buildObject6 = new AuthnContextClassRefBuilder().buildObject();
                buildObject6.setAuthnContextClassRef(str);
                buildObject2.setAuthnContextClassRef(buildObject6);
            }
            buildObject.setAuthnContext(buildObject2);
        }
        return buildObject;
    }

    private AttributeStatement createAttributeStatement(Map<String, Object[]> map) {
        AttributeStatement buildObject = new AttributeStatementBuilder().buildObject();
        for (Map.Entry<String, Object[]> entry : map.entrySet()) {
            Attribute buildObject2 = new AttributeBuilder().buildObject();
            buildObject2.setName(entry.getKey());
            XSStringBuilder builder = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSString.TYPE_NAME);
            for (Object obj : entry.getValue()) {
                if ((obj instanceof String) || obj == null) {
                    XSString buildObject3 = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                    buildObject3.setValue((String) obj);
                    buildObject2.getAttributeValues().add(buildObject3);
                } else if (obj instanceof SimpleStructuredXMLValue) {
                    SimpleStructuredXMLValue simpleStructuredXMLValue = (SimpleStructuredXMLValue) obj;
                    XSAny xSAny = (XSAny) new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, new QName(simpleStructuredXMLValue.getNameSpaceUri(), simpleStructuredXMLValue.getType(), simpleStructuredXMLValue.getPrefix()));
                    xSAny.getNamespaceManager().registerNamespaceDeclaration(new Namespace("http://www.w3.org/2001/XMLSchema-instance", "xsi"));
                    xSAny.getNamespaceManager().registerNamespaceDeclaration(new Namespace(simpleStructuredXMLValue.getNameSpaceUri(), simpleStructuredXMLValue.getPrefix()));
                    for (Map.Entry<String, String> entry2 : simpleStructuredXMLValue.getAttributes().entrySet()) {
                        xSAny.getUnknownAttributes().put(new QName(simpleStructuredXMLValue.getNameSpaceUri(), entry2.getKey()), entry2.getValue());
                    }
                    Iterator<? extends Map.Entry<String, Serializable>> it = simpleStructuredXMLValue.entrySet().iterator();
                    while (it.hasNext()) {
                        addChild(xSAny, it.next(), simpleStructuredXMLValue.getNameSpaceUri(), simpleStructuredXMLValue.getPrefix());
                    }
                    buildObject2.getAttributeValues().add(xSAny);
                } else if ((obj instanceof XMLDateValue) || (obj instanceof XMLGregorianCalendar)) {
                    buildObject2.getAttributeValues().add(createAttributeValue("date", obj.toString()));
                } else if (obj instanceof byte[]) {
                    buildObject2.getAttributeValues().add(createAttributeValue("hexbinary", DatatypeConverter.printHexBinary((byte[]) obj)));
                } else if (obj instanceof XMLAttribute) {
                    XMLAttribute xMLAttribute = (XMLAttribute) obj;
                    for (Map.Entry<String, String> entry3 : xMLAttribute.getAttributes().entrySet()) {
                        buildObject2.getUnknownAttributes().put(new QName(entry3.getKey()), entry3.getValue());
                    }
                    if (QNAME_STRING.equals(xMLAttribute.getqName())) {
                        XSString buildObject4 = builder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                        if (xMLAttribute.getValue() != null) {
                            buildObject4.setValue(xMLAttribute.getValue());
                        }
                        buildObject2.getAttributeValues().add(buildObject4);
                    } else if (QNAME_BOOLEAN.equals(xMLAttribute.getqName())) {
                        XSBoolean buildObject5 = XMLObjectProviderRegistrySupport.getBuilderFactory().getBuilder(XSBoolean.TYPE_NAME).buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSBoolean.TYPE_NAME);
                        buildObject5.setValue(XSBooleanValue.valueOf(xMLAttribute.getValue()));
                        buildObject2.getAttributeValues().add(buildObject5);
                    } else {
                        XSAny buildObject6 = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, xMLAttribute.getqName());
                        if (xMLAttribute.getValue() != null) {
                            buildObject6.setTextContent(xMLAttribute.getValue());
                        }
                        buildObject2.getAttributeValues().add(buildObject6);
                    }
                } else {
                    log.error("cannot handle attribute values of type " + obj.getClass().getName());
                }
            }
            buildObject.getAttributes().add(buildObject2);
        }
        return buildObject;
    }

    private void addChild(XSAny xSAny, Map.Entry<String, Serializable> entry, String str, String str2) {
        XSAny xSAny2;
        if (entry.getValue() instanceof SimpleStructuredXMLValue) {
            SimpleStructuredXMLValue simpleStructuredXMLValue = (SimpleStructuredXMLValue) entry.getValue();
            xSAny2 = (XSAny) new XSAnyBuilder().buildObject(new QName(simpleStructuredXMLValue.getNameSpaceUri(), entry.getKey(), simpleStructuredXMLValue.getPrefix()));
            xSAny.getNamespaceManager().registerNamespaceDeclaration(new Namespace(simpleStructuredXMLValue.getNameSpaceUri(), simpleStructuredXMLValue.getPrefix()));
            Iterator<? extends Map.Entry<String, Serializable>> it = simpleStructuredXMLValue.entrySet().iterator();
            while (it.hasNext()) {
                addChild(xSAny2, it.next(), simpleStructuredXMLValue.getNameSpaceUri(), simpleStructuredXMLValue.getPrefix());
            }
        } else if ((entry.getValue() instanceof JAXBElement) && (entry.getValue().getValue() instanceof String)) {
            JAXBElement value = entry.getValue();
            xSAny2 = (XSAny) new XSAnyWhitespacePreserveBuilder().buildObject("".equals(value.getName().getNamespaceURI()) ? new QName(str, entry.getKey(), str2) : value.getName());
            xSAny2.setTextContent((String) value.getValue());
        } else {
            xSAny2 = (XSAny) new XSAnyWhitespacePreserveBuilder().buildObject(new QName(str, entry.getKey(), str2));
            xSAny2.setTextContent(entry.getValue() != null ? entry.getValue().toString() : null);
        }
        xSAny.getUnknownXMLObjects().add(xSAny2);
    }

    private XMLObject createAttributeValue(String str, String str2) {
        XSAny buildObject = new XSAnyBuilder().buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, new QName("http://www.w3.org/2001/XMLSchema", str, "xsd"));
        buildObject.getNamespaceManager().registerNamespaceDeclaration(new Namespace("http://www.w3.org/2001/XMLSchema-instance", "xsi"));
        buildObject.getNamespaceManager().registerNamespaceDeclaration(new Namespace("http://www.w3.org/2001/XMLSchema", "xsd"));
        buildObject.setTextContent(str2);
        return buildObject;
    }

    private void addConditions(Assertion assertion, boolean z, int i) {
        Conditions buildObject = new ConditionsBuilder().buildObject();
        buildObject.setNotBefore(assertion.getIssueInstant());
        buildObject.setNotOnOrAfter(new DateTime(System.currentTimeMillis() + this.timeToLive));
        Audience buildObject2 = new AudienceBuilder().buildObject();
        buildObject2.setAudienceURI(this.providerName);
        AudienceRestriction buildObject3 = new AudienceRestrictionBuilder().buildObject();
        buildObject3.getAudiences().add(buildObject2);
        buildObject.getAudienceRestrictions().add(buildObject3);
        if (z) {
            buildObject.getConditions().add(new OneTimeUseBuilder().buildObject());
        }
        if (i != Integer.MAX_VALUE) {
            ProxyRestriction buildObject4 = new ProxyRestrictionBuilder().buildObject();
            buildObject4.setProxyCount(Integer.valueOf(i));
            buildObject.getConditions().add(buildObject4);
        }
        assertion.setConditions(buildObject);
    }

    static {
        try {
            JAXB_CONTEXT = JAXBContext.newInstance(new Class[]{ObjectFactory.class, oasis.names.tc.saml._2_0.ac.classes.password.ObjectFactory.class, oasis.names.tc.saml._2_0.ac.classes.smartcardpki.ObjectFactory.class, de.egov.names.fim._1_0.authenticationcontext.ObjectFactory.class, de.egov.names.safe._1_0.ac.x509_selfsigned.ObjectFactory.class, de.egov.names.safe._1_0.authenticationcontext.ObjectFactory.class});
        } catch (JAXBException e) {
            log.error("can not create JaxB Context", e);
        }
    }
}
