package dk.itst.oiosaml.sp.model;

import dk.itst.oiosaml.common.OIOSAMLConstants;
import dk.itst.oiosaml.logging.Logger;
import dk.itst.oiosaml.logging.LoggerFactory;
import dk.itst.oiosaml.oiobpp.OIOBPPUtil;
import dk.itst.oiosaml.oiobpp.PrivilegeList;
import dk.itst.oiosaml.sp.model.validation.AssertionValidator;
import dk.itst.oiosaml.sp.model.validation.ValidationException;
import dk.itst.oiosaml.sp.util.AttributeUtil;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.joda.time.DateTime;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement;
import org.opensaml.saml2.core.Audience;
import org.opensaml.saml2.core.AudienceRestriction;
import org.opensaml.saml2.core.AuthnContext;
import org.opensaml.saml2.core.AuthnContextClassRef;
import org.opensaml.saml2.core.AuthnStatement;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.opensaml.saml2.core.SubjectConfirmationData;

/* loaded from: input_file:dk/itst/oiosaml/sp/model/OIOAssertion.class */
public class OIOAssertion extends OIOSamlObject {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) OIOAssertion.class);
    private final Assertion assertion;
    private PrivilegeList privilegeList;

    public OIOAssertion(Assertion assertion) {
        super(assertion);
        this.assertion = assertion;
    }

    public static OIOAssertion fromResponse(Response response) {
        if (response.getAssertions().isEmpty()) {
            throw new RuntimeException("Didn't get an assertion in ArtifactResponse");
        }
        return new OIOAssertion((Assertion) response.getAssertions().get(0));
    }

    public String getSubjectNameIDValue() {
        String str = null;
        if (this.assertion.getSubject() != null && this.assertion.getSubject().getNameID() != null) {
            str = this.assertion.getSubject().getNameID().getValue();
        }
        return str;
    }

    public boolean checkRecipient(String str) {
        SubjectConfirmationData subjectConfirmationData;
        if (str == null || this.assertion.getSubject() == null || this.assertion.getSubject().getSubjectConfirmations() == null) {
            return false;
        }
        for (SubjectConfirmation subjectConfirmation : this.assertion.getSubject().getSubjectConfirmations()) {
            if (OIOSAMLConstants.METHOD_BEARER.equals(subjectConfirmation.getMethod()) && (subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData()) != null && str.equals(subjectConfirmationData.getRecipient())) {
                return true;
            }
        }
        return false;
    }

    public DateTime getConfirmationTime() {
        if (this.assertion.getSubject() == null || this.assertion.getSubject().getSubjectConfirmations() == null || this.assertion.getSubject().getSubjectConfirmations().isEmpty()) {
            return null;
        }
        Iterator it = this.assertion.getSubject().getSubjectConfirmations().iterator();
        while (it.hasNext()) {
            SubjectConfirmationData subjectConfirmationData = ((SubjectConfirmation) it.next()).getSubjectConfirmationData();
            if (subjectConfirmationData != null && subjectConfirmationData.getNotOnOrAfter() != null) {
                return subjectConfirmationData.getNotOnOrAfter();
            }
        }
        return null;
    }

    public String getSessionIndex() {
        String str = null;
        if (this.assertion != null && this.assertion.getAuthnStatements() != null && this.assertion.getAuthnStatements().size() > 0) {
            str = ((AuthnStatement) this.assertion.getAuthnStatements().get(0)).getSessionIndex();
        }
        return str;
    }

    public boolean hasSessionExpired() {
        boolean z = false;
        if (this.assertion != null && this.assertion.getAuthnStatements() != null && this.assertion.getAuthnStatements().size() > 0) {
            AuthnStatement authnStatement = (AuthnStatement) this.assertion.getAuthnStatements().get(0);
            z = authnStatement.getSessionNotOnOrAfter() != null ? authnStatement.getSessionNotOnOrAfter().isBeforeNow() : false;
        }
        return z;
    }

    public String getAuthnContextClassRef() {
        AuthnContext authnContext;
        AuthnContextClassRef authnContextClassRef;
        String str = null;
        if (this.assertion.getAuthnStatements() != null && this.assertion.getAuthnStatements().size() > 0 && (authnContext = ((AuthnStatement) this.assertion.getAuthnStatements().get(0)).getAuthnContext()) != null && (authnContextClassRef = authnContext.getAuthnContextClassRef()) != null) {
            str = authnContextClassRef.getAuthnContextClassRef();
        }
        return str;
    }

    public void validateAssertion(AssertionValidator assertionValidator, String str, String str2) throws ValidationException {
        try {
            this.assertion.validate(false);
            if (!SAMLVersion.VERSION_20.equals(this.assertion.getVersion())) {
                throw new ValidationException("The assertion must be version 2.0. Was " + this.assertion.getVersion());
            }
            if (this.assertion.getID() == null) {
                throw new ValidationException("The assertion must contain a ID");
            }
            log.debug("Using validator: " + assertionValidator);
            if (assertionValidator != null) {
                assertionValidator.validate(this, str, str2);
            }
        } catch (org.opensaml.xml.validation.ValidationException e) {
            throw new ValidationException((Exception) e);
        }
    }

    public Assertion getAssertion() {
        return this.assertion;
    }

    public String getNSISLevel() {
        Iterator it = this.assertion.getAttributeStatements().iterator();
        while (it.hasNext()) {
            for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                if (OIOSAMLConstants.ATTRIBUTE_NSIS_LEVEL_NAME.equals(attribute.getName())) {
                    return AttributeUtil.extractAttributeValueValue(attribute);
                }
            }
        }
        return null;
    }

    public PrivilegeList getPrivilegeList() {
        if (this.privilegeList != null) {
            return this.privilegeList;
        }
        String str = null;
        Iterator it = this.assertion.getAttributeStatements().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((AttributeStatement) it.next()).getAttributes().iterator();
            while (true) {
                if (it2.hasNext()) {
                    Attribute attribute = (Attribute) it2.next();
                    if (OIOSAMLConstants.ATTRIBUTE_PRIVILEGES_INTERMEDIATE.equals(attribute.getName())) {
                        str = AttributeUtil.extractAttributeValueValue(attribute);
                        break;
                    }
                }
            }
        }
        if (str != null) {
            this.privilegeList = OIOBPPUtil.parse(str);
        }
        return this.privilegeList;
    }

    public int getAssuranceLevel() {
        Iterator it = this.assertion.getAttributeStatements().iterator();
        while (it.hasNext()) {
            for (Attribute attribute : ((AttributeStatement) it.next()).getAttributes()) {
                if (OIOSAMLConstants.ATTRIBUTE_ASSURANCE_LEVEL_NAME.equals(attribute.getName())) {
                    return new AssuranceLevel(AttributeUtil.extractAttributeValueValue(attribute)).getValue();
                }
            }
        }
        return 0;
    }

    public String getID() {
        return this.assertion.getID();
    }

    public boolean isHolderOfKey() {
        if (this.assertion.getSubject() == null || this.assertion.getSubject().getSubjectConfirmations().isEmpty()) {
            return false;
        }
        return OIOSAMLConstants.METHOD_HOK.equals(((SubjectConfirmation) this.assertion.getSubject().getSubjectConfirmations().get(0)).getMethod());
    }

    public Collection<String> getAudience() {
        ArrayList arrayList = new ArrayList();
        if (this.assertion.getConditions() == null) {
            return arrayList;
        }
        Iterator it = this.assertion.getConditions().getAudienceRestrictions().iterator();
        while (it.hasNext()) {
            Iterator it2 = ((AudienceRestriction) it.next()).getAudiences().iterator();
            while (it2.hasNext()) {
                arrayList.add(((Audience) it2.next()).getAudienceURI());
            }
        }
        return arrayList;
    }

    public DateTime getConditionTimeNotOnOrAfter() {
        if (this.assertion.getConditions() == null) {
            return null;
        }
        return this.assertion.getConditions().getNotOnOrAfter();
    }

    public DateTime getConditionTimeNotBefore() {
        if (this.assertion.getConditions() == null) {
            return null;
        }
        return this.assertion.getConditions().getNotBefore();
    }

    public String getIssuer() {
        return this.assertion.getIssuer().getValue();
    }
}
