package xsul.dsig.saml.authorization;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStream;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Vector;
import org.globus.gsi.GlobusCredential;
import org.opensaml.SAMLAction;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAudienceRestrictionCondition;
import org.opensaml.SAMLAuthorizationDecisionStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Element;
import xsul.MLogger;
import xsul.XsulException;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/dsig/saml/authorization/Capability.class */
public class Capability {
    private static final MLogger logger = MLogger.getLogger();
    private static SimpleDateFormat dateformatter = new SimpleDateFormat(CapConstants.DATEFORMAT);
    private String id;
    private String owner;
    private String resource;
    private Collection users;
    private String namespace;
    private Map actionswithdecisions;
    private Date notbefore;
    private Date notafter;
    private Collection assertions;
    private boolean signed;

    public Capability() {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
    }

    public Capability(Collection collection) throws CapabilityException {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
        this.assertions = collection;
        this.signed = true;
        Iterator it = this.assertions.iterator();
        if (it.hasNext()) {
            SAMLAssertion sAMLAssertion = (SAMLAssertion) it.next();
            this.owner = sAMLAssertion.getIssuer();
            this.notbefore = sAMLAssertion.getNotBefore();
            this.notafter = sAMLAssertion.getNotOnOrAfter();
            Iterator statements = sAMLAssertion.getStatements();
            this.users = new Vector(1);
            while (statements.hasNext()) {
                Object next = statements.next();
                if (!(next instanceof SAMLAuthorizationDecisionStatement)) {
                    throw new CapabilityException("illegal SAML statement");
                }
                SAMLAuthorizationDecisionStatement sAMLAuthorizationDecisionStatement = (SAMLAuthorizationDecisionStatement) next;
                logger.finest("type SAMLAuthorizationDecisionStatement");
                if (sAMLAuthorizationDecisionStatement != null) {
                    this.users.add(sAMLAuthorizationDecisionStatement.getSubject().getNameIdentifier().getName());
                    this.resource = sAMLAuthorizationDecisionStatement.getResource();
                }
                if (sAMLAuthorizationDecisionStatement.getActions() == null) {
                    throw new CapabilityException("no actions!");
                }
            }
        }
    }

    public Capability(File file) {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(file));
            StringBuffer stringBuffer = new StringBuffer();
            while (true) {
                int read = bufferedReader.read();
                if (read == -1) {
                    extractCapability(stringBuffer.toString());
                    return;
                }
                stringBuffer.append((char) read);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public Capability(InputStream inputStream) {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
        try {
            StringBuffer stringBuffer = new StringBuffer();
            int read = inputStream.read();
            while (read >= 0) {
                stringBuffer.append(read);
            }
            extractCapability(stringBuffer.toString());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    public Capability(String str) throws XsulException {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
        try {
            extractCapability(str);
            logger.finest("id: " + this.id);
        } catch (SAMLException e) {
            String str2 = "could extract asseriotn from " + str;
            logger.config(str2, e);
            throw new XsulException(str2, e);
        } catch (IOException e2) {
            String str3 = "could extract asseriotn from " + str;
            logger.config(str3, e2);
            throw new XsulException(str3, e2);
        }
    }

    public Capability(String str, String str2, Collection collection, String str3, Map map, Date date, Date date2, GlobusCredential globusCredential, boolean z) throws CapabilityException {
        this.id = new Long(System.currentTimeMillis()).toString();
        this.owner = "";
        this.resource = "";
        this.assertions = new Vector(1);
        this.signed = false;
        this.owner = CapabilityUtil.canonicalizeSubject(str);
        this.resource = str2;
        this.users = collection;
        this.namespace = str3;
        this.notbefore = date;
        this.notafter = date2;
        this.actionswithdecisions = map;
        if (z) {
            return;
        }
        sign(globusCredential);
    }

    public void sign(GlobusCredential globusCredential) throws CapabilityException {
        GlobusCredential defaultCredential;
        if (this.signed) {
            logger.finest("signed -- not necessary to do it again");
            return;
        }
        if (globusCredential == null) {
            try {
                defaultCredential = GlobusCredential.getDefaultCredential();
            } catch (Exception e) {
                String str = "capability generation failed: " + e.getMessage();
                logger.config(str, e);
                throw new CapabilityException(str, e);
            }
        } else {
            defaultCredential = globusCredential;
        }
        if (defaultCredential == null) {
            throw new Exception("globus credential can not be null");
        }
        for (String str2 : this.users) {
            if (this.actionswithdecisions == null) {
                SAMLAssertion makeAssertion = makeAssertion(this.namespace, "access", CapConstants.PERMIT, this.resource, this.owner, str2, this.notbefore, this.notafter, defaultCredential);
                logger.finest(">>>Capability generated>>>>\n" + makeAssertion.toString());
                addAssertion(makeAssertion);
            } else {
                for (String str3 : this.actionswithdecisions.keySet()) {
                    SAMLAssertion makeAssertion2 = makeAssertion(this.namespace, str3, (String) this.actionswithdecisions.get(str3), this.resource, this.owner, str2, this.notbefore, this.notafter, defaultCredential);
                    logger.finest(">>>Capability generated>>>>\n" + makeAssertion2.toString());
                    addAssertion(makeAssertion2);
                }
            }
        }
        logger.finest("capability signed");
        this.signed = true;
    }

    public String getId() {
        return this.id;
    }

    public void setId(String str) {
        this.id = str;
    }

    public void setOwner(String str) {
        this.owner = str;
    }

    public String getOwner() {
        return this.owner;
    }

    public void setResource(String str) {
        this.resource = str;
    }

    public String getResource() {
        return this.resource;
    }

    public void setUsers(Collection collection) {
        this.users = collection;
    }

    public Collection getUsers() {
        return this.users;
    }

    public void setNamespace(String str) {
        this.namespace = str;
    }

    public String getNamespace() {
        return this.namespace;
    }

    public void setActionswithdecisions(Map map) {
        this.actionswithdecisions = map;
    }

    public Map getActionswithdecisions() {
        return this.actionswithdecisions;
    }

    public void setNotbefore(Date date) {
        this.notbefore = date;
    }

    public Date getNotbefore() {
        return this.notbefore;
    }

    public void setNotafter(Date date) {
        this.notafter = date;
    }

    public Date getNotafter() {
        return this.notafter;
    }

    public void addAssertion(SAMLAssertion sAMLAssertion) {
        this.assertions.add(sAMLAssertion);
    }

    public SAMLAssertion[] getAllAssertions() {
        return (SAMLAssertion[]) this.assertions.toArray(new SAMLAssertion[0]);
    }

    public boolean isSigned() {
        return this.signed;
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer("");
        if (this.signed) {
            logger.finest("signed -- print saml assertions");
            for (SAMLAssertion sAMLAssertion : getAllAssertions()) {
                stringBuffer.append(sAMLAssertion.toString());
                stringBuffer.append("\n");
            }
        } else {
            logger.finest("not signed -- print primitive info");
            stringBuffer.append("<Capability>\n");
            stringBuffer.append("<Id>" + getId() + "</Id>\n");
            stringBuffer.append("<Owner>" + getOwner() + "</Owner>\n");
            stringBuffer.append("<Resource>" + getResource() + "</Resource>\n");
            stringBuffer.append("<Namespace>" + getNamespace() + "</Namespace>\n");
            stringBuffer.append("<Notbefore>" + dateformatter.format(this.notbefore) + "</Notbefore>\n");
            stringBuffer.append("<Notafter>" + dateformatter.format(this.notafter) + "</Notafter>\n");
            Iterator it = this.users.iterator();
            while (it.hasNext()) {
                stringBuffer.append("<User>" + ((String) it.next()) + "</User>\n");
            }
            if (this.actionswithdecisions != null) {
                for (String str : this.actionswithdecisions.keySet()) {
                    stringBuffer.append("<Action>" + str + "</Action>");
                    stringBuffer.append("<Decision>" + ((String) this.actionswithdecisions.get(str)) + "</Decision>\n");
                }
            }
            stringBuffer.append("</Capability>");
        }
        return stringBuffer.toString();
    }

    public void verify() throws CapabilityException {
        if (!this.signed) {
            throw new CapabilityException("not signed yet");
        }
        if (isExpired()) {
            throw new CapabilityExpirationException("expired");
        }
        Iterator it = this.assertions.iterator();
        while (it.hasNext()) {
            try {
                ((SAMLAssertion) it.next()).verify();
            } catch (SAMLException e) {
                e.printStackTrace();
                throw new CapabilityException("Verification failed: " + e.getMessage());
            }
        }
        logger.finest("capability verified!!!");
    }

    public boolean isExpired() {
        Date date = new Date(System.currentTimeMillis());
        if (this.notbefore != null && this.notafter != null) {
            return date.before(this.notbefore) || date.after(this.notafter);
        }
        SAMLAssertion[] allAssertions = getAllAssertions();
        for (int i = 0; i < allAssertions.length; i++) {
            Date notBefore = allAssertions[i].getNotBefore();
            Date notOnOrAfter = allAssertions[i].getNotOnOrAfter();
            if (date.before(notBefore) || date.after(notOnOrAfter)) {
                return true;
            }
        }
        return false;
    }

    private void extractCapability(String str) throws IOException, SAMLException {
        String str2 = str;
        if (str2.startsWith("<Capability")) {
            this.id = str2.substring(str2.indexOf("<Id>") + "<Id>".length(), str2.indexOf("</Id>"));
            this.owner = str2.substring(str2.indexOf("<Owner>") + "<Owner>".length(), str2.indexOf("</Owner>"));
            this.resource = str2.substring(str2.indexOf("<Resource>") + "<Resource>".length(), str2.indexOf("</Resource>"));
            this.namespace = str2.substring(str2.indexOf("<Namespace>") + "<Namespace>".length(), str2.indexOf("</Namespace>"));
            String substring = str2.substring(str2.indexOf("<Notbefore>") + "<Notbefore>".length(), str2.indexOf("</Notbefore>"));
            String substring2 = str2.substring(str2.indexOf("<Notafter>") + "<Notafter>".length(), str2.indexOf("</Notafter>"));
            try {
                this.notbefore = dateformatter.parse(substring);
                this.notafter = dateformatter.parse(substring2);
            } catch (ParseException e) {
            }
            String[] split = str2.substring(str2.indexOf("<User>"), str2.lastIndexOf("</User>") + "</User>".length()).split("</User>\\s*");
            for (int i = 0; i < split.length; i++) {
                split[i] = split[i].substring("<User>".length());
            }
            this.users = new Vector(Arrays.asList(split));
            int indexOf = str2.indexOf("<Action>");
            if (indexOf > 0) {
                String[] split2 = str2.substring(indexOf, str2.lastIndexOf("</Decision>") + "</Decision>".length()).split("</Decision>\\s*");
                this.actionswithdecisions = new HashMap();
                for (int i2 = 0; i2 < split2.length; i2++) {
                    Object obj = CapConstants.PERMIT;
                    if (split2[i2].indexOf(CapConstants.PERMIT) < 0) {
                        obj = CapConstants.DENY;
                    }
                    split2[i2] = split2[i2].substring(split2[i2].indexOf("<Action>") + "<Action>".length(), split2[i2].indexOf("</Action>"));
                    this.actionswithdecisions.put(split2[i2], obj);
                }
            }
            this.signed = false;
            return;
        }
        try {
            int lastIndexOf = str2.lastIndexOf("<Assertion");
            while (lastIndexOf >= 0) {
                String substring3 = str2.substring(lastIndexOf);
                str2 = str2.substring(0, lastIndexOf);
                ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(substring3.getBytes());
                SAMLAssertion sAMLAssertion = new SAMLAssertion(byteArrayInputStream);
                this.signed = sAMLAssertion.isSigned();
                this.assertions.add(sAMLAssertion);
                this.id = sAMLAssertion.getId();
                logger.finer("id: " + this.id);
                this.owner = sAMLAssertion.getIssuer();
                logger.finer("cap owner: " + this.owner);
                if (this.notbefore == null) {
                    this.notbefore = sAMLAssertion.getNotBefore();
                }
                if (this.notafter == null) {
                    this.notafter = sAMLAssertion.getNotOnOrAfter();
                }
                if (this.resource == null || this.resource.equals("")) {
                    this.resource = substring3.substring(substring3.indexOf("<Audience>") + 10, substring3.indexOf("</Audience>"));
                    logger.finer("epr: " + this.resource);
                }
                String substring4 = substring3.substring(substring3.indexOf("<NameIdentifier>") + 16, substring3.indexOf("</NameIdentifier>"));
                if (this.users == null) {
                    this.users = new Vector(11);
                }
                if (!this.users.contains(substring4)) {
                    this.users.add(substring4);
                }
                byteArrayInputStream.close();
                lastIndexOf = str2.lastIndexOf("<Assertion");
            }
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    private SAMLAssertion makeAssertion(String str, String str2, String str3, String str4, String str5, String str6, Date date, Date date2, GlobusCredential globusCredential) throws CloneNotSupportedException, SAMLException {
        SAMLAudienceRestrictionCondition sAMLAudienceRestrictionCondition = new SAMLAudienceRestrictionCondition(Collections.singleton(str4));
        Vector vector = new Vector(1);
        vector.add(sAMLAudienceRestrictionCondition.clone());
        SAMLAssertion sAMLAssertion = new SAMLAssertion(str5, date, date2, vector, (Collection) null, Collections.singleton(new SAMLAuthorizationDecisionStatement((SAMLSubject) new SAMLSubject(new SAMLNameIdentifier(str6, CapConstants.CAP_NAMEQUALIFIER, CapConstants.CAP_NAMEIDENTIFIER_FORMAT), Arrays.asList("urn:oasis:names:tc:SAML:1.0:cm:bearer"), (Element) null, (Object) null).clone(), str4, str3, Collections.singleton(new SAMLAction(str, str2)), (Collection) null)));
        if (globusCredential != null) {
            sAMLAssertion.sign("http://www.w3.org/2000/09/xmldsig#rsa-sha1", globusCredential.getPrivateKey(), Arrays.asList(globusCredential.getCertificateChain()));
            if (logger.isFinestEnabled()) {
                logger.finest("ownername: " + str5);
                logger.finest("notbefore: " + date);
                logger.finest("notafter: " + date2);
                sAMLAssertion.verify();
            }
        }
        return sAMLAssertion;
    }
}
