package xsul.dsig.saml.authorization;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.util.Iterator;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.FactoryConfigurationError;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.neethi.Constants;
import org.opensaml.SAMLAction;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAuthorizationDecisionStatement;
import org.opensaml.SAMLException;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;
import org.xmlpull.v1.builder.XmlDocument;
import org.xmlpull.v1.builder.XmlElement;
import org.xmlpull.v1.builder.XmlInfosetBuilder;
import xsul.MLogger;
import xsul.XmlConstants;
import xsul.dsig.apache.axis.uti.XMLUtils;
import xsul.dsig.globus.security.authentication.wssec.WSConstants;
import xsul.soap11_util.Soap11Util;

/* loaded from: input_file:WEB-INF/lib/xsul-2.10.5_b.jar:xsul/dsig/saml/authorization/CapabilityEnforcer.class */
public class CapabilityEnforcer {
    private static final XmlInfosetBuilder builder = XmlConstants.BUILDER;
    private static final MLogger logger = MLogger.getLogger();
    private Capability cap;
    private String subject;
    private boolean clientsideEnabled;

    protected CapabilityEnforcer(Capability capability, String str) {
        this.clientsideEnabled = true;
        this.cap = capability;
        this.subject = str;
    }

    protected CapabilityEnforcer(Capability capability, String str, boolean z) {
        this.clientsideEnabled = true;
        this.cap = capability;
        this.subject = str;
        this.clientsideEnabled = z;
    }

    public static CapabilityEnforcer newInstance(Capability capability, String str) throws CapabilityException {
        if (capability == null) {
            throw new CapabilityException("Capability can not be null");
        }
        return new CapabilityEnforcer(capability, str);
    }

    public void setClientsideEnabled(boolean z) {
        this.clientsideEnabled = z;
    }

    public boolean isClientsideEnabled() {
        return this.clientsideEnabled;
    }

    public XmlDocument addCapability(XmlDocument xmlDocument) throws CapabilityException {
        XmlElement documentElement = xmlDocument.getDocumentElement();
        if (!"http://schemas.xmlsoap.org/soap/envelope/".equals(documentElement.getNamespace().getNamespaceName()) || !"Envelope".equals(documentElement.getName())) {
            throw new CapabilityException("empty envelope: " + ("namespace: " + documentElement.getNamespace().getNamespaceName() + "\nlocalname: " + documentElement.getName() + "\n" + builder.serializeToString(xmlDocument)));
        }
        XmlElement element = documentElement.element(null, "Body");
        if (element == null) {
            throw new CapabilityException("No SOAP Body found");
        }
        String serializeToString = builder.serializeToString(element);
        XmlElement element2 = documentElement.element(null, "Header");
        if (element2 == null) {
            element2 = documentElement.addElement(0, builder.newFragment(Soap11Util.SOAP11_NS, "Header"));
        }
        XmlElement addElement = element2.addElement(builder.newNamespace(WSConstants.WSSE_PREFIX, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"), "Security");
        if (this.cap == null) {
            throw new CapabilityException("No capability found");
        }
        SAMLAssertion[] allAssertions = this.cap.getAllAssertions();
        if (allAssertions == null) {
            throw new CapabilityException("No assertions found");
        }
        int i = 0;
        while (true) {
            try {
                if (i >= allAssertions.length) {
                    break;
                }
                logger.finest("\nNode to string " + i + ": " + allAssertions[i].toString());
                Iterator statements = allAssertions[i].getStatements();
                if (statements.hasNext()) {
                    Object next = statements.next();
                    if (next instanceof SAMLAuthorizationDecisionStatement) {
                        SAMLAuthorizationDecisionStatement sAMLAuthorizationDecisionStatement = (SAMLAuthorizationDecisionStatement) next;
                        logger.finest("type SAMLAuthorizationDecisionStatement");
                        String name = sAMLAuthorizationDecisionStatement.getSubject().getNameIdentifier().getName();
                        logger.finest("name qual: " + name);
                        if (name.equals(this.subject)) {
                            Iterator actions = sAMLAuthorizationDecisionStatement.getActions();
                            if (actions.hasNext()) {
                                String data = ((SAMLAction) actions.next()).getData();
                                if (serializeToString.indexOf(data) < 0) {
                                    logger.finest("no " + data + "in the body");
                                } else if (this.clientsideEnabled) {
                                    String decision = sAMLAuthorizationDecisionStatement.getDecision();
                                    if (decision.equals(CapConstants.DENY)) {
                                        logger.finest(data + "got denied");
                                        throw new CapabilityException(data + "got denied");
                                    }
                                    if (!decision.equals(CapConstants.PERMIT)) {
                                        logger.finest("unknown decision: " + decision);
                                        throw new CapabilityException("unknown decision: " + decision);
                                    }
                                    addElement.addElement(builder.parseFragmentFromReader(new StringReader(XMLUtils.ElementToString((Element) allAssertions[i].toDOM()))));
                                    logger.finest("assertion added for action name: " + data);
                                } else {
                                    addElement.addElement(builder.parseFragmentFromReader(new StringReader(XMLUtils.ElementToString((Element) allAssertions[i].toDOM()))));
                                    logger.finest("assertion added for action name: " + data);
                                }
                            }
                        } else {
                            logger.finest("subject does not match: " + this.subject);
                        }
                    } else {
                        continue;
                    }
                }
                i++;
            } catch (DOMException e) {
                throw new CapabilityException(e.getMessage());
            } catch (SAMLException e2) {
                throw new CapabilityException(e2.getMessage());
            }
        }
        return xmlDocument;
    }

    public String addCapability(String str) throws CapabilityException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document addCapability = addCapability(newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(str.getBytes())));
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            XMLUtils.DocumentToStream(addCapability, byteArrayOutputStream);
            String byteArrayOutputStream2 = byteArrayOutputStream.toString();
            byteArrayOutputStream.close();
            logger.finest("\nenv with capability: " + byteArrayOutputStream2);
            return byteArrayOutputStream2;
        } catch (IOException e) {
            throw new CapabilityException("could not add capability " + e, e);
        } catch (FactoryConfigurationError e2) {
            throw new CapabilityException("could not add capability " + e2);
        } catch (ParserConfigurationException e3) {
            throw new CapabilityException("could not add capability " + e3, e3);
        } catch (SAXException e4) {
            throw new CapabilityException("could not add capability " + e4, e4);
        }
    }

    public Document addCapability(Document document) throws CapabilityException {
        Element element = (Element) document.getFirstChild();
        Element element2 = (Element) element.getFirstChild();
        Node createElementNS = document.createElementNS("http://schemas.xmlsoap.org/soap/envelope/", "S:Header");
        element.insertBefore(createElementNS, element2);
        Node createElementNS2 = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
        createElementNS.appendChild(createElementNS2);
        if (this.cap == null) {
            throw new CapabilityException("No capability found");
        }
        SAMLAssertion[] allAssertions = this.cap.getAllAssertions();
        if (allAssertions == null) {
            throw new CapabilityException("No assertions found");
        }
        for (int i = 0; i < allAssertions.length; i++) {
            try {
                logger.finest("\nNode to string " + i + ": " + allAssertions[i].toString());
                Element element3 = (Element) document.importNode(allAssertions[i].toDOM(), true);
                logger.finest("attribute just added: " + element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", Constants.ATTR_ID));
                logger.finest("\nclonedNode to string " + i);
                createElementNS2.appendChild(element3);
            } catch (SAMLException e) {
                throw new CapabilityException(e.getMessage());
            } catch (DOMException e2) {
                throw new CapabilityException(e2.getMessage());
            }
        }
        return document;
    }
}
