package com.sun.identity.liberty.ws.security;

import com.iplanet.am.util.XMLUtils;
import com.sun.identity.common.DateUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.liberty.ws.common.wsse.WSSEConstants;
import com.sun.identity.saml.assertion.Advice;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AssertionIDReference;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.AuthorizationDecisionStatement;
import com.sun.identity.saml.assertion.Conditions;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.assertion.SubjectConfirmation;
import com.sun.identity.saml.assertion.SubjectStatement;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLException;
import com.sun.identity.saml.common.SAMLRequesterException;
import com.sun.identity.saml.common.SAMLServiceManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.common.SAMLVersionMismatchException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.text.ParseException;
import java.util.Date;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119465-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/security/SecurityAssertion.class */
public class SecurityAssertion extends Assertion {
    public SecurityAssertion(Element element) throws SAMLException {
        SAMLServiceManager.SOAPEntry sOAPEntry;
        String localName = element.getLocalName();
        if (localName == null) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion: local name missing");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("nullInput"));
        }
        if (!localName.equals(SAMLConstants.TAG_ASSERTION)) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion: invalid root element");
            }
            throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("invalidElement")).append(":").append(localName).toString());
        }
        String attribute = element.getAttribute("Issuer");
        if (attribute == null || attribute.equals("")) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion: Issuer missing");
            }
            throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("missingAttribute")).append(":").append("Issuer").toString());
        }
        this._issuer = attribute;
        int size = XMLUtils.getElementsByTagNameNS1(element, SAMLConstants.XMLSIG_NAMESPACE_URI, "Signature").size();
        if (size == 1) {
            Map map = (Map) SAMLServiceManager.getAttribute("iplanet-am-saml-partner-urls");
            String str = null;
            if (map != null && (sOAPEntry = (SAMLServiceManager.SOAPEntry) map.get(this._issuer)) != null) {
                str = sOAPEntry.getCertAlias();
            }
            this.valid = XMLSignatureManager.getInstance().verifyXMLSignature(element, "AssertionID", str);
            if (!this.valid && SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion(Element): couldn't verify Assertion's signature.");
            }
            this.xmlString = XMLUtils.print(element);
            this.signed = true;
        } else if (size != 0) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion(Element): included more than one Signature element.");
            }
            throw new SAMLRequesterException(SAMLUtils.bundle.getString("moreElement"));
        }
        String attribute2 = element.getAttribute("MajorVersion");
        if (attribute2 == null || attribute2.equals("")) {
            if (SAMLUtils.debug.messageEnabled()) {
                SAMLUtils.debug.message("Assertion: MajorVersion missing");
            }
            throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("missingAttribute")).append(":").append("MajorVersion").toString());
        }
        try {
            int parseInt = Integer.parseInt(attribute2);
            if (parseInt != 1) {
                if (parseInt < 1) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Assertion: MajorVersion too low");
                    }
                    throw new SAMLVersionMismatchException(new StringBuffer().append(SAMLUtils.bundle.getString("assertionVersionTooLow")).append(":").append("MajorVersion").toString());
                }
                if (parseInt > 1) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Assertion: MajorVersion too high");
                    }
                    throw new SAMLVersionMismatchException(new StringBuffer().append(SAMLUtils.bundle.getString("assertionVersionTooHigh")).append(":").append("MajorVersion").toString());
                }
                this._minorVersion = Integer.parseInt(attribute2);
            }
            String attribute3 = element.getAttribute("MinorVersion");
            if (attribute3 == null || attribute3.equals("")) {
                if (SAMLUtils.debug.messageEnabled()) {
                    SAMLUtils.debug.message("Assertion: MinorVersion missing");
                }
                throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("missingAttribute")).append(":").append("MinorVersion").toString());
            }
            try {
                int parseInt2 = Integer.parseInt(attribute3);
                if (parseInt2 != SAMLConstants.ASSERTION_MINOR_VERSION) {
                    if (parseInt2 < SAMLConstants.ASSERTION_MINOR_VERSION) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("Assertion: MinorVersion too low");
                        }
                        throw new SAMLVersionMismatchException(SAMLUtils.bundle.getString("assertionVersionTooLow"));
                    }
                    if (parseInt2 > SAMLConstants.ASSERTION_MINOR_VERSION) {
                        if (SAMLUtils.debug.messageEnabled()) {
                            SAMLUtils.debug.message("Assertion: MinorVersion too high");
                        }
                        throw new SAMLVersionMismatchException(new StringBuffer().append(SAMLUtils.bundle.getString("assertionVersionTooHigh")).append(":").append("MinorVersion").toString());
                    }
                    this._minorVersion = Integer.parseInt(attribute3);
                }
                String attribute4 = element.getAttribute("AssertionID");
                if (attribute4 == null || attribute4.equals("")) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Assertion: AssertionID missing");
                    }
                    throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("missingAttribute")).append(":").append("AssertionID").toString());
                }
                this._assertionID = new AssertionIDReference(attribute4);
                String attribute5 = element.getAttribute("IssueInstant");
                if (attribute5 == null || attribute5.equals("")) {
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Assertion: IssueInstant missing");
                    }
                    throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("missingAttribute")).append(":").append("IssueInstant").toString());
                }
                try {
                    this._issueInstant = DateUtils.stringToDate(attribute5);
                    boolean z = false;
                    NodeList childNodes = element.getChildNodes();
                    int length = childNodes.getLength();
                    for (int i = 0; i < length; i++) {
                        Node item = childNodes.item(i);
                        if (item.getNodeType() == 1) {
                            String localName2 = item.getLocalName();
                            if (localName2.equals("Conditions")) {
                                this._conditions = new Conditions((Element) item);
                            } else if (localName2.equals("Advice")) {
                                this._advice = new Advice((Element) item);
                            } else if (localName2.equals("AuthenticationStatement")) {
                                this._statements.add(new AuthenticationStatement((Element) item));
                                z = true;
                            } else if (localName2.equals("AuthorizationDecisionStatement")) {
                                this._statements.add(new AuthorizationDecisionStatement((Element) item));
                                z = true;
                            } else if (localName2.equals("AttributeStatement")) {
                                this._statements.add(new AttributeStatement((Element) item));
                                z = true;
                            } else if (localName2.equals("Signature")) {
                                this.signature = (Element) item;
                            } else if (localName2.equals(WSSEConstants.TAG_RESOURCEACCESSSTATEMENT)) {
                                this._statements.add(new ResourceAccessStatement((Element) item));
                                z = true;
                            } else {
                                if (!localName2.equals(WSSEConstants.TAG_SESSIONCONTEXTSTATEMENT)) {
                                    if (SAMLUtils.debug.messageEnabled()) {
                                        SAMLUtils.debug.message("Assertion: invalid element in Assertion");
                                    }
                                    throw new SAMLRequesterException("invalidElement");
                                }
                                this._statements.add(new SessionContextStatement((Element) item));
                                z = true;
                            }
                        }
                    }
                    if (z) {
                        return;
                    }
                    if (SAMLUtils.debug.messageEnabled()) {
                        SAMLUtils.debug.message("Assertion: mandatory statement missing");
                    }
                    throw new SAMLRequesterException("missingStatement");
                } catch (ParseException e) {
                    SAMLUtils.debug.message("Assertion: could not parse IssueInstant");
                    throw new SAMLRequesterException(SAMLUtils.bundle.getString(new StringBuffer().append("wrongInput").append(e.getMessage()).toString()));
                }
            } catch (NumberFormatException e2) {
                SAMLUtils.debug.error("Assertion: invalid integer in MinorVersion", e2);
                throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("invalidNumber")).append(":").append("MinorVersion").toString());
            }
        } catch (NumberFormatException e3) {
            SAMLUtils.debug.error("Assertion: invalid integer in MajorVersion", e3);
            throw new SAMLRequesterException(new StringBuffer().append(SAMLUtils.bundle.getString("invalidNumber")).append(":").append("MajorVersion").toString());
        }
    }

    public SecurityAssertion(String str, String str2, Date date, Set set) throws SAMLException {
        super(str, str2, date, set);
    }

    public SecurityAssertion(String str, String str2, Date date, Conditions conditions, Set set) throws SAMLException {
        super(str, str2, date, conditions, set);
    }

    public SecurityAssertion(String str, String str2, Date date, Conditions conditions, Advice advice, Set set) throws SAMLException {
        super(str, str2, date, conditions, advice, set);
    }

    public boolean isBearer() {
        Subject subject;
        SubjectConfirmation subjectConfirmation;
        Set confirmationMethod;
        if (this._statements == null || this._statements.isEmpty()) {
            return false;
        }
        for (Object obj : this._statements) {
            if ((obj instanceof SubjectStatement) && (subject = ((SubjectStatement) obj).getSubject()) != null && (subjectConfirmation = subject.getSubjectConfirmation()) != null && (confirmationMethod = subjectConfirmation.getConfirmationMethod()) != null && !confirmationMethod.isEmpty() && confirmationMethod.contains("urn:oasis:names:tc:SAML:1.0:cm:bearer")) {
                return true;
            }
        }
        return false;
    }

    public Subject getBearerSubject() {
        Subject subject;
        SubjectConfirmation subjectConfirmation;
        Set confirmationMethod;
        if (this._statements == null || this._statements.isEmpty()) {
            return null;
        }
        for (Object obj : this._statements) {
            if ((obj instanceof SubjectStatement) && (subject = ((SubjectStatement) obj).getSubject()) != null && (subjectConfirmation = subject.getSubjectConfirmation()) != null && (confirmationMethod = subjectConfirmation.getConfirmationMethod()) != null && !confirmationMethod.isEmpty() && confirmationMethod.contains("urn:oasis:names:tc:SAML:1.0:cm:bearer")) {
                return subject;
            }
        }
        return null;
    }

    @Override // com.sun.identity.saml.assertion.Assertion
    public String toString() {
        return toString(true, false);
    }

    @Override // com.sun.identity.saml.assertion.Assertion
    public String toString(boolean z, boolean z2) {
        if (this.signed && this.xmlString != null) {
            return this.xmlString;
        }
        StringBuffer stringBuffer = new StringBuffer(IFSConstants.MAX_IDLE_TIME);
        String str = z2 ? " xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" : "";
        String str2 = z ? "saml:" : "";
        String str3 = null;
        if (this._issueInstant != null) {
            str3 = DateUtils.toUTCDateFormat(this._issueInstant);
        }
        stringBuffer.append("<").append(str2).append(SAMLConstants.TAG_ASSERTION).append(" ").append(str).append(" ").append("MajorVersion").append("=\"").append(this._majorVersion).append("\"").append(" ").append("MinorVersion").append("=\"").append(this._minorVersion).append("\"").append(" ").append("AssertionID=\"").append(this._assertionID.getAssertionIDReference()).append("\"").append(" ").append("Issuer").append("=\"").append(this._issuer).append("\"").append(" ").append("IssueInstant").append("=\"").append(str3).append("\"").append(" ").append(">").append("\n");
        if (this._conditions != null) {
            stringBuffer.append(this._conditions.toString(z, false));
        }
        if (this._advice != null) {
            stringBuffer.append(this._advice.toString(z, false));
        }
        Iterator it = getStatement().iterator();
        while (it.hasNext()) {
            stringBuffer.append(((Statement) it.next()).toString(z, z2));
        }
        if (this.signed && this.signatureString != null) {
            stringBuffer.append(this.signatureString);
        }
        stringBuffer.append(SAMLUtils.makeEndElementTagXML(SAMLConstants.TAG_ASSERTION, z));
        return stringBuffer.toString();
    }
}
