package org.globus.gridshib.security;

import java.net.URI;
import java.net.URISyntaxException;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.security.auth.Subject;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.opensaml11.saml.SAMLAttribute;
import org.globus.opensaml11.saml.SAMLAttributeStatement;
import org.globus.opensaml11.saml.SAMLAuthenticationStatement;
import org.globus.opensaml11.saml.SAMLAuthorizationDecisionStatement;
import org.globus.opensaml11.saml.SAMLStatement;
import org.globus.opensaml11.saml.SAMLSubject;
import org.globus.opensaml11.saml.SAMLSubjectAssertion;
import org.globus.opensaml11.saml.SubjectStatement;

/* loaded from: input_file:org/globus/gridshib/security/SAMLSecurityContext.class */
public class SAMLSecurityContext extends BaseSecurityContext {
    private static final String CLASSNAME;
    static Log logger;
    protected SAMLIdentity currentSAMLIdentity;
    protected List assertions;
    protected List identities;
    protected Set authnContexts;
    protected Set attributes;
    static Class class$org$globus$gridshib$security$SAMLSecurityContext;
    static final boolean $assertionsDisabled;

    public static SAMLSecurityContext getSAMLSecurityContext(Subject subject) {
        try {
            SecurityContext securityContextFactory = SecurityContextFactory.getInstance(subject, CLASSNAME);
            if ($assertionsDisabled || securityContextFactory != null) {
                return (SAMLSecurityContext) securityContextFactory;
            }
            throw new AssertionError();
        } catch (ClassNotFoundException e) {
            throw new RuntimeException(new StringBuffer().append("Class not found: ").append(CLASSNAME).toString(), e);
        }
    }

    protected SAMLSecurityContext(Subject subject) {
        super(subject);
        this.currentSAMLIdentity = null;
        this.assertions = new ArrayList();
        this.identities = new ArrayList();
        this.authnContexts = new HashSet();
        this.attributes = new AttributeSet();
    }

    @Override // org.globus.gridshib.security.BaseSecurityContext, org.globus.gridshib.security.SecurityContext
    public boolean isEmpty() {
        return this.identities.size() == 0 && this.authnContexts.size() == 0 && this.attributes.size() == 0;
    }

    public boolean hasCurrentSAMLIdentity() {
        return getCurrentSAMLIdentity() != null;
    }

    public SAMLIdentity getCurrentSAMLIdentity() {
        SAMLIdentity sAMLIdentity = this.currentSAMLIdentity;
        if (sAMLIdentity == null && this.identities.size() > 0) {
            sAMLIdentity = (SAMLIdentity) this.identities.get(0);
        }
        return sAMLIdentity;
    }

    public void setCurrentSAMLIdentity(SAMLIdentity sAMLIdentity) {
        this.currentSAMLIdentity = sAMLIdentity;
    }

    public SAMLSubjectAssertion[] getSAMLAssertions() {
        logger.debug(new StringBuffer().append("Found ").append(this.assertions.size()).append(" parsed assertion").append(this.assertions.size() == 1 ? "" : "s").toString());
        return (SAMLSubjectAssertion[]) this.assertions.toArray(new SAMLSubjectAssertion[0]);
    }

    public SAMLIdentity[] getSAMLIdentities() {
        logger.debug(new StringBuffer().append("Found ").append(this.identities.size()).append(" identit").append(this.identities.size() == 1 ? "y" : "ies").toString());
        return (SAMLIdentity[]) this.identities.toArray(new SAMLIdentity[0]);
    }

    public SAMLPrincipal[] getSAMLPrincipals() {
        ArrayList arrayList = new ArrayList();
        SAMLIdentity[] sAMLIdentities = getSAMLIdentities();
        int length = sAMLIdentities.length;
        for (int i = 0; i < length; i++) {
            if (sAMLIdentities[i].getSAMLPrincipal() != null) {
                arrayList.add(sAMLIdentities[i].getSAMLPrincipal());
            }
        }
        int size = arrayList.size();
        logger.debug(new StringBuffer().append("Found ").append(size).append(" SAML principal").append(size == 1 ? " " : "s ").append("associated with ").append(length).append(" SAMLIdentit").append(length == 1 ? "y" : "ies").toString());
        BasicAttribute[] attributes = getAttributes();
        int length2 = attributes.length;
        for (BasicAttribute basicAttribute : attributes) {
            arrayList.addAll(basicAttribute.getSAMLPrincipals());
        }
        int size2 = arrayList.size();
        logger.debug(new StringBuffer().append("Found ").append(size2 - size).append(" SAML principal").append(size2 - size == 1 ? " " : "s ").append("associated with ").append(length2).append(" BasicAttribute").append(length2 == 1 ? "" : "s").toString());
        return (SAMLPrincipal[]) arrayList.toArray(new SAMLPrincipal[0]);
    }

    public SAMLAuthnContext[] getSAMLAuthnContexts() {
        logger.debug(new StringBuffer().append("Found ").append(this.authnContexts.size()).append(" authn context").append(this.authnContexts.size() == 1 ? "" : "s").toString());
        return (SAMLAuthnContext[]) this.authnContexts.toArray(new SAMLAuthnContext[0]);
    }

    public BasicAttribute[] getAttributes() {
        logger.debug(new StringBuffer().append("Found ").append(this.attributes.size()).append(" attribute").append(this.attributes.size() == 1 ? "" : "s").toString());
        return (BasicAttribute[]) this.attributes.toArray(new BasicAttribute[0]);
    }

    public boolean removeSAMLIdentity(SAMLIdentity sAMLIdentity) {
        return this.identities.remove(sAMLIdentity);
    }

    public boolean removeSAMLAuthnContext(SAMLAuthnContext sAMLAuthnContext) {
        return this.authnContexts.remove(sAMLAuthnContext);
    }

    public boolean removeAttribute(BasicAttribute basicAttribute) {
        return this.attributes.remove(basicAttribute);
    }

    public boolean parseSAMLAssertion(SAMLSubjectAssertion sAMLSubjectAssertion) {
        if (!$assertionsDisabled && sAMLSubjectAssertion == null) {
            throw new AssertionError();
        }
        logger.info("Adding SAML SubjectAssertion to security context");
        this.assertions.add(sAMLSubjectAssertion);
        logger.debug(sAMLSubjectAssertion.toString());
        logger.info("Adding SAML Subject to security context");
        logger.debug(sAMLSubjectAssertion.getSubject().toString());
        String id = sAMLSubjectAssertion.getId();
        String issuer = sAMLSubjectAssertion.getIssuer();
        addSAMLSubject(id, issuer, sAMLSubjectAssertion.getSubject());
        Iterator statements = sAMLSubjectAssertion.getStatements();
        while (statements.hasNext()) {
            SAMLStatement sAMLStatement = (SAMLStatement) statements.next();
            if (sAMLStatement instanceof SAMLAuthenticationStatement) {
                logger.info("Adding SAML AuthenticationStatement to security context");
                SAMLAuthenticationStatement sAMLAuthenticationStatement = (SAMLAuthenticationStatement) sAMLStatement;
                logger.debug(sAMLAuthenticationStatement.toString());
                addSAMLAuthnStatement(id, issuer, sAMLAuthenticationStatement);
            } else if (sAMLStatement instanceof SAMLAttributeStatement) {
                logger.info("Adding SAML AttributeStatement to security context");
                SAMLAttributeStatement sAMLAttributeStatement = (SAMLAttributeStatement) sAMLStatement;
                logger.debug(sAMLAttributeStatement.toString());
                addSAMLAttributeStatement(id, issuer, sAMLAttributeStatement);
            } else if (sAMLStatement instanceof SAMLAuthorizationDecisionStatement) {
                logger.warn("Unsupported statement type");
                logger.info(new StringBuffer().append("Skipping statement: ").append(sAMLStatement.toString()).toString());
            } else if (sAMLStatement instanceof SubjectStatement) {
                logger.info(new StringBuffer().append("Skipping empty SubjectStatement: ").append(sAMLStatement.toString()).toString());
            } else {
                logger.warn("Unknown statement type");
                logger.info(new StringBuffer().append("Skipping statement: ").append(sAMLStatement.toString()).toString());
            }
        }
        return true;
    }

    protected boolean addSAMLSubject(String str, String str2, SAMLSubject sAMLSubject) {
        if (!$assertionsDisabled && (str2 == null || sAMLSubject == null)) {
            throw new AssertionError();
        }
        return this.identities.add(new SAMLIdentity(str, str2, sAMLSubject.getNameIdentifier()));
    }

    protected boolean addSAMLAuthnStatement(String str, String str2, SAMLAuthenticationStatement sAMLAuthenticationStatement) {
        if (!$assertionsDisabled && (str2 == null || sAMLAuthenticationStatement == null)) {
            throw new AssertionError();
        }
        try {
            return this.authnContexts.add(new SAMLAuthnContext(str, str2, new URI(sAMLAuthenticationStatement.getAuthMethod()), sAMLAuthenticationStatement.getAuthInstant(), sAMLAuthenticationStatement.getSubjectIP(), sAMLAuthenticationStatement.getSubjectDNS()));
        } catch (URISyntaxException e) {
            logger.warn("AuthenticationStatement is invalid, AuthenticationMethod must be a URI");
            return false;
        }
    }

    protected boolean addSAMLAttributeStatement(String str, String str2, SAMLAttributeStatement sAMLAttributeStatement) {
        if ($assertionsDisabled || !(str2 == null || sAMLAttributeStatement == null)) {
            return addSAMLAttributes(str, str2, sAMLAttributeStatement.getAttributes());
        }
        throw new AssertionError();
    }

    protected boolean addSAMLAttributes(String str, String str2, Iterator it) {
        if (!$assertionsDisabled && (str2 == null || it == null)) {
            throw new AssertionError();
        }
        boolean z = false;
        while (it.hasNext()) {
            if (addSAMLAttribute(str, str2, (SAMLAttribute) it.next())) {
                z = true;
            }
        }
        return z;
    }

    protected boolean addSAMLAttribute(String str, String str2, SAMLAttribute sAMLAttribute) {
        if (!$assertionsDisabled && (str2 == null || sAMLAttribute == null)) {
            throw new AssertionError();
        }
        BasicAttribute basicAttribute = new BasicAttribute(str, str2, sAMLAttribute.getName(), sAMLAttribute.getNamespace());
        Iterator values = sAMLAttribute.getValues();
        while (values.hasNext()) {
            basicAttribute.addValue((String) values.next());
        }
        return this.attributes.add(basicAttribute);
    }

    @Override // org.globus.gridshib.security.BaseSecurityContext, org.globus.gridshib.security.SecurityContext
    public String toString() {
        return toString(false);
    }

    public String toString(boolean z) {
        StringBuffer stringBuffer = new StringBuffer();
        if (z) {
            X509Certificate[] certificateChain = getCertificateChain();
            if (!$assertionsDisabled && certificateChain == null) {
                throw new AssertionError();
            }
            for (X509Certificate x509Certificate : certificateChain) {
                stringBuffer.append("X509Certificate ");
                stringBuffer.append("{\n  ").append(x509Certificate.toString());
                stringBuffer.append("}\n");
            }
            SAMLSubjectAssertion[] sAMLAssertions = getSAMLAssertions();
            if (!$assertionsDisabled && sAMLAssertions == null) {
                throw new AssertionError();
            }
            for (SAMLSubjectAssertion sAMLSubjectAssertion : sAMLAssertions) {
                stringBuffer.append("SAMLAssertion ");
                stringBuffer.append("{\n  ").append(sAMLSubjectAssertion.toString());
                stringBuffer.append("\n}\n");
            }
            for (Principal principal : getPrincipals()) {
                stringBuffer.append("Principal ");
                stringBuffer.append("{\n  name='").append(principal.getName());
                stringBuffer.append("'\n  type='unknown");
                stringBuffer.append("'\n}");
                stringBuffer.append("\n");
            }
        }
        SAMLPrincipal[] sAMLPrincipals = getSAMLPrincipals();
        if (!$assertionsDisabled && sAMLPrincipals == null) {
            throw new AssertionError();
        }
        for (SAMLPrincipal sAMLPrincipal : sAMLPrincipals) {
            stringBuffer.append(sAMLPrincipal.toString());
            stringBuffer.append("\n");
        }
        SAMLIdentity[] sAMLIdentities = getSAMLIdentities();
        if (!$assertionsDisabled && sAMLIdentities == null) {
            throw new AssertionError();
        }
        for (SAMLIdentity sAMLIdentity : sAMLIdentities) {
            stringBuffer.append(sAMLIdentity.toString());
            stringBuffer.append("\n");
        }
        SAMLAuthnContext[] sAMLAuthnContexts = getSAMLAuthnContexts();
        if (!$assertionsDisabled && sAMLAuthnContexts == null) {
            throw new AssertionError();
        }
        for (SAMLAuthnContext sAMLAuthnContext : sAMLAuthnContexts) {
            stringBuffer.append(sAMLAuthnContext.toString());
            stringBuffer.append("\n");
        }
        BasicAttribute[] attributes = getAttributes();
        if (!$assertionsDisabled && attributes == null) {
            throw new AssertionError();
        }
        for (BasicAttribute basicAttribute : attributes) {
            stringBuffer.append(basicAttribute.toString());
            stringBuffer.append("\n");
        }
        return stringBuffer.toString();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$gridshib$security$SAMLSecurityContext == null) {
            cls = class$("org.globus.gridshib.security.SAMLSecurityContext");
            class$org$globus$gridshib$security$SAMLSecurityContext = cls;
        } else {
            cls = class$org$globus$gridshib$security$SAMLSecurityContext;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        if (class$org$globus$gridshib$security$SAMLSecurityContext == null) {
            cls2 = class$("org.globus.gridshib.security.SAMLSecurityContext");
            class$org$globus$gridshib$security$SAMLSecurityContext = cls2;
        } else {
            cls2 = class$org$globus$gridshib$security$SAMLSecurityContext;
        }
        CLASSNAME = cls2.getName();
        logger = LogFactory.getLog(CLASSNAME);
    }
}
