package org.globus.gridshib.security.x509;

import java.io.BufferedInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.util.Date;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.globus.gridshib.common.GridShibConfigException;
import org.globus.gridshib.config.SAMLToolsConfig;
import org.globus.gridshib.config.SAMLToolsConfigLoader;
import org.globus.gridshib.security.saml.AttributeSet;
import org.globus.gridshib.security.saml.GlobusSAMLException;
import org.globus.gridshib.security.saml.SelfIssuedAssertion;
import org.globus.gridshib.security.util.GSIUtil;
import org.globus.gsi.GlobusCredential;
import org.globus.gsi.GlobusCredentialException;
import org.globus.opensaml11.saml.SAMLAttribute;
import org.globus.opensaml11.saml.SAMLException;
import org.globus.opensaml11.saml.SAMLResponse;

/* loaded from: input_file:org/globus/gridshib/security/x509/GlobusSAMLCredential.class */
public class GlobusSAMLCredential {
    protected static Log logger;
    public static final int HOLDER_OF_KEY = 0;
    public static final int SENDER_VOUCHES = 1;
    private static File defaultConfigFile;
    private static GlobusCredential defaultIssuingCred;
    private SAMLToolsConfig config;
    private String username;
    private int confirmationType;
    private String format;
    private String template;
    private String nameQualifier;
    private AttributeSet attributes;
    private GlobusCredential issuingCred;
    private boolean wantAuthnStatement;
    private String authnMethod;
    private Date authnInstant;
    private String ipAddress;
    private File ssoResponseFile;
    private File xmlFile;
    private int x509Lifetime;
    private int samlLifetime;
    private SelfIssuedAssertion assertion;
    private boolean isDirty;
    static Class class$org$globus$gridshib$security$x509$GlobusSAMLCredential;
    static final boolean $assertionsDisabled;

    public static int getDefaultX509Lifetime() {
        return GSIUtil.getDefaultLifetime();
    }

    public static void setDefaultConfigFile(String str) {
        if (str == null) {
            defaultConfigFile = null;
        } else {
            defaultConfigFile = new File(str);
        }
    }

    public static void setDefaultCredential(GlobusCredential globusCredential) {
        defaultIssuingCred = globusCredential;
    }

    public GlobusSAMLCredential() throws GlobusSAMLException {
        this.config = null;
        this.username = null;
        init(0);
    }

    public GlobusSAMLCredential(String str, int i) throws GlobusSAMLException {
        this.config = null;
        this.username = str;
        init(i);
    }

    private void init(int i) throws GlobusSAMLException {
        try {
            loadConfigFile();
            logger.info("Loaded the default config file");
            switch (i) {
                case 0:
                    logger.info("set holder-of-key subject confirmation");
                    break;
                case 1:
                    logger.info("set sender-vouches subject confirmation");
                    break;
                default:
                    String stringBuffer = new StringBuffer().append("Unrecognizable confirmation type: ").append(i).toString();
                    logger.error(stringBuffer);
                    throw new GlobusSAMLException(stringBuffer);
            }
            this.confirmationType = i;
            this.issuingCred = this.config.getCredential();
            setFormat(this.config.getFormat(), this.config.getTemplate());
            setNameQualifier(this.config.getNameQualifier());
            setAttributes(this.config.getAttributes());
            this.wantAuthnStatement = false;
            this.authnMethod = null;
            this.authnInstant = null;
            this.ipAddress = null;
            this.ssoResponseFile = null;
            this.xmlFile = null;
            this.x509Lifetime = 0;
            this.samlLifetime = 0;
            this.assertion = null;
            this.isDirty = true;
        } catch (GridShibConfigException e) {
            logger.error("Unable to load the default config file", e);
            throw new GlobusSAMLException("Unable to load the default config file", e);
        } catch (GlobusCredentialException e2) {
            logger.error("Unable to obtain a Globus credential", e2);
            throw new GlobusSAMLException("Unable to obtain a Globus credential", e2);
        }
    }

    private void loadConfigFile() throws GridShibConfigException, GlobusCredentialException {
        this.config = SAMLToolsConfigLoader.getToolConfig(defaultConfigFile);
        if (defaultIssuingCred != null) {
            this.config.setCredential(defaultIssuingCred);
        }
        GlobusCredential credential = this.config.getCredential();
        if (credential == null) {
            logger.warn("Issuing credential not configured");
        } else {
            logger.info(new StringBuffer().append("Configured issuing credential: ").append(credential.toString()).toString());
        }
        String entityID = this.config.getEntityID();
        if (entityID == null) {
            logger.warn("entityID not configured");
        } else {
            logger.info(new StringBuffer().append("configured entityID: ").append(entityID).toString());
        }
        logger.info(new StringBuffer().append("NameID format: ").append(this.config.getFormat()).toString());
        logger.info(new StringBuffer().append("NameID qualifier: ").append(this.config.getNameQualifier()).toString());
        SAMLAttribute[] attributes = this.config.getAttributes();
        logger.info(new StringBuffer().append("Found ").append(attributes.length).append(" configured attribute").append(attributes.length == 1 ? "" : "s").toString());
    }

    public String getUsername() {
        return this.username;
    }

    public boolean isHolderOfKey() {
        return this.confirmationType == 0;
    }

    public boolean isSenderVouches() {
        return this.confirmationType == 1;
    }

    public String getFormat() {
        return this.format;
    }

    public String getTemplate() {
        return this.template;
    }

    public void setFormat(String str, String str2) {
        if (str == null || str2 == null) {
            return;
        }
        this.isDirty = true;
        this.format = str;
        this.template = str2;
    }

    public String getFormattedName() {
        if (this.template == null || this.username == null) {
            return null;
        }
        return this.template.replaceAll("%PRINCIPAL%", this.username);
    }

    public String getNameQualifier() {
        return this.nameQualifier;
    }

    public void setNameQualifier(String str) {
        if (str == null) {
            return;
        }
        this.isDirty = true;
        this.nameQualifier = str;
    }

    public SAMLAttribute[] getAttributes() {
        logger.debug(new StringBuffer().append("Found ").append(this.attributes.size()).append(" attribute").append(this.attributes.size() == 1 ? "" : "s").toString());
        return (SAMLAttribute[]) this.attributes.toArray(new SAMLAttribute[0]);
    }

    public boolean addAttribute(SAMLAttribute sAMLAttribute) {
        if (sAMLAttribute == null) {
            throw new IllegalArgumentException("Null argument (attribute)");
        }
        logger.debug(new StringBuffer().append("attribute: ").append(sAMLAttribute.toString()).toString());
        if (!this.attributes.add(sAMLAttribute)) {
            return false;
        }
        this.isDirty = true;
        return true;
    }

    public void setAttributes(SAMLAttribute[] sAMLAttributeArr) {
        this.attributes = new AttributeSet();
        this.isDirty = true;
        if (sAMLAttributeArr == null) {
            return;
        }
        for (SAMLAttribute sAMLAttribute : sAMLAttributeArr) {
            addAttribute(sAMLAttribute);
        }
    }

    public GlobusCredential getCredential() {
        return this.issuingCred;
    }

    public void setCredential(GlobusCredential globusCredential) {
        if (globusCredential == null) {
            return;
        }
        this.isDirty = true;
        this.issuingCred = globusCredential;
    }

    public void setAuthnContext(String str, Date date, String str2) {
        if (str == null) {
            throw new IllegalArgumentException("Null argument (authnMethod)");
        }
        logger.debug(new StringBuffer().append("authnMethod: ").append(str).toString());
        if (date == null) {
            throw new IllegalArgumentException("Null argument (authnInstant)");
        }
        logger.debug(new StringBuffer().append("authnInstant: ").append(date.toString()).toString());
        if (date.compareTo(new Date()) >= 0) {
            throw new IllegalArgumentException("authnInstant not in the past");
        }
        this.authnMethod = str;
        this.authnInstant = date;
        this.wantAuthnStatement = true;
        this.isDirty = true;
        if (str2 == null) {
            logger.warn("Null argument (ipAddress)");
        } else {
            logger.debug(new StringBuffer().append("ipAddress: ").append(str2).toString());
            this.ipAddress = str2;
        }
    }

    public void setSSOResponseFile(File file) {
        this.ssoResponseFile = file;
        this.isDirty = true;
    }

    public void setXMLFile(File file) {
        this.xmlFile = file;
        this.isDirty = true;
    }

    public void setX509Lifetime(int i) {
        if (i > 0) {
            this.x509Lifetime = i;
            this.isDirty = true;
        }
    }

    public void setSAMLLifetime(int i) {
        if (i > 0) {
            this.samlLifetime = i;
            this.isDirty = true;
        }
    }

    public SelfIssuedAssertion getSAMLToken() throws GlobusSAMLException {
        return getSAMLToken(false);
    }

    public SelfIssuedAssertion getSAMLToken(boolean z) throws GlobusSAMLException {
        String identity;
        String str;
        String str2;
        SelfIssuedAssertion selfIssuedAssertion;
        if (this.issuingCred == null) {
            logger.error("An issuing credential is required");
            throw new GlobusSAMLException("An issuing credential is required");
        }
        if (this.wantAuthnStatement && isHolderOfKey()) {
            logger.error("A local authentication context (set by calling the setAuthnContext method) requires sender-vouches subject confirmation");
            throw new GlobusSAMLException("A local authentication context (set by calling the setAuthnContext method) requires sender-vouches subject confirmation");
        }
        if (this.ssoResponseFile != null && isHolderOfKey()) {
            logger.error("A federated authentication context (implied by calling the setSSOResponseFile method) requires sender-vouches subject confirmation");
            throw new GlobusSAMLException("A federated authentication context (implied by calling the setSSOResponseFile method) requires sender-vouches subject confirmation");
        }
        if (this.wantAuthnStatement && this.ssoResponseFile != null) {
            logger.error("A local authentication context (set by calling the setAuthnContext method) is mutually exclusive of a federated authentication context (implied by calling the setSSOResponseFile method)");
            throw new GlobusSAMLException("A local authentication context (set by calling the setAuthnContext method) is mutually exclusive of a federated authentication context (implied by calling the setSSOResponseFile method)");
        }
        if (z) {
            this.isDirty = true;
        }
        if (!this.isDirty) {
            logger.debug("Getting cached SAML token");
            return this.assertion;
        }
        logger.debug("Issuing fresh SAML token");
        String entityID = this.config.getEntityID();
        if (entityID == null) {
            entityID = GSIUtil.getDefaultSAMLIssuer(this.issuingCred);
            logger.info(new StringBuffer().append("using default entityID: ").append(entityID).toString());
        } else {
            logger.info(new StringBuffer().append("using configured entityID: ").append(entityID).toString());
        }
        if (isSenderVouches()) {
            logger.debug("Issuing sender-vouches SAML assertion");
            try {
                selfIssuedAssertion = new SelfIssuedAssertion(new Date(), entityID, this.samlLifetime, getFormattedName(), this.nameQualifier, this.format, true);
                selfIssuedAssertion.addAuthnStatement(this.authnMethod, this.authnInstant, this.ipAddress);
                int size = this.attributes.size();
                logger.debug(new StringBuffer().append("Asserting ").append(size).append(" attribute").append(size == 1 ? "" : "s").toString());
                selfIssuedAssertion.addAttributeStatement(size == 0 ? null : this.attributes.cloneSet());
                if (this.ssoResponseFile != null) {
                    String file = this.ssoResponseFile.toString();
                    logger.debug(new StringBuffer().append("Processing SSO Response: ").append(file).toString());
                    try {
                        try {
                            selfIssuedAssertion.nestSSOAssertions(new SAMLResponse(this.ssoResponseFile.toURI().toURL().openStream()));
                        } catch (SAMLException e) {
                            logger.error("Unable to nest assertions", e);
                            logger.warn(new StringBuffer().append("Ignoring SSO Response: ").append(file).toString());
                        }
                    } catch (MalformedURLException e2) {
                        logger.error("Error converting File to URL", e2);
                        logger.warn(new StringBuffer().append("Ignoring SSO Response: ").append(file).toString());
                    } catch (SAMLException e3) {
                        logger.error("Error getting SAMLResponse", e3);
                        logger.warn(new StringBuffer().append("Ignoring SSO Response: ").append(file).toString());
                    } catch (IOException e4) {
                        logger.error("Error getting InputStream", e4);
                        logger.warn(new StringBuffer().append("Ignoring SSO Response: ").append(file).toString());
                    }
                }
            } catch (SAMLException e5) {
                logger.error("Unable to create SAML assertion", e5);
                throw new GlobusSAMLException("Unable to create SAML assertion", e5);
            } catch (CloneNotSupportedException e6) {
                logger.error("Unable to clone the AttributeSet", e6);
                throw new GlobusSAMLException("Unable to clone the AttributeSet", e6);
            }
        } else {
            logger.debug("Issuing holder-of-key SAML assertion");
            if (this.username == null) {
                try {
                    identity = GSIUtil.getIdentity(this.issuingCred);
                    str = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
                    str2 = null;
                } catch (GlobusCredentialException e7) {
                    logger.error("Unable to user identity", e7);
                    throw new GlobusSAMLException("Unable to user identity", e7);
                }
            } else {
                identity = getFormattedName();
                str = this.format;
                str2 = this.nameQualifier;
            }
            try {
                selfIssuedAssertion = new SelfIssuedAssertion(new Date(), entityID, this.samlLifetime, identity, str2, str);
                int size2 = this.attributes.size();
                logger.debug(new StringBuffer().append("Asserting ").append(size2).append(" attribute").append(size2 == 1 ? "" : "s").toString());
                selfIssuedAssertion.addAttributeStatement(size2 == 0 ? null : this.attributes.cloneSet());
            } catch (CloneNotSupportedException e8) {
                logger.error("Unable to clone the AttributeSet", e8);
                throw new GlobusSAMLException("Unable to clone the AttributeSet", e8);
            } catch (SAMLException e9) {
                logger.error("Unable to create SAML assertion", e9);
                throw new GlobusSAMLException("Unable to create SAML assertion", e9);
            }
        }
        File file2 = this.xmlFile;
        if (file2 != null) {
            logger.debug(new StringBuffer().append("Processing infile ").append(file2).toString());
            try {
                BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file2));
                ByteArrayOutputStream byteArrayOutputStream = null;
                try {
                    try {
                        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                        while (true) {
                            int read = bufferedInputStream.read();
                            if (read == -1) {
                                break;
                            }
                            byteArrayOutputStream2.write(read);
                        }
                        if (byteArrayOutputStream2.size() > 0) {
                            try {
                                String str3 = new String(byteArrayOutputStream2.toByteArray());
                                selfIssuedAssertion.addAdvice(str3);
                                logger.debug(new StringBuffer().append("String added to advice: ").append(str3).toString());
                            } catch (SAMLException e10) {
                                logger.error("Unable to add string to advice", e10);
                                throw new GlobusSAMLException("Unable to add string to advice", e10);
                            }
                        } else {
                            logger.debug("No XML content for Advice element found");
                        }
                        if (bufferedInputStream != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (IOException e11) {
                            }
                        }
                        if (byteArrayOutputStream2 != null) {
                            try {
                                byteArrayOutputStream2.close();
                            } catch (IOException e12) {
                            }
                        }
                    } catch (IOException e13) {
                        logger.error("Unable to read bytes from input stream", e13);
                        throw new GlobusSAMLException("Unable to read bytes from input stream", e13);
                    }
                } catch (Throwable th) {
                    if (bufferedInputStream != null) {
                        try {
                            bufferedInputStream.close();
                        } catch (IOException e14) {
                        }
                    }
                    if (0 != 0) {
                        try {
                            byteArrayOutputStream.close();
                        } catch (IOException e15) {
                        }
                    }
                    throw th;
                }
            } catch (FileNotFoundException e16) {
                logger.error("Unable to locate input file", e16);
                throw new GlobusSAMLException("Unable to locate input file", e16);
            } catch (SecurityException e17) {
                logger.error("Unable to read from file", e17);
                throw new GlobusSAMLException("Unable to read from file", e17);
            }
        }
        this.isDirty = false;
        SelfIssuedAssertion selfIssuedAssertion2 = selfIssuedAssertion;
        this.assertion = selfIssuedAssertion2;
        return selfIssuedAssertion2;
    }

    public SAMLX509Extension getSAMLExtension() throws GlobusSAMLException, IOException {
        return getSAMLExtension(false);
    }

    public SAMLX509Extension getSAMLExtension(boolean z) throws GlobusSAMLException, IOException {
        if (z) {
            this.isDirty = true;
        }
        try {
            SelfIssuedAssertion sAMLToken = getSAMLToken();
            if (!$assertionsDisabled && sAMLToken == null) {
                throw new AssertionError();
            }
            try {
                return new SAMLX509Extension(sAMLToken);
            } catch (IOException e) {
                logger.error("Unable to create SAML X.509 Extension", e);
                throw e;
            }
        } catch (GlobusSAMLException e2) {
            logger.error("Unable to issue the SAML token", e2);
            throw e2;
        }
    }

    public GlobusCredential issue() throws GlobusSAMLException, GlobusCredentialException {
        return issue(false);
    }

    public GlobusCredential issue(boolean z) throws GlobusSAMLException, GlobusCredentialException {
        if (z) {
            this.isDirty = true;
        }
        try {
            SelfIssuedAssertion sAMLToken = getSAMLToken();
            if (!$assertionsDisabled && sAMLToken == null) {
                throw new AssertionError();
            }
            logger.debug("Issue PEM-encoded X.509 proxy credential");
            try {
                int i = this.x509Lifetime;
                return i == 0 ? sAMLToken.bindToX509Proxy(this.issuingCred) : sAMLToken.bindToX509Proxy(this.issuingCred, i);
            } catch (GlobusCredentialException e) {
                logger.error("Unable to bind SAML assertion to proxy cert", e);
                throw e;
            }
        } catch (GlobusSAMLException e2) {
            logger.error("Unable to issue the SAML token", e2);
            throw e2;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        Class cls2;
        if (class$org$globus$gridshib$security$x509$GlobusSAMLCredential == null) {
            cls = class$("org.globus.gridshib.security.x509.GlobusSAMLCredential");
            class$org$globus$gridshib$security$x509$GlobusSAMLCredential = cls;
        } else {
            cls = class$org$globus$gridshib$security$x509$GlobusSAMLCredential;
        }
        $assertionsDisabled = !cls.desiredAssertionStatus();
        if (class$org$globus$gridshib$security$x509$GlobusSAMLCredential == null) {
            cls2 = class$("org.globus.gridshib.security.x509.GlobusSAMLCredential");
            class$org$globus$gridshib$security$x509$GlobusSAMLCredential = cls2;
        } else {
            cls2 = class$org$globus$gridshib$security$x509$GlobusSAMLCredential;
        }
        logger = LogFactory.getLog(cls2.getName());
        defaultConfigFile = null;
        defaultIssuingCred = null;
    }
}
