package be.iminds.ilabt.jfed.lowlevel;

import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityListModel;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.JFedTrustStore;
import be.iminds.ilabt.jfed.util.KeyUtil;
import java.io.StringReader;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.stream.StreamSource;
import org.apache.xml.security.utils.Constants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/AbacCredential.class */
public class AbacCredential extends AnyCredential {
    private static final Logger LOG;
    protected String name;
    protected String credentialXml;
    protected String type;
    protected String version;
    private boolean processed;
    private boolean speaksFor;
    private GeniUrn spokenForUrn;
    private PublicKey spokenForPubKey;
    private List<String> signerCerts;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbacCredential(String str, String str2, String str3, String str4) {
        super(str, str2, str3, str4);
        this.processed = false;
        this.name = str;
        this.credentialXml = str2;
        this.type = str3;
        this.version = str4;
        if (!$assertionsDisabled && !str3.equalsIgnoreCase("abac") && !str3.equalsIgnoreCase("geni_abac")) {
            throw new AssertionError("Created SfaCredential not of type sfa, but of type=\"" + str3 + "\" version=\"" + str4 + "\"");
        }
        if (str2 == null) {
            throw new RuntimeException("AbacCredential credentialXml may not be null");
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public String getExpires() {
        return null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public Date getExpiresDate() {
        return null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public String getCredentialXml() {
        if ($assertionsDisabled || this.credentialXml != null) {
            return this.credentialXml;
        }
        throw new AssertionError();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public boolean isSpeaksFor() {
        process();
        return this.speaksFor;
    }

    public GeniUrn getSpokenForUrn() {
        process();
        return this.spokenForUrn;
    }

    public PublicKey getSpokenForPubKey() {
        process();
        return this.spokenForPubKey;
    }

    private void process() {
        String text;
        if (this.processed) {
            return;
        }
        this.processed = true;
        this.speaksFor = false;
        this.signerCerts = new ArrayList();
        this.spokenForUrn = null;
        this.spokenForPubKey = null;
        XMLStreamReader xMLStreamReader = null;
        try {
            try {
                xMLStreamReader = XMLInputFactory.newFactory().createXMLStreamReader(new StreamSource(new StringReader(this.credentialXml)));
                boolean z = false;
                boolean z2 = false;
                boolean z3 = false;
                boolean z4 = false;
                boolean z5 = false;
                boolean z6 = false;
                boolean z7 = false;
                boolean z8 = false;
                boolean z9 = false;
                boolean z10 = false;
                String str = "";
                while (xMLStreamReader.hasNext()) {
                    xMLStreamReader.next();
                    switch (xMLStreamReader.getEventType()) {
                        case 1:
                            if (xMLStreamReader.getName().getLocalPart().equals("signed-credential")) {
                                z = true;
                            }
                            if (z && xMLStreamReader.getName().getLocalPart().equals("credential")) {
                                z2 = true;
                            }
                            if (z2 && xMLStreamReader.getName().getLocalPart().equals("abac")) {
                                z3 = true;
                            }
                            if (z3 && xMLStreamReader.getName().getLocalPart().equals("head")) {
                                z4 = true;
                            }
                            if (z4 && xMLStreamReader.getName().getLocalPart().equals("role")) {
                                z5 = true;
                            }
                            if (z && xMLStreamReader.getName().getLocalPart().equals("signatures")) {
                                z6 = true;
                            }
                            if (z6 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_SIGNATURE)) {
                                z7 = true;
                            }
                            if (z7 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_KEYINFO)) {
                                z8 = true;
                            }
                            if (z8 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_X509DATA)) {
                                z9 = true;
                            }
                            if (z9 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_X509CERTIFICATE)) {
                                z10 = true;
                                str = "";
                                break;
                            }
                            break;
                        case 2:
                            if (z && xMLStreamReader.getName().getLocalPart().equals("signed-credential")) {
                                z = false;
                            }
                            if (z6 && xMLStreamReader.getName().getLocalPart().equals("credential")) {
                                z2 = false;
                            }
                            if (z2 && xMLStreamReader.getName().getLocalPart().equals("abac")) {
                                z3 = false;
                            }
                            if (z3 && xMLStreamReader.getName().getLocalPart().equals("head")) {
                                z4 = false;
                            }
                            if (z4 && xMLStreamReader.getName().getLocalPart().equals("role")) {
                                z5 = false;
                            }
                            if (z && xMLStreamReader.getName().getLocalPart().equals("signatures")) {
                                z6 = false;
                            }
                            if (z6 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_SIGNATURE)) {
                                z7 = false;
                            }
                            if (z7 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_KEYINFO)) {
                                z8 = false;
                            }
                            if (z8 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_X509DATA)) {
                                z9 = false;
                            }
                            if (z9 && xMLStreamReader.getName().getLocalPart().equals(Constants._TAG_X509CERTIFICATE)) {
                                if (!str.trim().isEmpty() && str != null) {
                                    if (!str.startsWith("-----BEGIN CERTIFICATE-----")) {
                                        str = "-----BEGIN CERTIFICATE-----\n" + str + "\n-----END CERTIFICATE-----\n";
                                    }
                                    this.signerCerts.add(str.trim());
                                }
                                z10 = false;
                                str = "";
                                break;
                            }
                            break;
                        case 4:
                            if (z5 && (text = xMLStreamReader.getText()) != null) {
                                this.speaksFor = text.trim().toLowerCase().startsWith("speaks_for_");
                            }
                            if (z10) {
                                str = str + xMLStreamReader.getText();
                                break;
                            } else {
                                break;
                            }
                    }
                }
                if (xMLStreamReader != null) {
                    try {
                        xMLStreamReader.close();
                    } catch (XMLStreamException e) {
                        LOG.error("Exception closing streamReader is ignored", (Throwable) e);
                    }
                }
            } catch (XMLStreamException e2) {
                LOG.error("Exception while parsing ABAC credential", (Throwable) e2);
                this.speaksFor = false;
                if (xMLStreamReader != null) {
                    try {
                        xMLStreamReader.close();
                    } catch (XMLStreamException e3) {
                        LOG.error("Exception closing streamReader is ignored", (Throwable) e3);
                    }
                }
            }
            if (this.speaksFor) {
                ArrayList arrayList = new ArrayList();
                ArrayList arrayList2 = new ArrayList();
                for (String str2 : this.signerCerts) {
                    X509Certificate pemToX509Certificate = KeyUtil.pemToX509Certificate(str2);
                    if (pemToX509Certificate == null) {
                        LOG.warn("Failed to convert signerCert to X509 certificate: \"\"\"\n" + str2 + "\n\"\"\"");
                    } else {
                        arrayList.addAll(KeyUtil.findUrnsInCertAltNames(pemToX509Certificate, KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, false));
                        arrayList2.addAll(KeyUtil.findUrnsInCertAltNames(pemToX509Certificate, KeyUtil.AltNamesSource.ISSUES_ALT_NAMES, false));
                    }
                }
                ArrayList arrayList3 = new ArrayList(arrayList);
                arrayList3.removeAll(arrayList2);
                if (arrayList3.isEmpty()) {
                    return;
                }
                if (arrayList3.size() > 1) {
                    System.err.println("Warning: more than 1 possible user urn in speaksFor credential signer subject alt names: " + arrayList3);
                    LOG.warn("Warning: more than 1 possible user urn in speaksFor credential signer subject alt naems: " + arrayList3);
                }
                this.spokenForUrn = (GeniUrn) arrayList3.get(0);
                for (String str3 : this.signerCerts) {
                    X509Certificate pemToX509Certificate2 = KeyUtil.pemToX509Certificate(str3);
                    if (pemToX509Certificate2 == null) {
                        LOG.warn("Failed to convert signerCert to X509 certificate: \"\"\"\n" + str3 + "\n\"\"\"");
                    } else {
                        this.spokenForPubKey = pemToX509Certificate2.getPublicKey();
                    }
                }
            }
        } catch (Throwable th) {
            if (xMLStreamReader != null) {
                try {
                    xMLStreamReader.close();
                } catch (XMLStreamException e4) {
                    LOG.error("Exception closing streamReader is ignored", (Throwable) e4);
                }
            }
            throw th;
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public boolean check(AuthorityListModel authorityListModel) throws CredentialException {
        process();
        JFedTrustStore jFedTrustStore = new JFedTrustStore();
        Iterator<String> it = this.signerCerts.iterator();
        while (it.hasNext()) {
            X509Certificate pemToX509Certificate = KeyUtil.pemToX509Certificate(it.next());
            List<GeniUrn> findUrnsInCertAltNames = KeyUtil.findUrnsInCertAltNames(pemToX509Certificate, KeyUtil.AltNamesSource.SUBJECT_ALT_NAMES, false);
            findUrnsInCertAltNames.addAll(KeyUtil.findUrnsInCertAltNames(pemToX509Certificate, KeyUtil.AltNamesSource.ISSUES_ALT_NAMES, false));
            Iterator<GeniUrn> it2 = findUrnsInCertAltNames.iterator();
            while (it2.hasNext()) {
                jFedTrustStore.addAuthorityCert(authorityListModel.getFromAnyUrn(it2.next(), AuthorityListModel.SubAuthMatchAllowed.ALLOW_TOPLEVEL, AuthorityListModel.SubAuthMatchPreference.PREFER_EXACT_SUBAUTHORITY));
            }
        }
        return check(jFedTrustStore.getTrustStore());
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AbacCredential abacCredential = (AbacCredential) obj;
        return this.credentialXml.equals(abacCredential.credentialXml) && this.name.equals(abacCredential.name);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.AnyCredential
    public int hashCode() {
        return (31 * this.name.hashCode()) + this.credentialXml.hashCode();
    }

    static {
        $assertionsDisabled = !AbacCredential.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger(AbacCredential.class);
    }
}
