package be.iminds.ilabt.jfed.lowlevel;

import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityListModel;
import be.iminds.ilabt.jfed.util.JFedTrustStore;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Date;
import java.util.Hashtable;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.transform.stream.StreamSource;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.keys.storage.implementations.KeyStoreResolver;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
import org.custommonkey.xmlunit.XMLConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/AnyCredential.class */
public class AnyCredential {
    private static final Logger LOG;
    protected String name;
    protected String credentialXml;
    protected Document xmlDoc;
    protected String type;
    protected String version;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AnyCredential(String str, String str2, String str3, String str4) {
        this.name = str;
        this.credentialXml = str2;
        this.type = str3;
        this.version = str4;
        if (str2 == null) {
            throw new RuntimeException("AnyCredential credentialXml may not be null");
        }
    }

    public static AnyCredential createSfa2(String str, String str2) throws CredentialException {
        return new SfaCredential(str, str2, "geni_sfa", "2");
    }

    public static AnyCredential createAutoDetect(String str, String str2) throws CredentialException {
        String text;
        String str3 = null;
        String str4 = null;
        XMLStreamReader xMLStreamReader = null;
        try {
            try {
                xMLStreamReader = XMLInputFactory.newFactory().createXMLStreamReader(new StreamSource(new StringReader(str2)));
                boolean z = false;
                boolean z2 = false;
                boolean z3 = false;
                while (xMLStreamReader.hasNext()) {
                    xMLStreamReader.next();
                    switch (xMLStreamReader.getEventType()) {
                        case 1:
                            if (xMLStreamReader.getName().getLocalPart().equals(XMLConstants.W3C_XML_SCHEMA_INSTANCE_TYPE_ATTR)) {
                                z = true;
                            }
                            if (xMLStreamReader.getName().getLocalPart().equals("abac")) {
                                z2 = true;
                            }
                            if (z2 && xMLStreamReader.getName().getLocalPart().equals("version")) {
                                z3 = true;
                                break;
                            }
                            break;
                        case 2:
                            if (xMLStreamReader.getName().getLocalPart().equals("abac")) {
                                z = false;
                            }
                            if (xMLStreamReader.getName().getLocalPart().equals(XMLConstants.W3C_XML_SCHEMA_INSTANCE_TYPE_ATTR)) {
                                z2 = false;
                            }
                            if (!xMLStreamReader.getName().getLocalPart().equals("version")) {
                                break;
                            } else {
                                z3 = false;
                                break;
                            }
                        case 4:
                            if (z && (text = xMLStreamReader.getText()) != null) {
                                if (text.trim().toLowerCase().equals("abac")) {
                                    str3 = "geni_abac";
                                }
                                if (text.trim().toLowerCase().equals("sfa") || text.trim().toLowerCase().equals("privilege")) {
                                    str3 = "sfa";
                                    str4 = "3";
                                }
                            }
                            if (!z3) {
                                break;
                            } else {
                                if (xMLStreamReader.getText() != null) {
                                    str3 = "geni_abac";
                                    str4 = "1";
                                }
                                break;
                            }
                            break;
                    }
                }
                if (xMLStreamReader != null) {
                    try {
                        xMLStreamReader.close();
                    } catch (XMLStreamException e) {
                        LOG.error("Exception closing streamReader is ignored", (Throwable) e);
                    }
                }
                if (str3 == null || str4 == null) {
                    throw new CredentialException("Could not auto detect credential type.");
                }
                if (str3.equals("geni_abac") || str3.equals("geni_abac")) {
                    return new AbacCredential(str, str2, str3, str4);
                }
                if (str3.equals("sfa") || str3.equals("geni_sfa")) {
                    return new SfaCredential(str, str2, str3, str4);
                }
                throw new CredentialException("Unsupported credential type: \"" + str3 + "\" (version=\"" + str4 + "\")");
            } catch (XMLStreamException e2) {
                throw new CredentialException("Exception while parsing credential XML", e2);
            }
        } catch (Throwable th) {
            if (xMLStreamReader != null) {
                try {
                    xMLStreamReader.close();
                } catch (XMLStreamException e3) {
                    LOG.error("Exception closing streamReader is ignored", (Throwable) e3);
                }
            }
            throw th;
        }
    }

    public static AnyCredential create(String str, String str2, String str3, String str4) throws CredentialException {
        return (str3.equalsIgnoreCase("sfa") || str3.equalsIgnoreCase("geni_sfa")) ? new SfaCredential(str, str2, str3, str4) : (str3.equalsIgnoreCase("abac") || str3.equalsIgnoreCase("geni_abac")) ? new AbacCredential(str, str2, str3, str4) : new AnyCredential(str, str2, str3, str4);
    }

    public static AnyCredential createFromV3Hashtable(String str, Hashtable hashtable) throws BadReplyGeniException, CredentialException {
        Object obj = hashtable.get("geni_type");
        Object obj2 = hashtable.get("geni_version");
        Object obj3 = hashtable.get("geni_value");
        if (obj == null || obj2 == null || obj3 == null) {
            throw new BadReplyGeniException("The API specified a Vector of Hashtables sepcifying credentials. These must contain the keys geni_type, geni_version and geni_value. At least one of these is missing. Hashtable content: " + hashtable);
        }
        if (!(obj instanceof String)) {
            throw new BadReplyGeniException("The API specified a credential, but the geni_type field of the Hashtable is of type " + obj.getClass().getName() + " instead of String. value=" + obj);
        }
        if (!(obj2 instanceof Integer) && !(obj2 instanceof String)) {
            throw new BadReplyGeniException("The API specified a credential, but the geni_version field of the Hashtable is of type " + obj2.getClass().getName() + " instead of String with Integer. value=" + obj2);
        }
        if (obj3 instanceof String) {
            return create(str, (String) obj3, (String) obj, obj2.toString());
        }
        throw new BadReplyGeniException("The API specified a credential, but the geni_value field of the Hashtable is of type " + obj3.getClass().getName() + " instead of String. value=" + obj3);
    }

    public static AnyCredential toSingleCredential(List<AnyCredential> list) {
        if (list == null) {
            LOG.error("requested toSingleCredential, but credentialList is null");
            return null;
        }
        if (list.size() <= 0) {
            LOG.error("requested toSingleCredential, but " + list.size() + " credentials in list");
            return null;
        }
        if (list.size() > 1) {
            LOG.warn("requested toSingleCredential, but " + list.size() + " credentials in list");
        }
        return list.get(0);
    }

    public static Date getExpireTime(List<AnyCredential> list) {
        for (AnyCredential anyCredential : list) {
            if (anyCredential instanceof SfaCredential) {
                SfaCredential sfaCredential = (SfaCredential) anyCredential;
                if (sfaCredential.getExpiresDate() != null) {
                    return sfaCredential.getExpiresDate();
                }
            }
        }
        return null;
    }

    public String getCredentialXml() {
        if ($assertionsDisabled || this.credentialXml != null) {
            return this.credentialXml;
        }
        throw new AssertionError();
    }

    public String getType() {
        return this.type;
    }

    public String getVersion() {
        return this.version;
    }

    public Hashtable getGeniV3Hashtable() {
        Hashtable hashtable = new Hashtable();
        hashtable.put("geni_type", this.type);
        hashtable.put("geni_version", this.version);
        if (!$assertionsDisabled && this.credentialXml == null) {
            throw new AssertionError();
        }
        hashtable.put("geni_value", this.credentialXml);
        return hashtable;
    }

    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public String getExpires() {
        return null;
    }

    public Date getExpiresDate() {
        return null;
    }

    public Boolean isTargetSubAuthority() {
        return null;
    }

    public String toString() {
        return this.credentialXml;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        AnyCredential anyCredential = (AnyCredential) obj;
        return this.credentialXml.equals(anyCredential.credentialXml) && this.name.equals(anyCredential.name);
    }

    public int hashCode() {
        return (31 * this.name.hashCode()) + this.credentialXml.hashCode();
    }

    public List<AnyCredential> toCredentialList() {
        return Collections.singletonList(this);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initDoc() throws CredentialException {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            this.xmlDoc = newInstance.newDocumentBuilder().parse(new InputSource(new StringReader(this.credentialXml)));
            NodeList elementsByTagName = this.xmlDoc.getDocumentElement().getElementsByTagName("credential");
            LOG.trace("Need to mark " + elementsByTagName.getLength() + " <credential> xml:id attributes as xml IDs");
            for (int i = 0; i < elementsByTagName.getLength(); i++) {
                Node item = elementsByTagName.item(i);
                if (item.getNodeType() == 1) {
                    Element element = (Element) item;
                    NamedNodeMap attributes = element.getAttributes();
                    for (int i2 = 0; i2 < attributes.getLength(); i2++) {
                        Attr attr = (Attr) attributes.item(i2);
                        if (attr.getName().equals("xml:id")) {
                            LOG.trace("Marking <credential> Attribute as id: " + attr);
                            element.setIdAttributeNode(attr, true);
                        } else {
                            LOG.trace("<credential> Attribute is not id: '" + attr.getNamespaceURI() + "' : '" + attr.getName() + "' -> " + attr);
                        }
                    }
                }
            }
        } catch (IOException e) {
            throw new CredentialException("Error parsing credential XML: " + e.getMessage(), e);
        } catch (ParserConfigurationException e2) {
            throw new CredentialException("Error parsing credential XML: " + e2.getMessage(), e2);
        } catch (SAXException e3) {
            throw new CredentialException("Error parsing credential XML: " + e3.getMessage(), e3);
        }
    }

    public boolean check(AuthorityListModel authorityListModel) throws CredentialException {
        return check(new JFedTrustStore().getTrustStore());
    }

    public boolean check(KeyStore keyStore) throws CredentialException {
        if (this.xmlDoc == null) {
            initDoc();
        }
        if (!$assertionsDisabled && this.xmlDoc == null) {
            throw new AssertionError();
        }
        NodeList elementsByTagNameNS = this.xmlDoc.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", Constants._TAG_SIGNATURE);
        if (elementsByTagNameNS.getLength() == 0) {
            throw new CredentialException("Cannot find any Signature element: not a valid credential.");
        }
        LOG.debug("There are " + elementsByTagNameNS.getLength() + " <signature> elements in <Signature> that need to be checked.");
        for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
            try {
                Element element = (Element) elementsByTagNameNS.item(i);
                LOG.debug("Checking <signature> with apache santurio library");
                Init.init();
                ElementProxy.setDefaultPrefix("http://www.w3.org/2000/09/xmldsig#", "");
                XMLSignature xMLSignature = new XMLSignature(element, null);
                KeyInfo keyInfo = xMLSignature.getKeyInfo();
                keyInfo.addStorageResolver(new StorageResolver(new KeyStoreResolver(keyStore)));
                if (keyInfo == null) {
                    LOG.debug("Could not find ds:KeyInfo");
                    return false;
                }
                X509Certificate x509Certificate = xMLSignature.getKeyInfo().getX509Certificate();
                if (x509Certificate != null) {
                    boolean checkSignatureValue = xMLSignature.checkSignatureValue(x509Certificate);
                    LOG.debug("X509Certificate Check: " + checkSignatureValue);
                    if (!checkSignatureValue) {
                        return false;
                    }
                } else {
                    PublicKey publicKey = xMLSignature.getKeyInfo().getPublicKey();
                    if (publicKey == null) {
                        LOG.debug("Could not find Certificate or PublicKey");
                        return false;
                    }
                    boolean checkSignatureValue2 = xMLSignature.checkSignatureValue(publicKey);
                    LOG.debug("PublicKey Check: " + checkSignatureValue2);
                    if (!checkSignatureValue2) {
                        return false;
                    }
                }
            } catch (Exception e) {
                LOG.error("Error during checkSignedCredential", (Throwable) e);
                return false;
            }
        }
        return true;
    }

    public boolean isSpeaksFor() {
        return false;
    }

    static {
        $assertionsDisabled = !AnyCredential.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) AnyCredential.class);
    }
}
