package eu.unicore.security.consignor;

import eu.unicore.samly2.assertion.Assertion;
import eu.unicore.samly2.assertion.AssertionParser;
import eu.unicore.samly2.elements.SAMLAttribute;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import java.io.IOException;
import java.security.cert.X509Certificate;
import org.apache.xmlbeans.XmlException;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AttributeStatementType;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;

/* loaded from: input_file:eu/unicore/security/consignor/ConsignorAssertion.class */
public class ConsignorAssertion extends Assertion {
    private static final long serialVersionUID = 9087483370558929619L;
    public static final String CONSIGNOR_ROLE = "CONSIGNOR";
    public static final String ROLE_NAME_FORMAT = "urn:unicore:subject-role";

    public ConsignorAssertion() {
        addAttribute(new SAMLAttribute(CONSIGNOR_ROLE, "urn:unicore:subject-role"));
    }

    public ConsignorAssertion(AssertionDocument assertionDocument) throws SAMLValidationException, XmlException, IOException {
        boolean z = false;
        AttributeStatementType[] attributeStatementArray = assertionDocument.getAssertion().getAttributeStatementArray();
        if (attributeStatementArray == null) {
            throw new SAMLValidationException("No attribute statement in SAML assertion");
        }
        for (AttributeStatementType attributeStatementType : attributeStatementArray) {
            AttributeType[] attributeArray = attributeStatementType.getAttributeArray();
            int i = 0;
            while (true) {
                if (i >= attributeArray.length) {
                    break;
                }
                if (attributeArray[i].getName().equals(CONSIGNOR_ROLE) && attributeArray[i].getNameFormat().equals("urn:unicore:subject-role")) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z) {
                break;
            }
        }
        if (!z) {
            throw new SAMLValidationException("SAML assertion doesn't contain consignor role attribute");
        }
        this.assertionDoc = assertionDocument;
    }

    public X509Certificate[] getConsignor() {
        return new AssertionParser(getXMLBeanDoc()).getSubjectFromConfirmation();
    }
}
