package eu.unicore.security.etd;

import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.samly2.assertion.Assertion;
import eu.unicore.samly2.elements.SAMLAttribute;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.xmlbeans.XmlCursor;
import org.apache.xmlbeans.XmlException;
import org.bouncycastle.crypto.digests.SHA256Digest;
import org.bouncycastle.util.encoders.HexEncoder;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.AttributeStatementType;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.assertion.SubjectType;

/* loaded from: input_file:eu/unicore/security/etd/TrustDelegation.class */
public class TrustDelegation extends Assertion {
    private static final long serialVersionUID = 1;
    public static final String CUSTODIAN_NAME = "TrustDelegationOfUser";
    public static final String CUSTODIAN_NAME_FORMAT_DN = "urn:unicore:trust-delegation:dn";
    public static final String CUSTODIAN_NAME_FORMAT_FP = "urn:unicore:trust-delegation:hashcode";
    public static final String CUSTODIAN_NAME_FORMAT_SHA2 = "urn:unicore:trust-delegation:sha2hashcode";
    private String custodianDN;
    private Integer legacyHash;
    private String sha2Hash;

    public TrustDelegation(String str) {
        String portableRFC2253Form = X500NameUtils.getPortableRFC2253Form(str);
        this.custodianDN = portableRFC2253Form;
        this.legacyHash = null;
        this.sha2Hash = null;
        SAMLAttribute sAMLAttribute = new SAMLAttribute(CUSTODIAN_NAME, CUSTODIAN_NAME_FORMAT_DN);
        sAMLAttribute.addStringAttributeValue(portableRFC2253Form);
        addAttribute(sAMLAttribute);
    }

    public TrustDelegation(X509Certificate x509Certificate) {
        this(x509Certificate.getSubjectX500Principal().getName(), generateSha2Hash(x509Certificate), Integer.valueOf(x509Certificate.hashCode()));
    }

    public TrustDelegation(String str, String str2, Integer num) {
        this.custodianDN = str;
        SAMLAttribute sAMLAttribute = new SAMLAttribute(CUSTODIAN_NAME, CUSTODIAN_NAME_FORMAT_DN);
        sAMLAttribute.addStringAttributeValue(str);
        addAttribute(sAMLAttribute);
        if (str2 != null) {
            this.sha2Hash = str2;
            SAMLAttribute sAMLAttribute2 = new SAMLAttribute(CUSTODIAN_NAME, CUSTODIAN_NAME_FORMAT_SHA2);
            sAMLAttribute2.addStringAttributeValue(str2);
            addAttribute(sAMLAttribute2);
        }
        if (num != null) {
            this.legacyHash = num;
            SAMLAttribute sAMLAttribute3 = new SAMLAttribute(CUSTODIAN_NAME, CUSTODIAN_NAME_FORMAT_FP);
            sAMLAttribute3.addStringAttributeValue(num);
            addAttribute(sAMLAttribute3);
        }
    }

    public TrustDelegation(AssertionDocument assertionDocument) throws SAMLValidationException, XmlException, IOException {
        super(assertionDocument);
        AssertionType assertion = assertionDocument.getAssertion();
        SubjectType subject = assertion.getSubject();
        if (subject == null || subject.isNil() || subject.getNameID() == null || subject.getNameID().isNil() || subject.getNameID().getStringValue() == null) {
            throw new SAMLValidationException("No subject (user) in assertion.");
        }
        AttributeStatementType[] attributeStatementArray = assertion.getAttributeStatementArray();
        this.custodianDN = null;
        if (attributeStatementArray == null) {
            throw new SAMLValidationException("No attribute statement in SAML assertion");
        }
        for (AttributeStatementType attributeStatementType : attributeStatementArray) {
            AttributeType[] attributeArray = attributeStatementType.getAttributeArray();
            for (int i = 0; i < attributeArray.length; i++) {
                if (attributeArray[i].getName().equals(CUSTODIAN_NAME)) {
                    if (attributeArray[i].getNameFormat().equals(CUSTODIAN_NAME_FORMAT_DN)) {
                        XmlCursor newCursor = attributeArray[i].getAttributeValueArray(0).newCursor();
                        newCursor.toFirstContentToken();
                        this.custodianDN = newCursor.getTextValue();
                        newCursor.dispose();
                    } else if (attributeArray[i].getNameFormat().equals(CUSTODIAN_NAME_FORMAT_FP)) {
                        XmlCursor newCursor2 = attributeArray[i].getAttributeValueArray(0).newCursor();
                        newCursor2.toFirstContentToken();
                        try {
                            this.legacyHash = Integer.valueOf(Integer.parseInt(newCursor2.getTextValue()));
                            newCursor2.dispose();
                        } catch (NumberFormatException e) {
                            throw new SAMLValidationException("Custodian certificate hash value is not an integer");
                        }
                    } else if (attributeArray[i].getNameFormat().equals(CUSTODIAN_NAME_FORMAT_SHA2)) {
                        XmlCursor newCursor3 = attributeArray[i].getAttributeValueArray(0).newCursor();
                        newCursor3.toFirstContentToken();
                        this.sha2Hash = newCursor3.getTextValue();
                        newCursor3.dispose();
                    }
                }
            }
        }
        if (this.custodianDN == null) {
            throw new SAMLValidationException("SAML assertion doesn't contain trust delegation attribute");
        }
    }

    public static String generateSha2Hash(X509Certificate x509Certificate) {
        SHA256Digest sHA256Digest = new SHA256Digest();
        try {
            byte[] encoded = x509Certificate.getEncoded();
            sHA256Digest.update(encoded, 0, encoded.length);
            byte[] bArr = new byte[sHA256Digest.getByteLength()];
            sHA256Digest.doFinal(bArr, 0);
            HexEncoder hexEncoder = new HexEncoder();
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            try {
                hexEncoder.encode(bArr, 0, bArr.length, byteArrayOutputStream);
                return byteArrayOutputStream.toString();
            } catch (IOException e) {
                throw new RuntimeException("Shouldn't happen", e);
            }
        } catch (CertificateEncodingException e2) {
            throw new RuntimeException("Shouldn't happen - can't get binary DER form of a certificate", e2);
        }
    }

    public String getCustodianDN() {
        return this.custodianDN;
    }

    public Integer getCustodianCertHash() {
        return this.legacyHash;
    }

    public String getCustodianCertHashSha2() {
        return this.sha2Hash;
    }
}
