package an.xacml;

import an.config.ConfigElement;
import an.xacml.converter.AttributeValueDataConverterException;
import an.xacml.converter.IAttributeValueDataConverter;
import an.xacml.engine.AttributeRetriever;
import an.xacml.engine.EvaluationContext;
import an.xacml.policy.AttributeValue;
import an.xml.XMLAttribute;
import an.xml.XMLDataTypeMappingException;
import an.xml.XMLElement;
import an.xml.XMLGeneralException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.common.SignableSAMLObject;
import org.opensaml.lite.saml2.core.EncryptedElementType;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.Criteria;
import org.opensaml.lite.security.CriteriaSet;
import org.opensaml.lite.security.TrustLevel;
import org.opensaml.lite.security.criteria.TrustLevelCriteria;
import org.opensaml.lite.security.criteria.UsageCriteria;
import org.w3c.dom.Element;
import pl.edu.icm.yadda.aas.saml.validator.ISAMLObjectValidator;
import pl.edu.icm.yadda.aas.saml.validator.SAMLObjectValidationContext;
import pl.edu.icm.yadda.aas.saml.validator.SAMLObjectValidationException;
import pl.edu.icm.yadda.aas.security.ISecurityFacade;
import pl.edu.icm.yadda.aas.security.SecurityFacadeException;
import pl.edu.icm.yadda.aas.xacml.policy.parser.ConditionAwareToken;
import pl.edu.icm.yadda.aas.xacml.policy.parser.ParserException;
import pl.edu.icm.yadda.aas.xacml.policy.parser.Token;
import pl.edu.icm.yadda.aas.xacml.policy.parser.XACMLAttributeIdURIParser;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.ConditionAwareTypeCondition;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.FieldCondition;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.ITokenCondition;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.TypeCondition;

/* loaded from: input_file:an/xacml/SAMLObjectAttributeRetriever.class */
public class SAMLObjectAttributeRetriever implements AttributeRetriever {
    private static final int ROOT_SAML_OBJECT_TOKEN_NUMBER = 1;
    protected static final Logger log = Logger.getLogger(SAMLObjectAttributeRetriever.class);
    private Map<String, String> typeToClassNameMap = new HashMap();
    private ISecurityFacade securityFacade;
    private IAttributeValueDataConverter attributeValueDataConverter;
    private ISAMLObjectValidator samlObjectValidator;

    public SAMLObjectAttributeRetriever() {
    }

    public SAMLObjectAttributeRetriever(ConfigElement configElement) throws XMLGeneralException {
        XMLElement singleXMLElementByName;
        XMLElement[] childElements;
        if (configElement.getChildElements() == null || configElement.getChildElements().length <= 0 || (singleXMLElementByName = configElement.getSingleXMLElementByName("Map")) == null || (childElements = singleXMLElementByName.getChildElements()) == null) {
            return;
        }
        int length = childElements.length;
        for (int i = 0; i < length; i += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
            XMLAttribute[] attributes = childElements[i].getAttributes();
            if (attributes != null) {
                String str = null;
                String str2 = null;
                int length2 = attributes.length;
                for (int i2 = 0; i2 < length2; i2 += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
                    XMLAttribute xMLAttribute = attributes[i2];
                    if (xMLAttribute.getName() == "key") {
                        str = (String) xMLAttribute.getValue();
                    } else if (xMLAttribute.getName() == "value") {
                        str2 = (String) xMLAttribute.getValue();
                    }
                }
                if (str == null || str2 == null) {
                    log.warn("couldn't add typeToClassNameMap entry for type: " + str + " and className: " + str2);
                } else {
                    this.typeToClassNameMap.put(str, str2);
                }
            }
        }
    }

    List<Object> getObjects(int i, Token[] tokenArr, Object obj, URI uri, SAMLObjectValidationContext sAMLObjectValidationContext) throws IndeterminateException {
        if (i > tokenArr.length || obj == null) {
            return new ArrayList();
        }
        if (i == tokenArr.length) {
            ArrayList arrayList = new ArrayList(ROOT_SAML_OBJECT_TOKEN_NUMBER);
            try {
                if (!this.samlObjectValidator.validate(sAMLObjectValidationContext)) {
                    log.warn("SAMLObject didn't pass validation process successfully!");
                    return arrayList;
                }
                if (obj instanceof Collection) {
                    Iterator it = ((Collection) obj).iterator();
                    while (it.hasNext()) {
                        arrayList.add(this.attributeValueDataConverter.convertData(it.next(), uri));
                    }
                } else if (obj.getClass().isArray()) {
                    Object[] objArr = (Object[]) obj;
                    int length = objArr.length;
                    for (int i2 = 0; i2 < length; i2 += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
                        arrayList.add(this.attributeValueDataConverter.convertData(objArr[i2], uri));
                    }
                } else {
                    arrayList.add(this.attributeValueDataConverter.convertData(obj, uri));
                }
                return arrayList;
            } catch (AttributeValueDataConverterException e) {
                log.error("Exception occured when converting data: " + obj + " for the dataType: " + uri, e);
                return arrayList;
            } catch (SAMLObjectValidationException e2) {
                log.error("Problem occured when validating SAMLObject for data: " + obj + " for the dataType: " + uri, e2);
                return arrayList;
            }
        }
        String value = tokenArr[i].getValue();
        if (obj instanceof Collection) {
            ArrayList arrayList2 = new ArrayList();
            for (Object obj2 : (Collection) obj) {
                if (obj2 == null) {
                    log.warn("ommitting null object found in collection...");
                } else if (checkTokenConditions(tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER], obj2)) {
                    arrayList2.addAll(appendResults(obj2, value, i, tokenArr, uri, sAMLObjectValidationContext));
                }
            }
            return arrayList2;
        }
        if (!(obj instanceof Object[])) {
            if (obj == null) {
                log.warn("ommitting null object...");
            } else if (checkTokenConditions(tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER], obj)) {
                return appendResults(obj, value, i, tokenArr, uri, sAMLObjectValidationContext);
            }
            return new ArrayList();
        }
        Object[] objArr2 = (Object[]) obj;
        ArrayList arrayList3 = new ArrayList();
        for (int i3 = 0; i3 < objArr2.length; i3 += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
            if (objArr2[i3] == null) {
                log.warn("ommitting null object found in array...");
            } else if (checkTokenConditions(tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER], objArr2[i3])) {
                arrayList3.addAll(appendResults(objArr2[i3], value, i, tokenArr, uri, sAMLObjectValidationContext));
            }
        }
        return arrayList3;
    }

    List<Object> appendResults(Object obj, String str, int i, Token[] tokenArr, URI uri, SAMLObjectValidationContext sAMLObjectValidationContext) throws IndeterminateException {
        if (getTypeCondition(tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER], XACMLAttributeIdURIParser.PREDEFINED_ENCRYPTED_TYPE_NAME) != null && !(obj instanceof EncryptedElementType)) {
            log.warn("Element " + tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue() + " was expected to be encrypted!");
            return new ArrayList();
        }
        if (obj instanceof EncryptedElementType) {
            try {
                SAMLObject decrypt = this.securityFacade.decrypt((EncryptedElementType) obj);
                if (i == ROOT_SAML_OBJECT_TOKEN_NUMBER) {
                    sAMLObjectValidationContext.setSuccessfullyValidated(null);
                    sAMLObjectValidationContext.setStoredSAMLObject((EncryptedElementType) obj, decrypt);
                }
                obj = decrypt;
            } catch (SecurityFacadeException e) {
                log.warn("Exception occured when decrypting object: " + tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue(), e);
                return new ArrayList();
            }
        } else if (i == ROOT_SAML_OBJECT_TOKEN_NUMBER && (obj instanceof SAMLObject)) {
            sAMLObjectValidationContext.setSuccessfullyValidated(null);
            sAMLObjectValidationContext.setStoredSAMLObject((SAMLObject) obj);
        }
        TypeCondition typeCondition = getTypeCondition(tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER], XACMLAttributeIdURIParser.PREDEFINED_SIGNED_TYPE_NAME);
        if (typeCondition != null) {
            if (!(obj instanceof SignableSAMLObject)) {
                log.warn("Element " + tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue() + " was expected to be signed but it's not SignableSAMLObject instance!");
                return new ArrayList();
            }
            try {
                CriteriaSet criteriaSet = new CriteriaSet();
                criteriaSet.add(new UsageCriteria(Credential.UsageType.SIGNING));
                criteriaSet.add(new TrustLevelCriteria(getTrustLevel(typeCondition)));
                Collection<Criteria> fixedCriteria = this.samlObjectValidator.getFixedCriteria();
                if (fixedCriteria != null) {
                    Iterator<Criteria> it = fixedCriteria.iterator();
                    while (it.hasNext()) {
                        criteriaSet.add(it.next());
                    }
                }
                if (!this.securityFacade.verifySignature(((SignableSAMLObject) obj).getSignature(), criteriaSet)) {
                    log.warn("Invalid signature for object: " + tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue());
                    return new ArrayList();
                }
            } catch (SecurityFacadeException e2) {
                log.warn("Exception occured when validating signature for object: " + tokenArr[i - ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue(), e2);
                return new ArrayList();
            }
        }
        Method[] methods = obj.getClass().getMethods();
        for (int i2 = 0; i2 < methods.length; i2 += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
            if (methods[i2].getName().equalsIgnoreCase(SAMLObjectAttributeRetrieverConstants.GETTER_PREFIX + str) && methods[i2].getGenericParameterTypes().length == 0) {
                try {
                    return getObjects(i + ROOT_SAML_OBJECT_TOKEN_NUMBER, tokenArr, methods[i2].invoke(obj, new Object[0]), uri, sAMLObjectValidationContext);
                } catch (IllegalAccessException e3) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue() + " object!", e3);
                } catch (IllegalArgumentException e4) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue() + " object!", e4);
                } catch (InvocationTargetException e5) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + ROOT_SAML_OBJECT_TOKEN_NUMBER].getValue() + " object!", e5);
                }
            }
        }
        return new ArrayList();
    }

    boolean checkTokenConditions(Token token, Object obj) {
        if (!(token instanceof ConditionAwareToken)) {
            return true;
        }
        for (ITokenCondition iTokenCondition : ((ConditionAwareToken) token).getConditions()) {
            if (iTokenCondition instanceof TypeCondition) {
                if (!checkObjectType((TypeCondition) iTokenCondition, obj)) {
                    return false;
                }
            } else {
                if (!(iTokenCondition instanceof FieldCondition)) {
                    log.error("unsupported condition instance: " + iTokenCondition.getClass().getName());
                    return false;
                }
                if (!checkObjectField((FieldCondition) iTokenCondition, obj)) {
                    return false;
                }
            }
        }
        return true;
    }

    boolean checkObjectField(FieldCondition fieldCondition, Object obj) {
        Method[] methods = obj.getClass().getMethods();
        for (int i = 0; i < methods.length; i += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
            if (methods[i].getName().equalsIgnoreCase(SAMLObjectAttributeRetrieverConstants.GETTER_PREFIX + fieldCondition.getField()) && methods[i].getGenericParameterTypes().length == 0) {
                try {
                    Object invoke = methods[i].invoke(obj, new Object[0]);
                    return fieldCondition.getValue() == null ? invoke == null : fieldCondition.getValue().equals(invoke);
                } catch (IllegalAccessException e) {
                    log.error("Couldn't execute " + methods[i].getName() + " on object type: " + obj.getClass().getName(), e);
                    return false;
                } catch (IllegalArgumentException e2) {
                    log.error("Couldn't execute " + methods[i].getName() + " on object type: " + obj.getClass().getName(), e2);
                    return false;
                } catch (InvocationTargetException e3) {
                    log.error("Couldn't execute " + methods[i].getName() + " on object type: " + obj.getClass().getName(), e3);
                    return false;
                }
            }
        }
        log.error("No suitable getter metod found for field " + fieldCondition.getField() + " in object type: " + obj.getClass().getName());
        return false;
    }

    boolean checkObjectType(TypeCondition typeCondition, Object obj) {
        if (typeCondition.getType() == null) {
            return true;
        }
        if (obj == null) {
            return false;
        }
        String str = this.typeToClassNameMap.get(typeCondition.getType());
        if (str != null) {
            try {
                return isClassInHierarchy(Class.forName(str), obj.getClass());
            } catch (ClassNotFoundException e) {
                log.error("couldn't find class: " + str + " for type: " + typeCondition.getType(), e);
                return false;
            }
        }
        if (typeCondition.getType().equalsIgnoreCase(XACMLAttributeIdURIParser.PREDEFINED_SIGNED_TYPE_NAME) || typeCondition.getType().equalsIgnoreCase(XACMLAttributeIdURIParser.PREDEFINED_ENCRYPTED_TYPE_NAME)) {
            log.debug("got #signed or #encrypted markup, checking elsewhere...");
            return true;
        }
        log.warn("couldn't find className for type: " + typeCondition.getType());
        return false;
    }

    TypeCondition getTypeCondition(Token token, String str) {
        if (!(token instanceof ConditionAwareToken)) {
            return null;
        }
        for (ITokenCondition iTokenCondition : ((ConditionAwareToken) token).getConditions()) {
            if ((iTokenCondition instanceof TypeCondition) && ((TypeCondition) iTokenCondition).getType().equals(str)) {
                return (TypeCondition) iTokenCondition;
            }
        }
        return null;
    }

    private TrustLevel getTrustLevel(TypeCondition typeCondition) throws IndeterminateException {
        if (typeCondition == null || !(typeCondition instanceof ConditionAwareTypeCondition)) {
            return this.samlObjectValidator.getDefaultTrustLevel();
        }
        List<ITokenCondition> conditions = ((ConditionAwareTypeCondition) typeCondition).getConditions();
        if (conditions == null || conditions.size() <= 0) {
            return this.samlObjectValidator.getDefaultTrustLevel();
        }
        ITokenCondition next = conditions.iterator().next();
        if (!(next instanceof TypeCondition)) {
            throw new IndeterminateException("invalid condition in 'signed' URI element defined in policy, cannot determine proper trust level!");
        }
        try {
            return TrustLevel.valueOf(((TypeCondition) next).getType());
        } catch (Exception e) {
            throw new IndeterminateException("invalid trust level defined in 'signed' URI element: " + ((TypeCondition) next).getType() + ", cannot determine proper trust level!", e);
        }
    }

    boolean isClassInHierarchy(Class cls, Class cls2) {
        if (cls == null || cls2 == null) {
            return false;
        }
        if (cls.equals(cls2)) {
            return true;
        }
        Class superclass = cls2.getSuperclass();
        if (superclass != null && (cls.equals(superclass) || isClassInHierarchy(cls, superclass))) {
            return true;
        }
        Class<?>[] interfaces = cls2.getInterfaces();
        if (interfaces == null || interfaces.length <= 0) {
            return false;
        }
        for (int i = 0; i < interfaces.length; i += ROOT_SAML_OBJECT_TOKEN_NUMBER) {
            if (isClassInHierarchy(cls, interfaces[i])) {
                return true;
            }
        }
        return false;
    }

    public int getType() {
        return 0;
    }

    public boolean isAttributeSupported(URI uri, URI uri2) {
        return uri.toString().startsWith(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX);
    }

    public AttributeValue[] retrieveAttributeValues(EvaluationContext evaluationContext, URI uri, URI uri2, String str, URI uri3) throws IndeterminateException {
        if (uri == null || uri.toString() == null) {
            log.warn("Got null attrId!");
            return new AttributeValue[0];
        }
        String uri4 = uri.toString();
        if (!uri4.startsWith(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX)) {
            log.warn("Unsupported attrId: " + uri4);
            return new AttributeValue[0];
        }
        String substring = uri4.substring(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX.length());
        try {
            Token[] parse = XACMLAttributeIdURIParser.parse(substring);
            if (parse == null || parse.length == 0) {
                log.warn("Couldn't extract tokens from attrId: " + substring);
                return new AttributeValue[0];
            }
            if (!(evaluationContext.getRequest() instanceof ExtendedRequest)) {
                throw new IndeterminateException("Unable to retrieve SAMLObjects attribute: Request from EvaluationContext is not an ExtendedRequest instance.");
            }
            List<SAMLObject> sAMLObjects = ((ExtendedRequest) evaluationContext.getRequest()).getSAMLObjects();
            ArrayList arrayList = new ArrayList();
            if (sAMLObjects != null) {
                try {
                    List<Object> objects = getObjects(ROOT_SAML_OBJECT_TOKEN_NUMBER, parse, sAMLObjects, uri2, new SAMLObjectValidationContext(evaluationContext, (SAMLObject) null, str));
                    if (objects != null) {
                        Iterator<Object> it = objects.iterator();
                        while (it.hasNext()) {
                            arrayList.add(AttributeValue.getInstance(uri2, it.next()));
                        }
                    }
                } catch (XMLDataTypeMappingException e) {
                    throw new IndeterminateException("Couldn't retrive value(s) for attrId: " + substring, e);
                } catch (IllegalArgumentException e2) {
                    throw new IndeterminateException("Couldn't retrive value(s) for attrId: " + substring, e2);
                }
            }
            return (AttributeValue[]) arrayList.toArray(new AttributeValue[arrayList.size()]);
        } catch (ParserException e3) {
            log.error("Couldn't extract tokens from attrId: " + substring, e3);
            return new AttributeValue[0];
        }
    }

    public AttributeValue[] retrieveAttributeValues(EvaluationContext evaluationContext, String str, URI uri, Element element, Map<String, String> map) throws IndeterminateException {
        log.warn("Retrieving attribute values using xpath expressions is unsupported in " + getClass().getSimpleName());
        return new AttributeValue[0];
    }

    public Map<String, String> getTypeToClassNameMap() {
        return this.typeToClassNameMap;
    }

    public void setTypeToClassNameMap(Map<String, String> map) {
        this.typeToClassNameMap = map;
    }

    public ISecurityFacade getSecurityFacade() {
        return this.securityFacade;
    }

    public void setSecurityFacade(ISecurityFacade iSecurityFacade) {
        this.securityFacade = iSecurityFacade;
    }

    public IAttributeValueDataConverter getAttributeValueDataConverter() {
        return this.attributeValueDataConverter;
    }

    public void setAttributeValueDataConverter(IAttributeValueDataConverter iAttributeValueDataConverter) {
        this.attributeValueDataConverter = iAttributeValueDataConverter;
    }

    public void setSamlObjectValidator(ISAMLObjectValidator iSAMLObjectValidator) {
        this.samlObjectValidator = iSAMLObjectValidator;
    }
}
