package org.apache.ws.security.saml.ext.builder;

import com.ibm.ws.sib.mfp.MfpConstants;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.saml.ext.bean.ActionBean;
import org.apache.ws.security.saml.ext.bean.AttributeBean;
import org.apache.ws.security.saml.ext.bean.AttributeStatementBean;
import org.apache.ws.security.saml.ext.bean.AudienceRestrictionBean;
import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean;
import org.apache.ws.security.saml.ext.bean.AuthenticationStatementBean;
import org.apache.ws.security.saml.ext.bean.ConditionsBean;
import org.apache.ws.security.saml.ext.bean.KeyInfoBean;
import org.apache.ws.security.saml.ext.bean.SubjectBean;
import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean;
import org.apache.ws.security.util.UUIDGenerator;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.common.SAMLObjectBuilder;
import org.opensaml.common.SAMLVersion;
import org.opensaml.saml1.core.Action;
import org.opensaml.saml1.core.Assertion;
import org.opensaml.saml1.core.Attribute;
import org.opensaml.saml1.core.AttributeStatement;
import org.opensaml.saml1.core.AttributeValue;
import org.opensaml.saml1.core.Audience;
import org.opensaml.saml1.core.AudienceRestrictionCondition;
import org.opensaml.saml1.core.AuthenticationStatement;
import org.opensaml.saml1.core.AuthorizationDecisionStatement;
import org.opensaml.saml1.core.Conditions;
import org.opensaml.saml1.core.ConfirmationMethod;
import org.opensaml.saml1.core.DecisionTypeEnumeration;
import org.opensaml.saml1.core.Evidence;
import org.opensaml.saml1.core.NameIdentifier;
import org.opensaml.saml1.core.Subject;
import org.opensaml.saml1.core.SubjectConfirmation;
import org.opensaml.saml1.core.SubjectLocality;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.schema.XSString;
import org.opensaml.xml.schema.impl.XSStringBuilder;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
import org.opensaml.xml.signature.KeyInfo;

/* loaded from: input_file:wlp/lib/com.ibm.ws.wss4j.1.6.7_1.0.12.jar:org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.class */
public final class SAML1ComponentBuilder {
    private static volatile SAMLObjectBuilder<Assertion> assertionV1Builder;
    private static volatile SAMLObjectBuilder<Conditions> conditionsV1Builder;
    private static volatile SAMLObjectBuilder<AudienceRestrictionCondition> audienceRestrictionV1Builder;
    private static volatile SAMLObjectBuilder<Audience> audienceV1Builder;
    private static volatile SAMLObjectBuilder<AuthenticationStatement> authenticationStatementV1Builder;
    private static volatile SAMLObjectBuilder<Subject> subjectV1Builder;
    private static volatile SAMLObjectBuilder<NameIdentifier> nameIdentifierV1Builder;
    private static volatile SAMLObjectBuilder<SubjectConfirmation> subjectConfirmationV1Builder;
    private static volatile SAMLObjectBuilder<ConfirmationMethod> confirmationMethodV1Builder;
    private static volatile SAMLObjectBuilder<AttributeStatement> attributeStatementV1Builder;
    private static volatile SAMLObjectBuilder<Attribute> attributeV1Builder;
    private static volatile XSStringBuilder stringBuilder;
    private static volatile SAMLObjectBuilder<AuthorizationDecisionStatement> authorizationDecisionStatementV1Builder;
    private static volatile SAMLObjectBuilder<Action> actionElementV1Builder;
    private static volatile XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
    private static volatile SAMLObjectBuilder<SubjectLocality> subjectLocalityBuilder;

    private SAML1ComponentBuilder() {
    }

    public static Assertion createSamlv1Assertion(String str) {
        if (assertionV1Builder == null) {
            assertionV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Assertion.DEFAULT_ELEMENT_NAME);
            if (assertionV1Builder == null) {
                throw new IllegalStateException("OpenSaml engine not initialized. Please make sure to initialize the OpenSaml engine prior using it");
            }
        }
        Assertion assertion = (Assertion) assertionV1Builder.buildObject(Assertion.DEFAULT_ELEMENT_NAME, Assertion.TYPE_NAME);
        assertion.setVersion(SAMLVersion.VERSION_11);
        assertion.setIssuer(str);
        assertion.setIssueInstant(new DateTime());
        assertion.setID(MfpConstants.MESSAGE_HANDLE_SEPARATOR + UUIDGenerator.getUUID());
        return assertion;
    }

    public static Subject createSaml1v1Subject(SubjectBean subjectBean) throws SecurityException, WSSecurityException {
        if (subjectV1Builder == null) {
            subjectV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Subject.DEFAULT_ELEMENT_NAME);
        }
        if (nameIdentifierV1Builder == null) {
            nameIdentifierV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(NameIdentifier.DEFAULT_ELEMENT_NAME);
        }
        if (subjectConfirmationV1Builder == null) {
            subjectConfirmationV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectConfirmation.DEFAULT_ELEMENT_NAME);
        }
        if (confirmationMethodV1Builder == null) {
            confirmationMethodV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(ConfirmationMethod.DEFAULT_ELEMENT_NAME);
        }
        Subject mo4392buildObject = subjectV1Builder.mo4392buildObject();
        NameIdentifier mo4392buildObject2 = nameIdentifierV1Builder.mo4392buildObject();
        SubjectConfirmation mo4392buildObject3 = subjectConfirmationV1Builder.mo4392buildObject();
        ConfirmationMethod mo4392buildObject4 = confirmationMethodV1Builder.mo4392buildObject();
        mo4392buildObject2.setNameQualifier(subjectBean.getSubjectNameQualifier());
        mo4392buildObject2.setNameIdentifier(subjectBean.getSubjectName());
        mo4392buildObject2.setFormat(subjectBean.getSubjectNameIDFormat());
        String subjectConfirmationMethod = subjectBean.getSubjectConfirmationMethod();
        if (subjectConfirmationMethod == null) {
            subjectConfirmationMethod = SAML1Constants.CONF_SENDER_VOUCHES;
        }
        mo4392buildObject4.setConfirmationMethod(subjectConfirmationMethod);
        mo4392buildObject3.getConfirmationMethods().add(mo4392buildObject4);
        if (subjectBean.getKeyInfo() != null) {
            mo4392buildObject3.setKeyInfo(createKeyInfo(subjectBean.getKeyInfo()));
        }
        mo4392buildObject.setNameIdentifier(mo4392buildObject2);
        mo4392buildObject.setSubjectConfirmation(mo4392buildObject3);
        return mo4392buildObject;
    }

    public static KeyInfo createKeyInfo(KeyInfoBean keyInfoBean) throws SecurityException, WSSecurityException {
        if (keyInfoBean.getElement() != null) {
            return (KeyInfo) OpenSAMLUtil.fromDom(keyInfoBean.getElement());
        }
        BasicX509Credential basicX509Credential = new BasicX509Credential();
        if (keyInfoBean.getCertificate() != null) {
            basicX509Credential.setEntityCertificate(keyInfoBean.getCertificate());
        } else if (keyInfoBean.getPublicKey() != null) {
            basicX509Credential.setPublicKey(keyInfoBean.getPublicKey());
        }
        X509KeyInfoGeneratorFactory x509KeyInfoGeneratorFactory = new X509KeyInfoGeneratorFactory();
        switch (keyInfoBean.getCertIdentifer()) {
            case X509_CERT:
                x509KeyInfoGeneratorFactory.setEmitEntityCertificate(true);
                break;
            case KEY_VALUE:
                x509KeyInfoGeneratorFactory.setEmitPublicKeyValue(true);
                break;
            case X509_ISSUER_SERIAL:
                x509KeyInfoGeneratorFactory.setEmitX509IssuerSerial(true);
                break;
        }
        return x509KeyInfoGeneratorFactory.newInstance().generate(basicX509Credential);
    }

    public static Conditions createSamlv1Conditions(ConditionsBean conditionsBean) {
        if (conditionsV1Builder == null) {
            conditionsV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Conditions.DEFAULT_ELEMENT_NAME);
        }
        Conditions mo4392buildObject = conditionsV1Builder.mo4392buildObject();
        if (conditionsBean == null) {
            DateTime dateTime = new DateTime();
            mo4392buildObject.setNotBefore(dateTime);
            mo4392buildObject.setNotOnOrAfter(dateTime.plusMinutes(5));
            return mo4392buildObject;
        }
        int tokenPeriodMinutes = conditionsBean.getTokenPeriodMinutes();
        DateTime notBefore = conditionsBean.getNotBefore();
        DateTime notAfter = conditionsBean.getNotAfter();
        if (notBefore == null || notAfter == null) {
            DateTime dateTime2 = new DateTime();
            mo4392buildObject.setNotBefore(dateTime2);
            if (tokenPeriodMinutes <= 0) {
                tokenPeriodMinutes = 5;
            }
            mo4392buildObject.setNotOnOrAfter(dateTime2.plusMinutes(tokenPeriodMinutes));
        } else {
            if (notBefore.isAfter(notAfter)) {
                throw new IllegalStateException("The value of notBefore may not be after the value of notAfter");
            }
            mo4392buildObject.setNotBefore(notBefore);
            mo4392buildObject.setNotOnOrAfter(notAfter);
        }
        if (conditionsBean.getAudienceURI() != null) {
            mo4392buildObject.getAudienceRestrictionConditions().add(createSamlv1AudienceRestriction(conditionsBean.getAudienceURI()));
        }
        if (conditionsBean.getAudienceRestrictions() != null && !conditionsBean.getAudienceRestrictions().isEmpty()) {
            Iterator<AudienceRestrictionBean> it = conditionsBean.getAudienceRestrictions().iterator();
            while (it.hasNext()) {
                mo4392buildObject.getAudienceRestrictionConditions().add(createSamlv1AudienceRestriction(it.next()));
            }
        }
        return mo4392buildObject;
    }

    @Deprecated
    public static AudienceRestrictionCondition createSamlv1AudienceRestriction(String str) {
        AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
        audienceRestrictionBean.setAudienceURIs(Collections.singletonList(str));
        return createSamlv1AudienceRestriction(audienceRestrictionBean);
    }

    public static AudienceRestrictionCondition createSamlv1AudienceRestriction(AudienceRestrictionBean audienceRestrictionBean) {
        if (audienceRestrictionV1Builder == null) {
            audienceRestrictionV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(AudienceRestrictionCondition.DEFAULT_ELEMENT_NAME);
        }
        if (audienceV1Builder == null) {
            audienceV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Audience.DEFAULT_ELEMENT_NAME);
        }
        AudienceRestrictionCondition mo4392buildObject = audienceRestrictionV1Builder.mo4392buildObject();
        for (String str : audienceRestrictionBean.getAudienceURIs()) {
            Audience mo4392buildObject2 = audienceV1Builder.mo4392buildObject();
            mo4392buildObject2.setUri(str);
            mo4392buildObject.getAudiences().add(mo4392buildObject2);
        }
        return mo4392buildObject;
    }

    public static List<AuthenticationStatement> createSamlv1AuthenticationStatement(List<AuthenticationStatementBean> list) throws SecurityException, WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (authenticationStatementV1Builder == null) {
            authenticationStatementV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME);
        }
        if (subjectLocalityBuilder == null) {
            subjectLocalityBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME);
        }
        if (list != null && list.size() > 0) {
            for (AuthenticationStatementBean authenticationStatementBean : list) {
                AuthenticationStatement authenticationStatement = (AuthenticationStatement) authenticationStatementV1Builder.buildObject(AuthenticationStatement.DEFAULT_ELEMENT_NAME, AuthenticationStatement.TYPE_NAME);
                authenticationStatement.setSubject(createSaml1v1Subject(authenticationStatementBean.getSubject()));
                if (authenticationStatementBean.getAuthenticationInstant() != null) {
                    authenticationStatement.setAuthenticationInstant(authenticationStatementBean.getAuthenticationInstant());
                } else {
                    authenticationStatement.setAuthenticationInstant(new DateTime());
                }
                authenticationStatement.setAuthenticationMethod(transformAuthenticationMethod(authenticationStatementBean.getAuthenticationMethod()));
                SubjectLocalityBean subjectLocality = authenticationStatementBean.getSubjectLocality();
                if (subjectLocality != null) {
                    SubjectLocality mo4392buildObject = subjectLocalityBuilder.mo4392buildObject();
                    mo4392buildObject.setDNSAddress(subjectLocality.getDnsAddress());
                    mo4392buildObject.setIPAddress(subjectLocality.getIpAddress());
                    authenticationStatement.setSubjectLocality(mo4392buildObject);
                }
                arrayList.add(authenticationStatement);
            }
        }
        return arrayList;
    }

    private static String transformAuthenticationMethod(String str) {
        String str2 = "";
        if ("Password".equals(str)) {
            str2 = SAML1Constants.AUTH_METHOD_PASSWORD;
        } else if (str != null && !"".equals(str)) {
            return str;
        }
        return str2;
    }

    public static List<AttributeStatement> createSamlv1AttributeStatement(List<AttributeStatementBean> list) throws SecurityException, WSSecurityException {
        if (attributeStatementV1Builder == null) {
            attributeStatementV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
        }
        ArrayList arrayList = new ArrayList();
        if (list != null && list.size() > 0) {
            for (AttributeStatementBean attributeStatementBean : list) {
                AttributeStatement mo4392buildObject = attributeStatementV1Builder.mo4392buildObject();
                mo4392buildObject.setSubject(createSaml1v1Subject(attributeStatementBean.getSubject()));
                for (AttributeBean attributeBean : attributeStatementBean.getSamlAttributes()) {
                    List<String> attributeValues = attributeBean.getAttributeValues();
                    if (attributeValues == null || attributeValues.isEmpty()) {
                        attributeValues = attributeBean.getCustomAttributeValues();
                    }
                    mo4392buildObject.getAttributes().add(createSamlv1Attribute(attributeBean.getSimpleName(), attributeBean.getQualifiedName(), attributeValues));
                }
                arrayList.add(mo4392buildObject);
            }
        }
        return arrayList;
    }

    public static Attribute createSamlv1Attribute(String str, String str2, List<?> list) {
        if (attributeV1Builder == null) {
            attributeV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Attribute.DEFAULT_ELEMENT_NAME);
        }
        if (stringBuilder == null) {
            stringBuilder = (XSStringBuilder) builderFactory.getBuilder(XSString.TYPE_NAME);
        }
        Attribute mo4392buildObject = attributeV1Builder.mo4392buildObject();
        mo4392buildObject.setAttributeName(str);
        mo4392buildObject.setAttributeNamespace(str2);
        for (Object obj : list) {
            if (obj instanceof String) {
                XSString buildObject = stringBuilder.buildObject(AttributeValue.DEFAULT_ELEMENT_NAME, XSString.TYPE_NAME);
                buildObject.setValue((String) obj);
                mo4392buildObject.getAttributeValues().add(buildObject);
            } else if (obj instanceof XMLObject) {
                mo4392buildObject.getAttributeValues().add((XMLObject) obj);
            }
        }
        return mo4392buildObject;
    }

    public static List<AuthorizationDecisionStatement> createSamlv1AuthorizationDecisionStatement(List<AuthDecisionStatementBean> list) throws SecurityException, WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (authorizationDecisionStatementV1Builder == null) {
            authorizationDecisionStatementV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthorizationDecisionStatement.DEFAULT_ELEMENT_NAME);
        }
        if (list != null && list.size() > 0) {
            for (AuthDecisionStatementBean authDecisionStatementBean : list) {
                AuthorizationDecisionStatement mo4392buildObject = authorizationDecisionStatementV1Builder.mo4392buildObject();
                mo4392buildObject.setSubject(createSaml1v1Subject(authDecisionStatementBean.getSubject()));
                mo4392buildObject.setResource(authDecisionStatementBean.getResource());
                mo4392buildObject.setDecision(transformDecisionType(authDecisionStatementBean.getDecision()));
                Iterator<ActionBean> it = authDecisionStatementBean.getActions().iterator();
                while (it.hasNext()) {
                    mo4392buildObject.getActions().add(createSamlv1Action(it.next()));
                }
                if (authDecisionStatementBean.getEvidence() instanceof Evidence) {
                    mo4392buildObject.setEvidence((Evidence) authDecisionStatementBean.getEvidence());
                }
                arrayList.add(mo4392buildObject);
            }
        }
        return arrayList;
    }

    public static Action createSamlv1Action(ActionBean actionBean) {
        if (actionElementV1Builder == null) {
            actionElementV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(Action.DEFAULT_ELEMENT_NAME);
        }
        Action mo4392buildObject = actionElementV1Builder.mo4392buildObject();
        mo4392buildObject.setNamespace(actionBean.getActionNamespace());
        mo4392buildObject.setContents(actionBean.getContents());
        return mo4392buildObject;
    }

    private static DecisionTypeEnumeration transformDecisionType(AuthDecisionStatementBean.Decision decision) {
        DecisionTypeEnumeration decisionTypeEnumeration = DecisionTypeEnumeration.DENY;
        if (decision.equals(AuthDecisionStatementBean.Decision.PERMIT)) {
            decisionTypeEnumeration = DecisionTypeEnumeration.PERMIT;
        } else if (decision.equals(AuthDecisionStatementBean.Decision.INDETERMINATE)) {
            decisionTypeEnumeration = DecisionTypeEnumeration.INDETERMINATE;
        }
        return decisionTypeEnumeration;
    }
}
