package an.xacml;

import an.config.ConfigElement;
import an.xacml.converter.AttributeValueDataConverterException;
import an.xacml.converter.IAttributeValueDataConverter;
import an.xacml.engine.AttributeRetriever;
import an.xacml.engine.EvaluationContext;
import an.xacml.policy.AttributeValue;
import an.xml.XMLAttribute;
import an.xml.XMLDataTypeMappingException;
import an.xml.XMLElement;
import an.xml.XMLGeneralException;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.net.URI;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.common.SignableSAMLObject;
import org.opensaml.lite.saml2.core.EncryptedElementType;
import org.opensaml.lite.security.TrustLevel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import pl.edu.icm.yadda.aas.saml.validator.ISAMLObjectValidator;
import pl.edu.icm.yadda.aas.saml.validator.SAMLObjectValidationContext;
import pl.edu.icm.yadda.aas.saml.validator.SAMLObjectValidationException;
import pl.edu.icm.yadda.aas.security.ISecurityFacade;
import pl.edu.icm.yadda.aas.security.SecurityFacadeException;
import pl.edu.icm.yadda.aas.xacml.policy.parser.ParserException;
import pl.edu.icm.yadda.aas.xacml.policy.parser.Token;
import pl.edu.icm.yadda.aas.xacml.policy.parser.XACMLAttributeIdURIParser;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.ConditionAwareTypeCondition;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.ITokenCondition;
import pl.edu.icm.yadda.aas.xacml.policy.parser.cond.TypeCondition;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-4.2.2-agro.jar:an/xacml/AbstractSAMLObjectAttributeRetriever.class */
public abstract class AbstractSAMLObjectAttributeRetriever<GenericCriteriaSet> extends AbstractTokenConditionsAware implements AttributeRetriever {
    private static final int ROOT_SAML_OBJECT_TOKEN_NUMBER = 1;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private ISecurityFacade<GenericCriteriaSet> securityFacade;
    private IAttributeValueDataConverter attributeValueDataConverter;
    private ISAMLObjectValidator<GenericCriteriaSet> samlObjectValidator;

    public AbstractSAMLObjectAttributeRetriever() {
    }

    public AbstractSAMLObjectAttributeRetriever(ConfigElement configElement) throws XMLGeneralException {
        XMLElement singleXMLElementByName;
        XMLElement[] childElements;
        if (configElement.getChildElements() == null || configElement.getChildElements().length <= 0 || (singleXMLElementByName = configElement.getSingleXMLElementByName("Map")) == null || (childElements = singleXMLElementByName.getChildElements()) == null) {
            return;
        }
        for (XMLElement xMLElement : childElements) {
            XMLAttribute[] attributes = xMLElement.getAttributes();
            if (attributes != null) {
                String str = null;
                String str2 = null;
                for (XMLAttribute xMLAttribute : attributes) {
                    if (xMLAttribute.getName() == "key") {
                        str = (String) xMLAttribute.getValue();
                    } else if (xMLAttribute.getName() == "value") {
                        str2 = (String) xMLAttribute.getValue();
                    }
                }
                if (str == null || str2 == null) {
                    this.log.warn("couldn't add typeToClassNameMap entry for type: " + str + " and className: " + str2);
                } else {
                    this.typeToClassNameMap.put(str, str2);
                }
            }
        }
    }

    List<Object> getObjects(int i, Token[] tokenArr, Object obj, URI uri, SAMLObjectValidationContext sAMLObjectValidationContext) throws IndeterminateException {
        if (i > tokenArr.length || obj == null) {
            return new ArrayList();
        }
        if (i == tokenArr.length) {
            ArrayList arrayList = new ArrayList(1);
            try {
                if (!this.samlObjectValidator.validate(sAMLObjectValidationContext)) {
                    this.log.warn("SAMLObject didn't pass validation process successfully!");
                    return arrayList;
                }
                if (obj instanceof Collection) {
                    Iterator it = ((Collection) obj).iterator();
                    while (it.hasNext()) {
                        arrayList.add(this.attributeValueDataConverter.convertData(it.next(), uri));
                    }
                } else if (obj.getClass().isArray()) {
                    for (Object obj2 : (Object[]) obj) {
                        arrayList.add(this.attributeValueDataConverter.convertData(obj2, uri));
                    }
                } else {
                    arrayList.add(this.attributeValueDataConverter.convertData(obj, uri));
                }
                return arrayList;
            } catch (AttributeValueDataConverterException e) {
                this.log.error("Exception occured when converting data: " + obj + " for the dataType: " + uri, (Throwable) e);
                return arrayList;
            } catch (SAMLObjectValidationException e2) {
                this.log.error("Problem occured when validating SAMLObject for data: " + obj + " for the dataType: " + uri, (Throwable) e2);
                return arrayList;
            }
        }
        String value = tokenArr[i].getValue();
        if (obj instanceof Collection) {
            ArrayList arrayList2 = new ArrayList();
            for (Object obj3 : (Collection) obj) {
                if (obj3 == null) {
                    this.log.warn("ommitting null object found in collection...");
                } else if (checkTokenConditions(tokenArr[i - 1], obj3)) {
                    arrayList2.addAll(appendResults(obj3, value, i, tokenArr, uri, sAMLObjectValidationContext));
                }
            }
            return arrayList2;
        }
        if (!(obj instanceof Object[])) {
            return checkTokenConditions(tokenArr[i - 1], obj) ? appendResults(obj, value, i, tokenArr, uri, sAMLObjectValidationContext) : new ArrayList();
        }
        Object[] objArr = (Object[]) obj;
        ArrayList arrayList3 = new ArrayList();
        for (int i2 = 0; i2 < objArr.length; i2++) {
            if (objArr[i2] == null) {
                this.log.warn("ommitting null object found in array...");
            } else if (checkTokenConditions(tokenArr[i - 1], objArr[i2])) {
                arrayList3.addAll(appendResults(objArr[i2], value, i, tokenArr, uri, sAMLObjectValidationContext));
            }
        }
        return arrayList3;
    }

    List<Object> appendResults(Object obj, String str, int i, Token[] tokenArr, URI uri, SAMLObjectValidationContext sAMLObjectValidationContext) throws IndeterminateException {
        if (getTypeCondition(tokenArr[i - 1], XACMLAttributeIdURIParser.PREDEFINED_ENCRYPTED_TYPE_NAME) != null && !(obj instanceof EncryptedElementType)) {
            this.log.warn("Element " + tokenArr[i - 1].getValue() + " was expected to be encrypted!");
            return new ArrayList();
        }
        if (obj instanceof EncryptedElementType) {
            try {
                SAMLObject decrypt = this.securityFacade.decrypt((EncryptedElementType) obj);
                if (i == 1) {
                    sAMLObjectValidationContext.setSuccessfullyValidated(null);
                    sAMLObjectValidationContext.setStoredSAMLObject((EncryptedElementType) obj, decrypt);
                }
                obj = decrypt;
            } catch (SecurityFacadeException e) {
                this.log.warn("Exception occured when decrypting object: " + tokenArr[i - 1].getValue(), (Throwable) e);
                return new ArrayList();
            }
        } else if (i == 1 && (obj instanceof SAMLObject)) {
            sAMLObjectValidationContext.setSuccessfullyValidated(null);
            sAMLObjectValidationContext.setStoredSAMLObject((SAMLObject) obj);
        }
        TypeCondition typeCondition = getTypeCondition(tokenArr[i - 1], XACMLAttributeIdURIParser.PREDEFINED_SIGNED_TYPE_NAME);
        if (typeCondition != null) {
            if (!(obj instanceof SignableSAMLObject)) {
                this.log.warn("Element " + tokenArr[i - 1].getValue() + " was expected to be signed but it's not SignableSAMLObject instance!");
                return new ArrayList();
            }
            try {
                if (!this.securityFacade.verifySignature(((SignableSAMLObject) obj).getSignature(), provideSigningCriteria(typeCondition))) {
                    this.log.warn("Invalid signature for object: " + tokenArr[i - 1].getValue());
                    return new ArrayList();
                }
            } catch (SecurityFacadeException e2) {
                this.log.warn("Exception occured when validating signature for object: " + tokenArr[i - 1].getValue(), (Throwable) e2);
                return new ArrayList();
            }
        }
        Method[] methods = obj.getClass().getMethods();
        for (int i2 = 0; i2 < methods.length; i2++) {
            if (methods[i2].getName().equalsIgnoreCase(SAMLObjectAttributeRetrieverConstants.GETTER_PREFIX + str) && methods[i2].getGenericParameterTypes().length == 0) {
                try {
                    return getObjects(i + 1, tokenArr, methods[i2].invoke(obj, new Object[0]), uri, sAMLObjectValidationContext);
                } catch (IllegalAccessException e3) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + 1].getValue() + " object!", e3);
                } catch (IllegalArgumentException e4) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + 1].getValue() + " object!", e4);
                } catch (InvocationTargetException e5) {
                    throw new IndeterminateException("Couldn't retrieve " + tokenArr[i + 1].getValue() + " object!", e5);
                }
            }
        }
        return new ArrayList();
    }

    protected abstract GenericCriteriaSet provideSigningCriteria(TypeCondition typeCondition) throws IndeterminateException;

    /* JADX INFO: Access modifiers changed from: protected */
    public TrustLevel getTrustLevel(TypeCondition typeCondition) throws IndeterminateException {
        if (typeCondition == null || !(typeCondition instanceof ConditionAwareTypeCondition)) {
            return this.samlObjectValidator.getDefaultTrustLevel();
        }
        List<ITokenCondition> conditions = ((ConditionAwareTypeCondition) typeCondition).getConditions();
        if (conditions == null || conditions.size() <= 0) {
            return this.samlObjectValidator.getDefaultTrustLevel();
        }
        ITokenCondition next = conditions.iterator().next();
        if (!(next instanceof TypeCondition)) {
            throw new IndeterminateException("invalid condition in 'signed' URI element defined in policy, cannot determine proper trust level!");
        }
        try {
            return TrustLevel.valueOf(((TypeCondition) next).getType());
        } catch (Exception e) {
            throw new IndeterminateException("invalid trust level defined in 'signed' URI element: " + ((TypeCondition) next).getType() + ", cannot determine proper trust level!", e);
        }
    }

    @Override // an.xacml.engine.AttributeRetriever
    public int getType() {
        return 0;
    }

    @Override // an.xacml.engine.AttributeRetriever
    public boolean isAttributeSupported(URI uri, URI uri2) {
        return uri.toString().startsWith(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX);
    }

    @Override // an.xacml.engine.AttributeRetriever
    public AttributeValue[] retrieveAttributeValues(EvaluationContext evaluationContext, URI uri, URI uri2, String str, URI uri3) throws IndeterminateException {
        if (uri == null || uri.toString() == null) {
            this.log.warn("Got null attrId!");
            return new AttributeValue[0];
        }
        String uri4 = uri.toString();
        if (!uri4.startsWith(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX)) {
            this.log.warn("Unsupported attrId: " + uri4);
            return new AttributeValue[0];
        }
        String substring = uri4.substring(SAMLObjectAttributeRetrieverConstants.SUPPORTED_PREFIX.length());
        try {
            Token[] parse = XACMLAttributeIdURIParser.parse(substring);
            if (parse == null || parse.length == 0) {
                this.log.warn("Couldn't extract tokens from attrId: " + substring);
                return new AttributeValue[0];
            }
            if (!(evaluationContext.getRequest() instanceof ExtendedRequest)) {
                throw new IndeterminateException("Unable to retrieve SAMLObjects attribute: Request from EvaluationContext is not an ExtendedRequest instance.");
            }
            List<SAMLObject> sAMLObjects = ((ExtendedRequest) evaluationContext.getRequest()).getSAMLObjects();
            ArrayList arrayList = new ArrayList();
            if (sAMLObjects != null) {
                try {
                    List<Object> objects = getObjects(1, parse, sAMLObjects, uri2, new SAMLObjectValidationContext(evaluationContext, (SAMLObject) null, str));
                    if (objects != null) {
                        Iterator<Object> it = objects.iterator();
                        while (it.hasNext()) {
                            arrayList.add(AttributeValue.getInstance(uri2, it.next()));
                        }
                    }
                } catch (XMLDataTypeMappingException e) {
                    throw new IndeterminateException("Couldn't retrive value(s) for attrId: " + substring, e);
                } catch (IllegalArgumentException e2) {
                    throw new IndeterminateException("Couldn't retrive value(s) for attrId: " + substring, e2);
                }
            }
            return (AttributeValue[]) arrayList.toArray(new AttributeValue[arrayList.size()]);
        } catch (ParserException e3) {
            this.log.error("Couldn't extract tokens from attrId: " + substring, (Throwable) e3);
            return new AttributeValue[0];
        }
    }

    @Override // an.xacml.engine.AttributeRetriever
    public AttributeValue[] retrieveAttributeValues(EvaluationContext evaluationContext, String str, URI uri, Element element, Map<String, String> map) throws IndeterminateException {
        this.log.warn("Retrieving attribute values using xpath expressions is unsupported in " + getClass().getSimpleName());
        return new AttributeValue[0];
    }

    @Override // an.xacml.AbstractTokenConditionsAware
    public Logger getLogger() {
        return this.log;
    }

    public ISecurityFacade<GenericCriteriaSet> getSecurityFacade() {
        return this.securityFacade;
    }

    public void setSecurityFacade(ISecurityFacade<GenericCriteriaSet> iSecurityFacade) {
        this.securityFacade = iSecurityFacade;
    }

    public IAttributeValueDataConverter getAttributeValueDataConverter() {
        return this.attributeValueDataConverter;
    }

    public void setAttributeValueDataConverter(IAttributeValueDataConverter iAttributeValueDataConverter) {
        this.attributeValueDataConverter = iAttributeValueDataConverter;
    }

    public void setSamlObjectValidator(ISAMLObjectValidator<GenericCriteriaSet> iSAMLObjectValidator) {
        this.samlObjectValidator = iSAMLObjectValidator;
    }

    public ISAMLObjectValidator<GenericCriteriaSet> getSamlObjectValidator() {
        return this.samlObjectValidator;
    }
}
