package eu.unicore.security.consignor;

import eu.unicore.samly2.SAMLConstants;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import eu.unicore.security.Client;
import eu.unicore.security.ValidationResult;
import eu.unicore.security.dsig.DSigException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import xmlbeans.org.oasis.saml2.assertion.AuthnContextDocument;
import xmlbeans.org.oasis.saml2.assertion.SubjectLocalityDocument;
import xmlbeans.org.oasis.saml2.assertion.SubjectLocalityType;

/* loaded from: input_file:eu/unicore/security/consignor/ConsignorImpl.class */
public class ConsignorImpl implements ConsignorAPI {
    @Override // eu.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, X509Certificate[] x509CertificateArr, PrivateKey privateKey, int i, int i2, SAMLConstants.AuthNClasses authNClasses, String str2) throws DSigException {
        ConsignorAssertion consignorAssertion = new ConsignorAssertion();
        consignorAssertion.setX509Issuer(str);
        if (x509CertificateArr != null) {
            consignorAssertion.setX509Subject(x509CertificateArr[0].getSubjectX500Principal().getName());
            try {
                consignorAssertion.setSenderVouchesX509Confirmation(x509CertificateArr);
            } catch (CertificateEncodingException e) {
                throw new DSigException(e);
            }
        } else {
            consignorAssertion.setX509Subject(Client.ANONYMOUS_CLIENT_DN);
        }
        Calendar calendar = Calendar.getInstance();
        if (authNClasses.equals(SAMLConstants.AuthNClasses.TLS)) {
            AuthnContextDocument newInstance = AuthnContextDocument.Factory.newInstance();
            SubjectLocalityType addNewSubjectLocality = SubjectLocalityDocument.Factory.newInstance().addNewSubjectLocality();
            addNewSubjectLocality.setAddress(str2);
            consignorAssertion.addAuthStatement(calendar, newInstance.addNewAuthnContext(), null, null, addNewSubjectLocality);
        }
        Date date = null;
        Date date2 = null;
        if (i >= 0) {
            calendar.add(13, -i);
            date = calendar.getTime();
        }
        if (i2 >= 0) {
            calendar.add(13, i2);
            date2 = calendar.getTime();
        }
        if (date != null || date2 != null) {
            consignorAssertion.setTimeConditions(date, date2);
        }
        if (privateKey != null) {
            consignorAssertion.sign(privateKey);
        }
        return consignorAssertion;
    }

    @Override // eu.unicore.security.consignor.ConsignorAPI
    public ValidationResult verifyConsignorToken(ConsignorAssertion consignorAssertion, X509Certificate x509Certificate) {
        try {
            new ConsignorValidator(x509Certificate).validate(consignorAssertion.getXMLBeanDoc());
            return new ValidationResult(true, "OK");
        } catch (SAMLValidationException e) {
            return new ValidationResult(false, e.getMessage());
        }
    }

    @Override // eu.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, X509Certificate[] x509CertificateArr, SAMLConstants.AuthNClasses authNClasses, String str2) throws DSigException {
        return generateConsignorToken(str, x509CertificateArr, null, -1, -1, authNClasses, str2);
    }

    @Override // eu.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str, int i, int i2, PrivateKey privateKey, String str2) throws DSigException {
        return generateConsignorToken(str, null, privateKey, i, i2, SAMLConstants.AuthNClasses.NONE, str2);
    }

    @Override // eu.unicore.security.consignor.ConsignorAPI
    public ConsignorAssertion generateConsignorToken(String str) {
        try {
            return generateConsignorToken(str, null, null, -1, -1, SAMLConstants.AuthNClasses.NONE, null);
        } catch (DSigException e) {
            return null;
        }
    }
}
