package eu.unicore.security.user;

import eu.unicore.samly2.assertion.Assertion;
import eu.unicore.samly2.elements.SAMLAttribute;
import eu.unicore.samly2.exceptions.SAMLValidationException;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.xmlbeans.XmlException;
import xmlbeans.org.oasis.saml2.assertion.AssertionDocument;
import xmlbeans.org.oasis.saml2.assertion.AssertionType;
import xmlbeans.org.oasis.saml2.assertion.AttributeStatementType;
import xmlbeans.org.oasis.saml2.assertion.AttributeType;
import xmlbeans.org.oasis.saml2.assertion.SubjectType;

/* loaded from: input_file:eu/unicore/security/user/UserAssertion.class */
public class UserAssertion extends Assertion {
    private static final long serialVersionUID = 7953888384523638747L;
    public static final String USER_ROLE = "USER";
    public static final String ROLE_NAME_FORMAT = "urn:unicore:subject-role";

    public UserAssertion(String str, String str2) {
        constructorCommon(str, str2);
    }

    public UserAssertion(String str, X509Certificate[] x509CertificateArr) throws CertificateEncodingException {
        constructorCommon(str, x509CertificateArr[0].getSubjectX500Principal().getName());
        setSenderVouchesX509Confirmation(x509CertificateArr);
    }

    private void constructorCommon(String str, String str2) {
        addAttribute(new SAMLAttribute(USER_ROLE, "urn:unicore:subject-role"));
        setX509Issuer(str);
        setX509Subject(str2);
    }

    public UserAssertion(AssertionDocument assertionDocument) throws SAMLValidationException, XmlException, IOException {
        super(assertionDocument);
        AssertionType assertion = assertionDocument.getAssertion();
        SubjectType subject = assertion.getSubject();
        if (subject == null || subject.isNil() || subject.getNameID() == null || subject.getNameID().isNil() || subject.getNameID().getStringValue() == null) {
            throw new SAMLValidationException("No subject (user) in assertion.");
        }
        if (!"urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName".equals(subject.getNameID().getFormat())) {
            throw new SAMLValidationException("Subject (user) in User assertion must be of DN format");
        }
        boolean z = false;
        AttributeStatementType[] attributeStatementArray = assertion.getAttributeStatementArray();
        if (attributeStatementArray == null) {
            throw new SAMLValidationException("No attribute statement in SAML assertion");
        }
        for (AttributeStatementType attributeStatementType : attributeStatementArray) {
            AttributeType[] attributeArray = attributeStatementType.getAttributeArray();
            int i = 0;
            while (true) {
                if (i >= attributeArray.length) {
                    break;
                }
                if (attributeArray[i].getName().equals(USER_ROLE) && attributeArray[i].getNameFormat().equals("urn:unicore:subject-role")) {
                    z = true;
                    break;
                }
                i++;
            }
            if (z) {
                break;
            }
        }
        if (!z) {
            throw new SAMLValidationException("SAML assertion doesn't contain user role attirbute");
        }
    }

    public String getUserDN() {
        return getSubjectName();
    }

    public X509Certificate[] getUserCertificate() {
        return getSubjectFromConfirmation();
    }
}
