package pl.edu.icm.yadda.aas.refresher.impl;

import org.joda.time.DateTime;
import org.opensaml.lite.saml2.core.Assertion;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.refresher.IExpirationValidator;
import pl.edu.icm.yadda.aas.refresher.IRefresher;
import pl.edu.icm.yadda.aas.refresher.RefresherException;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-1.12.8.jar:pl/edu/icm/yadda/aas/refresher/impl/ProxyCountBasedAssertionRefresher.class */
public class ProxyCountBasedAssertionRefresher implements IRefresher<Assertion>, IExpirationValidator<Assertion> {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private IDateTimeProvider dateTimeProvider;

    @Override // pl.edu.icm.yadda.aas.refresher.IRefresher
    public Assertion refresh(Assertion assertion) throws RefresherException {
        if (assertion == null || assertion.getConditions() == null) {
            throw new RefresherException("Couldn't refresh assertion, no conditions object!");
        }
        if (assertion.getConditions().getNotBefore() == null || assertion.getConditions().getNotOnOrAfter() == null || assertion.getConditions().getProxyRestriction() == null || assertion.getConditions().getProxyRestriction().getProxyCount() == null) {
            throw new RefresherException("None of NotBefore, NotOnOrAfter, ProxyRestriction#proxyCount can be null!");
        }
        DateTime currentDateTime = this.dateTimeProvider.getCurrentDateTime();
        if (assertion.getConditions().getNotOnOrAfter().getMillis() > currentDateTime.getMillis()) {
            this.log.warn("No need for refreshing assertion " + assertion.getID() + ", NotOnOrAfter time: " + assertion.getConditions().getNotOnOrAfter() + ", current time: " + currentDateTime);
            return assertion;
        }
        Object[] refreshParams = getRefreshParams(assertion, currentDateTime);
        if (refreshParams == null || refreshParams.length != 3) {
            throw new RefresherException("Assertion " + assertion.getID() + " is permanently expired!");
        }
        long longValue = ((Long) refreshParams[0]).longValue();
        long longValue2 = ((Long) refreshParams[1]).longValue();
        assertion.getConditions().getProxyRestriction().setProxyCount(Integer.valueOf(assertion.getConditions().getProxyRestriction().getProxyCount().intValue() - ((Integer) refreshParams[2]).intValue()));
        assertion.getConditions().setNotOnOrAfter(new DateTime(longValue2));
        assertion.getConditions().setNotBefore(new DateTime(longValue2 - longValue));
        if (assertion.getSignature() != null) {
            assertion.setSigned(false);
            assertion.setSignature(null);
        }
        return assertion;
    }

    protected Object[] getRefreshParams(Assertion assertion, DateTime dateTime) {
        long millis = assertion.getConditions().getNotOnOrAfter().getMillis() - assertion.getConditions().getNotBefore().getMillis();
        int i = 0;
        boolean z = false;
        long millis2 = assertion.getConditions().getNotOnOrAfter().getMillis();
        while (dateTime.getMillis() >= millis2 && !z) {
            i++;
            millis2 += millis;
            if (i > assertion.getConditions().getProxyRestriction().getProxyCount().intValue()) {
                z = true;
            }
        }
        return z ? new Object[0] : new Object[]{Long.valueOf(millis), Long.valueOf(millis2), Integer.valueOf(i)};
    }

    @Override // pl.edu.icm.yadda.aas.refresher.IExpirationValidator
    public IExpirationValidator.ExpirationStatus validate(Assertion assertion) {
        if (assertion == null || assertion.getConditions() == null) {
            this.log.warn("cannot verify if assertion is not expired: no Conditions object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        if (assertion.getConditions().getNotBefore() == null) {
            this.log.warn("cannot verify if assertion is not expired: no NotBefore dateTime object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        DateTime currentDateTime = this.dateTimeProvider.getCurrentDateTime();
        if (currentDateTime.isBefore(assertion.getConditions().getNotBefore().getMillis())) {
            this.log.warn("assertion " + assertion.getID() + " is not valid yet! Current time: " + currentDateTime + ", assertion not before time: " + assertion.getConditions().getNotBefore());
            return IExpirationValidator.ExpirationStatus.notYetValid;
        }
        if (assertion.getConditions().getNotOnOrAfter() == null) {
            this.log.warn("cannot verify if assertion is not expired: no NotBefore dateTime object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        if (currentDateTime.isBefore(assertion.getConditions().getNotOnOrAfter().getMillis())) {
            this.log.debug("assertion " + assertion.getID() + " is not expired");
            return IExpirationValidator.ExpirationStatus.valid;
        }
        Object[] refreshParams = getRefreshParams(assertion, currentDateTime);
        if (refreshParams == null || refreshParams.length <= 0) {
            this.log.warn("assertion " + assertion.getID() + " is permanently expired! Current time: " + currentDateTime + ", assertion notOnOrAfter time: " + assertion.getConditions().getNotOnOrAfter());
            return IExpirationValidator.ExpirationStatus.permanently_expired;
        }
        this.log.warn("assertion " + assertion.getID() + " is expired but can be refreshed! Current time: " + currentDateTime + ", assertion notOnOrAfter time: " + assertion.getConditions().getNotOnOrAfter());
        return IExpirationValidator.ExpirationStatus.expired_refreshable;
    }

    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }
}
