package pl.edu.icm.yadda.aas.refresher.impl;

import java.io.Serializable;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.joda.time.DateTime;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.Attribute;
import org.opensaml.lite.saml2.core.AttributeStatement;
import org.opensaml.lite.saml2.core.impl.AttributeImpl;
import org.opensaml.lite.saml2.core.impl.AttributeStatementImpl;
import org.opensaml.lite.saml2.core.impl.ConditionsImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.oblig.analyzer.module.impl.AssertionCreatorObligationAnalyzerModule;
import pl.edu.icm.yadda.aas.refresher.IExpirationValidator;
import pl.edu.icm.yadda.aas.refresher.IRefresher;
import pl.edu.icm.yadda.aas.refresher.RefresherException;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-4.0.0.jar:pl/edu/icm/yadda/aas/refresher/impl/AttributeStatementBasedAssertionRefresher.class */
public class AttributeStatementBasedAssertionRefresher implements IRefresher<Assertion>, IExpirationValidator<Assertion> {
    public static final String ATTRIBUTE_NAME_REFRESHES_COUNT = "yadda:security:refreshes-count";
    public static final String ATTRIBUTE_NAME_TIME_FRAME = "yadda:security:time-frame";
    protected IDateTimeProvider dateTimeProvider;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected boolean refreshAsNewAssertion = true;

    @Override // pl.edu.icm.yadda.aas.refresher.IRefresher
    public Assertion refresh(Assertion assertion) throws RefresherException {
        if (assertion == null || assertion.getConditions() == null) {
            throw new RefresherException("Couldn't refresh assertion, no conditions object!");
        }
        if (assertion.getConditions().getNotBefore() == null || assertion.getConditions().getNotOnOrAfter() == null) {
            throw new RefresherException("None of NotBefore, NotOnOrAfter can be null!");
        }
        if (Integer.valueOf(getRefreshesCount(assertion)) == null) {
            throw new RefresherException("Assertion cannot be refreshed: couldn't find refreshes count attribute!");
        }
        return performDateTimeRefresh(assertion, this.dateTimeProvider.getCurrentDateTime());
    }

    protected Assertion performDateTimeRefresh(Assertion assertion, DateTime dateTime) throws RefresherException {
        Object[] refreshParams = getRefreshParams(assertion, dateTime);
        if (refreshParams == null || refreshParams.length != 3) {
            throw new RefresherException("Assertion " + assertion.getID() + " cannot be refreshed: no refreshes left!");
        }
        long longValue = ((Long) refreshParams[0]).longValue();
        long longValue2 = ((Long) refreshParams[1]).longValue();
        int intValue = ((Integer) refreshParams[2]).intValue();
        if (this.refreshAsNewAssertion) {
            Assertion createBareAssertion = AssertionCreatorObligationAnalyzerModule.createBareAssertion(assertion.getID(), assertion.getIssueInstant(), assertion.getIssuer() != null ? assertion.getIssuer().getValue() : null);
            setTimeFrameInAttribute(createBareAssertion, Long.valueOf(longValue));
            setRefreshesCount(createBareAssertion, getRefreshesCount(assertion) - intValue);
            createBareAssertion.setConditions(new ConditionsImpl());
            createBareAssertion.getConditions().setNotBefore(dateTime);
            createBareAssertion.getConditions().setNotOnOrAfter(new DateTime(longValue2, dateTime.getZone()));
            return createBareAssertion;
        }
        setTimeFrameInAttribute(assertion, Long.valueOf(longValue));
        substractRefreshesCount(assertion, Integer.valueOf(intValue));
        assertion.getConditions().setNotBefore(dateTime);
        assertion.getConditions().setNotOnOrAfter(new DateTime(longValue2, dateTime.getZone()));
        if (assertion.getSignature() != null) {
            assertion.setSigned(false);
            assertion.setSignature(null);
        }
        return assertion;
    }

    public static int getRefreshesCount(Assertion assertion) {
        if (assertion.getAttributeStatement() == null) {
            return 0;
        }
        for (AttributeStatement attributeStatement : assertion.getAttributeStatement()) {
            if (attributeStatement.getAttributes() != null) {
                for (Attribute attribute : attributeStatement.getAttributes()) {
                    if (ATTRIBUTE_NAME_REFRESHES_COUNT.equals(attribute.getName())) {
                        Serializable next = attribute.getAttributeValues().iterator().next();
                        return next instanceof Integer ? ((Integer) next).intValue() : Integer.valueOf((String) next).intValue();
                    }
                }
            }
        }
        return 0;
    }

    public static void setRefreshesCount(Assertion assertion, int i) {
        List<AttributeStatement> attributeStatement = assertion.getAttributeStatement();
        if (attributeStatement != null) {
            for (AttributeStatement attributeStatement2 : attributeStatement) {
                if (attributeStatement2.getAttributes() != null) {
                    for (Attribute attribute : attributeStatement2.getAttributes()) {
                        if (ATTRIBUTE_NAME_REFRESHES_COUNT.equals(attribute.getName())) {
                            ArrayList arrayList = new ArrayList(1);
                            arrayList.add(Integer.valueOf(i));
                            attribute.setAttributeValues(arrayList);
                            return;
                        }
                    }
                }
            }
        }
        AttributeImpl attributeImpl = new AttributeImpl();
        attributeImpl.setName(ATTRIBUTE_NAME_REFRESHES_COUNT);
        ArrayList arrayList2 = new ArrayList(1);
        arrayList2.add(Integer.valueOf(i));
        attributeImpl.setAttributeValues(arrayList2);
        if (attributeStatement != null && !attributeStatement.isEmpty()) {
            attributeStatement.iterator().next().getAttributes().add(attributeImpl);
            return;
        }
        AttributeStatementImpl attributeStatementImpl = new AttributeStatementImpl();
        ArrayList arrayList3 = new ArrayList(1);
        arrayList3.add(attributeImpl);
        attributeStatementImpl.setAttributes(arrayList3);
        assertion.getStatements().add(attributeStatementImpl);
    }

    protected void substractRefreshesCount(Assertion assertion, Integer num) throws RefresherException {
        if (assertion.getAttributeStatement() != null) {
            for (AttributeStatement attributeStatement : assertion.getAttributeStatement()) {
                if (attributeStatement.getAttributes() != null) {
                    for (Attribute attribute : attributeStatement.getAttributes()) {
                        if (ATTRIBUTE_NAME_REFRESHES_COUNT.equals(attribute.getName())) {
                            Serializable next = attribute.getAttributeValues().iterator().next();
                            Integer valueOf = next instanceof Integer ? (Integer) next : Integer.valueOf((String) next);
                            ArrayList arrayList = new ArrayList(1);
                            arrayList.add(Integer.valueOf(valueOf.intValue() - num.intValue()));
                            attribute.setAttributeValues(arrayList);
                            return;
                        }
                    }
                }
            }
        }
        throw new RefresherException("unable to subtract refreshes count: attribute not found!");
    }

    protected Object[] getRefreshParams(Assertion assertion, DateTime dateTime) {
        Long timeFrameFromAttribute = getTimeFrameFromAttribute(assertion);
        if (timeFrameFromAttribute == null) {
            timeFrameFromAttribute = Long.valueOf(assertion.getConditions().getNotOnOrAfter().getMillis() - assertion.getConditions().getNotBefore().getMillis());
        }
        int i = 0;
        int refreshesCount = getRefreshesCount(assertion);
        boolean z = false;
        long millis = assertion.getConditions().getNotOnOrAfter().getMillis();
        if (dateTime.getMillis() < millis) {
            return refreshesCount > 0 ? new Object[]{timeFrameFromAttribute, Long.valueOf(millis + timeFrameFromAttribute.longValue()), 1} : new Object[0];
        }
        while (dateTime.getMillis() >= millis && !z) {
            i++;
            millis += timeFrameFromAttribute.longValue();
            if (i > refreshesCount) {
                z = true;
            }
        }
        return z ? new Object[0] : new Object[]{timeFrameFromAttribute, Long.valueOf(millis), Integer.valueOf(i)};
    }

    protected Long getTimeFrameFromAttribute(Assertion assertion) {
        if (assertion.getAttributeStatement() == null) {
            return null;
        }
        for (AttributeStatement attributeStatement : assertion.getAttributeStatement()) {
            if (attributeStatement.getAttributes() != null) {
                for (Attribute attribute : attributeStatement.getAttributes()) {
                    if (ATTRIBUTE_NAME_TIME_FRAME.equals(attribute.getName())) {
                        Serializable next = attribute.getAttributeValues().iterator().next();
                        return next instanceof Long ? (Long) next : Long.valueOf((String) next);
                    }
                }
            }
        }
        return null;
    }

    protected void setTimeFrameInAttribute(Assertion assertion, Long l) {
        List<AttributeStatement> attributeStatement = assertion.getAttributeStatement();
        if (attributeStatement != null) {
            for (AttributeStatement attributeStatement2 : attributeStatement) {
                if (attributeStatement2.getAttributes() != null) {
                    Iterator<Attribute> it = attributeStatement2.getAttributes().iterator();
                    while (it.hasNext()) {
                        if (ATTRIBUTE_NAME_TIME_FRAME.equals(it.next().getName())) {
                            return;
                        }
                    }
                }
            }
        }
        AttributeImpl attributeImpl = new AttributeImpl();
        attributeImpl.setName(ATTRIBUTE_NAME_TIME_FRAME);
        ArrayList arrayList = new ArrayList(1);
        arrayList.add(l);
        attributeImpl.setAttributeValues(arrayList);
        if (attributeStatement != null && !attributeStatement.isEmpty()) {
            attributeStatement.iterator().next().getAttributes().add(attributeImpl);
            return;
        }
        AttributeStatementImpl attributeStatementImpl = new AttributeStatementImpl();
        ArrayList arrayList2 = new ArrayList(1);
        arrayList2.add(attributeImpl);
        attributeStatementImpl.setAttributes(arrayList2);
        assertion.getStatements().add(attributeStatementImpl);
    }

    @Override // pl.edu.icm.yadda.aas.refresher.IExpirationValidator
    public IExpirationValidator.ExpirationStatus validate(Assertion assertion) {
        if (assertion == null || assertion.getConditions() == null) {
            this.log.warn("cannot verify if assertion is not expired: no Conditions object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        if (assertion.getConditions().getNotBefore() == null) {
            this.log.warn("cannot verify if assertion is not expired: no NotBefore dateTime object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        DateTime currentDateTime = this.dateTimeProvider.getCurrentDateTime();
        if (currentDateTime.isBefore(assertion.getConditions().getNotBefore().getMillis())) {
            this.log.warn("assertion " + assertion.getID() + " is not valid yet! Current time: " + currentDateTime + ", assertion not before time: " + assertion.getConditions().getNotBefore());
            return IExpirationValidator.ExpirationStatus.notYetValid;
        }
        if (assertion.getConditions().getNotOnOrAfter() == null) {
            this.log.warn("cannot verify if assertion is not expired: no NotBefore dateTime object!");
            return IExpirationValidator.ExpirationStatus.indeterminate;
        }
        if (currentDateTime.isBefore(assertion.getConditions().getNotOnOrAfter().getMillis())) {
            this.log.debug("assertion " + assertion.getID() + " is not expired");
            return IExpirationValidator.ExpirationStatus.valid;
        }
        Object[] refreshParams = getRefreshParams(assertion, currentDateTime);
        if (refreshParams == null || refreshParams.length <= 0) {
            this.log.warn("assertion " + assertion.getID() + " is permanently expired! Current time: " + currentDateTime + ", assertion notOnOrAfter time: " + assertion.getConditions().getNotOnOrAfter());
            return IExpirationValidator.ExpirationStatus.permanently_expired;
        }
        this.log.warn("assertion " + assertion.getID() + " is expired but can be refreshed! Current time: " + currentDateTime + ", assertion notOnOrAfter time: " + assertion.getConditions().getNotOnOrAfter());
        return IExpirationValidator.ExpirationStatus.expired_refreshable;
    }

    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }
}
