package pl.edu.icm.yadda.aas.oblig.analyzer.module.impl;

import org.apache.log4j.Logger;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.saml2.core.Assertion;
import org.opensaml.lite.saml2.core.EncryptedAssertion;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.CriteriaSet;
import org.opensaml.lite.security.criteria.PublicKeyCriteria;
import pl.edu.icm.yadda.aas.client.IRemoteAssertionHolder;
import pl.edu.icm.yadda.aas.keystore.IInternalKeyStore;
import pl.edu.icm.yadda.aas.oblig.analyzer.AnalyzerResultObject;
import pl.edu.icm.yadda.aas.oblig.analyzer.InternalObligationAnalyzerException;
import pl.edu.icm.yadda.aas.oblig.analyzer.module.IInternalObligationAnalyzerModule;
import pl.edu.icm.yadda.aas.oblig.analyzer.module.ObligationAnalyzerModuleRequest;
import pl.edu.icm.yadda.aas.refresher.IRefresher;
import pl.edu.icm.yadda.aas.refresher.RefresherException;
import pl.edu.icm.yadda.aas.saml.validator.AssertionValidatorHelper;
import pl.edu.icm.yadda.aas.security.ISecurityFacade;
import pl.edu.icm.yadda.aas.security.SecurityFacadeException;
import pl.edu.icm.yadda.aas.timesync.IDateTimeProvider;

/* loaded from: input_file:pl/edu/icm/yadda/aas/oblig/analyzer/module/impl/AssertionRefresherObligationAnalyzerModule.class */
public class AssertionRefresherObligationAnalyzerModule implements IInternalObligationAnalyzerModule {
    protected static final Logger log = Logger.getLogger(AssertionRefresherObligationAnalyzerModule.class);
    private ISecurityFacade securityFacade;
    private IInternalKeyStore<Credential> internalKeyStore;
    private IInternalObligationAnalyzerModule signerModule;
    private IRefresher<Assertion> refresher;
    private IRemoteAssertionHolder assertionHolder;
    private IDateTimeProvider dateTimeProvider;

    @Override // pl.edu.icm.yadda.aas.oblig.analyzer.module.IInternalObligationAnalyzerModule
    public AnalyzerResultObject maintain(ObligationAnalyzerModuleRequest obligationAnalyzerModuleRequest) throws InternalObligationAnalyzerException {
        if (obligationAnalyzerModuleRequest.getSourceSAMLObjects() == null || obligationAnalyzerModuleRequest.getSourceSAMLObjects().size() == 0) {
            throw new InternalObligationAnalyzerException("No assertion provided for refreshing!");
        }
        if (obligationAnalyzerModuleRequest.getSourceSAMLObjects().size() > 1) {
            throw new InternalObligationAnalyzerException("expected 1 assertion, got: " + obligationAnalyzerModuleRequest.getSourceSAMLObjects().size());
        }
        SAMLObject sAMLObject = obligationAnalyzerModuleRequest.getSourceSAMLObjects().get(0);
        if (sAMLObject instanceof EncryptedAssertion) {
            throw new InternalObligationAnalyzerException("refreshing of EncryptedAssertion objects is not supported yet!");
        }
        if (!(sAMLObject instanceof Assertion)) {
            throw new InternalObligationAnalyzerException("unsupported saml object instance: " + sAMLObject.getClass().getName());
        }
        Assertion assertion = (Assertion) sAMLObject;
        if (assertion.isSigned()) {
            try {
                if (!this.securityFacade.verifySignature(assertion.getSignature(), new CriteriaSet(new PublicKeyCriteria(this.internalKeyStore.getInternalSigningCredential().getPublicKey())))) {
                    throw new InternalObligationAnalyzerException("Assertion " + assertion.getID() + " wasn't signed by this AAS instance or it's content was modified!");
                }
            } catch (SecurityFacadeException e) {
                throw new InternalObligationAnalyzerException("Exception occured when checking assertion's signature!", e);
            }
        }
        return new AnalyzerResultObject(handleRefreshing(assertion));
    }

    protected Assertion handleRefreshing(Assertion assertion) throws InternalObligationAnalyzerException {
        Assertion assertion2 = this.assertionHolder.getAssertion(assertion.getID());
        if (assertion2 == null) {
            throw new InternalObligationAnalyzerException("Assertion " + assertion.getID() + " not found in assertion holder! Probably session is expired!");
        }
        if (assertion.getConditions() == null || assertion.getConditions().getNotOnOrAfter() == null) {
            throw new InternalObligationAnalyzerException("Cannot determine assertion's " + assertion.getID() + " expiration time!");
        }
        Assertion assertion3 = assertion;
        if (assertion2.getConditions() == null || assertion2.getConditions().getNotOnOrAfter() == null) {
            log.warn("Cannot determine stored assertion's" + assertion.getID() + " expiration time! Refreshing...");
        } else if (assertion2.getConditions().getNotOnOrAfter().getMillis() > assertion.getConditions().getNotOnOrAfter().getMillis()) {
            assertion3 = assertion2;
            if (AssertionValidatorHelper.checkDateTimeStatus(assertion2, this.dateTimeProvider.getCurrentDateTime()) == AssertionValidatorHelper.AssertionDateTimeStatus.valid) {
                log.info("No need for refreshing assertion, instance stored inside assertion holder is not expired yet, returning...!");
                return assertion2;
            }
        }
        try {
            boolean isSigned = assertion3.isSigned();
            Assertion refresh = this.refresher.refresh(assertion3);
            if (refresh == null) {
                this.assertionHolder.revoke(assertion3.getID());
                throw new InternalObligationAnalyzerException("Got null assertion from refresher module! Revoking assertion in AssertionHolder!");
            }
            if (!isSigned) {
                return revalidateAssertion(refresh);
            }
            AnalyzerResultObject maintain = this.signerModule.maintain(new ObligationAnalyzerModuleRequest(null, refresh, null, null));
            if (maintain.getCurrentSAMLObject() != null) {
                return revalidateAssertion((Assertion) maintain.getCurrentSAMLObject());
            }
            this.assertionHolder.revoke(assertion3.getID());
            throw new InternalObligationAnalyzerException("Signer module returned null assertion! Revoking assertion in AssertionHolder!");
        } catch (RefresherException e) {
            this.assertionHolder.revoke(assertion3.getID());
            throw new InternalObligationAnalyzerException("Couldn't refresh assertion, exception occured in refresher module! Revoking assertion in AssertionHolder!", e);
        }
    }

    protected Assertion revalidateAssertion(Assertion assertion) throws InternalObligationAnalyzerException {
        AssertionValidatorHelper.AssertionDateTimeStatus checkDateTimeStatus = AssertionValidatorHelper.checkDateTimeStatus(assertion, this.dateTimeProvider.getCurrentDateTime());
        if (checkDateTimeStatus == AssertionValidatorHelper.AssertionDateTimeStatus.valid) {
            this.assertionHolder.updateAssertion(assertion);
            return assertion;
        }
        this.assertionHolder.revoke(assertion.getID());
        throw new InternalObligationAnalyzerException("Refreshed assertion is still invalid! Got status AssertionDateTimeStatus: " + checkDateTimeStatus);
    }

    public void setSecurityFacade(ISecurityFacade iSecurityFacade) {
        this.securityFacade = iSecurityFacade;
    }

    public void setInternalKeyStore(IInternalKeyStore<Credential> iInternalKeyStore) {
        this.internalKeyStore = iInternalKeyStore;
    }

    public void setSignerModule(IInternalObligationAnalyzerModule iInternalObligationAnalyzerModule) {
        if (!(iInternalObligationAnalyzerModule instanceof SignerObligationAnalyzerModule)) {
            throw new RuntimeException("assertion signer module is not an instance of SignerObligationAnalyzerModule!");
        }
        this.signerModule = iInternalObligationAnalyzerModule;
    }

    public void setRefresher(IRefresher<Assertion> iRefresher) {
        this.refresher = iRefresher;
    }

    public IRefresher<Assertion> getRefresher() {
        return this.refresher;
    }

    public void setAssertionHolder(IRemoteAssertionHolder iRemoteAssertionHolder) {
        this.assertionHolder = iRemoteAssertionHolder;
    }

    public void setDateTimeProvider(IDateTimeProvider iDateTimeProvider) {
        this.dateTimeProvider = iDateTimeProvider;
    }
}
