package it.eng.rdlab.soa3.assertion.validation;

import it.eng.rdlab.soa3.assertion.configuration.ConfigurationBean;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.PublicKey;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
import java.util.ArrayList;
import java.util.Iterator;
import javax.xml.namespace.QName;
import javax.xml.transform.dom.DOMSource;
import javax.xml.validation.Schema;
import org.apache.log4j.Logger;
import org.joda.time.DateTime;
import org.opensaml.DefaultBootstrap;
import org.opensaml.common.xml.SAMLSchemaBuilder;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.io.Unmarshaller;
import org.opensaml.xml.parse.BasicParserPool;
import org.opensaml.xml.parse.XMLParserException;
import org.opensaml.xml.security.x509.BasicX509Credential;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.SignatureValidator;
import org.opensaml.xml.validation.ValidationException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/classes/it/eng/rdlab/soa3/assertion/validation/Assertionsvalidation.class */
public class Assertionsvalidation implements IAssertionValidator {
    private static Logger log = Logger.getLogger(Assertionsvalidation.class);
    private ConfigurationBean configuration;

    @Override // it.eng.rdlab.soa3.assertion.validation.IAssertionValidator
    public void configure(ConfigurationBean configurationBean) {
        this.configuration = configurationBean;
    }

    @Override // it.eng.rdlab.soa3.assertion.validation.IAssertionValidator
    public Assertion validateAssertions(String str) throws AssertionValidationException, ConfigurationException {
        if (this.configuration == null) {
            throw new ConfigurationException("Null configuration");
        }
        Assertion assertionObject = getAssertionObject(str);
        if (assertionObject == null) {
            log.error("Invalid XML!!!");
        } else if (!validateTimeInterval(assertionObject)) {
            log.debug("Invalid time interval");
            assertionObject = null;
        } else if (!validateSignature(assertionObject)) {
            log.debug("Invalid signature");
            assertionObject = null;
        }
        return assertionObject;
    }

    @Override // it.eng.rdlab.soa3.assertion.validation.IAssertionValidator
    public Assertion getAssertionObject(String str) {
        log.debug("Generating assertion object...");
        try {
            log.debug("Parsing XML...");
            Element documentElement = validateAndParse(str).getDocumentElement();
            log.debug("XML parsed");
            QName qName = new QName(documentElement.getNamespaceURI(), documentElement.getLocalName(), documentElement.getPrefix());
            log.debug("Getting unmarshaller...");
            Unmarshaller unmarshaller = Configuration.getUnmarshallerFactory().getUnmarshaller(qName);
            log.debug("Unmarshaller get, generating assertion...");
            Assertion assertion = (Assertion) unmarshaller.unmarshall(documentElement);
            log.debug("Assertion generated");
            return assertion;
        } catch (Exception e) {
            log.error("Unable to generate assertion object", e);
            return null;
        }
    }

    @Override // it.eng.rdlab.soa3.assertion.validation.IAssertionValidator
    public boolean validateTimeInterval(Assertion assertion) {
        String property = this.configuration.getProperty(ConfigurationBean.TIME_VALIDATION_ENABLED);
        if (property != null && property.equalsIgnoreCase("false")) {
            log.debug("Time validation disabled: the step will be skipped");
            return true;
        }
        log.debug("Evaluating timing conditions...");
        boolean z = true;
        Conditions conditions = assertion.getConditions();
        if (conditions != null) {
            log.debug("Comparing notBefore instant...");
            DateTime dateTime = new DateTime();
            log.debug("Current instant = " + dateTime);
            DateTime notBefore = conditions.getNotBefore();
            log.debug("Not before = " + notBefore);
            if (notBefore == null || !dateTime.isBefore(notBefore)) {
                log.debug("Comparing notOnOrAfter instant...");
                DateTime notOnOrAfter = conditions.getNotOnOrAfter();
                log.debug("Not on or after = " + notOnOrAfter);
                if (notOnOrAfter != null && !dateTime.isBefore(notOnOrAfter)) {
                    z = false;
                }
            } else {
                z = false;
            }
        }
        log.debug("Time interval check completed with result " + z);
        return z;
    }

    @Override // it.eng.rdlab.soa3.assertion.validation.IAssertionValidator
    public boolean validateSignature(Assertion assertion) throws ConfigurationException {
        String property = this.configuration.getProperty(ConfigurationBean.SIGNATURE_VALIDATION_ENABLED);
        if (property != null && property.equalsIgnoreCase("false")) {
            log.debug("Signature validation disabled: the step will be skipped");
            return true;
        }
        log.debug("Signature validation enabled");
        String property2 = this.configuration.getProperty(ConfigurationBean.PUBLIC_KEY);
        if (property2 == null) {
            throw new ConfigurationException("Invalid ca cert path");
        }
        File file = new File(property2);
        ArrayList arrayList = new ArrayList();
        if (file.isDirectory()) {
            log.debug("The inserted path is a directory");
            for (File file2 : file.listFiles()) {
                log.debug("File found " + file2.getAbsolutePath());
                arrayList.add(file2);
            }
        } else {
            log.debug("the inserted path is a file " + property2);
            arrayList.add(file);
        }
        Signature signature = assertion.getSignature();
        log.debug("Signature Reference ID: " + signature.toString());
        boolean z = false;
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext() && !z) {
            try {
                FileInputStream fileInputStream = new FileInputStream((File) it2.next());
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                fileInputStream.close();
                X509EncodedKeySpec x509EncodedKeySpec = new X509EncodedKeySpec(x509Certificate.getPublicKey().getEncoded());
                KeyFactory keyFactory = KeyFactory.getInstance(ConfigurationBean.KEYFACTORY_ALG);
                log.debug("Security Provider: " + keyFactory.getProvider().toString());
                PublicKey generatePublic = keyFactory.generatePublic(x509EncodedKeySpec);
                log.debug("Public Key created");
                BasicX509Credential basicX509Credential = new BasicX509Credential();
                basicX509Credential.setPublicKey(generatePublic);
                try {
                    new SignatureValidator(basicX509Credential).validate(signature);
                    log.debug("signature is valid");
                    z = true;
                } catch (ValidationException e) {
                    log.debug("signature is not valid");
                }
            } catch (Exception e2) {
                log.error("Certificate file not valid", e2);
            }
        }
        log.debug("Validation process finished with result " + z);
        return z;
    }

    private Document validateAndParse(String str) throws SAXException, XMLParserException, IOException {
        Schema sAML11Schema = SAMLSchemaBuilder.getSAML11Schema();
        BasicParserPool basicParserPool = new BasicParserPool();
        basicParserPool.setNamespaceAware(true);
        basicParserPool.setIgnoreElementContentWhitespace(true);
        basicParserPool.setSchema(sAML11Schema);
        Document parse = basicParserPool.getBuilder().parse(new InputSource(new StringReader(str)));
        sAML11Schema.newValidator().validate(new DOMSource(parse));
        return parse;
    }

    static {
        try {
            DefaultBootstrap.bootstrap();
        } catch (ConfigurationException e) {
            log.error("Unable to perform opensaml bootstrap", e);
        }
    }
}
