package org.gcube.common.vomanagement.security.authorisation.utils;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collection;
import java.util.List;
import org.gcube.common.core.security.context.SecurityContextFactory;
import org.gcube.common.core.utils.logging.GCUBELog;
import org.gcube.common.vomanagement.security.authorisation.SAMLAssertionConstants;
import org.globus.gsi.gssapi.GlobusGSSCredentialImpl;
import org.globus.wsrf.impl.security.authentication.wssec.GSSConfig;
import org.opensaml.QName;
import org.opensaml.SAMLAdvice;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Element;

/* loaded from: input_file:org/gcube/common/vomanagement/security/authorisation/utils/AssertionGenerator.class */
public class AssertionGenerator implements SAMLAssertionConstants {
    private String userId;
    public static final int STANDARD_LIFETIME_SEC = 28800;
    protected GCUBELog logger = new GCUBELog(this);
    private List<String> roles = new ArrayList();
    private int lifeTimeSec = STANDARD_LIFETIME_SEC;

    public void setUserId(String str) {
        this.userId = str;
    }

    public void addRole(String str) {
        this.roles.add(str);
    }

    public void setRoleList(List<String> list) {
        this.roles = list;
    }

    public void resetRoleList() {
        this.roles.clear();
    }

    public void removeRole(String str) {
        this.roles.remove(str);
    }

    public void setLifetimeSec(int i) {
        this.lifeTimeSec = i;
    }

    public int getLifetimeSec() {
        return this.lifeTimeSec;
    }

    public SAMLAssertion generate() throws Exception {
        this.logger.debug("generating saml assertion...");
        this.logger.debug("generating subject...");
        ArrayList arrayList = new ArrayList();
        arrayList.add("urn:oasis:names:tc:SAML:1.0:cm:sender-vouches");
        this.logger.debug("subject name = " + this.userId);
        SAMLSubject sAMLSubject = new SAMLSubject(this.userId, (String) null, SAMLAssertionConstants.SAML_STANDARD_NAME_IDENTIFIER_FORMAT, arrayList, (String) null, (Element) null);
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        if (this.lifeTimeSec > 0) {
            calendar2.add(13, this.lifeTimeSec);
        } else {
            calendar.add(13, this.lifeTimeSec);
        }
        this.logger.debug("generating attributes...");
        ArrayList arrayList2 = new ArrayList();
        if (!this.roles.isEmpty()) {
            ArrayList arrayList3 = new ArrayList();
            for (String str : this.roles) {
                this.logger.debug("adding role " + str);
                arrayList3.add(str);
            }
            arrayList2.add(new SAMLAttribute(SAMLAssertionConstants.ROLE_ID_ATTRIBUTE, SAMLAssertionConstants.SERVICE_ATTRIBUTES_NAMESPACE, (QName) null, 0L, arrayList3));
            this.logger.debug("attributes genarated");
        }
        this.logger.debug("completing statement...");
        SAMLAttributeStatement sAMLAttributeStatement = new SAMLAttributeStatement(sAMLSubject, arrayList2);
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(sAMLAttributeStatement);
        this.logger.debug("statement completed");
        SAMLAssertion sAMLAssertion = new SAMLAssertion(this.userId, calendar.getTime(), calendar2.getTime(), (Collection) null, (SAMLAdvice) null, arrayList4);
        this.logger.debug("saml assertion " + sAMLAssertion + " generated");
        return sAMLAssertion;
    }

    public SAMLAssertion generateSignedAssertion() throws Exception {
        this.logger.debug("generating signed assertion...");
        SAMLAssertion generate = generate();
        try {
            signAssertion(generate);
            this.logger.debug("signature ok");
        } catch (Exception e) {
            this.logger.error("Error during signature process", e);
            this.logger.error("signature process failed");
        }
        this.logger.debug("assertion generated");
        return generate;
    }

    private void signAssertion(SAMLAssertion sAMLAssertion) throws Exception {
        this.logger.debug("starting signature process...");
        GlobusGSSCredentialImpl globusGSSCredentialImpl = (GlobusGSSCredentialImpl) SecurityContextFactory.getInstance().getSecurityContext().getDefaultCredentials();
        if (globusGSSCredentialImpl != null) {
            this.logger.debug("credential = " + globusGSSCredentialImpl);
            List<X509Certificate> certificates = getCertificates(globusGSSCredentialImpl);
            if (certificates != null) {
                sAMLAssertion.sign("http://www.w3.org/2000/09/xmldsig#rsa-sha1", globusGSSCredentialImpl.getPrivateKey(), certificates, false);
            } else {
                this.logger.error("Certs not found");
                this.logger.error("Unable to sign the assertion");
            }
        } else {
            this.logger.error("Unable to sign SAML assertion");
            this.logger.error("Credentials not found");
        }
        this.logger.debug("signature process finished");
    }

    private List<X509Certificate> getCertificates(GlobusGSSCredentialImpl globusGSSCredentialImpl) {
        this.logger.debug("getting certificates...");
        X509Certificate[] certificateChain = globusGSSCredentialImpl.getCertificateChain();
        ArrayList arrayList = null;
        if (certificateChain.length > 0) {
            this.logger.debug("Cert array is not null");
            arrayList = new ArrayList();
            for (X509Certificate x509Certificate : certificateChain) {
                arrayList.add(x509Certificate);
            }
        } else {
            this.logger.debug("Cert array is Null");
        }
        return arrayList;
    }

    public static void main(String[] strArr) throws Exception {
        AssertionGenerator assertionGenerator = new AssertionGenerator();
        assertionGenerator.setUserId("ciro");
        assertionGenerator.addRole("administrator");
        assertionGenerator.addRole("user");
        System.out.println(assertionGenerator.generate());
    }

    static {
        GSSConfig.init();
    }
}
