package com.sun.identity.wss.security;

import com.sun.identity.saml2.assertion.Assertion;
import com.sun.identity.saml2.assertion.Attribute;
import com.sun.identity.saml2.assertion.AttributeStatement;
import com.sun.identity.saml2.assertion.NameID;
import com.sun.identity.saml2.assertion.SubjectConfirmation;
import com.sun.identity.saml2.assertion.SubjectConfirmationData;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.1.jar:com/sun/identity/wss/security/SAML2TokenUtils.class */
public class SAML2TokenUtils {
    public static X509Certificate getCertificate(SecurityToken securityToken) throws SecurityException {
        Element keyInfo;
        SAML2Token sAML2Token = (SAML2Token) securityToken;
        if (sAML2Token.isSenderVouches() || (keyInfo = getKeyInfo(sAML2Token.getAssertion())) == null) {
            return null;
        }
        return WSSUtils.getCertificate(keyInfo);
    }

    public static Key getSecretKey(SecurityToken securityToken, String str) throws SecurityException {
        SAML2Token sAML2Token = (SAML2Token) securityToken;
        if (sAML2Token.isSenderVouches()) {
            return null;
        }
        return WSSUtils.getXMLEncryptionManager().decryptKey(getKeyInfo(sAML2Token.getAssertion()), str);
    }

    public static Element getKeyInfo(Assertion assertion) {
        try {
            List subjectConfirmation = assertion.getSubject().getSubjectConfirmation();
            if (subjectConfirmation == null) {
                return null;
            }
            SubjectConfirmationData subjectConfirmationData = ((SubjectConfirmation) subjectConfirmation.get(0)).getSubjectConfirmationData();
            if (subjectConfirmationData == null) {
                if (!WSSUtils.debug.messageEnabled()) {
                    return null;
                }
                WSSUtils.debug.message("SAML2TokenUtils.getKeyInfo: No subject confirmation data");
                return null;
            }
            List content = subjectConfirmationData.getContent();
            if (content != null && !content.isEmpty()) {
                return (Element) content.get(0);
            }
            if (!WSSUtils.debug.messageEnabled()) {
                return null;
            }
            WSSUtils.debug.message("SAMLTokenUtils.getKeyInfo: KeyInfo not found");
            return null;
        } catch (Exception e) {
            WSSUtils.debug.error("SAML2TokenUtils.getKeyInfo Exception: ", e);
            return null;
        }
    }

    public static boolean validateAssertion(Assertion assertion, Subject subject, Map map) throws SecurityException {
        if (assertion.getConditions() != null && !assertion.getConditions().checkDateValidity(System.currentTimeMillis() + WSSUtils.getTimeSkew())) {
            if (!WSSUtils.debug.messageEnabled()) {
                return false;
            }
            WSSUtils.debug.message("SAML2TokenUtils.validateAssertionToken:: assertion time is not valid");
            return false;
        }
        com.sun.identity.saml2.assertion.Subject subject2 = assertion.getSubject();
        if (subject2 == null) {
            if (!WSSUtils.debug.messageEnabled()) {
                return false;
            }
            WSSUtils.debug.message("SAML2TokenUtils.validateAssertio:: Assertion does not have subject");
            return false;
        }
        NameID nameID = subject2.getNameID();
        if (nameID == null) {
            return false;
        }
        subject.getPrincipals().add(new SecurityPrincipal(nameID.getValue()));
        Element keyInfo = getKeyInfo(assertion);
        if (keyInfo != null) {
            subject.getPublicCredentials().add(WSSUtils.getCertificate(keyInfo));
        }
        WSSUtils.setRoles(subject, nameID.getValue());
        List<AttributeStatement> attributeStatements = assertion.getAttributeStatements();
        if (attributeStatements.isEmpty()) {
            return true;
        }
        for (Attribute attribute : attributeStatements.get(0).getAttribute()) {
            map.put(attribute.getName(), attribute.getAttributeValueString());
        }
        return true;
    }
}
