package org.apache.cxf.rt.security.saml.utils;

import java.net.URI;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.apache.cxf.common.security.SimpleGroup;
import org.apache.cxf.message.Message;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.saml.claims.SAMLClaim;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.saml.common.SAMLVersion;
import org.opensaml.saml.saml2.core.Attribute;
import org.opensaml.saml.saml2.core.AttributeStatement;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-rt-security-saml-3.2.6.jar:org/apache/cxf/rt/security/saml/utils/SAMLUtils.class */
public final class SAMLUtils {
    private SAMLUtils() {
    }

    public static ClaimCollection getClaims(SamlAssertionWrapper samlAssertionWrapper) {
        ClaimCollection claimCollection = new ClaimCollection();
        if (samlAssertionWrapper.getSamlVersion().equals(SAMLVersion.VERSION_20)) {
            Iterator<AttributeStatement> it = samlAssertionWrapper.getSaml2().getAttributeStatements().iterator();
            while (it.hasNext()) {
                for (Attribute attribute : it.next().getAttributes()) {
                    SAMLClaim sAMLClaim = new SAMLClaim();
                    sAMLClaim.setClaimType(URI.create(attribute.getName()));
                    sAMLClaim.setName(attribute.getName());
                    sAMLClaim.setNameFormat(attribute.getNameFormat());
                    sAMLClaim.setFriendlyName(attribute.getFriendlyName());
                    Iterator<XMLObject> it2 = attribute.getAttributeValues().iterator();
                    while (it2.hasNext()) {
                        sAMLClaim.getValues().add(it2.next().getDOM().getTextContent());
                    }
                    claimCollection.add(sAMLClaim);
                }
            }
        } else {
            Iterator<org.opensaml.saml.saml1.core.AttributeStatement> it3 = samlAssertionWrapper.getSaml1().getAttributeStatements().iterator();
            while (it3.hasNext()) {
                for (org.opensaml.saml.saml1.core.Attribute attribute2 : it3.next().getAttributes()) {
                    SAMLClaim sAMLClaim2 = new SAMLClaim();
                    String attributeName = attribute2.getAttributeName();
                    if (attribute2.getAttributeNamespace() != null) {
                        attributeName = attribute2.getAttributeNamespace() + "/" + attributeName;
                    }
                    sAMLClaim2.setClaimType(URI.create(attributeName));
                    sAMLClaim2.setName(attribute2.getAttributeName());
                    sAMLClaim2.setNameFormat(attribute2.getAttributeNamespace());
                    Iterator<XMLObject> it4 = attribute2.getAttributeValues().iterator();
                    while (it4.hasNext()) {
                        sAMLClaim2.getValues().add(it4.next().getDOM().getTextContent());
                    }
                    claimCollection.add(sAMLClaim2);
                }
            }
        }
        return claimCollection;
    }

    public static Set<Principal> parseRolesFromClaims(ClaimCollection claimCollection, String str, String str2) {
        if (str == null) {
        }
        HashSet hashSet = new HashSet();
        Iterator<Claim> it = claimCollection.iterator();
        while (it.hasNext()) {
            Claim next = it.next();
            if ((next instanceof SAMLClaim) && ((SAMLClaim) next).getName().equals(str) && (str2 == null || str2.equals(((SAMLClaim) next).getNameFormat()))) {
                for (Object obj : next.getValues()) {
                    if (obj instanceof String) {
                        hashSet.add(new SimpleGroup((String) obj));
                    }
                }
                if (next.getValues().size() > 1) {
                    break;
                }
            }
        }
        return hashSet;
    }

    public static String getIssuer(Object obj) {
        return ((SamlAssertionWrapper) obj).getIssuerString();
    }

    public static Element getAssertionElement(Object obj) {
        return ((SamlAssertionWrapper) obj).getElement();
    }

    public static List<String> getAudienceRestrictions(Message message, boolean z) {
        if (!SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.AUDIENCE_RESTRICTION_VALIDATION, message, z)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        String str = (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.AUDIENCE_RESTRICTIONS, message);
        if (str != null) {
            for (String str2 : str.split(",")) {
                arrayList.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            if (message.get(Message.REQUEST_URL) != null) {
                arrayList.add((String) message.get(Message.REQUEST_URL));
            } else if (message.get(Message.REQUEST_URI) != null) {
                arrayList.add((String) message.get(Message.REQUEST_URI));
            }
            if (message.getContextualProperty(Message.WSDL_SERVICE) != null) {
                arrayList.add(message.getContextualProperty(Message.WSDL_SERVICE).toString());
            }
        }
        return arrayList;
    }
}
