package at.gv.egovernment.moa.id.auth.validator;

import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
import at.gv.egiz.eaaf.core.impl.utils.XPathUtils;
import at.gv.egovernment.moa.id.auth.exception.ValidateException;
import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
import at.gv.egovernment.moa.util.Constants;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:at/gv/egovernment/moa/id/auth/validator/IdentityLinkValidator.class */
public class IdentityLinkValidator implements Constants {
    private static final String PDATA = "pr:";
    private static final String SAML = "saml:";
    private static final String DSIG = "dsig:";
    private static final String ECDSA = "ecdsa:";
    private static final String ROOT = "";
    private static final String SAML_SUBJECT_CONFIRMATION_DATA_XPATH = "saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData";
    private static final String PERSON_XPATH = "saml:AttributeStatement/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData/pr:Person";
    private static final String ATTRIBUTE_XPATH = "saml:AttributeStatement/saml:Attribute";
    private static IdentityLinkValidator instance;

    public static synchronized IdentityLinkValidator getInstance() throws ValidateException {
        if (instance == null) {
            instance = new IdentityLinkValidator();
        }
        return instance;
    }

    public void validate(IIdentityLink iIdentityLink) throws ValidateException {
        Element samlAssertion = iIdentityLink.getSamlAssertion();
        if (samlAssertion == null) {
            throw new ValidateException("validator.00", null);
        }
        NodeList selectNodeList = XPathUtils.selectNodeList(samlAssertion, PERSON_XPATH);
        int i = 0;
        if (selectNodeList.getLength() > 1) {
            for (int i2 = 0; i2 < selectNodeList.getLength(); i2++) {
                if (((Element) selectNodeList.item(i2)).getAttributeNodeNS("http://www.w3.org/2001/XMLSchema-instance", PVPConfiguration.IDP_CONTACT_TYPE).getNodeValue().indexOf("PhysicalPersonType") > -1) {
                    i++;
                }
            }
        }
        if (i > 1) {
            throw new ValidateException("validator.01", null);
        }
        NodeList selectNodeList2 = XPathUtils.selectNodeList(samlAssertion, ATTRIBUTE_XPATH);
        for (int i3 = 0; i3 < selectNodeList2.getLength(); i3++) {
            String attributeValue = XPathUtils.getAttributeValue((Element) selectNodeList2.item(i3), "@AttributeName", (String) null);
            String attributeValue2 = XPathUtils.getAttributeValue((Element) selectNodeList2.item(i3), "@AttributeNamespace", (String) null);
            if (!attributeValue.equals("CitizenPublicKey")) {
                throw new ValidateException("validator.04", new Object[]{attributeValue});
            }
            if (!attributeValue2.equals("http://www.buergerkarte.at/namespaces/personenbindung/20020506#") && !attributeValue2.equals("urn:publicid:gv.at:namespaces:identitylink:1.2")) {
                throw new ValidateException("validator.03", new Object[]{attributeValue2});
            }
            Element element = (Element) XPathUtils.selectSingleNode((Element) selectNodeList2.item(i3), nSMap, "saml:AttributeValue/dsig:RSAKeyValue");
            if (element == null) {
                element = (Element) XPathUtils.selectSingleNode((Element) selectNodeList2.item(i3), nSMap, "saml:AttributeValue/ecdsa:ECDSAKeyValue");
            }
            if (element == null) {
                element = (Element) XPathUtils.selectSingleNode((Element) selectNodeList2.item(i3), nSMap, "saml:AttributeValue/dsig:DSAKeyValue");
            }
            if (element == null) {
                throw new ValidateException("validator.02", null);
            }
        }
        if (((Element) XPathUtils.selectSingleNode(samlAssertion, "dsig:Signature")) == null) {
            throw new ValidateException("validator.05", new Object[]{"in der Personenbindung"});
        }
    }
}
