#define TRACE
using System.Collections.Generic;
using System.Diagnostics;
using System.Globalization;
using System.IdentityModel.Claims;
using System.IdentityModel.Tokens;
using System.Linq;
using ArchestrAServices.Common;

namespace ArchestrAServices.Contract;

public class SamlClaimsCheck
{
	public static bool CheckSamlTokenForAttributeClaim(SamlSecurityToken SamlToken, string ClaimValue)
	{
		if (SamlToken == null)
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAttributeClaim: SamlToken cannot be null");
			return false;
		}
		if (string.IsNullOrEmpty(ClaimValue))
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAttributeClaim: ClaimValue cannot be null or empty");
			return false;
		}
		SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "SAML assertion contains {0} statements", new object[1] { SamlToken.Assertion.Statements.Count() }));
		foreach (SamlStatement statement in SamlToken.Assertion.Statements)
		{
			if (!(statement is SamlAttributeStatement))
			{
				continue;
			}
			SamlAttributeStatement samlAttributeStatement = statement as SamlAttributeStatement;
			SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "SamlAttributeStatement has {0} attributes", new object[1] { samlAttributeStatement.Attributes.Count() }));
			foreach (SamlAttribute attribute in samlAttributeStatement.Attributes)
			{
				SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Attribute '{0}' has {1} claims", new object[2]
				{
					attribute.Name,
					attribute.ExtractClaims().Count()
				}));
				foreach (Claim item in attribute.ExtractClaims())
				{
					SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Claim type '{0}', Right: '{1}'", new object[2] { item.ClaimType, item.Right }));
				}
				SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Attribute '{0}' has {1} values", new object[2]
				{
					attribute.Name,
					attribute.AttributeValues.Count()
				}));
				foreach (string attributeValue in attribute.AttributeValues)
				{
					SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Value: '{0}'", new object[1] { attributeValue }));
					if (attributeValue == ClaimValue)
					{
						return true;
					}
				}
			}
		}
		return false;
	}

	public static List<string> ExtractAllAttributeClaims(SamlSecurityToken SamlToken)
	{
		return ExtractAllAttributeClaims(SamlToken);
	}

	public static List<string> ExtractAllAttributeClaims(SamlSecurityToken SamlToken, string AttributeName)
	{
		List<string> list = new List<string>();
		if (SamlToken == null)
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "ExtractAllAttributeClaims: SamlToken cannot be null");
			return list;
		}
		SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "ExtractAllAttributeClaims extracting '{0}' attributes", new object[1] { AttributeName }));
		foreach (SamlStatement statement in SamlToken.Assertion.Statements)
		{
			if (!(statement is SamlAttributeStatement))
			{
				continue;
			}
			foreach (SamlAttribute attribute in (statement as SamlAttributeStatement).Attributes)
			{
				if (!string.IsNullOrEmpty(AttributeName) && !(attribute.Name == AttributeName))
				{
					continue;
				}
				foreach (Claim item in attribute.ExtractClaims())
				{
					if (!(item.ClaimType == ClaimTypes.Name) || !(item.Right == Rights.PossessProperty))
					{
						continue;
					}
					foreach (string attributeValue in attribute.AttributeValues)
					{
						SvcTrace.DiagDiagnostics.TraceEvent(TraceEventType.Information, 0, string.Format(CultureInfo.CurrentCulture, "Adding '{0} attribute's value '{1}' to return list", new object[2] { attribute.Name, attributeValue }));
						list.Add(attributeValue);
					}
				}
			}
		}
		return list;
	}

	public static bool CheckSamlTokenForAuthenticationClaim(SamlSecurityToken SamlToken, string ClaimValue)
	{
		if (SamlToken == null)
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthenticationClaim: SamlToken cannot be null");
			return false;
		}
		if (string.IsNullOrEmpty(ClaimValue))
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthenticationClaim: ClaimValue cannot be null or empty");
			return false;
		}
		return false;
	}

	public static bool CheckSamlTokenForAuthorizationClaim(SamlSecurityToken SamlToken, string ClaimValue)
	{
		if (SamlToken == null)
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthorizationClaim: SamlToken cannot be null");
			return false;
		}
		if (string.IsNullOrEmpty(ClaimValue))
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForAuthorizationClaim: ClaimValue cannot be null or empty");
			return false;
		}
		return false;
	}

	public static bool CheckSamlTokenForSubjectClaim(SamlSecurityToken SamlToken, string ClaimValue)
	{
		if (SamlToken == null)
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForSubjectClaim: SamlToken cannot be null");
			return false;
		}
		if (string.IsNullOrEmpty(ClaimValue))
		{
			SvcTrace.DiagException.TraceEvent(TraceEventType.Error, 0, "CheckSamlTokenForSubjectClaim: ClaimValue cannot be null or empty");
			return false;
		}
		return false;
	}
}