package org.codice.ddf.security.common.jaxrs;

import ddf.security.Subject;
import ddf.security.assertion.SecurityAssertion;
import java.math.BigDecimal;
import java.nio.charset.StandardCharsets;
import java.util.Date;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.NewCookie;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.jaxrs.client.Client;
import org.apache.cxf.rs.security.saml.DeflateEncoderDecoder;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:org/codice/ddf/security/common/jaxrs/RestSecurity.class */
public final class RestSecurity {
    public static final String SECURITY_COOKIE_NAME = "org.codice.websso.saml.token";
    private static final Logger LOGGER = LoggerFactory.getLogger(RestSecurity.class);

    public static void setSubjectOnClient(Subject subject, Client client) {
        if (client == null || subject == null || !"https".equalsIgnoreCase(client.getCurrentURI().getScheme())) {
            return;
        }
        Cookie createSamlCookie = createSamlCookie(subject, true);
        if (createSamlCookie == null) {
            LOGGER.debug("SAML Cookie was null. Unable to set the cookie for the client.");
        } else {
            client.cookie(createSamlCookie);
        }
    }

    public static void setUnsecuredSubjectOnClient(Subject subject, Client client) {
        if (client == null || subject == null) {
            return;
        }
        Cookie createSamlCookie = createSamlCookie(subject, false);
        if (createSamlCookie == null) {
            LOGGER.debug("SAML Cookie was null. Unable to set the cookie for the client.");
        } else {
            client.cookie(createSamlCookie);
        }
    }

    private static Cookie createSamlCookie(Subject subject, boolean z) {
        Cookie cookie = null;
        Element element = null;
        Date date = null;
        try {
            for (Object obj : subject.getPrincipals().asList()) {
                if (obj instanceof SecurityAssertion) {
                    SecurityToken securityToken = ((SecurityAssertion) obj).getSecurityToken();
                    element = securityToken.getToken();
                    date = securityToken.getExpires();
                }
            }
            if (element != null) {
                cookie = new NewCookie(new Cookie(SECURITY_COOKIE_NAME, encodeSaml(element)), "", (date == null ? new BigDecimal(600) : new BigDecimal((date.getTime() - new Date().getTime()) / 1000)).intValueExact(), z).toCookie();
            }
        } catch (WSSecurityException | ArithmeticException e) {
            LOGGER.error("Unable to parse SAML assertion from subject.", e);
        }
        return cookie;
    }

    public static String encodeSaml(Element element) throws WSSecurityException {
        return Base64Utility.encode(new DeflateEncoderDecoder().deflateToken(new SamlAssertionWrapper(element).assertionToString().getBytes(StandardCharsets.UTF_8)));
    }
}
