package org.picketlink.identity.federation.core.saml.v2.providers;

import java.io.IOException;
import java.util.List;
import java.util.Map;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import org.picketlink.common.constants.JBossSAMLConstants;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.IssueInstantMissingException;
import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;

/* loaded from: input_file:org/picketlink/identity/federation/core/saml/v2/providers/SAML20AssertionTokenProvider.class */
public class SAML20AssertionTokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider {
    public static final String NS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
    private long ASSERTION_VALIDITY = 5000;
    private long CLOCK_SKEW = 2000;

    @Override // org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider, org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public void initialize(Map<String, String> map) {
        super.initialize(map);
        String str = this.properties.get("ASSERTIONS_VALIDITY");
        if (str != null) {
            this.ASSERTION_VALIDITY = Long.parseLong(str);
        }
        String str2 = this.properties.get("CLOCK_SKEW");
        if (str2 != null) {
            this.CLOCK_SKEW = Long.parseLong(str2);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public boolean supports(String str) {
        return NS.equals(str);
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public void issueToken(ProtocolContext protocolContext) throws ProcessingException {
        if (protocolContext instanceof SAMLProtocolContext) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(PicketLinkCoreSTS.rte);
            }
            SAMLProtocolContext sAMLProtocolContext = (SAMLProtocolContext) protocolContext;
            NameIDType issuerID = sAMLProtocolContext.getIssuerID();
            try {
                XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
                ConditionsType conditions = sAMLProtocolContext.getConditions();
                SubjectType subjectType = sAMLProtocolContext.getSubjectType();
                List<StatementAbstractType> statements = sAMLProtocolContext.getStatements();
                String create = IDGenerator.create("ID_");
                AssertionType createAssertion = SAMLAssertionFactory.createAssertion(create, issuerID, issueInstant, conditions, subjectType, statements);
                try {
                    AssertionUtil.createTimedConditions(createAssertion, this.ASSERTION_VALIDITY, this.CLOCK_SKEW);
                    try {
                        this.tokenRegistry.addToken(create, createAssertion);
                        sAMLProtocolContext.setIssuedAssertion(createAssertion);
                    } catch (IOException e) {
                        throw logger.processingError(e);
                    }
                } catch (ConfigurationException e2) {
                    throw logger.processingError(e2);
                } catch (IssueInstantMissingException e3) {
                    throw logger.processingError(e3);
                }
            } catch (ConfigurationException e4) {
                throw logger.processingError(e4);
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public void renewToken(ProtocolContext protocolContext) throws ProcessingException {
        if (protocolContext instanceof SAMLProtocolContext) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(PicketLinkCoreSTS.rte);
            }
            SAMLProtocolContext sAMLProtocolContext = (SAMLProtocolContext) protocolContext;
            AssertionType issuedAssertion = sAMLProtocolContext.getIssuedAssertion();
            try {
                issuedAssertion.updateIssueInstant(XMLTimeUtil.getIssueInstant());
                try {
                    AssertionUtil.createTimedConditions(issuedAssertion, this.ASSERTION_VALIDITY, this.CLOCK_SKEW);
                    try {
                        this.tokenRegistry.addToken(issuedAssertion.getID(), issuedAssertion);
                        sAMLProtocolContext.setIssuedAssertion(issuedAssertion);
                    } catch (IOException e) {
                        throw logger.processingError(e);
                    }
                } catch (IssueInstantMissingException e2) {
                    throw logger.processingError(e2);
                } catch (ConfigurationException e3) {
                    throw logger.processingError(e3);
                }
            } catch (ConfigurationException e4) {
                throw logger.processingError(e4);
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public void cancelToken(ProtocolContext protocolContext) throws ProcessingException {
        if (protocolContext instanceof SAMLProtocolContext) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(PicketLinkCoreSTS.rte);
            }
            try {
                this.tokenRegistry.removeToken(((SAMLProtocolContext) protocolContext).getIssuedAssertion().getID());
            } catch (IOException e) {
                throw logger.processingError(e);
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public void validateToken(ProtocolContext protocolContext) throws ProcessingException {
        if (protocolContext instanceof SAMLProtocolContext) {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager != null) {
                securityManager.checkPermission(PicketLinkCoreSTS.rte);
            }
            AssertionType issuedAssertion = ((SAMLProtocolContext) protocolContext).getIssuedAssertion();
            try {
                if (AssertionUtil.hasExpired(issuedAssertion)) {
                    throw logger.samlAssertionExpiredError();
                }
                if (issuedAssertion == null) {
                    throw logger.assertionInvalidError();
                }
                if (this.tokenRegistry.getToken(issuedAssertion.getID()) == null) {
                    throw logger.assertionInvalidError();
                }
            } catch (ConfigurationException e) {
                throw logger.processingError(e);
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public String tokenType() {
        return NS;
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public QName getSupportedQName() {
        return new QName(NS, JBossSAMLConstants.ASSERTION.get());
    }

    @Override // org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider
    public String family() {
        return SecurityTokenProvider.FAMILY_TYPE.SAML2.toString();
    }
}
