package org.wso2.carbon.identity.sts.passive.processors;

import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNamespace;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.AxisService;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.apache.ws.secpolicy.Constants;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.provider.AttributeCallbackHandler;
import org.wso2.carbon.identity.sts.passive.RequestToken;
import org.wso2.carbon.identity.sts.passive.ResponseToken;
import org.wso2.carbon.identity.sts.passive.internal.IdentityPassiveSTSServiceComponent;
import org.wso2.carbon.registry.core.session.UserRegistry;
import org.wso2.carbon.registry.core.utils.RegistryUtils;
import org.wso2.carbon.security.keystore.KeyStoreAdmin;
import org.wso2.carbon.security.keystore.service.KeyStoreData;
import org.wso2.carbon.security.util.RampartConfigUtil;
import org.wso2.carbon.security.util.ServerCrypto;

/* loaded from: input_file:org/wso2/carbon/identity/sts/passive/processors/RequestProcessor.class */
public abstract class RequestProcessor {
    protected RahasData rahasData = null;
    private static final Log log = LogFactory.getLog(RequestProcessor.class);

    /* JADX INFO: Access modifiers changed from: protected */
    public OMElement getRST(String str, String str2, String str3) throws Exception {
        if (str3 == null) {
            str3 = "http://wso2.org/claims";
        }
        String[] split = str2 != null ? str2.contains("#CODE#") ? str2.split("#CODE#") : str2.split(",") : null;
        String str4 = TrustUtil.getWSTNamespaceForRSTRequestTye(2) + "/Issue";
        OMElement createOMElement = OMAbstractFactory.getOMFactory().createOMElement(Constants.RST_TEMPLATE);
        TrustUtil.createTokenTypeElement(2, createOMElement).setText("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        TrustUtil.createKeyTypeElement(2, createOMElement, "/SymmetricKey");
        TrustUtil.createKeySizeElement(2, createOMElement, 256);
        if (split != null && split.length > 0) {
            OMElement createClaims = TrustUtil.createClaims(2, createOMElement, str3);
            for (String str5 : split) {
                addClaimType(createClaims, str5);
            }
        }
        STSClient sTSClient = new STSClient(MessageContext.getCurrentMessageContext().getConfigurationContext());
        sTSClient.setVersion(2);
        sTSClient.setRstTemplate(createOMElement);
        return sTSClient.createIssueRequest(str4, str);
    }

    public abstract ResponseToken process(RequestToken requestToken) throws TrustException;

    private void addClaimType(OMElement oMElement, String str) {
        oMElement.getOMFactory().createOMElement(new QName("http://schemas.xmlsoap.org/ws/2005/05/identity", "ClaimType", "wsid"), oMElement).addAttribute(oMElement.getOMFactory().createOMAttribute("Uri", (OMNamespace) null, str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLTokenIssuerConfig getSAMLTokenIssuerConfig(AxisService axisService, boolean z) throws Exception {
        Properties properties;
        String str = null;
        String str2 = null;
        UserRegistry governanceSystemRegistry = IdentityPassiveSTSServiceComponent.getGovernanceSystemRegistry();
        if (governanceSystemRegistry == null || axisService == null) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("systemRegistry not set or STS service is unavialable");
            return null;
        }
        ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
        String firstProperty = serverConfiguration.getFirstProperty("Security.KeyStore.KeyAlias");
        String firstProperty2 = serverConfiguration.getFirstProperty("Security.KeyStore.KeyPassword");
        String firstProperty3 = serverConfiguration.getFirstProperty("HostName");
        if (firstProperty3 == null) {
            firstProperty3 = "Identity-passive-sts";
        }
        KeyStoreData[] keyStores = new KeyStoreAdmin(-1234, governanceSystemRegistry).getKeyStores(z);
        int i = 0;
        while (true) {
            if (i >= keyStores.length) {
                break;
            }
            if (KeyStoreUtil.isPrimaryStore(keyStores[i].getKeyStoreName())) {
                str2 = keyStores[i].getKeyStoreName();
                str = KeyStoreUtil.getPrivateKeyAlias(KeyStoreManager.getInstance(-1234).getKeyStore(str2));
                break;
            }
            i++;
        }
        if (str == null) {
            return null;
        }
        SAMLTokenIssuerConfig sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(firstProperty3, ServerCrypto.class.getName(), RampartConfigUtil.getServerCryptoProperties(new String[]{str2}, str2, str));
        sAMLTokenIssuerConfig.setIssuerKeyAlias(firstProperty);
        sAMLTokenIssuerConfig.setIssuerKeyPassword(firstProperty2);
        sAMLTokenIssuerConfig.setAddRequestedAttachedRef(true);
        sAMLTokenIssuerConfig.setAddRequestedUnattachedRef(true);
        sAMLTokenIssuerConfig.setKeyComputation(2);
        sAMLTokenIssuerConfig.setProofKeyType("BinarySecret");
        sAMLTokenIssuerConfig.setCallbackHandlerName(AttributeCallbackHandler.class.getName());
        if (governanceSystemRegistry.resourceExists("/repository/axis2/service-groups/wso2carbon-sts/services/wso2carbon-sts/trustedServices") && (properties = governanceSystemRegistry.get("/repository/axis2/service-groups/wso2carbon-sts/services/wso2carbon-sts/trustedServices").getProperties()) != null && !properties.isEmpty()) {
            for (Map.Entry entry : properties.entrySet()) {
                if (!RegistryUtils.isHiddenProperty(entry.getKey().toString())) {
                    sAMLTokenIssuerConfig.addTrustedServiceEndpointAddress((String) entry.getKey(), (String) ((List) entry.getValue()).get(0));
                }
            }
        }
        return sAMLTokenIssuerConfig;
    }
}
