package org.apache.rahas.impl;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.TokenRenewer;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.util.SignKeyHolder;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.Init;
import org.apache.xml.security.utils.Base64;
import org.joda.time.DateTime;
import org.opensaml.Configuration;
import org.opensaml.DefaultBootstrap;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.Conditions;
import org.opensaml.saml2.core.impl.ConditionsBuilder;
import org.opensaml.xml.ConfigurationException;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.io.MarshallingException;
import org.opensaml.xml.io.UnmarshallingException;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.Signature;
import org.opensaml.xml.signature.Signer;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/rampart-trust-1.6.1-wso2v18.jar:org/apache/rahas/impl/SAML2TokenRenewer.class */
public class SAML2TokenRenewer extends SAMLTokenRenewer implements TokenRenewer {
    protected List<Signature> signatureList = new ArrayList();

    @Override // org.apache.rahas.impl.SAMLTokenRenewer, org.apache.rahas.TokenRenewer
    public SOAPEnvelope renew(RahasData rahasData) throws TrustException {
        MessageContext inMessageContext = rahasData.getInMessageContext();
        TokenStorage tokenStore = TrustUtil.getTokenStore(inMessageContext);
        SAMLTokenIssuerConfig config = setConfig(inMessageContext);
        SOAPEnvelope createSOAPEnvelope = TrustUtil.createSOAPEnvelope(inMessageContext.getEnvelope().getNamespace().getNamespaceURI());
        OMElement buildResponse = buildResponse(inMessageContext, rahasData, createSOAPEnvelope, RahasConstants.TOK_TYPE_SAML_20);
        int version = rahasData.getVersion();
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + config.ttl);
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        TrustUtil.createLifetimeElement(version, buildResponse, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
        OMElement token = tokenStore.getToken(rahasData.getTokenId()).getToken();
        if (DocumentBuilderFactoryImpl.isDOOMRequired()) {
            DocumentBuilderFactoryImpl.setDOOMRequired(false);
        }
        String oMElement = token.toString();
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        try {
            Crypto crypto = getCrypto(inMessageContext, config);
            Element documentElement = newInstance.newDocumentBuilder().parse(new ByteArrayInputStream(oMElement.trim().getBytes())).getDocumentElement();
            DefaultBootstrap.bootstrap();
            Assertion assertion = (Assertion) Configuration.getUnmarshallerFactory().getUnmarshaller(documentElement).unmarshall(documentElement);
            DateTime dateTime = new DateTime();
            DateTime dateTime2 = new DateTime(dateTime.getMillis() + config.ttl);
            Conditions mo6037buildObject = new ConditionsBuilder().mo6037buildObject();
            mo6037buildObject.setNotBefore(dateTime);
            mo6037buildObject.setNotOnOrAfter(dateTime2);
            assertion.setConditions(mo6037buildObject);
            Assertion signAssertion = signAssertion(assertion, createSignKeyHolder(config, crypto));
            TrustUtil.createRequestedSecurityTokenElement(version, buildResponse).addChild((OMNode) ((Element) buildResponse).getOwnerDocument().importNode(signAssertion.getDOM(), true));
            return createSOAPEnvelope;
        } catch (IOException e) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e);
        } catch (ParserConfigurationException e2) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e2);
        } catch (ConfigurationException e3) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e3);
        } catch (UnmarshallingException e4) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e4);
        } catch (SAXException e5) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e5);
        }
    }

    private SignKeyHolder createSignKeyHolder(SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Crypto crypto) throws TrustException {
        SignKeyHolder signKeyHolder = new SignKeyHolder();
        try {
            X509Certificate[] certificates = crypto.getCertificates(sAMLTokenIssuerConfig.issuerKeyAlias);
            String str = certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            PrivateKey privateKey = crypto.getPrivateKey(sAMLTokenIssuerConfig.issuerKeyAlias, sAMLTokenIssuerConfig.issuerKeyPassword);
            signKeyHolder.setIssuerCerts(certificates);
            signKeyHolder.setIssuerPK(privateKey);
            signKeyHolder.setSignatureAlgorithm(str);
            return signKeyHolder;
        } catch (Exception e) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e);
        } catch (WSSecurityException e2) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", (Throwable) e2);
        }
    }

    private Assertion signAssertion(Assertion assertion, SignKeyHolder signKeyHolder) throws TrustException {
        Signature signature = (Signature) Configuration.getBuilderFactory().getBuilder(Signature.DEFAULT_ELEMENT_NAME).buildObject(Signature.DEFAULT_ELEMENT_NAME);
        signature.setSigningCredential(signKeyHolder);
        signature.setSignatureAlgorithm(signKeyHolder.getSignatureAlgorithm());
        signature.setCanonicalizationAlgorithm("http://www.w3.org/2001/10/xml-exc-c14n#");
        signature.setSigningCredential(signKeyHolder);
        try {
            KeyInfo keyInfo = (KeyInfo) buildXMLObject(KeyInfo.DEFAULT_ELEMENT_NAME);
            X509Data x509Data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            org.opensaml.xml.signature.X509Certificate x509Certificate = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
            x509Certificate.setValue(Base64.encode(signKeyHolder.getEntityCertificate().getEncoded()));
            x509Data.getX509Certificates().add(x509Certificate);
            keyInfo.getX509Datas().add(x509Data);
            signature.setKeyInfo(keyInfo);
            assertion.setSignature(signature);
            this.signatureList.add(signature);
            org.opensaml.xml.Configuration.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
            Init.init();
            Signer.signObjects(this.signatureList);
            return assertion;
        } catch (MarshallingException e) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e);
        } catch (Exception e2) {
            throw new TrustException("Cannot create SAML 2.0 Assertion", e2);
        }
    }

    protected static XMLObject buildXMLObject(QName qName) throws Exception {
        XMLObjectBuilder builder = org.opensaml.xml.Configuration.getBuilderFactory().getBuilder(qName);
        if (builder == null) {
            throw new TrustException("Unable to retrieve builder for object QName " + qName);
        }
        return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
    }
}
