package com.sun.xml.ws.security.trust.impl;

import com.sun.xml.ws.api.security.trust.WSTrustContract;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.config.STSConfiguration;
import com.sun.xml.ws.api.security.trust.config.TrustSPMetadata;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.ws.security.trust.WSTrustFactory;
import com.sun.xml.ws.security.trust.WSTrustVersion;
import com.sun.xml.ws.security.trust.elements.BaseSTSRequest;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.BinarySecret;
import com.sun.xml.ws.security.trust.elements.Entropy;
import com.sun.xml.ws.security.trust.elements.Lifetime;
import com.sun.xml.ws.security.trust.elements.OnBehalfOf;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestedProofToken;
import com.sun.xml.ws.security.trust.logging.LogDomainConstants;
import com.sun.xml.ws.security.trust.logging.LogStringsMessages;
import com.sun.xml.ws.security.trust.util.WSTrustUtil;
import com.sun.xml.ws.security.wsu10.AttributedDateTime;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.AccessController;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.GregorianCalendar;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/wsit-rt-1.1.jar:com/sun/xml/ws/security/trust/impl/WSTrustContractImpl.class */
public class WSTrustContractImpl implements WSTrustContract<BaseSTSRequest, BaseSTSResponse> {
    protected STSConfiguration stsConfig;
    private static final int DEFAULT_KEY_SIZE = 256;
    private long currentTime;
    private static final Logger log = Logger.getLogger("com.sun.xml.ws.security.trust", LogDomainConstants.TRUST_IMPL_DOMAIN_BUNDLE);
    protected static final WSTrustElementFactory eleFac = WSTrustElementFactory.newInstance();
    protected static final SimpleDateFormat calendarFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'sss'Z'", Locale.getDefault());

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public void init(STSConfiguration sTSConfiguration) {
        this.stsConfig = sTSConfiguration;
    }

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public BaseSTSResponse issue(BaseSTSRequest baseSTSRequest, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        Object any;
        WSTrustVersion wSTrustVersion = (WSTrustVersion) this.stsConfig.getOtherOptions().get(WSTrustConstants.WST_VERSION);
        RequestSecurityToken requestSecurityToken = (RequestSecurityToken) baseSTSRequest;
        AppliesTo appliesTo = requestSecurityToken.getAppliesTo();
        String appliesToURI = appliesTo != null ? WSTrustUtil.getAppliesToURI(appliesTo) : null;
        TrustSPMetadata trustSPMetadata = this.stsConfig.getTrustSPMetadata(appliesToURI);
        if (trustSPMetadata == null) {
            trustSPMetadata = this.stsConfig.getTrustSPMetadata("default");
        }
        if (trustSPMetadata == null) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0004_UNKNOWN_SERVICEPROVIDER(appliesToURI));
            throw new WSTrustException(LogStringsMessages.WST_0004_UNKNOWN_SERVICEPROVIDER(appliesToURI));
        }
        URI tokenType = requestSecurityToken.getTokenType();
        String uri = tokenType != null ? tokenType.toString() : trustSPMetadata.getTokenType();
        if (uri == null) {
            uri = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1";
        }
        URI keyType = requestSecurityToken.getKeyType();
        String uri2 = keyType != null ? keyType.toString() : trustSPMetadata.getKeyType();
        if (uri2 == null) {
            uri2 = "http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey";
        }
        Subject requestorSubject = issuedTokenContext.getRequestorSubject();
        if (requestorSubject == null) {
            requestorSubject = Subject.getSubject(AccessController.getContext());
        }
        if (requestorSubject == null) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0030_REQUESTOR_NULL());
            throw new WSTrustException(LogStringsMessages.WST_0030_REQUESTOR_NULL());
        }
        OnBehalfOf onBehalfOf = requestSecurityToken.getOnBehalfOf();
        if (onBehalfOf != null && (any = onBehalfOf.getAny()) != null) {
            requestorSubject.getPublicCredentials().add((Element) any);
        }
        if (!WSTrustFactory.getSTSAuthorizationProvider().isAuthorized(requestorSubject, appliesToURI, uri, uri2)) {
            String name = requestorSubject.getPrincipals().iterator().next().getName();
            log.log(Level.SEVERE, LogStringsMessages.WST_0015_CLIENT_NOT_AUTHORIZED(name, uri, appliesToURI));
            throw new WSTrustException(LogStringsMessages.WST_0015_CLIENT_NOT_AUTHORIZED(name, uri, appliesToURI));
        }
        WSTrustFactory.getSTSAttributeProvider().getClaimedAttributes(requestorSubject, appliesToURI, uri, requestSecurityToken.getClaims());
        RequestedProofToken requestedProofToken = null;
        Entropy entropy = null;
        int i = 0;
        if ("http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey".equals(uri2)) {
            requestedProofToken = eleFac.createRequestedProofToken();
            byte[] bArr = null;
            Entropy entropy2 = requestSecurityToken.getEntropy();
            if (entropy2 != null) {
                BinarySecret binarySecret = entropy2.getBinarySecret();
                if (binarySecret != null) {
                    bArr = binarySecret.getRawValue();
                } else if (log.isLoggable(Level.FINE)) {
                    log.log(Level.FINE, LogStringsMessages.WST_1009_NULL_BINARY_SECRET());
                }
            }
            i = (int) requestSecurityToken.getKeySize();
            if (i < 1) {
                i = 256;
            }
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WST_1010_KEY_SIZE(Integer.valueOf(i), 256));
            }
            byte[] generateRandomSecret = WSTrustUtil.generateRandomSecret(i / 8);
            entropy = eleFac.createEntropy(eleFac.createBinarySecret(generateRandomSecret, wSTrustVersion.getNonceBinarySecretTypeURI()));
            requestedProofToken.setProofTokenType("ComputedKey");
            try {
                requestedProofToken.setComputedKey(URI.create("http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1"));
                issuedTokenContext.setProofKey(SecurityUtil.P_SHA1(bArr, generateRandomSecret, i / 8));
            } catch (Exception e) {
                log.log(Level.SEVERE, LogStringsMessages.WST_0013_ERROR_SECRET_KEY("http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1", Integer.valueOf(i), appliesToURI), (Throwable) e);
                throw new WSTrustException(LogStringsMessages.WST_0013_ERROR_SECRET_KEY("http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1", Integer.valueOf(i), appliesToURI), e);
            }
        } else {
            if (!"http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey".equals(uri2)) {
                log.log(Level.SEVERE, LogStringsMessages.WST_0025_INVALID_KEY_TYPE(uri2, appliesToURI));
                throw new WSTrustException(LogStringsMessages.WST_0025_INVALID_KEY_TYPE(uri2, appliesToURI));
            }
            Set<Object> publicCredentials = issuedTokenContext.getRequestorSubject().getPublicCredentials();
            if (publicCredentials == null) {
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
            boolean z = false;
            for (Object obj : publicCredentials) {
                if (obj instanceof X509Certificate) {
                    issuedTokenContext.setRequestorCertificate((X509Certificate) obj);
                    z = true;
                }
            }
            if (!z) {
                log.log(Level.SEVERE, LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
                throw new WSTrustException(LogStringsMessages.WST_0034_UNABLE_GET_CLIENT_CERT());
            }
        }
        try {
            RequestSecurityTokenResponse createRSTRForIssue = eleFac.createRSTRForIssue(requestSecurityToken.getTokenType(), requestSecurityToken.getContext() != null ? new URI(requestSecurityToken.getContext()) : null, null, appliesTo, null, null, requestedProofToken, entropy, createLifetime());
            if (i > 0) {
                createRSTRForIssue.setKeySize(i);
            }
            return createRSTRForIssue;
        } catch (URISyntaxException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0014_URI_SYNTAX(), (Throwable) e2);
            throw new WSTrustException(LogStringsMessages.WST_0014_URI_SYNTAX(), e2);
        }
    }

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public BaseSTSResponse renew(BaseSTSRequest baseSTSRequest, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: renew");
    }

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public BaseSTSResponse cancel(BaseSTSRequest baseSTSRequest, IssuedTokenContext issuedTokenContext, Map map) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: cancel");
    }

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public BaseSTSResponse validate(BaseSTSRequest baseSTSRequest, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: validate");
    }

    @Override // com.sun.xml.ws.api.security.trust.WSTrustContract
    public void handleUnsolicited(BaseSTSResponse baseSTSResponse, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: handleUnsolicited");
    }

    private Lifetime createLifetime() {
        Lifetime createLifetime;
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        int i = gregorianCalendar.get(15);
        if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
            i += gregorianCalendar.getTimeZone().getDSTSavings();
        }
        synchronized (calendarFormatter) {
            calendarFormatter.setTimeZone(gregorianCalendar.getTimeZone());
            this.currentTime = gregorianCalendar.getTimeInMillis() - i;
            gregorianCalendar.setTimeInMillis(this.currentTime);
            AttributedDateTime attributedDateTime = new AttributedDateTime();
            attributedDateTime.setValue(calendarFormatter.format(gregorianCalendar.getTime()));
            AttributedDateTime attributedDateTime2 = new AttributedDateTime();
            gregorianCalendar.setTimeInMillis(this.currentTime + this.stsConfig.getIssuedTokenTimeout());
            attributedDateTime2.setValue(calendarFormatter.format(gregorianCalendar.getTime()));
            createLifetime = eleFac.createLifetime(attributedDateTime, attributedDateTime2);
        }
        return createLifetime;
    }
}
