package org.apache.rahas.impl;

import java.security.Principal;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TokenIssuer;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.util.SAMLAttributeCallback;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.rahas.impl.util.SAMLNameIdentifierCallback;
import org.apache.ws.security.KerberosTokenPrincipal;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAudienceRestrictionCondition;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.opensaml.ws.wssecurity.KeyIdentifier;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/rampart-trust-1.6.1.wso2v25.jar:org/apache/rahas/impl/SAMLTokenIssuer.class
 */
/* loaded from: input_file:WEB-INF/lib/rampart-trust-1.6.1-wso2v25.jar:org/apache/rahas/impl/SAMLTokenIssuer.class */
public class SAMLTokenIssuer implements TokenIssuer {
    protected String configParamName;
    protected OMElement configElement;
    protected String configFile;
    protected String audienceRestriction = null;
    private static Log log = LogFactory.getLog(SAMLTokenIssuer.class);

    @Override // org.apache.rahas.TokenIssuer
    public SOAPEnvelope issue(RahasData rahasData) throws TrustException {
        try {
            MessageContext inMessageContext = rahasData.getInMessageContext();
            SAMLTokenIssuerConfig sAMLTokenIssuerConfig = null;
            if (this.configElement != null) {
                sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(this.configElement.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
            }
            if (sAMLTokenIssuerConfig == null && this.configFile != null) {
                sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(this.configFile);
            }
            if (sAMLTokenIssuerConfig == null && this.configParamName != null) {
                Parameter parameter = inMessageContext.getParameter(this.configParamName);
                if (parameter == null || parameter.getParameterElement() == null) {
                    throw new TrustException("expectedParameterMissing", new String[]{this.configParamName});
                }
                sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
            }
            if (sAMLTokenIssuerConfig == null) {
                throw new TrustException("configurationIsNull");
            }
            if (TokenIssuerUtil.isPersisterConfigured(sAMLTokenIssuerConfig)) {
                TokenIssuerUtil.manageTokenPersistenceSettings(sAMLTokenIssuerConfig, inMessageContext);
            }
            if (!TrustUtil.isDoomParserPoolUsed()) {
                DocumentBuilderFactoryImpl.setDOOMRequired(true);
            }
            SOAPEnvelope createSOAPEnvelope = TrustUtil.createSOAPEnvelope(inMessageContext.getEnvelope().getNamespace().getNamespaceURI());
            Crypto cryptoFactory = sAMLTokenIssuerConfig.cryptoElement != null ? CryptoFactory.getInstance(TrustUtil.toProperties(sAMLTokenIssuerConfig.cryptoElement), inMessageContext.getAxisService().getClassLoader()) : CryptoFactory.getInstance(sAMLTokenIssuerConfig.cryptoPropertiesFile, inMessageContext.getAxisService().getClassLoader());
            if (StringUtils.isBlank(rahasData.getAppliesToAddress())) {
                this.audienceRestriction = "defaultAudienceRestriction";
            }
            this.audienceRestriction = rahasData.getAppliesToAddress();
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date.getTime() + sAMLTokenIssuerConfig.ttl);
            Document ownerDocument = ((Element) createSOAPEnvelope).getOwnerDocument();
            int keysize = rahasData.getKeysize();
            int i = keysize == -1 ? sAMLTokenIssuerConfig.keySize : keysize;
            String keyType = rahasData.getKeyType();
            if (StringUtils.isBlank(keyType)) {
                if (!StringUtils.isNotBlank(rahasData.getAppliesToAddress())) {
                    throw new TrustException(TrustException.INVALID_REQUEST, new String[]{"Requested KeyType is missing"});
                }
                keyType = rahasData.getRstElement().getNamespace().getNamespaceURI() + RahasConstants.KEY_TYPE_SYMM_KEY;
            }
            SAMLAssertion createHoKAssertion = (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) || keyType.endsWith(RahasConstants.KEY_TYPE_PUBLIC_KEY)) ? createHoKAssertion(sAMLTokenIssuerConfig, ownerDocument, cryptoFactory, date, date2, rahasData) : keyType.endsWith(RahasConstants.KEY_TYPE_BEARER) ? createBearerAssertion(sAMLTokenIssuerConfig, ownerDocument, cryptoFactory, date, date2, rahasData) : createBearerAssertion(sAMLTokenIssuerConfig, ownerDocument, cryptoFactory, date, date2, rahasData);
            int version = rahasData.getVersion();
            OMElement createRequestSecurityTokenResponseElement = 1 == version ? TrustUtil.createRequestSecurityTokenResponseElement(version, createSOAPEnvelope.getBody()) : TrustUtil.createRequestSecurityTokenResponseElement(version, TrustUtil.createRequestSecurityTokenResponseCollectionElement(version, createSOAPEnvelope.getBody()));
            TrustUtil.createTokenTypeElement(version, createRequestSecurityTokenResponseElement).setText(RahasConstants.TOK_TYPE_SAML_10);
            if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
                TrustUtil.createKeySizeElement(version, createRequestSecurityTokenResponseElement, i);
            }
            if (sAMLTokenIssuerConfig.addRequestedAttachedRef) {
                createAttachedRef(createRequestSecurityTokenResponseElement, createHoKAssertion.getId(), version);
            }
            if (sAMLTokenIssuerConfig.addRequestedUnattachedRef) {
                createUnattachedRef(createRequestSecurityTokenResponseElement, createHoKAssertion.getId(), version);
            }
            if (rahasData.getAppliesToAddress() != null) {
                TrustUtil.createAppliesToElement(createRequestSecurityTokenResponseElement, rahasData.getAppliesToAddress(), rahasData.getAddressingNs());
            }
            XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
            TrustUtil.createLifetimeElement(version, createRequestSecurityTokenResponseElement, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
            try {
                TrustUtil.createRequestedSecurityTokenElement(version, createRequestSecurityTokenResponseElement).addChild((OMNode) ((Element) createRequestSecurityTokenResponseElement).getOwnerDocument().importNode(createHoKAssertion.toDOM(), true));
                Token token = new Token(createHoKAssertion.getId(), (OMElement) createHoKAssertion.toDOM(), date, date2);
                token.setSecret(rahasData.getEphmeralKey());
                if (keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY) && sAMLTokenIssuerConfig.keyComputation != 1) {
                    TokenIssuerUtil.handleRequestedProofToken(rahasData, version, sAMLTokenIssuerConfig, createRequestSecurityTokenResponseElement, token, ownerDocument);
                }
                if (!sAMLTokenIssuerConfig.isTokenStoreDisabled()) {
                    token.setPersistenceEnabled(true);
                    TrustUtil.getTokenStore(inMessageContext).add(token);
                }
                if (!TrustUtil.isDoomParserPoolUsed()) {
                    DocumentBuilderFactoryImpl.setDOOMRequired(false);
                }
                return createSOAPEnvelope;
            } catch (SAMLException e) {
                throw new TrustException("samlConverstionError", e);
            }
        } catch (Throwable th) {
            if (!TrustUtil.isDoomParserPoolUsed()) {
                DocumentBuilderFactoryImpl.setDOOMRequired(false);
            }
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createAttachedRef(OMElement oMElement, String str, int i) throws TrustException {
        String wSTNamespace = TrustUtil.getWSTNamespace(i);
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", KeyIdentifier.ELEMENT_LOCAL_NAME, "wsse"), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", "wsse"), oMFactory.createOMElement(new QName(wSTNamespace, "RequestedAttachedReference", "wst"), oMElement)));
        createOMElement.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", null);
        createOMElement.setText(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createUnattachedRef(OMElement oMElement, String str, int i) throws TrustException {
        String wSTNamespace = TrustUtil.getWSTNamespace(i);
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", KeyIdentifier.ELEMENT_LOCAL_NAME, "wsse"), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", "wsse"), oMFactory.createOMElement(new QName(wSTNamespace, "RequestedUnattachedReference", "wst"), oMElement)));
        createOMElement.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", null);
        createOMElement.setText(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLAssertion createBearerAssertion(SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Document document, Crypto crypto, Date date, Date date2, RahasData rahasData) throws TrustException {
        SAMLNameIdentifier sAMLNameIdentifier;
        try {
            Principal principal = rahasData.getPrincipal();
            if (!(principal instanceof WSUsernameTokenPrincipal) && !(principal instanceof KerberosTokenPrincipal)) {
                throw new TrustException("samlUnsupportedPrincipal", new String[]{principal.getClass().getName()});
            }
            if (sAMLTokenIssuerConfig.getCallbackHandler() != null) {
                SAMLNameIdentifierCallback sAMLNameIdentifierCallback = new SAMLNameIdentifierCallback(rahasData);
                sAMLNameIdentifierCallback.setUserId(principal.getName());
                sAMLTokenIssuerConfig.getCallbackHandler().handle(sAMLNameIdentifierCallback);
                sAMLNameIdentifier = sAMLNameIdentifierCallback.getNameId();
            } else {
                sAMLNameIdentifier = new SAMLNameIdentifier(principal.getName(), null, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
            }
            return createAuthAssertion(document, "urn:oasis:names:tc:SAML:1.0:cm:bearer", sAMLNameIdentifier, null, sAMLTokenIssuerConfig, crypto, date, date2, rahasData);
        } catch (SAMLException e) {
            throw new TrustException("samlAssertionCreationError", e);
        }
    }

    protected SAMLAssertion createHoKAssertion(SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Document document, Crypto crypto, Date date, Date date2, RahasData rahasData) throws TrustException {
        String keyType = rahasData.getKeyType();
        if (StringUtils.isBlank(keyType)) {
            keyType = rahasData.getRstElement().getNamespace().getNamespaceURI() + RahasConstants.KEY_TYPE_SYMM_KEY;
        }
        if (!keyType.endsWith(RahasConstants.KEY_TYPE_SYMM_KEY)) {
            try {
                SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier(rahasData.getPrincipal().getName(), null, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
                X509Certificate clientCert = rahasData.getClientCert();
                if (clientCert == null) {
                    clientCert = crypto.getCertificates(rahasData.getPrincipal().getName())[0];
                }
                Text createTextNode = document.createTextNode(Base64.encode(clientCert.getEncoded()));
                Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
                createElementNS.appendChild(createTextNode);
                Element createElementNS2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "X509Data");
                createElementNS2.appendChild(createElementNS);
                return createAuthAssertion(document, "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key", sAMLNameIdentifier, createElementNS2, sAMLTokenIssuerConfig, crypto, date, date2, rahasData);
            } catch (Exception e) {
                throw new TrustException("samlAssertionCreationError", e);
            }
        }
        SAMLNameIdentifier sAMLNameIdentifier2 = null;
        X509Certificate x509Certificate = null;
        try {
            if (rahasData.getPrincipal() != null) {
                sAMLNameIdentifier2 = new SAMLNameIdentifier(rahasData.getPrincipal().getName(), null, "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
            }
            x509Certificate = getServiceCert(sAMLTokenIssuerConfig, crypto, rahasData.getAppliesToAddress());
            WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
            wSSecEncryptedKey.setKeyIdentifierType(8);
            wSSecEncryptedKey.setUseThisCert(x509Certificate);
            int keysize = rahasData.getKeysize();
            int i = keysize != -1 ? keysize : sAMLTokenIssuerConfig.keySize;
            wSSecEncryptedKey.setKeySize(i);
            wSSecEncryptedKey.setEphemeralKey(TokenIssuerUtil.getSharedSecret(rahasData, sAMLTokenIssuerConfig.keyComputation, i));
            wSSecEncryptedKey.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
            wSSecEncryptedKey.prepare(document, crypto);
            byte[] bArr = new byte[i / 8];
            System.arraycopy(wSSecEncryptedKey.getEphemeralKey(), 0, bArr, 0, i / 8);
            rahasData.setEphmeralKey(bArr);
            return createAttributeAssertion(document, rahasData, wSSecEncryptedKey.getEncryptedKeyElement(), sAMLNameIdentifier2, sAMLTokenIssuerConfig, crypto, date, date2);
        } catch (Exception e2) {
            throw new TrustException("errorInBuildingTheEncryptedKeyForPrincipal", new String[]{x509Certificate.getSubjectDN().getName()}, e2);
        }
    }

    private X509Certificate getServiceCert(SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Crypto crypto, String str) throws WSSecurityException {
        if (str == null || "".equals(str)) {
            return crypto.getCertificates((String) sAMLTokenIssuerConfig.trustedServices.get("*"))[0];
        }
        String str2 = (String) sAMLTokenIssuerConfig.trustedServices.get(str);
        return str2 != null ? crypto.getCertificates(str2)[0] : crypto.getCertificates((String) sAMLTokenIssuerConfig.trustedServices.get("*"))[0];
    }

    private SAMLAssertion createAttributeAssertion(Document document, RahasData rahasData, Element element, SAMLNameIdentifier sAMLNameIdentifier, SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Crypto crypto, Date date, Date date2) throws TrustException {
        SAMLAttribute[] sAMLAttributeArr;
        try {
            Element createElementNS = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
            ((OMElement) element).declareNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
            ((OMElement) element).declareNamespace("http://www.w3.org/2001/04/xmlenc#", "xenc");
            createElementNS.appendChild(element);
            SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, Arrays.asList("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"), null, createElementNS);
            if (sAMLTokenIssuerConfig.getCallbackHandler() != null) {
                SAMLAttributeCallback sAMLAttributeCallback = new SAMLAttributeCallback(rahasData);
                sAMLTokenIssuerConfig.getCallbackHandler().handle(sAMLAttributeCallback);
                sAMLAttributeArr = sAMLAttributeCallback.getAttributes();
            } else if (sAMLTokenIssuerConfig.getCallbackHandlerName() == null || sAMLTokenIssuerConfig.getCallbackHandlerName().trim().length() <= 0) {
                sAMLAttributeArr = new SAMLAttribute[]{new SAMLAttribute("Name", "https://rahas.apache.org/saml/attrns", null, -1L, Arrays.asList("Colombo/Rahas"))};
            } else {
                SAMLAttributeCallback sAMLAttributeCallback2 = new SAMLAttributeCallback(rahasData);
                try {
                    try {
                        ((SAMLCallbackHandler) Loader.loadClass(rahasData.getInMessageContext().getAxisService().getClassLoader(), sAMLTokenIssuerConfig.getCallbackHandlerName()).newInstance()).handle(sAMLAttributeCallback2);
                        sAMLAttributeArr = sAMLAttributeCallback2.getAttributes();
                    } catch (Exception e) {
                        throw new TrustException("cannotCreatePWCBInstance", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e);
                    }
                } catch (ClassNotFoundException e2) {
                    throw new TrustException("cannotLoadPWCBClass", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e2);
                }
            }
            List asList = Arrays.asList(sAMLAttributeArr);
            if (rahasData.getActAs() != null) {
                asList.add(new SAMLAttribute(RahasConstants.LocalNames.ACTAS, "https://rahas.apache.org/saml/attrns", null, -1L, Arrays.asList(rahasData.getActAs())));
            }
            SAMLStatement[] sAMLStatementArr = {new SAMLAttributeStatement(sAMLSubject, asList)};
            ArrayList arrayList = null;
            if (StringUtils.isNotBlank(this.audienceRestriction)) {
                SAMLAudienceRestrictionCondition sAMLAudienceRestrictionCondition = new SAMLAudienceRestrictionCondition();
                sAMLAudienceRestrictionCondition.addAudience(this.audienceRestriction);
                arrayList = new ArrayList();
                arrayList.add(sAMLAudienceRestrictionCondition);
            }
            SAMLAssertion sAMLAssertion = new SAMLAssertion(sAMLTokenIssuerConfig.issuerName, date, date2, arrayList, null, Arrays.asList(sAMLStatementArr));
            X509Certificate[] certificates = crypto.getCertificates(sAMLTokenIssuerConfig.issuerKeyAlias);
            sAMLAssertion.sign(certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1", crypto.getPrivateKey(sAMLTokenIssuerConfig.issuerKeyAlias, sAMLTokenIssuerConfig.issuerKeyPassword), Arrays.asList(certificates));
            return sAMLAssertion;
        } catch (Exception e3) {
            throw new TrustException("samlAssertionCreationError", e3);
        }
    }

    protected SAMLAssertion createAuthAssertion(Document document, String str, SAMLNameIdentifier sAMLNameIdentifier, Element element, SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Crypto crypto, Date date, Date date2, RahasData rahasData) throws TrustException {
        try {
            String[] strArr = {str};
            Element element2 = null;
            if (element != null) {
                element2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
                ((OMElement) element).declareNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
                ((OMElement) element).declareNamespace("http://www.w3.org/2001/04/xmlenc#", "xenc");
                element2.appendChild(element);
            }
            SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, Arrays.asList(strArr), null, element2);
            ArrayList arrayList = new ArrayList();
            arrayList.add(new SAMLAuthenticationStatement(sAMLSubject, SAMLAuthenticationStatement.AuthenticationMethod_Password, date, null, null, null));
            SAMLAttributeStatement createSAMLAttributeStatement = createSAMLAttributeStatement((SAMLSubject) sAMLSubject.clone(), rahasData, sAMLTokenIssuerConfig);
            if (createSAMLAttributeStatement != null) {
                arrayList.add(createSAMLAttributeStatement);
            }
            ArrayList arrayList2 = null;
            if (StringUtils.isNotBlank(this.audienceRestriction)) {
                SAMLAudienceRestrictionCondition sAMLAudienceRestrictionCondition = new SAMLAudienceRestrictionCondition();
                sAMLAudienceRestrictionCondition.addAudience(this.audienceRestriction);
                arrayList2 = new ArrayList();
                arrayList2.add(sAMLAudienceRestrictionCondition);
            }
            SAMLAssertion sAMLAssertion = new SAMLAssertion(sAMLTokenIssuerConfig.issuerName, date, date2, arrayList2, null, arrayList);
            X509Certificate[] certificates = crypto.getCertificates(sAMLTokenIssuerConfig.issuerKeyAlias);
            sAMLAssertion.sign(certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1", crypto.getPrivateKey(sAMLTokenIssuerConfig.issuerKeyAlias, sAMLTokenIssuerConfig.issuerKeyPassword), Arrays.asList(certificates));
            return sAMLAssertion;
        } catch (Exception e) {
            throw new TrustException("samlAssertionCreationError", e);
        }
    }

    @Override // org.apache.rahas.TokenIssuer
    public String getResponseAction(RahasData rahasData) throws TrustException {
        return TrustUtil.getActionValue(rahasData.getVersion(), RahasConstants.RSTRC_ACTION_ISSUE_FINAL);
    }

    protected byte[] generateEphemeralKey(int i) throws TrustException {
        try {
            byte[] bArr = new byte[i / 8];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            throw new TrustException("Error in creating the ephemeral key", e);
        }
    }

    @Override // org.apache.rahas.TokenIssuer
    public void setConfigurationFile(String str) {
        this.configFile = str;
    }

    @Override // org.apache.rahas.TokenIssuer
    public void setConfigurationElement(OMElement oMElement) {
        this.configElement = oMElement;
    }

    @Override // org.apache.rahas.TokenIssuer
    public void setConfigurationParamName(String str) {
        this.configParamName = str;
    }

    private SAMLAttributeStatement createSAMLAttributeStatement(SAMLSubject sAMLSubject, RahasData rahasData, SAMLTokenIssuerConfig sAMLTokenIssuerConfig) throws TrustException {
        try {
            SAMLAttribute[] sAMLAttributeArr = null;
            if (sAMLTokenIssuerConfig.getCallbackHandler() != null) {
                SAMLAttributeCallback sAMLAttributeCallback = new SAMLAttributeCallback(rahasData);
                sAMLTokenIssuerConfig.getCallbackHandler().handle(sAMLAttributeCallback);
                sAMLAttributeArr = sAMLAttributeCallback.getAttributes();
            } else if (sAMLTokenIssuerConfig.getCallbackHandlerName() != null && sAMLTokenIssuerConfig.getCallbackHandlerName().trim().length() > 0) {
                SAMLAttributeCallback sAMLAttributeCallback2 = new SAMLAttributeCallback(rahasData);
                try {
                    try {
                        ((SAMLCallbackHandler) Loader.loadClass(rahasData.getInMessageContext().getAxisService().getClassLoader(), sAMLTokenIssuerConfig.getCallbackHandlerName()).newInstance()).handle(sAMLAttributeCallback2);
                        sAMLAttributeArr = sAMLAttributeCallback2.getAttributes();
                    } catch (Exception e) {
                        throw new TrustException("cannotCreatePWCBInstance", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e);
                    }
                } catch (ClassNotFoundException e2) {
                    throw new TrustException("cannotLoadPWCBClass", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e2);
                }
            }
            SAMLAttributeStatement sAMLAttributeStatement = null;
            if (!ArrayUtils.isEmpty(sAMLAttributeArr)) {
                sAMLAttributeStatement = new SAMLAttributeStatement(sAMLSubject, Arrays.asList(sAMLAttributeArr));
                if (log.isDebugEnabled()) {
                    log.debug("SAML 1.1 attribute statement is constructed successfully.");
                }
            } else if (log.isDebugEnabled()) {
                log.debug("No requested attributes found for SAML 1.1 attribute statement");
            }
            return sAMLAttributeStatement;
        } catch (SAMLException e3) {
            throw new TrustException(e3.getMessage(), e3);
        }
    }
}
