package org.apache.cxf.fediz.core.config;

import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.regex.Pattern;
import org.apache.cxf.fediz.core.config.jaxb.ContextConfig;
import org.apache.cxf.fediz.core.config.jaxb.FederationProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.KeyManagersType;
import org.apache.cxf.fediz.core.config.jaxb.KeyStoreType;
import org.apache.cxf.fediz.core.config.jaxb.ProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.SamlProtocolType;
import org.apache.cxf.fediz.core.config.jaxb.TrustManagersType;
import org.apache.cxf.fediz.core.config.jaxb.TrustedIssuerType;
import org.apache.cxf.fediz.core.exception.IllegalConfigurationException;
import org.apache.cxf.fediz.core.util.CertsUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.CertificateStore;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/cxf/fediz/core/config/FedizContext.class */
public class FedizContext implements Closeable {
    public static final String CACHE_KEY_PREFIX = "fediz.replay.cache";
    private static final Logger LOG = LoggerFactory.getLogger(FedizContext.class);
    private ContextConfig config;
    private String relativePath;
    private ReplayCache replayCache;
    private Protocol protocol;
    private KeyManager keyManager;
    private KeyManager decryptionKeyManager;
    private ClassLoader classloader;
    private Object logoutRedirectToConstraint;
    private boolean detectReplayedTokens = true;
    private List<TrustManager> certificateStores = new ArrayList();

    public FedizContext(ContextConfig contextConfig) {
        if (contextConfig == null) {
            throw new IllegalArgumentException("ContextConfig cannot be null!");
        }
        this.config = contextConfig;
    }

    public void init() {
        getProtocol();
    }

    public List<String> getAudienceUris() {
        return this.config.getAudienceUris() == null ? Collections.emptyList() : this.config.getAudienceUris().getAudienceItem();
    }

    public List<TrustedIssuer> getTrustedIssuers() {
        List<TrustedIssuerType> issuer = this.config.getTrustedIssuers().getIssuer();
        ArrayList arrayList = new ArrayList();
        Iterator<TrustedIssuerType> it = issuer.iterator();
        while (it.hasNext()) {
            arrayList.add(new TrustedIssuer(it.next()));
        }
        return arrayList;
    }

    public List<TrustManager> getCertificateStores() {
        if (!this.certificateStores.isEmpty()) {
            return Collections.unmodifiableList(this.certificateStores);
        }
        for (TrustManagersType trustManagersType : this.config.getCertificateStores().getTrustManager()) {
            TrustManager trustManager = new TrustManager(trustManagersType);
            try {
                trustManager.setCrypto(trustManagersType.getKeyStore().getType().equalsIgnoreCase("PEM") ? new CertificateStore(new X509Certificate[]{CertsUtils.getX509CertificateFromFile(trustManager.getName(), this.classloader)}) : CryptoFactory.getInstance(createCryptoProperties(trustManagersType)));
                this.certificateStores.add(trustManager);
            } catch (WSSecurityException e) {
                LOG.error("Failed to load keystore '" + trustManager.getName() + "'", e);
                throw new IllegalConfigurationException("Failed to load keystore '" + trustManager.getName() + "'");
            } catch (CertificateException e2) {
                LOG.error("Failed to read keystore", e2);
                throw new RuntimeException("Failed to read keystore");
            }
        }
        return Collections.unmodifiableList(this.certificateStores);
    }

    public BigInteger getMaximumClockSkew() {
        return this.config.getMaximumClockSkew();
    }

    public void setMaximumClockSkew(BigInteger bigInteger) {
        this.config.setMaximumClockSkew(bigInteger);
    }

    public Protocol getProtocol() {
        if (this.protocol != null) {
            return this.protocol;
        }
        ProtocolType protocol = this.config.getProtocol();
        if (protocol instanceof FederationProtocolType) {
            this.protocol = new FederationProtocol(protocol);
        } else if (protocol instanceof SamlProtocolType) {
            this.protocol = new SAMLProtocol(protocol);
        }
        if (this.protocol != null) {
            this.protocol.setClassloader(getClassloader());
        }
        return this.protocol;
    }

    public String getLogoutURL() {
        return this.config.getLogoutURL();
    }

    public String getLogoutRedirectTo() {
        return this.config.getLogoutRedirectTo();
    }

    public Object getLogoutRedirectToConstraint() {
        if (this.logoutRedirectToConstraint != null) {
            return this.logoutRedirectToConstraint;
        }
        Object loadCallbackType = ConfigUtils.loadCallbackType(this.config.getLogoutRedirectToConstraint(), "LogoutRedirectToConstraint", getClassloader());
        if (loadCallbackType instanceof String) {
            this.logoutRedirectToConstraint = Pattern.compile((String) loadCallbackType);
        } else {
            this.logoutRedirectToConstraint = loadCallbackType;
        }
        return this.logoutRedirectToConstraint;
    }

    public KeyManager getSigningKey() {
        if (this.keyManager != null) {
            return this.keyManager;
        }
        if (this.config.getSigningKey() == null) {
            LOG.error("No signing key has been configured");
            throw new IllegalConfigurationException("No signing key has been configured");
        }
        this.keyManager = new KeyManager(this.config.getSigningKey());
        try {
            this.keyManager.setCrypto(CryptoFactory.getInstance(createCryptoProperties(this.config.getSigningKey())));
            return this.keyManager;
        } catch (WSSecurityException e) {
            String name = this.keyManager.getName();
            this.keyManager = null;
            LOG.error("Failed to load keystore '" + name + "'", e);
            throw new IllegalConfigurationException("Failed to load keystore '" + name + "'");
        }
    }

    public KeyManager getDecryptionKey() {
        if (this.decryptionKeyManager != null) {
            return this.decryptionKeyManager;
        }
        if (this.config.getTokenDecryptionKey() == null) {
            return null;
        }
        this.decryptionKeyManager = new KeyManager(this.config.getTokenDecryptionKey());
        try {
            this.decryptionKeyManager.setCrypto(CryptoFactory.getInstance(createCryptoProperties(this.config.getTokenDecryptionKey())));
            return this.decryptionKeyManager;
        } catch (WSSecurityException e) {
            String name = this.decryptionKeyManager.getName();
            this.decryptionKeyManager = null;
            LOG.error("Failed to load keystore '" + name + "'", e);
            throw new IllegalConfigurationException("Failed to load keystore '" + name + "'");
        }
    }

    public ReplayCache getTokenReplayCache() {
        if (this.replayCache != null) {
            return this.replayCache;
        }
        String tokenReplayCache = this.config.getTokenReplayCache();
        String str = "fediz.replay.cache-" + this.config.getName();
        ReplayCacheFactory newInstance = ReplayCacheFactory.newInstance();
        if (tokenReplayCache == null || "".equals(tokenReplayCache)) {
            this.replayCache = newInstance.newReplayCache(str, "/fediz-ehcache.xml");
        } else {
            try {
                this.replayCache = (ReplayCache) Loader.loadClass(tokenReplayCache).newInstance();
            } catch (ClassNotFoundException e) {
                this.replayCache = newInstance.newReplayCache(str, "/fediz-ehcache.xml");
            } catch (IllegalAccessException e2) {
                this.replayCache = newInstance.newReplayCache(str, "/fediz-ehcache.xml");
            } catch (InstantiationException e3) {
                this.replayCache = newInstance.newReplayCache(str, "/fediz-ehcache.xml");
            }
        }
        return this.replayCache;
    }

    public String getName() {
        return this.config.getName();
    }

    public boolean isDetectExpiredTokens() {
        return this.config.isTokenExpirationValidation().booleanValue();
    }

    public void setDetectExpiredTokens(boolean z) {
        this.config.setTokenExpirationValidation(Boolean.valueOf(z));
    }

    public boolean isDetectReplayedTokens() {
        return this.detectReplayedTokens;
    }

    public void setDetectReplayedTokens(boolean z) {
        this.detectReplayedTokens = z;
    }

    public void setRelativePath(String str) {
        this.relativePath = str;
    }

    public String getRelativePath() {
        return this.relativePath;
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() throws IOException {
        if (this.replayCache != null) {
            this.replayCache.close();
        }
    }

    private Properties createCryptoProperties(TrustManagersType trustManagersType) {
        String str = null;
        KeyStoreType keyStore = trustManagersType.getKeyStore();
        String password = keyStore.getPassword();
        if (keyStore.getFile() != null && !keyStore.getFile().isEmpty()) {
            str = keyStore.getFile();
        } else if (keyStore.getResource() != null && !keyStore.getResource().isEmpty() && Loader.getResource(keyStore.getResource()) != null) {
            str = keyStore.getResource();
        }
        if (str == null) {
            throw new IllegalStateException("No certificate store configured");
        }
        if (!new File(str).exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
            str = getRelativePath().concat(File.separator + str);
        }
        if (str == null || str.isEmpty()) {
            throw new IllegalConfigurationException("truststoreFile not configured");
        }
        if (password == null || password.isEmpty()) {
            throw new IllegalConfigurationException("trustStorePw not configured");
        }
        Properties properties = new Properties();
        properties.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
        properties.put("org.apache.ws.security.crypto.merlin.keystore.type", "jks");
        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", password);
        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", str);
        return properties;
    }

    private Properties createCryptoProperties(KeyManagersType keyManagersType) {
        String str = null;
        KeyStoreType keyStore = keyManagersType.getKeyStore();
        String password = keyStore.getPassword();
        if (keyStore.getFile() != null && !keyStore.getFile().isEmpty()) {
            str = keyStore.getFile();
        } else if (keyStore.getResource() != null && !keyStore.getResource().isEmpty() && Loader.getResource(keyStore.getResource()) != null) {
            str = keyStore.getResource();
        }
        if (str == null) {
            throw new IllegalStateException("No certificate store configured");
        }
        if (!new File(str).exists() && getRelativePath() != null && !getRelativePath().isEmpty()) {
            str = getRelativePath().concat(File.separator + str);
        }
        if (str == null || str.isEmpty()) {
            throw new IllegalConfigurationException("truststoreFile not configured");
        }
        if (password == null || password.isEmpty()) {
            throw new IllegalConfigurationException("trustStorePw not configured");
        }
        String type = keyStore.getType() != null ? keyStore.getType() : "jks";
        Properties properties = new Properties();
        properties.put("org.apache.ws.security.crypto.provider", "org.apache.ws.security.components.crypto.Merlin");
        properties.put("org.apache.ws.security.crypto.merlin.keystore.type", type);
        properties.put("org.apache.ws.security.crypto.merlin.keystore.password", password);
        properties.put("org.apache.ws.security.crypto.merlin.keystore.file", str);
        return properties;
    }

    public ClassLoader getClassloader() {
        return this.classloader;
    }

    public void setClassloader(ClassLoader classLoader) {
        this.classloader = classLoader;
    }

    public boolean isAddAuthenticatedRole() {
        return this.config.isAddAuthenticatedRole().booleanValue();
    }
}
