package org.apache.cxf.sts.operation;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
import javax.xml.ws.WebServiceContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.QNameConstants;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.RequestParser;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.token.provider.TokenProviderParameters;
import org.apache.cxf.sts.token.provider.TokenReference;
import org.apache.cxf.sts.token.renewer.TokenRenewer;
import org.apache.cxf.sts.token.renewer.TokenRenewerParameters;
import org.apache.cxf.sts.token.renewer.TokenRenewerResponse;
import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
import org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType;
import org.apache.cxf.ws.security.sts.provider.operation.RenewOperation;
import org.apache.ws.security.WSSecurityException;

/* loaded from: input_file:WEB-INF/lib/cxf-services-sts-core-2.6.0.jar:org/apache/cxf/sts/operation/TokenRenewOperation.class */
public class TokenRenewOperation extends AbstractOperation implements RenewOperation {
    private static final Logger LOG = LogUtils.getL7dLogger(TokenRenewOperation.class);
    private List<TokenRenewer> tokenRenewers = new ArrayList();

    public void setTokenRenewers(List<TokenRenewer> list) {
        this.tokenRenewers = list;
    }

    public List<TokenRenewer> getTokenRenewers() {
        return this.tokenRenewers;
    }

    @Override // org.apache.cxf.ws.security.sts.provider.operation.RenewOperation
    public RequestSecurityTokenResponseType renew(RequestSecurityTokenType requestSecurityTokenType, WebServiceContext webServiceContext) {
        RequestParser parseRequest = parseRequest(requestSecurityTokenType, webServiceContext);
        KeyRequirements keyRequirements = parseRequest.getKeyRequirements();
        TokenRequirements tokenRequirements = parseRequest.getTokenRequirements();
        ReceivedToken renewTarget = tokenRequirements.getRenewTarget();
        if (renewTarget == null || renewTarget.getToken() == null) {
            throw new STSException("No element presented for renewal", STSException.INVALID_REQUEST);
        }
        if (tokenRequirements.getTokenType() == null) {
            LOG.fine("Received TokenType is null");
        }
        String str = null;
        if (this.stsProperties.getRealmParser() != null) {
            str = this.stsProperties.getRealmParser().parseRealm(webServiceContext);
        }
        TokenValidatorResponse validateReceivedToken = validateReceivedToken(webServiceContext, str, tokenRequirements, renewTarget);
        if (validateReceivedToken == null) {
            LOG.fine("No Token Validator has been found that can handle this token");
            renewTarget.setState(ReceivedToken.STATE.INVALID);
            throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
        }
        if (validateReceivedToken.getToken().getState() != ReceivedToken.STATE.EXPIRED && validateReceivedToken.getToken().getState() != ReceivedToken.STATE.VALID) {
            LOG.fine("The token is not valid or expired, and so it cannot be renewed");
            throw new STSException("No Token Validator has been found that can handle this token" + tokenRequirements.getTokenType(), STSException.REQUEST_FAILED);
        }
        TokenRenewerResponse tokenRenewerResponse = null;
        TokenRenewerParameters createTokenRenewerParameters = createTokenRenewerParameters(parseRequest, webServiceContext);
        Map<String, Object> additionalProperties = validateReceivedToken.getAdditionalProperties();
        if (additionalProperties != null) {
            createTokenRenewerParameters.setAdditionalProperties(additionalProperties);
        }
        createTokenRenewerParameters.setRealm(validateReceivedToken.getTokenRealm());
        createTokenRenewerParameters.setToken(validateReceivedToken.getToken());
        String tokenRealm = validateReceivedToken.getTokenRealm();
        Iterator<TokenRenewer> it = this.tokenRenewers.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenRenewer next = it.next();
            if (tokenRealm == null ? next.canHandleToken(validateReceivedToken.getToken()) : next.canHandleToken(validateReceivedToken.getToken(), tokenRealm)) {
                try {
                    tokenRenewerResponse = next.renewToken(createTokenRenewerParameters);
                    break;
                } catch (STSException e) {
                    LOG.log(Level.WARNING, "", (Throwable) e);
                    throw e;
                } catch (RuntimeException e2) {
                    LOG.log(Level.WARNING, "", (Throwable) e2);
                    throw new STSException("Error in providing a token", e2, STSException.REQUEST_FAILED);
                }
            }
        }
        if (tokenRenewerResponse == null || tokenRenewerResponse.getToken() == null) {
            LOG.fine("No Token Renewer has been found that can handle this token");
            throw new STSException("No token renewer found for requested token type", STSException.REQUEST_FAILED);
        }
        try {
            return createResponse(createTokenRenewerParameters.getEncryptionProperties(), tokenRenewerResponse, tokenRequirements, keyRequirements, webServiceContext);
        } catch (Throwable th) {
            LOG.log(Level.WARNING, "", th);
            throw new STSException("Error in creating the response", th, STSException.REQUEST_FAILED);
        }
    }

    private RequestSecurityTokenResponseType createResponse(EncryptionProperties encryptionProperties, TokenRenewerResponse tokenRenewerResponse, TokenRequirements tokenRequirements, KeyRequirements keyRequirements, WebServiceContext webServiceContext) throws WSSecurityException {
        RequestSecurityTokenResponseType createRequestSecurityTokenResponseType = QNameConstants.WS_TRUST_FACTORY.createRequestSecurityTokenResponseType();
        String context = tokenRequirements.getContext();
        if (context != null) {
            createRequestSecurityTokenResponseType.setContext(context);
        }
        createRequestSecurityTokenResponseType.getAny().add(QNameConstants.WS_TRUST_FACTORY.createTokenType(tokenRequirements.getTokenType()));
        RequestedSecurityTokenType createRequestedSecurityTokenType = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityTokenType();
        JAXBElement<RequestedSecurityTokenType> createRequestedSecurityToken = QNameConstants.WS_TRUST_FACTORY.createRequestedSecurityToken(createRequestedSecurityTokenType);
        LOG.fine("Encrypting Issued Token: " + this.encryptIssuedToken);
        if (this.encryptIssuedToken) {
            createRequestedSecurityTokenType.setAny(encryptToken(tokenRenewerResponse.getToken(), tokenRenewerResponse.getTokenId(), encryptionProperties, keyRequirements, webServiceContext));
        } else {
            createRequestedSecurityTokenType.setAny(tokenRenewerResponse.getToken());
        }
        createRequestSecurityTokenResponseType.getAny().add(createRequestedSecurityToken);
        if (this.returnReferences) {
            TokenReference attachedReference = tokenRenewerResponse.getAttachedReference();
            createRequestSecurityTokenResponseType.getAny().add(QNameConstants.WS_TRUST_FACTORY.createRequestedAttachedReference(attachedReference != null ? createRequestedReference(attachedReference, true) : createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), true)));
            TokenReference unAttachedReference = tokenRenewerResponse.getUnAttachedReference();
            createRequestSecurityTokenResponseType.getAny().add(QNameConstants.WS_TRUST_FACTORY.createRequestedUnattachedReference(unAttachedReference != null ? createRequestedReference(unAttachedReference, false) : createRequestedReference(tokenRenewerResponse.getTokenId(), tokenRequirements.getTokenType(), false)));
        }
        createRequestSecurityTokenResponseType.getAny().add(tokenRequirements.getAppliesTo());
        createRequestSecurityTokenResponseType.getAny().add(QNameConstants.WS_TRUST_FACTORY.createLifetime(createLifetime(tokenRenewerResponse.getLifetime())));
        return createRequestSecurityTokenResponseType;
    }

    private TokenRenewerParameters createTokenRenewerParameters(RequestParser requestParser, WebServiceContext webServiceContext) {
        TokenProviderParameters createTokenProviderParameters = createTokenProviderParameters(requestParser, webServiceContext);
        TokenRenewerParameters tokenRenewerParameters = new TokenRenewerParameters();
        tokenRenewerParameters.setAppliesToAddress(createTokenProviderParameters.getAppliesToAddress());
        tokenRenewerParameters.setEncryptionProperties(createTokenProviderParameters.getEncryptionProperties());
        tokenRenewerParameters.setKeyRequirements(createTokenProviderParameters.getKeyRequirements());
        tokenRenewerParameters.setPrincipal(createTokenProviderParameters.getPrincipal());
        tokenRenewerParameters.setStsProperties(createTokenProviderParameters.getStsProperties());
        tokenRenewerParameters.setTokenRequirements(createTokenProviderParameters.getTokenRequirements());
        tokenRenewerParameters.setTokenStore(createTokenProviderParameters.getTokenStore());
        tokenRenewerParameters.setWebServiceContext(createTokenProviderParameters.getWebServiceContext());
        return tokenRenewerParameters;
    }
}
