package org.openid4java.infocard.sts;

import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.sql.DataSource;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.util.Base64;
import org.eclipse.higgins.sts.api.IAppliesTo;
import org.eclipse.higgins.sts.api.IClaim;
import org.eclipse.higgins.sts.api.IConstants;
import org.eclipse.higgins.sts.api.IDigitalIdentity;
import org.eclipse.higgins.sts.api.ILifetime;
import org.eclipse.higgins.sts.api.IRequestSecurityToken;
import org.eclipse.higgins.sts.api.ISTSRequest;
import org.eclipse.higgins.sts.api.ISTSResponse;
import org.eclipse.higgins.sts.common.Fault;
import org.eclipse.higgins.sts.common.RequestSecurityTokenResponse;
import org.eclipse.higgins.sts.server.token.handler.TokenHandler;
import org.eclipse.higgins.sts.utilities.ExceptionHelper;
import org.eclipse.higgins.sts.utilities.LogHelper;
import org.eclipse.higgins.sts.utilities.XMLHelper;
import org.openid4java.OpenIDException;
import org.openid4java.association.Association;
import org.openid4java.association.AssociationException;
import org.openid4java.association.DiffieHellmanSession;
import org.openid4java.infocard.OpenIDTokenType;
import org.openid4java.message.AuthSuccess;
import org.openid4java.message.Message;
import org.openid4java.message.ax.FetchResponse;
import org.openid4java.server.IncrementalNonceGenerator;
import org.openid4java.server.JdbcServerAssociationStore;
import org.openid4java.server.NonceGenerator;
import org.openid4java.server.ServerAssociationStore;

/* loaded from: input_file:WEB-INF/lib/openid4java-nodeps-0.9.3.1.jar:org/openid4java/infocard/sts/OpenIDTokenGeneratorHandler.class */
public class OpenIDTokenGeneratorHandler extends TokenHandler {
    private final LogHelper log;
    QName qnameIdentityClaimType;
    QName qnameIdentityClaimURI;
    private boolean bConfigured;
    private NonceGenerator _nonceGenerator;
    private ServerAssociationStore _privateAssociations;
    private String _opEndpoint;
    private Integer _expireIn;
    static Class class$org$openid4java$infocard$sts$OpenIDTokenGeneratorHandler;

    /* JADX INFO: Access modifiers changed from: protected */
    public OpenIDTokenGeneratorHandler() {
        Class cls;
        if (class$org$openid4java$infocard$sts$OpenIDTokenGeneratorHandler == null) {
            cls = class$("org.openid4java.infocard.sts.OpenIDTokenGeneratorHandler");
            class$org$openid4java$infocard$sts$OpenIDTokenGeneratorHandler = cls;
        } else {
            cls = class$org$openid4java$infocard$sts$OpenIDTokenGeneratorHandler;
        }
        this.log = new LogHelper(cls.getName());
        this.qnameIdentityClaimType = new QName(null, "ClaimType");
        this.qnameIdentityClaimURI = new QName(null, "Uri");
        this.bConfigured = false;
        this._nonceGenerator = new IncrementalNonceGenerator();
        this.log.trace("TokenGeneratorHandler::TokenGeneratorHandler");
    }

    public void configure(Map map, String str, Map map2) {
        this.log.trace("TokenGeneratorHandler::initialize");
        JdbcServerAssociationStore jdbcServerAssociationStore = new JdbcServerAssociationStore((String) map2.get("AssocTableName"));
        boolean z = true;
        try {
            jdbcServerAssociationStore.setDataSource((DataSource) new InitialContext().lookup((String) map2.get("AssocDataSource")));
        } catch (NamingException e) {
            this.log.error("Unable to load JNDI data source from context.");
            z = false;
        }
        this._privateAssociations = jdbcServerAssociationStore;
        URI uri = (URI) map2.get("OPEndpoint");
        this._opEndpoint = uri != null ? uri.toString() : null;
        this._expireIn = (Integer) map2.get("AssocExpiry");
        this.bConfigured = z;
    }

    public void invoke(Map map, String str, Map map2, Map map3, IConstants iConstants, ISTSRequest iSTSRequest, ISTSResponse iSTSResponse) {
        this.log.trace(new StringBuffer().append("TokenGeneratorHandler::invoke: ").append(str).toString());
        if (!this.bConfigured) {
            setWstFault(iConstants, iSTSResponse, "The specified request failed", "Issue handler not configured");
            return;
        }
        URI uri = (URI) map2.get("DefaultKeyType");
        this.log.trace(new StringBuffer().append("DefaultKeyType: ").append(uri).toString() != null ? uri.toString() : null);
        Boolean bool = (Boolean) map2.get("IncludeBearerSubjectName");
        this.log.trace(new StringBuffer().append("IncludeBearerSubjectName: ").append(bool).toString() != null ? bool.toString() : null);
        URI uri2 = (URI) map2.get("TokenIssuer");
        this.log.trace(new StringBuffer().append("TokenIssuer: ").append(uri2).toString() != null ? uri2.toString() : null);
        if (null == uri2) {
            setWstFault(iConstants, iSTSResponse, "The specified request failed", "TokenIssuer not set.");
            return;
        }
        URI uri3 = (URI) map2.get("SubjectNameIdentifierAttribute");
        if (null != uri3) {
            this.log.trace(new StringBuffer().append("SubjectNameIdentifier: ").append(uri3).toString() != null ? uri3.toString() : null);
        }
        URI uri4 = (URI) map2.get("SubjectNameIdentifierFormat");
        if (null != uri4) {
            this.log.trace(new StringBuffer().append("SubjectNameIdentifierFormat: ").append(uri4).toString() != null ? uri4.toString() : null);
        }
        Boolean bool2 = (Boolean) map2.get("EncryptToken");
        this.log.trace(new StringBuffer().append("EncryptToken: ").append(bool2).toString() != null ? bool2.toString() : null);
        IRequestSecurityToken iRequestSecurityToken = (IRequestSecurityToken) iSTSRequest.getRequestSecurityTokenCollection().get(0);
        ILifetime lifetime = iRequestSecurityToken.getLifetime();
        URI tokenType = iRequestSecurityToken.getTokenType();
        if (tokenType == null || !(OpenIDTokenType.OPENID20_TOKEN.toString().equals(tokenType.toString()) || OpenIDTokenType.OPENID11_TOKEN.toString().equals(tokenType.toString()))) {
            setWstFault(iConstants, iSTSResponse, "Invalid token type", new StringBuffer().append("Cannot handle tokens of type: ").append(tokenType).toString());
            return;
        }
        boolean equals = OpenIDTokenType.OPENID11_TOKEN.equals(tokenType.toString());
        IAppliesTo appliesTo = iRequestSecurityToken.getAppliesTo();
        URI uri5 = null;
        this.log.trace("Checking for AppliesTo");
        if (appliesTo != null) {
            this.log.trace("Found AppliesTo");
            uri5 = appliesTo.getEndpointReference().getAddress();
        }
        if (uri5 == null) {
            setWstFault(iConstants, iSTSResponse, "The specified request failed", "AppliesTo / return_url not found; required for OpenID Tokens.");
            return;
        }
        IDigitalIdentity digitalIdentity = iRequestSecurityToken.getDigitalIdentity();
        if (null == digitalIdentity) {
            setWstFault(iConstants, iSTSResponse, "The specified request failed", "Digital Subject was not found");
            return;
        }
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMNamespace createOMNamespace = oMFactory.createOMNamespace(iConstants.getIdentityNamespace().toString(), "ic");
        OMNamespace createOMNamespace2 = oMFactory.createOMNamespace(iConstants.getWSTrustNamespace().toString(), "wst");
        OMElement createOMElement = oMFactory.createOMElement("RequestedDisplayToken", createOMNamespace);
        OMElement createOMElement2 = oMFactory.createOMElement("DisplayToken", createOMNamespace, createOMElement);
        OMElement createOMElement3 = oMFactory.createOMElement("RequestedSecurityToken", createOMNamespace2);
        OMElement createOMElement4 = oMFactory.createOMElement("RequestedAttachedReference", createOMNamespace2);
        OMElement createOMElement5 = oMFactory.createOMElement("RequestedUnattachedReference", createOMNamespace2);
        OMNamespace createOMNamespace3 = oMFactory.createOMNamespace(iConstants.getWSSecurityNamespace().toString(), "wsse");
        OMElement createOMElement6 = oMFactory.createOMElement("SecurityTokenReference", createOMNamespace3, createOMElement4);
        OMElement createOMElement7 = oMFactory.createOMElement("SecurityTokenReference", createOMNamespace3, createOMElement5);
        OMElement createOMElement8 = oMFactory.createOMElement("KeyIdentifier", createOMNamespace3, createOMElement6);
        OMElement createOMElement9 = oMFactory.createOMElement("KeyIdentifier", createOMNamespace3, createOMElement7);
        createOMElement8.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1", (OMNamespace) null);
        createOMElement9.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1", (OMNamespace) null);
        String str2 = null;
        HashMap hashMap = new HashMap();
        List<IClaim> claims = digitalIdentity.getClaims();
        Map map4 = (Map) map.get("AttributeClaimMap");
        for (IClaim iClaim : claims) {
            String str3 = iClaim.getValues().hasNext() ? (String) iClaim.getValues().next() : null;
            if (str3 != null) {
                String uri6 = iClaim.getType().getName().toString();
                String str4 = (String) ((Map) map4.get(uri6)).get("DisplayName");
                if (OpenIDTokenType.OPENID_CLAIM.equals(uri6)) {
                    str2 = str3;
                    addDisplayClaim(uri6, str2, str4, createOMElement2, createOMNamespace, oMFactory);
                    if (equals) {
                        break;
                    }
                } else if (!equals) {
                    hashMap.put(uri6, str3);
                    addDisplayClaim(uri6, str3, str4, createOMElement2, createOMNamespace, oMFactory);
                }
            }
        }
        if (str2 == null) {
            setWstFault(iConstants, iSTSResponse, "Cannot process OpenID-token RST", "No claimed identifier found.");
            return;
        }
        try {
            Association generate = this._privateAssociations.generate(Association.TYPE_HMAC_SHA1, this._expireIn.intValue());
            if (!equals && this._opEndpoint == null) {
                setWstFault(iConstants, iSTSResponse, "Cannot process OpenID-token RST", "OP-Endpoint not configured; required for OpenID 2 messages.");
                return;
            }
            try {
                AuthSuccess createAuthSuccess = AuthSuccess.createAuthSuccess(this._opEndpoint, str2, str2, equals, uri5.toString(), this._nonceGenerator.next(), null, generate, false);
                if (!equals) {
                    FetchResponse createFetchResponse = FetchResponse.createFetchResponse();
                    createFetchResponse.addAttributes(hashMap);
                    createAuthSuccess.addExtension(createFetchResponse);
                }
                createAuthSuccess.setSignature(generate.sign(createAuthSuccess.getSignedText()));
                try {
                    try {
                        String encode = Base64.encode(MessageDigest.getInstance(DiffieHellmanSession.H_ALGORITHM_SHA1).digest(createAuthSuccess.keyValueFormEncoding().getBytes("utf-8")));
                        createOMElement8.setText(encode);
                        createOMElement9.setText(encode);
                        oMFactory.createOMElement("OpenIDToken", oMFactory.createOMNamespace(Message.OPENID2_NS, "openid"), createOMElement3).setText(createAuthSuccess.keyValueFormEncoding());
                        List requestSecurityTokenResponseCollection = iSTSResponse.getRequestSecurityTokenResponseCollection();
                        if (0 == requestSecurityTokenResponseCollection.size()) {
                            requestSecurityTokenResponseCollection.add(new RequestSecurityTokenResponse());
                        }
                        RequestSecurityTokenResponse requestSecurityTokenResponse = (RequestSecurityTokenResponse) requestSecurityTokenResponseCollection.get(0);
                        try {
                            requestSecurityTokenResponse.setTokenType(tokenType);
                            requestSecurityTokenResponse.setLifetime(lifetime);
                            requestSecurityTokenResponse.setRequestedSecurityToken(XMLHelper.toElement(createOMElement3));
                            requestSecurityTokenResponse.setRequestedDisplayToken(XMLHelper.toElement(createOMElement));
                            requestSecurityTokenResponse.setRequestedAttachedReference(XMLHelper.toElement(createOMElement4));
                            requestSecurityTokenResponse.setRequestedUnattachedReference(XMLHelper.toElement(createOMElement5));
                        } catch (Exception e) {
                            ExceptionHelper.Log(this.log, e);
                            setWstFault(iConstants, iSTSResponse, "The specified request failed", "Failed to set RequestSecurityToken elements.");
                        }
                    } catch (UnsupportedEncodingException e2) {
                        setWstFault(iConstants, iSTSResponse, "Unsupported encoding for the OpenID message", e2.getMessage());
                    }
                } catch (NoSuchAlgorithmException e3) {
                    setWstFault(iConstants, iSTSResponse, "Cannot create SHA-1 hash for Requested(Un)AttachedReference", e3.getMessage());
                }
            } catch (OpenIDException e4) {
                setWstFault(iConstants, iSTSResponse, "Cannot generate OpenID assertion", e4.getMessage());
            }
        } catch (AssociationException e5) {
            setWstFault(iConstants, iSTSResponse, "Cannot instantiate private association store", e5.getMessage());
        }
    }

    private void setWstFault(IConstants iConstants, ISTSResponse iSTSResponse, String str, String str2) {
        iSTSResponse.setFault(new Fault(iConstants.getWSTrustNamespace(), "wst", iConstants.getRequestFailedFaultCode(), str, str2));
    }

    public void addDisplayClaim(String str, String str2, String str3, OMElement oMElement, OMNamespace oMNamespace, OMFactory oMFactory) {
        OMElement createOMElement = oMFactory.createOMElement("DisplayClaim", oMNamespace, oMElement);
        createOMElement.addAttribute("Uri", str, (OMNamespace) null);
        OMElement createOMElement2 = oMFactory.createOMElement("DisplayTag", oMNamespace, createOMElement);
        if (str3 == null || str3.length() == 0) {
            int lastIndexOf = str.lastIndexOf("/");
            str3 = "";
            if (lastIndexOf > -1 && str.length() > lastIndexOf) {
                str3 = str.substring(lastIndexOf + 1);
            }
        }
        createOMElement2.setText(str3);
        oMFactory.createOMElement("DisplayValue", oMNamespace, createOMElement).setText(str2);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
