package weblogic.wsee.security.wst.internal;

import java.util.Locale;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.security.saml.SAMLIssuedTokenHelper;
import weblogic.wsee.security.wst.binding.ActAs;
import weblogic.wsee.security.wst.binding.AppliesTo;
import weblogic.wsee.security.wst.binding.CancelTarget;
import weblogic.wsee.security.wst.binding.ComputedKeyAlgorithm;
import weblogic.wsee.security.wst.binding.Entropy;
import weblogic.wsee.security.wst.binding.KeySize;
import weblogic.wsee.security.wst.binding.KeyType;
import weblogic.wsee.security.wst.binding.Lifetime;
import weblogic.wsee.security.wst.binding.OnBehalfOf;
import weblogic.wsee.security.wst.binding.RenewTarget;
import weblogic.wsee.security.wst.binding.RequestSecurityToken;
import weblogic.wsee.security.wst.binding.RequestType;
import weblogic.wsee.security.wst.binding.TokenType;
import weblogic.wsee.security.wst.faults.BadRequestException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.framework.TrustRequestor;
import weblogic.wsee.security.wst.framework.TrustToken;
import weblogic.wsee.security.wst.framework.WSTConstants;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.helpers.BindingHelper;
import weblogic.wsee.security.wst.helpers.TrustTokenHelper;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;

/* loaded from: input_file:weblogic/wsee/security/wst/internal/TrustRequestorImpl.class */
public class TrustRequestorImpl implements TrustRequestor {
    private static final Logger LOGGER = Logger.getLogger(TrustRequestorImpl.class.getName());

    @Override // weblogic.wsee.security.wst.framework.TrustRequestor
    public Node newRequestSecurityToken(WSTContext wSTContext) throws WSTFaultException {
        String wSTNamespaceUri = getWSTNamespaceUri(wSTContext);
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken(wSTNamespaceUri);
        requestSecurityToken.setContext(wSTContext.getContext());
        RequestType requestType = new RequestType(wSTNamespaceUri);
        requestType.setRequestType(wSTNamespaceUri + WSTConstants.REQUEST_TYPE_ISSUE);
        requestSecurityToken.setRequestType(requestType);
        String tokenType = setTokenType(wSTContext, requestSecurityToken);
        setKeyType(wSTContext, requestSecurityToken);
        setActAs(wSTContext, requestSecurityToken);
        setOnBehalfOf(wSTContext, requestSecurityToken);
        String appliesTo = wSTContext.getAppliesTo();
        Element appliesToElement = wSTContext.getAppliesToElement();
        if (appliesTo != null) {
            AppliesTo appliesTo2 = new AppliesTo(wSTContext.getWspNamespaceURI());
            appliesTo2.setEndpointReference(wSTContext.getWsaNamespaceURI(), appliesTo);
            requestSecurityToken.setAppliesTo(appliesTo2);
        } else if (appliesToElement != null) {
            AppliesTo appliesTo3 = new AppliesTo(wSTContext.getWspNamespaceURI());
            appliesTo3.setElement(appliesToElement);
            requestSecurityToken.setAppliesTo(appliesTo3);
        }
        if (tokenType == null && appliesTo == null && appliesToElement == null) {
            throw new BadRequestException("Either TokenType or AppliesTo should be defined");
        }
        Entropy entropy = null;
        String binarySecretType = wSTContext.getBinarySecretType();
        if (!"none".equals(binarySecretType)) {
            if (binarySecretType == null) {
                binarySecretType = wSTNamespaceUri + WSTConstants.BS_TYPE_NONCE;
            }
            if (binarySecretType.endsWith(WSTConstants.BS_TYPE_NONCE)) {
                entropy = BindingHelper.createNewEntropy(wSTNamespaceUri, binarySecretType);
                wSTContext.setRstNonce(entropy.getBinarySecret().getValue());
            } else if (!binarySecretType.endsWith(WSTConstants.BS_TYPE_SYMMETRIC) && binarySecretType.endsWith(WSTConstants.BS_TYPE_ASYMMETRIC)) {
            }
            requestSecurityToken.setEntropy(entropy);
        }
        if (wSTContext.getLifetimePeriod() != -1) {
            Lifetime lifetime = new Lifetime(wSTNamespaceUri);
            lifetime.setPeriod(wSTContext.getLifetimePeriod(), wSTContext.getWsuNamespaceURI());
            requestSecurityToken.setLifetime(lifetime);
        }
        if (wSTContext.getKeySize() != -1) {
            KeySize keySize = new KeySize(wSTNamespaceUri);
            keySize.setSize(wSTContext.getKeySize());
            requestSecurityToken.setKeySize(keySize);
        }
        if (wSTContext.hasIssuedTokenClaims()) {
            requestSecurityToken.setSecondaryParameters(new SAMLIssuedTokenHelper(wSTContext.getIssuedTokenClaims()).biuldSecondaryParameters());
            wSTContext.setComputedKeyAlgorithm(wSTNamespaceUri + WSTConstants.PSHA1);
        }
        if (wSTContext.getComputedKeyAlgorithm() != null) {
            ComputedKeyAlgorithm computedKeyAlgorithm = new ComputedKeyAlgorithm(wSTNamespaceUri);
            computedKeyAlgorithm.setUri(wSTContext.getComputedKeyAlgorithm());
            requestSecurityToken.setComputedKeyAlgorithm(computedKeyAlgorithm);
        }
        return BindingHelper.marshalRST(requestSecurityToken, wSTContext);
    }

    @Override // weblogic.wsee.security.wst.framework.TrustRequestor
    public Node renewRequestSecurityToken(TrustToken trustToken, WSTContext wSTContext) throws WSTFaultException {
        String wSTNamespaceUri = getWSTNamespaceUri(wSTContext);
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken(wSTNamespaceUri);
        RequestType requestType = new RequestType(wSTNamespaceUri);
        requestType.setRequestType(wSTNamespaceUri + WSTConstants.REQUEST_TYPE_RENEW);
        requestSecurityToken.setRequestType(requestType);
        String tokenType = wSTContext.getTokenType();
        if (tokenType != null) {
            new TokenType(wSTNamespaceUri).setTokenType(tokenType);
        }
        RenewTarget renewTarget = new RenewTarget(wSTNamespaceUri);
        renewTarget.setSecurityTokenReference(TrustTokenHelper.resolveTrustProvider(tokenType == null ? trustToken.getValueType() : tokenType).createSecurityTokenReference(wSTContext, trustToken));
        requestSecurityToken.setRenewTarget(renewTarget);
        Lifetime lifetime = new Lifetime(wSTNamespaceUri);
        lifetime.setPeriod(wSTContext.getLifetimePeriod(), wSTContext.getWsuNamespaceURI());
        requestSecurityToken.setLifetime(lifetime);
        return BindingHelper.marshalRST(requestSecurityToken, wSTContext);
    }

    @Override // weblogic.wsee.security.wst.framework.TrustRequestor
    public Node cancelRequestSecurityToken(TrustToken trustToken, WSTContext wSTContext) throws WSTFaultException {
        String wSTNamespaceUri = getWSTNamespaceUri(wSTContext);
        SecurityTokenReference createSecurityTokenReference = TrustTokenHelper.resolveTrustProvider(trustToken.getValueType()).createSecurityTokenReference(wSTContext, trustToken);
        RequestSecurityToken requestSecurityToken = new RequestSecurityToken(wSTNamespaceUri);
        RequestType requestType = new RequestType(wSTNamespaceUri);
        requestType.setRequestType(wSTNamespaceUri + WSTConstants.REQUEST_TYPE_CANCEL);
        requestSecurityToken.setRequestType(requestType);
        CancelTarget cancelTarget = new CancelTarget(wSTNamespaceUri);
        cancelTarget.setSecurityTokenReference(createSecurityTokenReference);
        requestSecurityToken.setCancelTarget(cancelTarget);
        return BindingHelper.marshalRST(requestSecurityToken, wSTContext);
    }

    @Override // weblogic.wsee.security.wst.framework.TrustRequestor
    public Node validateRequestSecurityToken(TrustToken trustToken, WSTContext wSTContext) throws WSTFaultException {
        throw new RuntimeException("NYI");
    }

    private String getWSTNamespaceUri(WSTContext wSTContext) throws WSTFaultException {
        String wstNamespaceURI = wSTContext.getWstNamespaceURI();
        if (wstNamespaceURI == null) {
            String trustVersion = wSTContext.getTrustVersion();
            if (trustVersion == null) {
                throw new WSTFaultException(" could not get WS-Trust namespace from WSTContext.  WSTContext.getTrustVersion == null !");
            }
            String lowerCase = trustVersion.toLowerCase(Locale.ENGLISH);
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, " getting wstNsUri from trust version='" + lowerCase + "'");
            }
            if (lowerCase.startsWith("http://schemas.xmlsoap.org/ws/2005/02/trust")) {
                wstNamespaceURI = "http://schemas.xmlsoap.org/ws/2005/02/trust";
            } else {
                if (!lowerCase.startsWith("http://docs.oasis-open.org/ws-sx/ws-trust/200512")) {
                    throw new WSTFaultException(" could not get WS-Trust namespace. unknown WS-Trust Version='" + lowerCase + "'");
                }
                wstNamespaceURI = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, " setting wstNsUri to '" + wstNamespaceURI + "'");
            }
            wSTContext.setWstNamespaceURI(wstNamespaceURI);
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "got WS-Trust namespace from WSTContext='" + wstNamespaceURI + "'");
        }
        return wstNamespaceURI;
    }

    private String setTokenType(WSTContext wSTContext, RequestSecurityToken requestSecurityToken) {
        String tokenType = wSTContext.getTokenType();
        if (tokenType != null) {
            TokenType tokenType2 = new TokenType(wSTContext.getWstNamespaceURI());
            tokenType2.setTokenType(tokenType);
            requestSecurityToken.setTokenType(tokenType2);
        }
        return tokenType;
    }

    private void setKeyType(WSTContext wSTContext, RequestSecurityToken requestSecurityToken) {
        String keyType = wSTContext.getKeyType();
        if (keyType != null) {
            KeyType keyType2 = new KeyType(wSTContext.getWstNamespaceURI());
            keyType2.setKeyType(keyType);
            requestSecurityToken.setKeyType(keyType2);
        }
    }

    private void setOnBehalfOf(WSTContext wSTContext, RequestSecurityToken requestSecurityToken) {
        SecurityToken onBehalfOfToken = wSTContext.getOnBehalfOfToken();
        if (onBehalfOfToken != null) {
            OnBehalfOf onBehalfOf = new OnBehalfOf(wSTContext.getWstNamespaceURI());
            onBehalfOf.setSecurityToken(onBehalfOfToken);
            requestSecurityToken.setOnBehalfOf(onBehalfOf);
        }
    }

    private void setActAs(WSTContext wSTContext, RequestSecurityToken requestSecurityToken) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " Checking for ActAs token for RST");
        }
        SecurityToken actAsToken = wSTContext.getActAsToken();
        if (actAsToken != null) {
            ActAs actAs = new ActAs(wSTContext.getWstNamespaceURI());
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, " Setting WS-TRust 1.4 ActAs into RST");
            }
            actAs.setSecurityToken(actAsToken);
            requestSecurityToken.setActAs(actAs);
        }
    }
}
