package weblogic.wsee.security.wst.framework;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.w3c.dom.Node;
import weblogic.wsee.connection.ConnectionException;
import weblogic.wsee.message.soap.SoapMessageContext;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.security.policy12.assertions.TransportBinding;
import weblogic.wsee.security.policy12.assertions.TransportToken;
import weblogic.wsee.security.saml.SAMLUtils;
import weblogic.wsee.security.wst.faults.InvalidRequestException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.helpers.SOAPHelper;
import weblogic.wsee.util.GenericConstants;
import weblogic.wsee.wsdl.soap11.SoapBinding;
import weblogic.wsee.wsdl.soap12.Soap12Binding;
import weblogic.xml.crypto.wss.SecurityTokenHelper;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;

/* loaded from: input_file:weblogic/wsee/security/wst/framework/TrustSoapClient.class */
public class TrustSoapClient {
    private static final Logger LOGGER = Logger.getLogger(TrustSoapClient.class.getName());
    private static final String TRANSPORT_JMS = "jms";
    private static final String TRANSPORT_HTTPS = "https";
    private WSTContext wstCtx;
    private TrustRequestor trustRequestor;
    private String transport = GenericConstants.HTTP_PROTOCOL;
    private String binding;
    private boolean isWsspEnabled;
    private static final boolean DEBUG = false;

    public TrustSoapClient(WSTContext wSTContext) throws InvalidRequestException {
        this.binding = SoapBinding.KEY;
        this.isWsspEnabled = wSTContext.isWssp();
        this.wstCtx = wSTContext;
        if (isSoap12()) {
            this.binding = Soap12Binding.KEY;
        }
        this.trustRequestor = TrustRequestorFactory.getInstance().createTrustRequestor(wSTContext.getTrustVersion());
    }

    private boolean isSoap12() {
        return this.wstCtx.getSoapVersion() != null ? "http://www.w3.org/2003/05/soap-envelope".equals(this.wstCtx.getSoapVersion()) : ((SoapMessageContext) this.wstCtx.getMessageContext()).isSoap12();
    }

    public void setTransport(String str) {
        this.transport = str;
    }

    public void setBinding(String str) {
        this.binding = str;
    }

    public SOAPMessage cancelTrustToken(SoapMessageContext soapMessageContext, String str, String str2) throws WSTFaultException {
        return invoke(soapMessageContext, this.trustRequestor.cancelRequestSecurityToken(generateTrustToken(soapMessageContext, str, str2), this.wstCtx));
    }

    public SOAPMessage renewTrustToken(SoapMessageContext soapMessageContext, String str, String str2) throws WSTFaultException {
        return invoke(soapMessageContext, this.trustRequestor.renewRequestSecurityToken(generateTrustToken(soapMessageContext, str, str2), this.wstCtx));
    }

    public SOAPMessage requestTrustToken() throws WSTFaultException {
        try {
            SoapMessageContext createEmptyRSTBaseMsgContext = SOAPHelper.createEmptyRSTBaseMsgContext(isSoap12());
            SOAPHelper.initTrustMsgCtxProperties(this.wstCtx, createEmptyRSTBaseMsgContext);
            updateTransport();
            SOAPMessage invoke = invoke(createEmptyRSTBaseMsgContext, this.trustRequestor.newRequestSecurityToken(this.wstCtx));
            SOAPHelper.updateCookies(this.wstCtx.getMessageContext(), createEmptyRSTBaseMsgContext);
            return invoke;
        } catch (SOAPException e) {
            WSTFaultUtil.raiseFault(new InvalidRequestException(e.getMessage()));
            return null;
        }
    }

    private SOAPMessage invoke(SoapMessageContext soapMessageContext, Node node) {
        try {
            SOAPHelper.createRSTBaseMsgContext(node, this.wstCtx, soapMessageContext);
            if (this.isWsspEnabled) {
                SOAPHelper.invokeWsspHandler(soapMessageContext, this.transport, this.binding, this.wstCtx.getBootstrapPolicy() != null);
            } else {
                SOAPHelper.invokeHandlers(soapMessageContext, this.transport, this.binding);
            }
            return soapMessageContext.getMessage();
        } catch (ConnectionException e) {
            e.printStackTrace(System.out);
            WSTFaultUtil.raiseFault(new InvalidRequestException(e.getMessage()));
            return null;
        } catch (SOAPException e2) {
            e2.printStackTrace(System.out);
            WSTFaultUtil.raiseFault(new InvalidRequestException(e2.getMessage()));
            return null;
        } catch (IOException e3) {
            e3.printStackTrace(System.out);
            String message = e3.getMessage();
            if (message.indexOf("unknown protocol: jms") > 0) {
                message = "STS endpoint must be set on the stub when using jms transport";
            }
            WSTFaultUtil.raiseFault(new InvalidRequestException(message));
            return null;
        }
    }

    private void updateTransportFromAppliesTo() {
        String appliesTo = this.wstCtx.getAppliesTo();
        if (appliesTo != null) {
            if (appliesTo.startsWith("jms")) {
                setTransport("jms");
            } else if (appliesTo.startsWith("https")) {
                setTransport("https");
            }
        }
    }

    private boolean updateTransportFromBootstrapPolicy() {
        NormalizedExpression bootstrapPolicy = this.wstCtx.getBootstrapPolicy();
        if (bootstrapPolicy == null) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return false;
            }
            LOGGER.log(Level.FINE, "bootstrap Policy is NULL.");
            return false;
        }
        TransportBinding transportBinding = (TransportBinding) bootstrapPolicy.getPolicyAssertion(TransportBinding.class);
        if (transportBinding == null) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return false;
            }
            LOGGER.log(Level.FINE, "TransportBinding from bootstrap Policy is NULL.");
            return false;
        }
        TransportToken transportToken = transportBinding.getTransportToken();
        if (transportToken == null) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return false;
            }
            LOGGER.log(Level.FINE, "TransportBinding contains no TransportToken");
            return false;
        }
        if (transportToken.getHttpsToken() != null) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, " setting Transport to HTTPS from Bootstrap Policy.");
            }
            setTransport("https");
            return true;
        }
        if (!LOGGER.isLoggable(Level.FINE)) {
            return false;
        }
        LOGGER.log(Level.FINE, "TransportToken contains NO HTTPS Token");
        return false;
    }

    private void updateTransport() {
        if (!updateTransportFromBootstrapPolicy()) {
            updateTransportFromAppliesTo();
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, " set Transport to " + this.transport + " from 'AppliesTo'.");
            }
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, " Bootstrap Transport value is '" + this.transport + "'");
        }
    }

    public SecurityToken generateTrustToken(SoapMessageContext soapMessageContext, NormalizedExpression normalizedExpression, String str) {
        SOAPHelper.initTrustMsgCtxProperties(this.wstCtx, soapMessageContext);
        updateTransport();
        SOAPHelper.insertTokenToTrustMessage(soapMessageContext, normalizedExpression);
        List equivalentSecurityTokens = getEquivalentSecurityTokens(WSSecurityContext.getSecurityContext(soapMessageContext), str);
        if (equivalentSecurityTokens.size() == 1) {
            return (SecurityToken) equivalentSecurityTokens.get(0);
        }
        WSTFaultUtil.raiseFault(new InvalidRequestException("Unable to generte Trust Token for token type: " + str));
        return null;
    }

    public TrustToken generateTrustToken(SoapMessageContext soapMessageContext, String str, String str2) {
        SOAPHelper.initTrustMsgCtxProperties(this.wstCtx, soapMessageContext);
        updateTransport();
        SOAPHelper.insertTokenToTrustMessage(soapMessageContext, str);
        SecurityToken[] findSecurityTokenByType = SecurityTokenHelper.findSecurityTokenByType(WSSecurityContext.getSecurityContext(soapMessageContext), str2);
        if (findSecurityTokenByType.length == 1 && (findSecurityTokenByType[0] instanceof TrustToken)) {
            return (TrustToken) findSecurityTokenByType[0];
        }
        WSTFaultUtil.raiseFault(new InvalidRequestException("Unable to generte Trust Token for token type: " + str2));
        return null;
    }

    private List getEquivalentSecurityTokens(WSSecurityContext wSSecurityContext, String str) {
        ArrayList arrayList = new ArrayList();
        for (SecurityToken securityToken : wSSecurityContext.getSecurityTokens()) {
            if (isEquivalentTokenType(securityToken.getValueType(), str)) {
                arrayList.add(securityToken);
            }
        }
        return arrayList;
    }

    private boolean isEquivalentTokenType(String str, String str2) {
        if ((str == null || !str.equals(str2)) && !isSameKindOfX509ValueType(str, str2)) {
            return SAMLUtils.isEquivalentSamlTokenType(str, str2);
        }
        return true;
    }

    private boolean isSameKindOfX509ValueType(String str, String str2) {
        if (null == str || null == str2) {
            return false;
        }
        int indexOf = str.indexOf(SigningPreprocessor.FRAGMENT_URI);
        int indexOf2 = str2.indexOf(SigningPreprocessor.FRAGMENT_URI);
        return indexOf != -1 && indexOf2 != -1 && indexOf == indexOf2 && str.length() >= indexOf + 6 && str.substring(0, indexOf - 1).equals(str2.substring(0, indexOf2 - 1)) && str.indexOf("x509-token") != -1 && "#X509".equals(str.substring(indexOf, indexOf + 5));
    }
}
