package weblogic.wsee.security.wssc.base.sct;

import com.oracle.webservices.impl.internalspi.platform.AddressingService;
import com.oracle.webservices.impl.util.WsUtil;
import java.security.Key;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.xml.rpc.handler.MessageContext;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.connection.transport.servlet.HttpTransportUtils;
import weblogic.wsee.jaxws.persistence.PersistenceConfig;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.security.wssc.base.WSCConstantsBase;
import weblogic.wsee.security.wssc.base.faults.WSCFaultException;
import weblogic.wsee.security.wssc.sct.SCCredential;
import weblogic.wsee.security.wssc.sct.SCTStore;
import weblogic.wsee.security.wssc.sct.SCTokenReference;
import weblogic.wsee.security.wssc.utils.WSSCCompatibilityUtil;
import weblogic.wsee.security.wst.faults.BadRequestException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.framework.TrustToken;
import weblogic.wsee.security.wst.framework.TrustTokenProvider;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.helpers.TrustTokenHelper;
import weblogic.wsee.server.WsLifeCycleEvent;
import weblogic.wsee.server.WsLifeCycleListenerRegistry;
import weblogic.wsee.util.Guid;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/sct/ServerSCCredentialProviderBase.class */
public abstract class ServerSCCredentialProviderBase extends SCCredentialProviderBase implements TrustTokenProvider {
    private static final Logger LOGGER = Logger.getLogger(ServerSCCredentialProviderBase.class.getName());

    protected abstract SCTokenBase newSCToken(SCCredential sCCredential);

    protected abstract WSCFaultException newUnableToRenewException(String str);

    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose, String str3) {
        SecurityTokenContextHandler securityCtxHandler;
        MessageContext messageContext;
        String appliesToEndpoint;
        if (purpose == null || purpose.equals(Purpose.ENCRYPT_RESPONSE) || (securityCtxHandler = getSecurityCtxHandler(contextHandler)) == null || (messageContext = getMessageContext(securityCtxHandler)) == null || (appliesToEndpoint = getAppliesToEndpoint(messageContext)) == null) {
            return null;
        }
        WSTContext.getWSTContext(messageContext).setAppliesTo(appliesToEndpoint);
        SCCredential sCFromContext = getSCFromContext(messageContext);
        if (sCFromContext != null && sCFromContext.getSecret() != null) {
            checkExpiration(messageContext, sCFromContext, str3);
            removeDelayedCancelSCToken(messageContext, sCFromContext.getIdentifier());
            return sCFromContext;
        }
        SCCredential sCCredential = null;
        if (sCFromContext != null) {
            sCCredential = SCTStore.get(sCFromContext.getIdentifier(), getPhysicalStoreNameFromMessageContext(messageContext));
        }
        getSession(messageContext, false);
        checkExpiration(messageContext, sCCredential, str3);
        if (sCCredential != null) {
            removeDelayedCancelSCToken(messageContext, sCCredential.getIdentifier());
        }
        return sCCredential;
    }

    @Override // weblogic.wsee.security.wst.framework.TrustTokenProvider
    public TrustToken issueTrustToken(WSTContext wSTContext) throws WSTFaultException {
        return newSCToken(createNewSCCredential(wSTContext));
    }

    @Override // weblogic.wsee.security.wst.framework.TrustTokenProvider
    public TrustToken renewTrustToken(WSTContext wSTContext, TrustToken trustToken) throws WSTFaultException {
        SCTokenBase sCTokenBase = (SCTokenBase) trustToken;
        SCCredential credential = sCTokenBase.getCredential();
        credential.setCreated(wSTContext.getCreated());
        credential.setExpires(wSTContext.getExpires());
        WsLifeCycleListenerRegistry.getInstance().onEvent(WsLifeCycleEvent.WSRM_RECV_AFTER_RENEW);
        getSession(wSTContext.getMessageContext(), false);
        SCTStore.addToServer(credential, !wSTContext.isSessionPersisted(), getPhysicalStoreNameFromWSTContext(wSTContext));
        WsLifeCycleListenerRegistry.getInstance().onEvent(WsLifeCycleEvent.WSRM_RECV_AFTER_RENEW_SAVE);
        return sCTokenBase;
    }

    @Override // weblogic.wsee.security.wst.framework.TrustTokenProvider
    public void cancelTrustToken(WSTContext wSTContext, TrustToken trustToken) throws WSTFaultException {
        MessageContext messageContext = wSTContext.getMessageContext();
        int wSSCVersion = WSSCCompatibilityUtil.getWSSCVersion(messageContext);
        boolean z = wSSCVersion == 2 || wSSCVersion == 3;
        String identifier = trustToken.getTrustCredential().getIdentifier();
        if (z) {
            setSCToContext(messageContext, SCTStore.get(identifier, getPhysicalStoreNameFromMessageContext(messageContext)));
            String str = (String) messageContext.getProperty(WSCConstantsBase.DELAYED_SCTOKEN_CANCEL);
            if (str != null) {
                if (str.equals(identifier)) {
                    return;
                } else {
                    removeDelayedCancelSCToken(messageContext, str);
                }
            }
            messageContext.setProperty(WSCConstantsBase.DELAYED_SCTOKEN_CANCEL, identifier);
        }
        SCTStore.removeFromServer(identifier, getPhysicalStoreNameFromMessageContext(messageContext));
        getSession(wSTContext.getMessageContext(), false);
    }

    @Override // weblogic.wsee.security.wst.framework.TrustTokenProvider
    public SecurityTokenReference createSecurityTokenReference(WSTContext wSTContext, TrustToken trustToken) throws WSTFaultException {
        if (!(trustToken instanceof SCTokenBase)) {
            WSTFaultUtil.raiseFault(new BadRequestException(trustToken.getValueType() + " is not a supported SCT"));
        }
        try {
            return new SCTokenReference(WSSConstants.REFERENCE_QNAME, (SCTokenBase) trustToken);
        } catch (WSSecurityException e) {
            WSTFaultUtil.raiseFault(new BadRequestException(e.getMessage()));
            return null;
        }
    }

    @Override // weblogic.wsee.security.wst.framework.TrustTokenProvider
    public TrustToken resolveTrustToken(WSTContext wSTContext, SecurityTokenReference securityTokenReference) throws WSTFaultException {
        TrustToken trustCredentialFromSecurityContext = TrustTokenHelper.getTrustCredentialFromSecurityContext(wSTContext, securityTokenReference);
        if (trustCredentialFromSecurityContext != null) {
            return trustCredentialFromSecurityContext;
        }
        throw newUnableToRenewException("Unable to resolve SC Token from STR: " + securityTokenReference.getReferenceURI());
    }

    private static void removeDelayedCancelSCToken(MessageContext messageContext, String str) {
        String str2 = (String) messageContext.getProperty(WSCConstantsBase.DELAYED_SCTOKEN_CANCEL);
        if (str2 == null || !str2.equals(str)) {
            return;
        }
        messageContext.removeProperty(WSCConstantsBase.DELAYED_SCTOKEN_CANCEL);
        try {
            SCTStore.removeFromServer(str, getPhysicalStoreNameFromMessageContext(messageContext));
        } catch (Exception e) {
        }
    }

    private static HttpSession getSession(MessageContext messageContext, boolean z) {
        HttpServletRequest httpServletRequest;
        if (messageContext == null || (httpServletRequest = HttpTransportUtils.getHttpServletRequest(messageContext)) == null) {
            return null;
        }
        return httpServletRequest.getSession(z);
    }

    private static SCCredential createNewSCCredential(WSTContext wSTContext) {
        String routableId;
        Key symmetricKey = wSTContext.getSymmetricKey();
        if (symmetricKey == null) {
            throw new IllegalArgumentException("SecretKey is not yet generated");
        }
        MessageContext messageContext = wSTContext.getMessageContext();
        String str = null;
        if (isJaxwsRuntime(messageContext)) {
            PersistenceConfig.Common persistenceConfigFromMessageContext = getPersistenceConfigFromMessageContext(WlMessageContext.narrow(messageContext));
            str = getPhysicalStoreName(persistenceConfigFromMessageContext);
            boolean z = false;
            try {
                z = !persistenceConfigFromMessageContext.getLogicalStoreMBean().getPersistenceStrategy().equals("NETWORK_ACCESSIBLE");
            } catch (IllegalArgumentException e) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Logical Store Not Found Error Message = " + e.getMessage());
                }
            }
            routableId = z ? getRoutableId(str) : Guid.generateGuidWithServerName();
        } else {
            routableId = Guid.generateGuidWithServerName();
        }
        SCCredential sCCredential = new SCCredential();
        sCCredential.setIdentifier(routableId);
        sCCredential.setSecret(symmetricKey);
        sCCredential.setAppliesTo(wSTContext.getAppliesTo());
        sCCredential.setAppliesToElement(wSTContext.getAppliesToElement());
        sCCredential.setCreated(wSTContext.getCreated());
        sCCredential.setExpires(wSTContext.getExpires());
        WsLifeCycleListenerRegistry.getInstance().onEvent(WsLifeCycleEvent.WSRM_RECV_RST_BEFORE_SAVE);
        SCTStore.addToServer(sCCredential, !wSTContext.isSessionPersisted(), str);
        WsLifeCycleListenerRegistry.getInstance().onEvent(WsLifeCycleEvent.WSRM_RECV_RST_AFTER_SAVE);
        setSCToContext(messageContext, sCCredential);
        getSession(messageContext, true);
        return sCCredential;
    }

    private static String getRoutableId(String str) {
        return WsUtil.generateRoutableUUID(2, AddressingService.Scope.PERSIST_STORE, str);
    }
}
