package weblogic.wsee.security.wssc.base.sct;

import java.security.Key;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.HashSet;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.security.wssc.base.WSCConstantsBase;
import weblogic.wsee.security.wssc.faults.FaultVersionHelper;
import weblogic.wsee.security.wssc.sct.SCCredential;
import weblogic.wsee.security.wssc.sct.SCTStore;
import weblogic.wsee.security.wssc.sct.SCTokenReference;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.helpers.TrustTokenHelper;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.KeyProvider;
import weblogic.xml.crypto.common.keyinfo.SecretKeyProvider;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.SecurityTokenHelper;
import weblogic.xml.crypto.wss.SecurityTokenValidateResult;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.api.KeyIdentifier;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/sct/SCTokenHandlerBase.class */
public abstract class SCTokenHandlerBase implements SecurityTokenHandler {
    private static final Logger LOGGER = Logger.getLogger(SCTokenHandlerBase.class.getName());

    protected abstract String getSCT_IDENTIFIER();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getSCT_RST_ACTION();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getSCT_RST_CANCEL_ACTION();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getSCT_RST_RENEW_ACTION();

    protected abstract QName[] getSCT_QNAMES();

    protected abstract String[] getSCT_VALUE_TYPES();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getSCT_VALUE_TYPE();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getXMLNS_WSC();

    protected abstract SCTokenBase newSCToken();

    protected abstract SCTokenBase newSCToken(SCCredential sCCredential);

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract SCCredential newSCCredential();

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract String getCANNED_POLICY_INCLUDE_SCT_FOR_IDENTITY();

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, Object obj, ContextHandler contextHandler) throws WSSecurityException {
        SecurityToken securityToken;
        if (obj instanceof SCCredential) {
            return (contextHandler == null || (securityToken = getSecurityToken(str, null, null, contextHandler)) == null || !((SCTokenBase) securityToken).getCredential().equals(obj)) ? newSCToken((SCCredential) obj) : securityToken;
        }
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, String str2, Purpose purpose, ContextHandler contextHandler) throws WSSecurityException {
        return SecurityTokenHelper.findSecurityTokenInContext(contextHandler, str);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference getSTR(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        SCTokenBase sCTokenBase = (SCTokenBase) securityToken;
        SCCredential credential = sCTokenBase.getCredential();
        if (credential != null) {
            SCCredential.SecurityTokenReferenceInfo unattachedSecurityTokenReferenceInfo = credential.getUnattachedSecurityTokenReferenceInfo();
            if (unattachedSecurityTokenReferenceInfo == null) {
                unattachedSecurityTokenReferenceInfo = credential.getAttachedSecurityTokenReferenceInfo();
            }
            if (unattachedSecurityTokenReferenceInfo != null) {
                SCTokenReference sCTokenReference = new SCTokenReference(sCTokenBase);
                SCCredential.copyFromInfoToSTR(unattachedSecurityTokenReferenceInfo, sCTokenReference);
                return sCTokenReference;
            }
        }
        return new SCTokenReference(qName, sCTokenBase);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public QName[] getQNames() {
        return getSCT_QNAMES();
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public String[] getValueTypes() {
        return getSCT_VALUE_TYPES();
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken newSecurityToken(Node node) throws MarshalException {
        SCTokenBase newSCToken = newSCToken();
        try {
            newSCToken.unmarshal(node);
            return newSCToken;
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException("Failed to unmarshal SecurityContextToken.", e);
        }
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference newSecurityTokenReference(Node node) throws weblogic.xml.dom.marshal.MarshalException {
        SCTokenReference sCTokenReference = new SCTokenReference();
        sCTokenReference.unmarshal(node);
        return sCTokenReference;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public KeyProvider getKeyProvider(SecurityToken securityToken, MessageContext messageContext) {
        SCTokenBase sCTokenBase;
        Key secretKey;
        SecretKeyProvider secretKeyProvider = null;
        if ((securityToken instanceof SCTokenBase) && (secretKey = (sCTokenBase = (SCTokenBase) securityToken).getSecretKey()) != null) {
            byte[] bytes = sCTokenBase.getId() != null ? sCTokenBase.getId().getBytes() : null;
            String identifier = sCTokenBase.getTrustCredential().getIdentifier();
            secretKeyProvider = new SecretKeyProvider(secretKey, (String) null, bytes, identifier != null ? new HashSet(Arrays.asList(SecurityTokenHelper.getURI(sCTokenBase), identifier)) : Collections.singleton(SecurityTokenHelper.getURI(sCTokenBase)), securityToken);
        }
        return secretKeyProvider;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(SecurityTokenReference securityTokenReference, MessageContext messageContext) throws WSSecurityException {
        WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
        String str = null;
        if (WSSConstants.REFERENCE_QNAME.equals(securityTokenReference.getSTRType())) {
            String referenceURI = securityTokenReference.getReferenceURI();
            str = referenceURI.startsWith(SigningPreprocessor.FRAGMENT_URI) ? SecurityTokenHelper.getIdFromURI(securityTokenReference.getReferenceURI()) : referenceURI;
        } else if (WSSConstants.KEY_IDENTIFIER_QNAME.equals(securityTokenReference.getSTRType())) {
            KeyIdentifier keyIdentifier = securityTokenReference.getKeyIdentifier();
            str = keyIdentifier.getIdentifier() == null ? null : new String(keyIdentifier.getIdentifier());
        }
        SecurityToken securityToken = null;
        if (str != null) {
            securityToken = findSecurityTokenByIdInContext(securityContext, securityTokenReference.getValueType(), str);
        }
        if (securityToken != null) {
            if (securityToken instanceof SCTokenBase) {
                checkExpiration(messageContext, ((SCTokenBase) securityToken).getCredential(), getXMLNS_WSC());
            }
            return securityToken;
        }
        SCCredential sCCredential = SCTStore.get(str, SCCredentialProviderBase.getPhysicalStoreNameFromMessageContext(messageContext));
        if (sCCredential == null) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "===  NO SCCredential '" + str + "' in SCTStore ===");
            }
            throw new WSSecurityException("Failed to retrieve token for reference " + securityTokenReference, WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "=== got SCCredential '" + str + "' from SCTStore ===");
        }
        checkExpiration(messageContext, sCCredential, getXMLNS_WSC());
        return newSCToken(sCCredential);
    }

    static SCCredential checkExpiration(MessageContext messageContext, SCCredential sCCredential, String str) {
        if ("true".equals(messageContext.getProperty(WSCConstantsBase.NEED_CHECKING_SCT_EXPIRATION))) {
            if (null == sCCredential) {
                return null;
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Checking SCT experation");
            }
            String str2 = (String) messageContext.getProperty(WLStub.CHECKING_SCT_EXPIRATION);
            if (WLStub.LAX_CHECKING_SCT_EXPIRATION.equals(str2)) {
                return sCCredential;
            }
            Calendar calendar = null;
            if (null != sCCredential.getExpires()) {
                calendar = (Calendar) sCCredential.getExpires().clone();
                if (WLStub.TOLERANT_CHECKING_SCT_EXPIRATION.equals(str2)) {
                    calendar.add(13, 60);
                }
            }
            if (sCCredential != null && TrustTokenHelper.isExpired(messageContext, sCCredential.getCreated(), calendar)) {
                WSTFaultUtil.raiseFault(FaultVersionHelper.newRenewNeededException(str, "SCToken expired: " + sCCredential.getIdentifier()));
            }
        }
        return sCCredential;
    }

    private final SecurityToken findSecurityTokenByIdInContext(WSSecurityContext wSSecurityContext, String str, String str2) {
        SecurityToken securityToken = null;
        for (SecurityToken securityToken2 : wSSecurityContext.getSecurityTokens()) {
            if ((securityToken2 instanceof SCTokenBase) && securityToken2.getValueType().equals(str) && (str2.equals(securityToken2.getId()) || str2.equals(((SCTokenBase) securityToken2).getTrustCredential().getIdentifier()))) {
                securityToken = securityToken2;
                break;
            }
        }
        return securityToken;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateUnmarshalled(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        resolveCredential((SCTokenBase) securityToken, messageContext);
        return new SecurityTokenValidateResult(true);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateProcessed(SecurityToken securityToken, MessageContext messageContext) {
        return new SecurityTokenValidateResult(true);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public boolean matches(SecurityToken securityToken, String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        return (securityToken instanceof SCTokenBase) && str.equals(getSCT_VALUE_TYPE());
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public Subject getSubject(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        return ((SCCredential) securityToken.getCredential()).getSubject();
    }

    private void resolveCredential(SCTokenBase sCTokenBase, MessageContext messageContext) throws WSSecurityException {
        SCCredential credential = sCTokenBase.getCredential();
        SCCredential sCFromContext = SCCredentialProviderBase.getSCFromContext(messageContext);
        if (credential.equals(sCFromContext)) {
            sCTokenBase.setCredential(sCFromContext);
            return;
        }
        WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
        CredentialProvider credentialProvider = securityContext.getCredentialProvider(sCTokenBase.getValueType());
        SecurityTokenContextHandler securityTokenContextHandler = new SecurityTokenContextHandler(securityContext);
        SCCredentialProviderBase.setSCToContext(messageContext, credential);
        SCCredential sCCredential = (SCCredential) credentialProvider.getCredential(sCTokenBase.getValueType(), null, securityTokenContextHandler, Purpose.IDENTITY);
        if (sCCredential == null) {
            throw new WSSecurityException("Can not find SCT with id: " + sCTokenBase.getId(), WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
        }
        sCTokenBase.setCredential(sCCredential);
        SCCredentialProviderBase.setSCToContext(messageContext, sCCredential);
    }
}
