package weblogic.wsee.security.wss.plan.fact;

import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.policy.XBeanUtils;
import weblogic.wsee.security.policy.assertions.xbeans.SecurityTokenType;
import weblogic.wsee.security.saml.SAMLConstants;
import weblogic.wsee.security.saml.SAMLIssuedTokenHelper;
import weblogic.wsee.security.wss.plan.helper.TokenReferenceTypeHelper;
import weblogic.wsee.security.wss.plan.helper.TokenTypeHelper;
import weblogic.wsee.security.wss.policy.GeneralPolicy;
import weblogic.wsee.security.wss.policy.SecurityPolicyArchitectureException;
import weblogic.wsee.security.wssc.dk.DKClaims;
import weblogic.wsee.security.wssp.AlgorithmSuiteInfo;
import weblogic.wsee.security.wssp.IssuedTokenAssertion;
import weblogic.wsee.security.wssp.KerberosTokenAssertion;
import weblogic.wsee.security.wssp.SamlTokenAssertion;
import weblogic.wsee.security.wssp.SecureConversationTokenAssertion;
import weblogic.wsee.security.wssp.TokenAssertion;
import weblogic.wsee.security.wssp.UsernameTokenAssertion;
import weblogic.wsee.security.wssp.X509TokenAssertion;
import weblogic.xml.crypto.utils.DOMUtils;

/* loaded from: input_file:weblogic/wsee/security/wss/plan/fact/SecurityTokenFactory.class */
public class SecurityTokenFactory {
    private static final Logger LOGGER = Logger.getLogger(SecurityTokenFactory.class.getName());
    private static final boolean debug = false;
    public static final String KERBEROS_TOKEN_PROFILE_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1";
    public static final String KERBEROS_TOKEN_PROFILE_V5_AP_REQ_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5_AP_REQ";
    public static final String KERBEROS_TOKEN_PROFILE_GSS_V5_AP_REQ_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ";

    public static SecurityToken makeSecurityToken(SecurityTokenType securityTokenType) {
        if (null == securityTokenType) {
            return null;
        }
        SecurityToken securityToken = new SecurityToken(XBeanUtils.getElement(securityTokenType), null, securityTokenType.getTokenType(), securityTokenType.getIncludeInMessage());
        securityToken.setDerivedFromTokenType(securityTokenType.getDerivedFromTokenType());
        return securityToken;
    }

    private static void setIssuerAndOptional(SecurityToken securityToken, TokenAssertion tokenAssertion) {
        if (tokenAssertion.getIssuer() != null) {
            securityToken.setTokenIssuer(tokenAssertion.getIssuer());
        } else {
            securityToken.setIssuerName(tokenAssertion.getIssuerName());
        }
        securityToken.setOptional(tokenAssertion.isOptional());
    }

    public static SecurityToken makeSecurityTokenForSignature(X509TokenAssertion x509TokenAssertion, boolean z, GeneralPolicy generalPolicy) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityTokenInternal = makeSecurityTokenInternal(x509TokenAssertion, z, generalPolicy);
        TokenReferenceTypeHelper tokenReferenceTypeHelper = new TokenReferenceTypeHelper(generalPolicy, x509TokenAssertion);
        if (z) {
            makeSecurityTokenInternal.setStrTypes(tokenReferenceTypeHelper.getSTRTypeListForSignature(makeSecurityTokenInternal.getTokenTypeUri()));
        } else {
            makeSecurityTokenInternal.setStrTypes(tokenReferenceTypeHelper.getSTRTypeList(makeSecurityTokenInternal.getTokenTypeUri()));
        }
        return makeSecurityTokenInternal;
    }

    public static SecurityToken makeSecurityTokenInternal(X509TokenAssertion x509TokenAssertion, boolean z, GeneralPolicy generalPolicy) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityToken = makeSecurityToken(SecurityTokenTypeFactory.makeSecurityTokenType(x509TokenAssertion.getX509TokenType(), z));
        setIssuerAndOptional(makeSecurityToken, x509TokenAssertion);
        return makeSecurityToken;
    }

    public static SecurityToken makeSecurityToken(X509TokenAssertion x509TokenAssertion, boolean z, GeneralPolicy generalPolicy) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityTokenInternal = makeSecurityTokenInternal(x509TokenAssertion, z, generalPolicy);
        makeSecurityTokenInternal.setStrTypes(new TokenReferenceTypeHelper(generalPolicy, x509TokenAssertion).getSTRTypeList(makeSecurityTokenInternal.getTokenTypeUri()));
        return makeSecurityTokenInternal;
    }

    public static SecurityToken makeSecurityTokenForSignatureResponse(X509TokenAssertion x509TokenAssertion, boolean z, GeneralPolicy generalPolicy, boolean z2) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityTokenInternal = makeSecurityTokenInternal(x509TokenAssertion, z, generalPolicy);
        TokenReferenceTypeHelper tokenReferenceTypeHelper = new TokenReferenceTypeHelper(generalPolicy, x509TokenAssertion);
        if (z2) {
            makeSecurityTokenInternal.setStrTypes(tokenReferenceTypeHelper.getSTRTypeListForValidation(makeSecurityTokenInternal.getTokenTypeUri()));
        } else if (z) {
            makeSecurityTokenInternal.setStrTypes(tokenReferenceTypeHelper.getSTRTypeListForSignature(makeSecurityTokenInternal.getTokenTypeUri()));
        } else {
            makeSecurityTokenInternal.setStrTypes(tokenReferenceTypeHelper.getSTRTypeList(makeSecurityTokenInternal.getTokenTypeUri()));
        }
        return makeSecurityTokenInternal;
    }

    public static SecurityToken makeSecurityToken(UsernameTokenAssertion usernameTokenAssertion, boolean z) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityToken = makeSecurityToken(SecurityTokenTypeFactory.makeSecurityTokenType(usernameTokenAssertion, z));
        setIssuerAndOptional(makeSecurityToken, usernameTokenAssertion);
        return makeSecurityToken;
    }

    public static SecurityToken makeSecurityToken(SamlTokenAssertion samlTokenAssertion, boolean z, GeneralPolicy generalPolicy) throws SecurityPolicyArchitectureException {
        SecurityToken makeSecurityToken = makeSecurityToken(SecurityTokenTypeFactory.makeSecurityTokenType(samlTokenAssertion.getSamlTokenType(), z, TokenTypeHelper.getSamlConfirmationMethod(samlTokenAssertion)));
        makeSecurityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypesForSAML(samlTokenAssertion.getSamlTokenType()));
        setIssuerAndOptional(makeSecurityToken, samlTokenAssertion);
        return makeSecurityToken;
    }

    public static SecurityToken makeSecurityToken(KerberosTokenAssertion kerberosTokenAssertion, boolean z, GeneralPolicy generalPolicy) throws SecurityPolicyArchitectureException {
        String str = null;
        if (kerberosTokenAssertion.requireDerivedKey()) {
            str = kerberosTokenAssertion.requireExplicitDerivedKey() ? "Explicit" : "Implicit";
        }
        SecurityToken makeSecurityToken = makeSecurityToken(SecurityTokenTypeFactory.makeSecurityTokenType(KERBEROS_TOKEN_PROFILE_VALUE_TYPE, str, z));
        makeSecurityToken.setStrTypes(new TokenReferenceTypeHelper(generalPolicy, kerberosTokenAssertion).getSTRTypeList(makeSecurityToken.getTokenTypeUri()));
        setIssuerAndOptional(makeSecurityToken, kerberosTokenAssertion);
        return makeSecurityToken;
    }

    public static SecurityToken makeSecurityToken(SecureConversationTokenAssertion secureConversationTokenAssertion, boolean z, GeneralPolicy generalPolicy, AlgorithmSuiteInfo algorithmSuiteInfo) throws SecurityPolicyArchitectureException {
        SecurityToken securityToken = new SecurityToken();
        securityToken.setBootstrapPolicy(secureConversationTokenAssertion.getNormalizedBootstrapPolicy());
        if (secureConversationTokenAssertion.requireDerivedKey()) {
            securityToken.setTokenTypeUri(secureConversationTokenAssertion.getDkTokenType());
            securityToken.setDerivedFromTokenType(secureConversationTokenAssertion.getSctTokenType());
            securityToken.setIncludeInMessage(true);
            securityToken.setIncludeDerivedFromInMessage(z);
            securityToken.setClaims(DKClaims.makeDKClaimsNode(generalPolicy, null, algorithmSuiteInfo));
        } else {
            securityToken.setTokenTypeUri(secureConversationTokenAssertion.getSctTokenType());
            securityToken.setIncludeInMessage(z);
        }
        securityToken.setStrTypes(new TokenReferenceTypeHelper(generalPolicy, secureConversationTokenAssertion).getSTRTypeList(securityToken.getTokenTypeUri()));
        setIssuerAndOptional(securityToken, secureConversationTokenAssertion);
        return securityToken;
    }

    public static SecurityToken makeSecurityToken(IssuedTokenAssertion issuedTokenAssertion, boolean z, GeneralPolicy generalPolicy, AlgorithmSuiteInfo algorithmSuiteInfo, SamlTokenAssertion.ConfirmationMethod confirmationMethod) throws SecurityPolicyArchitectureException {
        Node makeClaimsNode;
        SecurityToken securityToken = new SecurityToken();
        String trustVersionFromPolicy = SAMLIssuedTokenHelper.getTrustVersionFromPolicy(generalPolicy);
        String confirmationMethod2 = confirmationMethod.toString();
        boolean requireDerivedKey = issuedTokenAssertion.requireDerivedKey();
        if (requireDerivedKey) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "The IssuedToken requireDerivedKey() = " + requireDerivedKey + " setting DerivedFromTokenType = " + issuedTokenAssertion.getIssuedTokenType());
            }
            securityToken.setTokenTypeUri(issuedTokenAssertion.getDkTokenType());
            securityToken.setDerivedFromTokenType(issuedTokenAssertion.getIssuedTokenType());
            securityToken.setIncludeInMessage(true);
            securityToken.setIncludeDerivedFromInMessage(z);
            makeClaimsNode = DKClaims.makeDKClaimsNode(generalPolicy, null, algorithmSuiteInfo);
            securityToken.setStrTypesForDKBaseToken(securityToken.getStrTypes());
            securityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypesForDK(securityToken.getTokenTypeUri()));
        } else {
            securityToken.setStrTypes(TokenReferenceTypeHelper.getSTRTypesForSAMLIssuedToken(issuedTokenAssertion.getIssuedTokenType()));
            securityToken.setTokenTypeUri(issuedTokenAssertion.getIssuedTokenType());
            securityToken.setIncludeInMessage(z);
            makeClaimsNode = DKClaims.makeClaimsNode();
        }
        makeClaimsNode.appendChild(SAMLIssuedTokenHelper.makeIssuedTokenClaimElement(issuedTokenAssertion, makeClaimsNode, trustVersionFromPolicy));
        securityToken.setClaims(makeClaimsNode);
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer".equals(SAMLIssuedTokenHelper.getTrustKeyTypeFromIssuedTokenClaims(makeClaimsNode)) && !SamlTokenAssertion.ConfirmationMethod.BEARER.toString().equals(confirmationMethod2)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Changed the subject confirmation method from " + confirmationMethod2 + " to " + SamlTokenAssertion.ConfirmationMethod.BEARER.toString());
            }
            confirmationMethod2 = SamlTokenAssertion.ConfirmationMethod.BEARER.toString();
        }
        DOMUtils.addText(DOMUtils.createAndAddElement((Element) makeClaimsNode, SAMLConstants.CONFIRMATION_METHOD_QNAME, makeClaimsNode.getPrefix()), confirmationMethod2);
        setIssuerAndOptional(securityToken, issuedTokenAssertion);
        return securityToken;
    }
}
