package weblogic.wsee.security.wssc.base.sct;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.rpc.Stub;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.ws.BindingProvider;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.message.soap.SoapMessageContext;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.runtime.PolicyContext;
import weblogic.wsee.policy.runtime.PolicyServer;
import weblogic.wsee.reliability2.exception.WsrmException;
import weblogic.wsee.reliability2.sequence.CreateSequencePostSecurityTokenCallback;
import weblogic.wsee.security.WSEESecurityConstants;
import weblogic.wsee.security.wssc.base.sct.SCCredentialProactiveRequestor;
import weblogic.wsee.security.wssc.faults.FaultVersionHelper;
import weblogic.wsee.security.wssc.sct.SCCredential;
import weblogic.wsee.security.wssc.sct.SCTClaims;
import weblogic.wsee.security.wssc.sct.SCTStore;
import weblogic.wsee.security.wssc.sct.SCTVersionHelper;
import weblogic.wsee.security.wssc.v13.WSCConstants;
import weblogic.wsee.security.wst.binding.AppliesTo;
import weblogic.wsee.security.wst.binding.ComputedKey;
import weblogic.wsee.security.wst.binding.KeySize;
import weblogic.wsee.security.wst.binding.Lifetime;
import weblogic.wsee.security.wst.binding.RequestSecurityTokenResponse;
import weblogic.wsee.security.wst.binding.RequestSecurityTokenResponseCollection;
import weblogic.wsee.security.wst.binding.RequestedAttachedReference;
import weblogic.wsee.security.wst.binding.RequestedProofToken;
import weblogic.wsee.security.wst.binding.RequestedSecurityToken;
import weblogic.wsee.security.wst.binding.RequestedUnattachedReference;
import weblogic.wsee.security.wst.binding.TokenType;
import weblogic.wsee.security.wst.faults.InvalidRequestException;
import weblogic.wsee.security.wst.faults.InvalidScopeException;
import weblogic.wsee.security.wst.faults.RequestFailedException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.framework.TrustSoapClient;
import weblogic.wsee.security.wst.framework.WSTConstants;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.framework.WSTCredentialProviderHelper;
import weblogic.wsee.security.wst.helpers.BindingHelper;
import weblogic.wsee.security.wst.helpers.SOAPHelper;
import weblogic.wsee.security.wst.helpers.TrustTokenHelper;
import weblogic.wsee.util.GenericConstants;
import weblogic.xml.crypto.utils.KeyUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/sct/ClientSCCredentialProviderBase.class */
public abstract class ClientSCCredentialProviderBase extends SCCredentialProviderBase {
    private static final Logger LOGGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose, SCTokenHandlerBase sCTokenHandlerBase) {
        SecurityTokenContextHandler securityCtxHandler;
        MessageContext messageContext;
        if (purpose == null || purpose.equals(Purpose.ENCRYPT_RESPONSE) || (securityCtxHandler = getSecurityCtxHandler(contextHandler)) == null || (messageContext = getMessageContext(securityCtxHandler)) == null) {
            return null;
        }
        if (purpose.equals(Purpose.IDENTITY)) {
            SCCredential sCFromContext = getSCFromContext(messageContext);
            if (sCFromContext != null && sCFromContext.getSecret() == null) {
                sCFromContext = SCTStore.getFromClient(sCFromContext.getIdentifier(), getPhysicalStoreNameFromMessageContext(messageContext));
            }
            return sCFromContext;
        }
        WSTContext wSTContext = WSTContext.getWSTContext(messageContext);
        initWSTContext(wSTContext, messageContext, securityCtxHandler, sCTokenHandlerBase, str);
        SCCredential requestCredentialWithProactive = isProactive(messageContext) ? requestCredentialWithProactive(messageContext, wSTContext, sCTokenHandlerBase) : requestCredential(messageContext, wSTContext, sCTokenHandlerBase);
        try {
            CreateSequencePostSecurityTokenCallback.processCallback(messageContext);
            return requestCredentialWithProactive;
        } catch (WsrmException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    private boolean isProactive(MessageContext messageContext) {
        return "true".equalsIgnoreCase((String) messageContext.getProperty(SCCredentialProactiveRequestor.ENABLE_SC_CREDENTIAL_PROACTIVE_REQUESTOR));
    }

    private SCCredential requestCredential(MessageContext messageContext, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        SCCredential sCFromContext = getSCFromContext(messageContext);
        String physicalStoreNameFromMessageContext = getPhysicalStoreNameFromMessageContext(messageContext);
        if (sCFromContext == null) {
            sCFromContext = createSCCredential(wSTContext, sCTokenHandlerBase);
            setSCToContext(messageContext, sCFromContext);
            SCTStore.addToClient(sCFromContext, !wSTContext.isSessionPersisted(), physicalStoreNameFromMessageContext);
        } else if (TrustTokenHelper.isExpired(messageContext, sCFromContext.getCreated(), sCFromContext.getExpires())) {
            renewCredential(sCFromContext, wSTContext, sCTokenHandlerBase);
            setSCToContext(messageContext, sCFromContext);
            SCTStore.addToClient(sCFromContext, !wSTContext.isSessionPersisted(), physicalStoreNameFromMessageContext);
        }
        return sCFromContext;
    }

    private SCCredential requestCredentialWithProactive(MessageContext messageContext, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        SCCredentialProactiveRequestor proactiveRequestor = SCCredentialProactiveRequestor.getProactiveRequestor(messageContext);
        String physicalStoreNameFromMessageContext = getPhysicalStoreNameFromMessageContext(messageContext);
        proactiveRequestor.lock();
        try {
            SCCredential sCFromContext = getSCFromContext(messageContext);
            if (sCFromContext == null) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "SC credential not found in context, needs a new SC credential.");
                }
                sCFromContext = _createSCCredential(proactiveRequestor, wSTContext, sCTokenHandlerBase);
                setSCToContext(messageContext, sCFromContext);
                SCTStore.addToClient(sCFromContext, !wSTContext.isSessionPersisted(), physicalStoreNameFromMessageContext);
                proactiveRequestor.asyncRenewNext(sCFromContext);
            } else if (TrustTokenHelper.isExpired(messageContext, sCFromContext.getCreated(), sCFromContext.getExpires())) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "SC credential expires, needs renewal on it.");
                }
                proactiveRequestor.waitOutProactiveRenewal();
                if (TrustTokenHelper.isExpired(messageContext, sCFromContext.getCreated(), sCFromContext.getExpires())) {
                    _renewCredential(proactiveRequestor, sCFromContext, wSTContext, sCTokenHandlerBase);
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Renew SC credential without using proactive requestor");
                    }
                    synchronized (proactiveRequestor) {
                        setSCToContext(messageContext, sCFromContext);
                        SCTStore.addToClient(sCFromContext, !wSTContext.isSessionPersisted(), physicalStoreNameFromMessageContext);
                    }
                }
            }
            return sCFromContext;
        } finally {
            proactiveRequestor.unlock();
        }
    }

    public static void cancelSCToken(Stub stub) {
        WSTContext wSTContext;
        Map map = (Map) stub._getProperty(WLStub.INVOKE_PROPERTIES);
        boolean z = false;
        if (map != null && (wSTContext = (WSTContext) map.get("weblogic.wsee.security.wst.framework.WSTContext")) != null) {
            z = ((SoapMessageContext) wSTContext.getMessageContext()).isSoap12();
        }
        SoapMessageContext soapMessageContext = new SoapMessageContext(z);
        if (map != null) {
            for (Map.Entry entry : map.entrySet()) {
                soapMessageContext.setProperty((String) entry.getKey(), entry.getValue());
            }
            soapMessageContext.setProperty(WLStub.INVOKE_PROPERTIES, map);
        }
        cancelSCToken(soapMessageContext);
    }

    public static void cancelSCToken(BindingProvider bindingProvider) {
        WSTContext wSTContext;
        Map requestContext = bindingProvider.getRequestContext();
        boolean z = false;
        if (requestContext != null && (wSTContext = (WSTContext) requestContext.get("weblogic.wsee.security.wst.framework.WSTContext")) != null) {
            z = ((SoapMessageContext) wSTContext.getMessageContext()).isSoap12();
        }
        SoapMessageContext soapMessageContext = new SoapMessageContext(z);
        if (requestContext != null) {
            for (Map.Entry entry : requestContext.entrySet()) {
                soapMessageContext.setProperty((String) entry.getKey(), entry.getValue());
            }
            soapMessageContext.setProperty(WLStub.INVOKE_PROPERTIES, requestContext);
        }
        cancelSCToken(soapMessageContext);
    }

    public static void cancelSCToken(MessageContext messageContext) {
        SCCredential sCFromContext = getSCFromContext(messageContext);
        if (sCFromContext == null) {
            WSTFaultUtil.raiseFault(new InvalidRequestException("No SCCredential to cancelSCToken"));
        }
        String scNamespace = sCFromContext.getScNamespace();
        if (!$assertionsDisabled && scNamespace == null) {
            throw new AssertionError("Warning ! SCNamespace in SCCredential is NULL, we require it in cancelSCToken(messageContext) to know which version of SCToken to load for cancel !");
        }
        cancelSCToken(messageContext, scNamespace);
    }

    private static void cancelSCToken(MessageContext messageContext, String str) {
        cancelSCToken(messageContext, SCTVersionHelper.newSCTokenHandler(str));
    }

    public static void cancelSCToken(MessageContext messageContext, SCTokenHandlerBase sCTokenHandlerBase) {
        SCCredential sCFromContext = getSCFromContext(messageContext);
        String sct_rst_cancel_action = sCTokenHandlerBase.getSCT_RST_CANCEL_ACTION();
        WSTContext wSTContext = (WSTContext) messageContext.getProperty("weblogic.wsee.security.wst.framework.WSTContext");
        if (wSTContext != null) {
            wSTContext.setAction(sct_rst_cancel_action);
        }
        try {
            WSTCredentialProviderHelper.cancelCredential(messageContext, sCFromContext, sCTokenHandlerBase, sCTokenHandlerBase.getSCT_VALUE_TYPE(), sCTokenHandlerBase.getCANNED_POLICY_INCLUDE_SCT_FOR_IDENTITY(), sCTokenHandlerBase.getSCT_RST_CANCEL_ACTION());
            SCCredentialProactiveRequestor.dispose(messageContext);
            removeSCFromContext(messageContext);
            SCTStore.removeFromClient(sCFromContext.getIdentifier(), getPhysicalStoreNameFromMessageContext(messageContext));
        } catch (Throwable th) {
            SCCredentialProactiveRequestor.dispose(messageContext);
            throw th;
        }
    }

    public static void renewSCToken(Stub stub) {
        WSTContext wSTContext;
        Map map = (Map) stub._getProperty(WLStub.INVOKE_PROPERTIES);
        boolean z = false;
        if (map != null && (wSTContext = (WSTContext) map.get("weblogic.wsee.security.wst.framework.WSTContext")) != null) {
            z = ((SoapMessageContext) wSTContext.getMessageContext()).isSoap12();
        }
        SoapMessageContext soapMessageContext = new SoapMessageContext(z);
        if (map != null) {
            for (Map.Entry entry : map.entrySet()) {
                soapMessageContext.setProperty((String) entry.getKey(), entry.getValue());
            }
            soapMessageContext.setProperty(WLStub.INVOKE_PROPERTIES, map);
        }
        renewSCToken(soapMessageContext);
    }

    public static void renewSCToken(BindingProvider bindingProvider) {
        WSTContext wSTContext;
        Map requestContext = bindingProvider.getRequestContext();
        boolean z = false;
        if (requestContext != null && (wSTContext = (WSTContext) requestContext.get("weblogic.wsee.security.wst.framework.WSTContext")) != null) {
            z = ((SoapMessageContext) wSTContext.getMessageContext()).isSoap12();
        }
        SoapMessageContext soapMessageContext = new SoapMessageContext(z);
        if (requestContext != null) {
            for (Map.Entry entry : requestContext.entrySet()) {
                soapMessageContext.setProperty((String) entry.getKey(), entry.getValue());
            }
            soapMessageContext.setProperty(WLStub.INVOKE_PROPERTIES, requestContext);
        }
        renewSCToken(soapMessageContext);
    }

    public static void renewSCToken(MessageContext messageContext) {
        SCCredential sCFromContext = getSCFromContext(messageContext);
        if (sCFromContext == null) {
            WSTFaultUtil.raiseFault(new InvalidRequestException("No SCCredential to renewSCToken"));
        }
        String scNamespace = sCFromContext.getScNamespace();
        if (!$assertionsDisabled && scNamespace == null) {
            throw new AssertionError("Warning ! SCNamespace in SCCredential is NULL, we require it in renewSCToken(messageContext) to know which version of SCToken to load for renewal !");
        }
        WSTContext wSTContext = (WSTContext) messageContext.getProperty("weblogic.wsee.security.wst.framework.WSTContext");
        renewCredential(sCFromContext, wSTContext, SCTVersionHelper.newSCTokenHandler(scNamespace));
        setSCToContext(messageContext, sCFromContext);
        SCTStore.addToClient(sCFromContext, !wSTContext.isSessionPersisted(), getPhysicalStoreNameFromMessageContext(messageContext));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void _renewCredential(SCCredentialProactiveRequestor sCCredentialProactiveRequestor, SCCredential sCCredential, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        SCCredentialProactiveRequestor.Measure createAndStartMeasure = sCCredentialProactiveRequestor.createAndStartMeasure();
        renewCredential(sCCredential, wSTContext, sCTokenHandlerBase);
        createAndStartMeasure.terminate();
    }

    static void renewCredential(SCCredential sCCredential, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        RequestSecurityTokenResponse renewCredential = WSTCredentialProviderHelper.renewCredential(wSTContext, sCCredential, sCTokenHandlerBase, sCTokenHandlerBase.getSCT_VALUE_TYPE(), sCTokenHandlerBase.getCANNED_POLICY_INCLUDE_SCT_FOR_IDENTITY(), sCTokenHandlerBase.getSCT_RST_RENEW_ACTION());
        if (renewCredential.getRequestedSecurityToken() == null) {
            WSTFaultUtil.raiseFault(FaultVersionHelper.newUnableToRenewException(sCTokenHandlerBase.getXMLNS_WSC(), "No RequestedSecurityToken found in renew RSTR"));
        }
        Lifetime lifetime = renewCredential.getLifetime();
        if (lifetime == null) {
            WSTFaultUtil.raiseFault(FaultVersionHelper.newUnableToRenewException(sCTokenHandlerBase.getXMLNS_WSC(), "Lifetime is missing in renewal RSTR."));
        }
        sCCredential.setCreated(lifetime.getCreated());
        sCCredential.setExpires(lifetime.getExpires());
    }

    public static SCCredential createSCCredential(TrustSoapClient trustSoapClient, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) throws WSTFaultException {
        initPolicy(null, wSTContext);
        Node rSTBaseNode = SOAPHelper.getRSTBaseNode(trustSoapClient.requestTrustToken());
        if (sCTokenHandlerBase.getXMLNS_WSC().equalsIgnoreCase(WSCConstants.XMLNS_WSC)) {
            return getSCCredentialFromRSTRC(wSTContext, BindingHelper.unmarshalRSTRCNode(rSTBaseNode, sCTokenHandlerBase), sCTokenHandlerBase);
        }
        if (sCTokenHandlerBase.getXMLNS_WSC().equalsIgnoreCase(weblogic.wsee.security.wssc.v200502.WSCConstants.XMLNS_WSC)) {
            return getSCCredentialFromRSTR(wSTContext, BindingHelper.unmarshalRSTRNode(rSTBaseNode, sCTokenHandlerBase), sCTokenHandlerBase);
        }
        throw new WSTFaultException(" unable to create SCCredential for WS-SC namespace='" + sCTokenHandlerBase.getXMLNS_WSC() + "'.  Namespace not understood.");
    }

    private static SCCredential _createSCCredential(SCCredentialProactiveRequestor sCCredentialProactiveRequestor, WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        SCCredentialProactiveRequestor.Measure createAndStartMeasure = sCCredentialProactiveRequestor.createAndStartMeasure();
        SCCredential createSCCredential = createSCCredential(wSTContext, sCTokenHandlerBase);
        createAndStartMeasure.terminate();
        return createSCCredential;
    }

    private static SCCredential createSCCredential(WSTContext wSTContext, SCTokenHandlerBase sCTokenHandlerBase) {
        try {
            return getSCCredentialFromRSTR(wSTContext, WSTCredentialProviderHelper.createCredential(wSTContext, sCTokenHandlerBase), sCTokenHandlerBase);
        } catch (WSTFaultException e) {
            WSTFaultUtil.raiseFault(e);
            return null;
        }
    }

    private static SCCredential getSCCredentialFromRSTRC(WSTContext wSTContext, RequestSecurityTokenResponseCollection requestSecurityTokenResponseCollection, SCTokenHandlerBase sCTokenHandlerBase) throws WSTFaultException {
        List<RequestSecurityTokenResponse> requestSecurityTokenResponseCollection2 = requestSecurityTokenResponseCollection.getRequestSecurityTokenResponseCollection();
        if (requestSecurityTokenResponseCollection2.size() <= 0) {
            throw new WSTFaultException(" SecureTokenService did not return a WS-SecureConversation token in the returned RequestSecurityTokenResponseCollection ");
        }
        return getSCCredentialFromRSTR(wSTContext, requestSecurityTokenResponseCollection2.get(0), sCTokenHandlerBase);
    }

    private static SCCredential getSCCredentialFromRSTR(WSTContext wSTContext, RequestSecurityTokenResponse requestSecurityTokenResponse, SCTokenHandlerBase sCTokenHandlerBase) throws WSTFaultException {
        SCCredential newSCCredential = sCTokenHandlerBase.newSCCredential();
        TokenType tokenType = requestSecurityTokenResponse.getTokenType();
        if (tokenType != null && !tokenType.getTokenType().equals(sCTokenHandlerBase.getSCT_VALUE_TYPE())) {
            throw new RequestFailedException("Unexpected token type in RSTR: " + tokenType.getTokenType());
        }
        RequestedSecurityToken requestedSecurityToken = requestSecurityTokenResponse.getRequestedSecurityToken();
        if (requestedSecurityToken == null) {
            throw new RequestFailedException("RequestedSecurityToken must be specified");
        }
        SecurityToken securityToken = requestedSecurityToken.getSecurityToken();
        if (!(securityToken instanceof SCTokenBase)) {
            throw new RequestFailedException(securityToken.getValueType() + " is not a SCT");
        }
        SCCredential.copy(((SCTokenBase) securityToken).getCredential(), newSCCredential);
        RequestedProofToken requestedProofToken = requestSecurityTokenResponse.getRequestedProofToken();
        if (requestedProofToken == null) {
            throw new RequestFailedException("RequestedProofToken must be specified");
        }
        ComputedKey computedKey = requestedProofToken.getComputedKey();
        if (computedKey == null) {
            throw new RequestFailedException("ComputedKey is expected in RequestedProofToken");
        }
        String uri = computedKey.getUri();
        if (uri != null && !uri.endsWith(WSTConstants.PSHA1)) {
            throw new InvalidScopeException(uri + " of ComputedKey is not supported");
        }
        int i = 256;
        KeySize keySize = requestSecurityTokenResponse.getKeySize();
        if (keySize != null) {
            i = keySize.getSize();
        }
        try {
            newSCCredential.setSecret(KeyUtils.generateKey(wSTContext.getRstNonce(), requestSecurityTokenResponse.getEntropy().getBinarySecret().getValue(), "AES", i));
            Lifetime lifetime = requestSecurityTokenResponse.getLifetime();
            newSCCredential.setCreated(lifetime.getCreated());
            newSCCredential.setExpires(lifetime.getExpires());
            AppliesTo appliesTo = requestSecurityTokenResponse.getAppliesTo();
            if (appliesTo != null) {
                newSCCredential.setAppliesTo(appliesTo.getEndpointReference());
                newSCCredential.setAppliesToElement(appliesTo.getElement());
            } else {
                newSCCredential.setAppliesTo(wSTContext.getAppliesTo());
                newSCCredential.setAppliesToElement(wSTContext.getAppliesToElement());
            }
            RequestedAttachedReference requestedAttachedReference = requestSecurityTokenResponse.getRequestedAttachedReference();
            if (requestedAttachedReference != null) {
                SCCredential.copyFromSTRToInfo(requestedAttachedReference.getSecurityTokenReference(), newSCCredential.newAttachedSecurityTokenReferenceInfo());
            }
            RequestedUnattachedReference requestedUnattachedReference = requestSecurityTokenResponse.getRequestedUnattachedReference();
            if (requestedUnattachedReference != null) {
                SCCredential.copyFromSTRToInfo(requestedUnattachedReference.getSecurityTokenReference(), newSCCredential.newUnattachedSecurityTokenReferenceInfo());
            }
            return newSCCredential;
        } catch (InvalidKeyException e) {
            throw new InvalidScopeException(e.getMessage());
        } catch (NoSuchAlgorithmException e2) {
            throw new InvalidScopeException(e2.getMessage());
        }
    }

    void initWSTContext(WSTContext wSTContext, MessageContext messageContext, SecurityTokenContextHandler securityTokenContextHandler, SCTokenHandlerBase sCTokenHandlerBase, String str) {
        long tokenLifetime = SCTClaims.newInstance(securityTokenContextHandler).getTokenLifetime();
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "SCT Lifetime from SCTClaims is " + tokenLifetime);
        }
        if (tokenLifetime > 0) {
            wSTContext.setLifetimePeriod(tokenLifetime);
        }
        wSTContext.setAction(sCTokenHandlerBase.getSCT_RST_ACTION());
        wSTContext.setTokenType(sCTokenHandlerBase.getSCT_VALUE_TYPE());
        String str2 = (String) securityTokenContextHandler.getValue("weblogic.wsee.security.trust_version");
        if (str2 == null) {
            if (str == null) {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "WARNING !  could not determine WS-Trust namespace URI from null tokenType.  Forcing value to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512'");
                }
                str2 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            } else if (str.startsWith(weblogic.wsee.security.wssc.v200502.WSCConstants.XMLNS_WSC)) {
                str2 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
            } else if (str.startsWith(WSCConstants.XMLNS_WSC)) {
                str2 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            } else {
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "WARNING !  could not determine WS-Trust namespace URI from tokenType='" + str + "', forcing value to 'http://docs.oasis-open.org/ws-sx/ws-trust/200512'");
                }
                str2 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            }
        }
        wSTContext.setTrustVersion(str2);
        String str3 = (String) messageContext.getProperty(WSEESecurityConstants.TRUST_SOAP_VERSION);
        if (str3 != null) {
            wSTContext.setSoapVersion(str3);
        }
        wSTContext.initEndpoints(messageContext);
        String stsUri = wSTContext.getStsUri();
        if (stsUri == null || stsUri.equals(wSTContext.getEndpointUri())) {
            String str4 = (String) messageContext.getProperty("weblogic.wsee.wst.sts_endpoint_uri");
            String sTSURIFromConfig = (str4 == null || "".equals(str4)) ? WSTCredentialProviderHelper.getSTSURIFromConfig(securityTokenContextHandler, messageContext, getClass().getName()) : str4;
            if (sTSURIFromConfig == null) {
                sTSURIFromConfig = wSTContext.getEndpointUri();
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Settng the STS endpoint URI to [" + sTSURIFromConfig + "]");
            }
            wSTContext.setStsUri(sTSURIFromConfig);
        }
        initPolicy(securityTokenContextHandler, wSTContext);
    }

    private static void initPolicy(SecurityTokenContextHandler securityTokenContextHandler, WSTContext wSTContext) {
        if (wSTContext.getBootstrapPolicy() != null) {
            return;
        }
        NormalizedExpression normalizedExpression = null;
        if (securityTokenContextHandler != null) {
            normalizedExpression = (NormalizedExpression) securityTokenContextHandler.getValue("weblogic.wsee.security.wst_bootstrap_policy");
        }
        if (normalizedExpression == null) {
            normalizedExpression = getTrustBootStrapPolicy(wSTContext.getStsUri().toLowerCase(Locale.ENGLISH).startsWith(GenericConstants.HTTPS_PROTOCOL));
            wSTContext.setWssp(false);
        } else {
            try {
                wSTContext.setOuterPolicy(PolicyContext.getEndpointPolicy(wSTContext.getMessageContext()));
                wSTContext.setWssp(true);
            } catch (PolicyException e) {
                throw new RuntimeException(e.getMessage());
            }
        }
        if (null == normalizedExpression) {
            throw new IllegalArgumentException("Unable to find the security policy for WS-Trust");
        }
        wSTContext.setBootstrapPolicy(normalizedExpression);
    }

    private static NormalizedExpression getTrustBootStrapPolicy(boolean z) {
        NormalizedExpression createUnitializedExpression = NormalizedExpression.createUnitializedExpression();
        if (!z) {
            try {
                createUnitializedExpression = new PolicyServer().getPolicy("SecurityTokenService.xml").normalize();
            } catch (PolicyException e) {
            }
        }
        return createUnitializedExpression;
    }

    static void p(String str) {
        LOGGER.log(Level.FINE, " [ClientSCCredentialProviderBase THORICK] " + str);
    }

    static {
        $assertionsDisabled = !ClientSCCredentialProviderBase.class.desiredAssertionStatus();
        LOGGER = Logger.getLogger(ClientSCCredentialProviderBase.class.getName());
    }
}
