package weblogic.wsee.security.configuration;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.StringTokenizer;
import javax.xml.rpc.handler.MessageContext;
import weblogic.kernel.KernelStatus;
import weblogic.management.configuration.WebserviceSecurityMBean;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.policy.util.PolicySelectionPreference;
import weblogic.wsee.security.bst.ServerBSTCredentialProvider;
import weblogic.wsee.security.wssc.utils.WSSCCompatibilityUtil;
import weblogic.xml.crypto.wss.BinarySecurityTokenHandler;
import weblogic.xml.crypto.wss.ClientUNTHandler;
import weblogic.xml.crypto.wss.SecurityUtils;
import weblogic.xml.crypto.wss.UsernameTokenHandler;
import weblogic.xml.crypto.wss.WssPolicyContextHandler;
import weblogic.xml.crypto.wss.nonce.NonceValidatorFactory;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss11.internal.bst.ClientBSTHandler;

/* loaded from: input_file:weblogic/wsee/security/configuration/WssConfiguration.class */
public class WssConfiguration {
    public static final String WSS_CONFIGURATION_CTX_PROP = "weblogic.wsee.security.wssconfig";
    private static final String CRED_PROVIDER_SYS_PROP = "weblogic.xml.crypto.wss.provider.CredentialProvider";
    private static final String TOKEN_HANDLER_SYS_PROP = "weblogic.xml.crypto.wss.provider.SecurityTokenHandler";
    public static final String NONCE_VALIDATOR = "weblogic.wsee.security.nonce.validator";
    private volatile boolean inited;
    private boolean isServer;
    private String mbeanName;
    private List tokenHandlers;
    private List credProviders;
    private List tokens;
    private WssPolicyContextHandler wssContextHandler;
    private Map classNameToInstanceMap;
    private WebserviceSecurityMBean wsm;
    private TimestampConfiguration timestampConfig;
    private static final boolean HEURISTIC_COMPATIBILITY = WSSCCompatibilityUtil.isHeuristicCompatibility();

    public WssConfiguration() {
        this(null, true);
    }

    public WssConfiguration(boolean z) {
        this(null, z);
    }

    public WssConfiguration(String str) {
        this(str, true);
    }

    public WssConfiguration(String str, boolean z) {
        this.inited = false;
        this.isServer = true;
        this.mbeanName = null;
        this.tokenHandlers = null;
        this.credProviders = null;
        this.tokens = null;
        this.wssContextHandler = new WssPolicyContextHandler();
        this.classNameToInstanceMap = new HashMap();
        if (str == null) {
            this.mbeanName = MBeanConstants.DEFAULT_WEBSERVICE_SECURITY_NAME;
        } else {
            this.mbeanName = str;
        }
        if (z) {
            this.isServer = true;
            return;
        }
        try {
            this.isServer = MBeanHelper.getDomainMBean() != null;
        } catch (AssertionError e) {
            this.isServer = false;
        }
    }

    public synchronized void init() throws WssConfigurationException {
        if (this.inited) {
            return;
        }
        this.tokenHandlers = createInstancesFromSysProp(System.getProperty(TOKEN_HANDLER_SYS_PROP));
        this.credProviders = createInstancesFromSysProp(System.getProperty(CRED_PROVIDER_SYS_PROP));
        if (this.isServer) {
            this.wsm = MBeanHelper.lookupWebserviceSecurityMBean(this.mbeanName);
            if (this.wsm == null && !this.mbeanName.equals(MBeanConstants.DEFAULT_WEBSERVICE_SECURITY_NAME)) {
                throw new WssConfigurationException("WebserviceSecurityMBean \"" + this.mbeanName + "\" does not exist");
            }
            this.tokenHandlers.addAll(createInstancesFromMBean(MBeanHelper.getTokenHandlerClassNames(this.wsm)));
            this.credProviders.addAll(createInstancesFromMBean(MBeanHelper.getCredentialProviderClassNames(this.wsm)));
            fillContextHandler();
            initDefaultConfiguration();
            initCompatibility();
        } else {
            initClientBuiltInHandlers();
        }
        initTimestampConfiguration();
        NonceValidatorFactory.getInstance(System.getProperty(TOKEN_HANDLER_SYS_PROP), this.timestampConfig);
        this.inited = true;
    }

    public void destroy() {
        if (this.wsm == null || this.timestampConfig == null) {
            return;
        }
        this.wsm.getWebserviceTimestamp().removeBeanUpdateListener(this.timestampConfig);
    }

    public TimestampConfiguration getTimestampConfig() {
        return this.timestampConfig;
    }

    public List getTokenHandlers() throws WssConfigurationException {
        init();
        return this.tokenHandlers;
    }

    public List getCredentialProviders() throws WssConfigurationException {
        init();
        return this.credProviders;
    }

    public List getSupprotedTokens() throws WssConfigurationException {
        init();
        if (this.tokens == null) {
            initTokens();
        }
        return this.tokens;
    }

    public CredentialProvider getCredentialProvider(String str, String str2) throws WssConfigurationException {
        init();
        String credentialProviderClass = MBeanHelper.getCredentialProviderClass(this.wsm, str, str2);
        if (credentialProviderClass == null) {
            return null;
        }
        Object createInstance = createInstance(credentialProviderClass);
        if (createInstance instanceof CredentialProvider) {
            return (CredentialProvider) createInstance;
        }
        throw new WssConfigurationException(credentialProviderClass + " needs to implement weblogic.xml.crypto.wss.provider.CredentialProvider interface");
    }

    public SecurityTokenHandler getTokenHandler(String str, String str2) throws WssConfigurationException {
        init();
        if (str2 != null) {
            for (SecurityTokenHandler securityTokenHandler : this.tokenHandlers) {
                if (securityTokenHandler.getClass().getName().equals(str2)) {
                    return securityTokenHandler;
                }
            }
        }
        String tokenHandlerClass = MBeanHelper.getTokenHandlerClass(this.wsm, str, str2);
        if (tokenHandlerClass != null) {
            Object createInstance = createInstance(tokenHandlerClass);
            if (createInstance instanceof SecurityTokenHandler) {
                return (SecurityTokenHandler) createInstance;
            }
            throw new WssConfigurationException(tokenHandlerClass + " needs to implement weblogic.xml.crypto.wss.provider.SecurityTokenHandler");
        }
        if (tokenHandlerClass != null) {
            return null;
        }
        for (SecurityTokenHandler securityTokenHandler2 : this.tokenHandlers) {
            for (String str3 : securityTokenHandler2.getValueTypes()) {
                if (str3.equals(str)) {
                    return securityTokenHandler2;
                }
            }
        }
        return null;
    }

    public void initTokens() throws WssConfigurationException {
        String[] securityTokenClassNames = MBeanHelper.getSecurityTokenClassNames(this.wsm);
        this.tokens = new ArrayList();
        for (String str : securityTokenClassNames) {
            this.tokens.add(createInstance(str));
        }
    }

    public WssPolicyContextHandler getContextHandler() {
        return this.wssContextHandler;
    }

    public boolean isSignatureACLEnabled() {
        return MBeanHelper.getTokenHandlerPropertyBoolean(this.wsm, "UseX509ForIdentity", false);
    }

    public boolean validateHOKNeeded() {
        return MBeanHelper.getTokenHandlerPropertyBoolean(this.wsm, MBeanConstants.PROP_ENABLE_HOK_VALIDATION, true);
    }

    public Long getSCTLifeTime() {
        return new Long((String) MBeanHelper.getCredentialProviderProperty(this.wsm, MBeanConstants.SCT_TOKEN_LIFE_TIME, MBeanConstants.DEFAULT_SCT_TOKEN_LIFE_TIME));
    }

    public String getDKLabel() {
        return (String) MBeanHelper.getCredentialProviderProperty(this.wsm, "Label", null);
    }

    public Integer getDKLength() {
        return new Integer((String) MBeanHelper.getCredentialProviderProperty(this.wsm, "Length", "-1"));
    }

    public String getDefaultSTSURI() {
        return MBeanHelper.getDefaultCredentialProviderSTSURI(this.wsm);
    }

    public String getSTSURI(String str) {
        return (String) MBeanHelper.getCredentialProviderProperty(this.wsm, str, MBeanConstants.STS_URI, null);
    }

    public String getSTSPolicy(String str) {
        return (String) MBeanHelper.getCredentialProviderProperty(this.wsm, str, MBeanConstants.STS_POLICY, null);
    }

    public PolicySelectionPreference getPolicySelectionPreference() {
        PolicySelectionPreference policySelectionPreference = null;
        if (this.wsm != null && this.wsm.getPolicySelectionPreference() != null) {
            policySelectionPreference = new PolicySelectionPreference(this.wsm.getPolicySelectionPreference());
        }
        return policySelectionPreference;
    }

    public Boolean getSamlAttributesOnly(MessageContext messageContext) {
        return Boolean.valueOf(Boolean.getBoolean((String) messageContext.getProperty(WLStub.SAML_ATTRIBUTE_ONLY)));
    }

    public String getCompatibilityPreference(MessageContext messageContext) {
        if (HEURISTIC_COMPATIBILITY) {
            return (String) messageContext.getProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE);
        }
        if (this.wsm != null) {
            return this.wsm.getCompatibilityPreference();
        }
        return null;
    }

    public String getCompatibilityPreference() {
        if (this.wsm != null) {
            return this.wsm.getCompatibilityPreference();
        }
        return null;
    }

    public void setCompatibilityPreference(String str, MessageContext messageContext) {
        if (HEURISTIC_COMPATIBILITY) {
            messageContext.setProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE, str);
        } else if (this.wsm != null) {
            this.wsm.setCompatibilityPreference(str);
        }
    }

    public String getCompatibilityOrderingPreference() {
        if (this.wsm != null) {
            return this.wsm.getCompatibilityOrderingPreference();
        }
        return null;
    }

    public void setCompatibilityOrderingPreference(String str) {
        if (this.wsm != null) {
            this.wsm.setCompatibilityOrderingPreference(str);
        }
    }

    private void fillContextHandler() {
        this.wssContextHandler.addContextElement(WssPolicyContextHandler.CREDENTIAL_PROVIDER_LIST, this.credProviders);
        this.wssContextHandler.addContextElement(WssPolicyContextHandler.TOKEN_HANDLER_LIST, this.tokenHandlers);
        MBeanHelper.fillConfigProperties(this.wsm, this.wssContextHandler);
    }

    private void initClientBuiltInHandlers() throws WssConfigurationException {
        this.tokenHandlers.add(ClientBSTHandler.getInstance());
        this.tokenHandlers.add(ClientUNTHandler.getInstance());
        this.tokenHandlers.add((SecurityTokenHandler) createInstance(MBeanConstants.SCT_V200502_TOKEN_HANDLER_CLASS));
        this.tokenHandlers.add((SecurityTokenHandler) createInstance(MBeanConstants.DK_V200502_TOKEN_HANDLER_CLASS));
        this.tokenHandlers.add((SecurityTokenHandler) createInstance(MBeanConstants.SCT_V13_TOKEN_HANDLER_CLASS));
        this.tokenHandlers.add((SecurityTokenHandler) createInstance(MBeanConstants.DK_V13_TOKEN_HANDLER_CLASS));
    }

    private void initDefaultConfiguration() throws WssConfigurationException {
        Object findInstance;
        Object findInstance2 = findInstance(MBeanConstants.X509_TOKEN_HANDLER_CLASS);
        if (findInstance2 != null && (findInstance2 instanceof BinarySecurityTokenHandler)) {
            boolean tokenHandlerPropertyBoolean = MBeanHelper.getTokenHandlerPropertyBoolean(this.wsm, "UseX509ForIdentity", false);
            this.wssContextHandler.addContextElement("UseX509ForIdentity", new Boolean(tokenHandlerPropertyBoolean));
            if (tokenHandlerPropertyBoolean && !SecurityUtils.isX509Supported()) {
                throw new WssConfigurationException("Server is not configured to support assert x509 identity but property \" UseX509ForIdentity\" is true");
            }
            ((BinarySecurityTokenHandler) findInstance2).setAuthorizationToken(tokenHandlerPropertyBoolean);
        }
        Object findInstance3 = findInstance(MBeanConstants.UT_TOKEN_HANDLER_CLASS);
        if (findInstance3 != null && (findInstance3 instanceof UsernameTokenHandler)) {
            boolean tokenHandlerPropertyBoolean2 = MBeanHelper.getTokenHandlerPropertyBoolean(this.wsm, MBeanConstants.PROP_USE_PASSWORD_DIGEST, false);
            if (tokenHandlerPropertyBoolean2 && !SecurityUtils.isPasswordDigestSupported()) {
                throw new WssConfigurationException("Server is not configured to support password digest but property \" UsePasswordDigest\" is true");
            }
            ((UsernameTokenHandler) findInstance3).setPasswordDigestSupported(tokenHandlerPropertyBoolean2);
        }
        if (KernelStatus.isServer() && (findInstance = findInstance(MBeanConstants.X509_CREDENTIAL_PROVIDER_CLASS)) != null && (findInstance instanceof ServerBSTCredentialProvider)) {
            ((ServerBSTCredentialProvider) findInstance).initCredentials(this.wssContextHandler);
        }
    }

    private void initTimestampConfiguration() {
        this.timestampConfig = new TimestampConfiguration(MBeanHelper.getTimestampConfig(this.wsm));
    }

    private void initCompatibility() {
    }

    private Object findInstance(String str) {
        return this.classNameToInstanceMap.get(str);
    }

    private List createInstancesFromSysProp(String str) throws WssConfigurationException {
        ArrayList arrayList = new ArrayList();
        if (str != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
            while (stringTokenizer.hasMoreTokens()) {
                String nextToken = stringTokenizer.nextToken();
                addInstance(arrayList, nextToken, createInstance(nextToken));
            }
        }
        return arrayList;
    }

    private void addInstance(List list, String str, Object obj) {
        list.add(obj);
        this.classNameToInstanceMap.put(str, obj);
    }

    private List createInstancesFromMBean(String[] strArr) throws WssConfigurationException {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < strArr.length; i++) {
            addInstance(arrayList, strArr[i], createInstance(strArr[i]));
        }
        return arrayList;
    }

    private static Object createInstance(String str) throws WssConfigurationException {
        try {
            return Class.forName(str).newInstance();
        } catch (ClassNotFoundException e) {
            throw new WssConfigurationException("Could not instantiate object of type " + str, (Exception) e);
        } catch (IllegalAccessException e2) {
            throw new WssConfigurationException("Could not instantiate object of type " + str, (Exception) e2);
        } catch (InstantiationException e3) {
            throw new WssConfigurationException("Could not instantiate object of type " + str, (Exception) e3);
        }
    }
}
