package weblogic.security.internal;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.SecurityLogger;
import com.bea.common.security.internal.service.ServiceLogger;
import com.bea.common.security.legacy.spi.SAMLSingleSignOnServiceConfigInfoSpi;
import com.bea.common.security.saml.manager.SAMLKeyManager;
import com.bea.common.security.saml.utils.SAMLSourceId;
import com.bea.common.security.saml.utils.SAMLUtil;
import java.security.AccessController;
import java.util.Properties;
import weblogic.descriptor.BeanUpdateEvent;
import weblogic.descriptor.BeanUpdateFailedException;
import weblogic.descriptor.BeanUpdateListener;
import weblogic.descriptor.BeanUpdateRejectedException;
import weblogic.descriptor.DescriptorBean;
import weblogic.management.configuration.FederationServicesMBean;
import weblogic.management.provider.ManagementService;
import weblogic.management.security.RealmMBean;
import weblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.credentials.CredentialMapperMBean;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.providers.saml.SAMLAssertionStore;
import weblogic.security.providers.saml.SAMLBeanUpdateListener;
import weblogic.security.providers.saml.SAMLCredentialMapperV2MBean;
import weblogic.security.providers.saml.SAMLIdentityAsserterV2MBean;
import weblogic.security.providers.saml.SAMLUsedAssertionCache;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.shared.LoggerWrapper;
import weblogic.security.spi.ProviderInitializationException;

/* loaded from: input_file:weblogic/security/internal/SAMLSingleSignOnServiceConfigInfoImpl.class */
public class SAMLSingleSignOnServiceConfigInfoImpl implements SAMLSingleSignOnServiceConfigInfoSpi, SAMLBeanUpdateListener.UpdateListener {
    private static final int CONFIG_NONE = 0;
    private static final int CONFIG_V2 = 2;
    private static final AuthenticatedSubject kernelId = (AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction());
    private static LoggerWrapper LOGGER = LoggerWrapper.getInstance("SecuritySAMLService");
    private FederationServicesMBean fsMBean = null;
    protected BeanUpdateListener listener = null;
    private boolean sourceSiteDisabled = false;
    private boolean destinationSiteDisabled = false;
    private int configVersion = CONFIG_NONE;
    private String[] itsURIs = null;
    private String[] arsURIs = null;
    private String sourceIdHex = null;
    private byte[] sourceIdBytes = null;
    private String assertionStoreClassName = null;
    private Properties assertionStoreProperties = null;
    private String[] acsURIs = null;
    private String usedAssertionCacheClassName = null;
    private Properties usedAssertionCacheProperties = null;

    /* JADX INFO: Access modifiers changed from: protected */
    public static void logDebug(String str, String str2, String str3) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug(str + "." + str2 + "(): " + str3);
        }
    }

    private static void logDebug(String str, String str2) {
        logDebug("SAMLSingleSignOnServiceConfigInfoImpl", str, str2);
    }

    public SAMLSingleSignOnServiceConfigInfoImpl() {
        initialize();
    }

    private void initialize() {
        this.fsMBean = ManagementService.getRuntimeAccess(kernelId).getServer().getFederationServices();
        RealmMBean defaultRealm = ManagementService.getRuntimeAccess(kernelId).getDomain().getSecurityConfiguration().getDefaultRealm();
        AuthenticationProviderMBean authenticationProviderMBean = CONFIG_NONE;
        AuthenticationProviderMBean[] authenticationProviders = defaultRealm.getAuthenticationProviders();
        for (int i = CONFIG_NONE; authenticationProviders != null && i < authenticationProviders.length; i++) {
            if (authenticationProviders[i] instanceof SAMLIdentityAsserterV2MBean) {
                authenticationProviderMBean = authenticationProviders[i];
            }
        }
        CredentialMapperMBean credentialMapperMBean = CONFIG_NONE;
        CredentialMapperMBean[] credentialMappers = defaultRealm.getCredentialMappers();
        for (int i2 = CONFIG_NONE; credentialMappers != null && i2 < credentialMappers.length; i2++) {
            if (credentialMappers[i2] instanceof SAMLCredentialMapperV2MBean) {
                credentialMapperMBean = credentialMappers[i2];
            }
        }
        if (authenticationProviderMBean != null || credentialMapperMBean != null) {
            this.configVersion = CONFIG_V2;
        }
        if (authenticationProviderMBean == null) {
            this.destinationSiteDisabled = true;
        }
        if (credentialMapperMBean == null) {
            this.sourceSiteDisabled = true;
        }
        validateConfiguration();
        updateConfiguration();
        this.listener = SAMLBeanUpdateListener.registerListener(this.fsMBean, this, "SAMLSingleSignOnServiceConfigInfoImpl", (LoggerSpi) null);
    }

    private void validateConfiguration() {
        if (this.configVersion == CONFIG_V2) {
            validateFederationServices(this.fsMBean);
        }
    }

    private void updateConfiguration() {
        if (this.configVersion != CONFIG_V2 || this.fsMBean == null) {
            return;
        }
        updateFederationServices(this.fsMBean);
    }

    public void prepareBeanUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateRejectedException {
        DescriptorBean proposedBean = beanUpdateEvent.getProposedBean();
        logDebug("listener", "prepareBeanUpdate() called");
        try {
            if (proposedBean instanceof FederationServicesMBean) {
                validateFederationServices((FederationServicesMBean) proposedBean);
            }
            logDebug("listener", "prepareBeanUpdate() succeeded");
        } catch (Exception e) {
            logDebug("listener", "prepareBeanUpdate() failed: " + e.getMessage());
            throw new BeanUpdateRejectedException(e.toString());
        }
    }

    public void handleBeanUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateFailedException {
        DescriptorBean sourceBean = beanUpdateEvent.getSourceBean();
        logDebug("listener", "handleBeanUpdate() called");
        try {
            if (sourceBean instanceof FederationServicesMBean) {
                updateFederationServices((FederationServicesMBean) sourceBean);
            }
            logDebug("listener", "Update succeeded");
        } catch (Exception e) {
            logDebug("listener", "Update failed");
            throw new BeanUpdateFailedException(e.toString());
        }
    }

    public void rollbackBeanUpdate(BeanUpdateEvent beanUpdateEvent) {
        logDebug("listener", "rollbackBeanUpdate() called, nothing to do");
    }

    private void validateFederationServices(FederationServicesMBean federationServicesMBean) throws ProviderInitializationException {
        validateSourceSite(federationServicesMBean.isSourceSiteEnabled(), federationServicesMBean.getAssertionStoreClassName(), federationServicesMBean.getAssertionStoreProperties(), federationServicesMBean.getSourceSiteURL());
        validateDestinationSite(federationServicesMBean.isDestinationSiteEnabled(), federationServicesMBean.isPOSTOneUseCheckEnabled(), federationServicesMBean.getUsedAssertionCacheClassName(), federationServicesMBean.getUsedAssertionCacheProperties());
        SAMLKeyManager manager = SAMLKeyManager.getManager();
        if (manager != null) {
            String signingKeyAlias = federationServicesMBean.getSigningKeyAlias();
            if (!manager.checkProtocolKeyConfiguration(signingKeyAlias, federationServicesMBean.getSigningKeyPassPhrase())) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSigningKey(signingKeyAlias));
            }
            String sSLClientIdentityAlias = federationServicesMBean.getSSLClientIdentityAlias();
            if (!manager.checkSSLCLIENTKeyConfiguration(sSLClientIdentityAlias, federationServicesMBean.getSSLClientIdentityPassPhrase())) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSSLKey(sSLClientIdentityAlias));
            }
        }
    }

    private void updateFederationServices(FederationServicesMBean federationServicesMBean) {
        logDebug("updateFederationServices", "Initializing static source site params");
        this.itsURIs = federationServicesMBean.getIntersiteTransferURIs();
        this.arsURIs = federationServicesMBean.getAssertionRetrievalURIs();
        this.assertionStoreClassName = federationServicesMBean.getAssertionStoreClassName();
        this.assertionStoreProperties = federationServicesMBean.getAssertionStoreProperties();
        logDebug("updateFederationServices", "Initializing static destination site params");
        this.acsURIs = federationServicesMBean.getAssertionConsumerURIs();
        this.usedAssertionCacheClassName = federationServicesMBean.getUsedAssertionCacheClassName();
        this.usedAssertionCacheProperties = federationServicesMBean.getUsedAssertionCacheProperties();
        SAMLSourceId instantiateSourceId = instantiateSourceId(federationServicesMBean.getSourceSiteURL());
        if (instantiateSourceId != null) {
            this.sourceIdHex = instantiateSourceId.getSourceIdHex();
            this.sourceIdBytes = instantiateSourceId.getSourceIdBytes();
        }
        SAMLKeyManager manager = SAMLKeyManager.getManager();
        if (manager != null) {
            String signingKeyAlias = federationServicesMBean.getSigningKeyAlias();
            String signingKeyPassPhrase = federationServicesMBean.getSigningKeyPassPhrase();
            if (signingKeyAlias != null && !signingKeyAlias.equals("")) {
                logDebug("updateFederationServices", "Setting SigningKey: " + signingKeyAlias);
                if (signingKeyPassPhrase == null) {
                    signingKeyPassPhrase = "";
                }
                manager.setProtocolKeyAliasInfo(signingKeyAlias, signingKeyPassPhrase);
            }
            String sSLClientIdentityAlias = federationServicesMBean.getSSLClientIdentityAlias();
            String sSLClientIdentityPassPhrase = federationServicesMBean.getSSLClientIdentityPassPhrase();
            if (sSLClientIdentityAlias == null || sSLClientIdentityAlias.equals("")) {
                return;
            }
            logDebug("updateFederationServices", "Setting SSLClientKey: " + sSLClientIdentityAlias);
            if (sSLClientIdentityPassPhrase == null) {
                sSLClientIdentityPassPhrase = "";
            }
            manager.setSSLClientKeyAliasInfo(sSLClientIdentityAlias, sSLClientIdentityPassPhrase);
        }
    }

    private void validateSourceSite(boolean z, String str, Properties properties, String str2) throws ProviderInitializationException {
        if (z) {
            if (str != null && str.length() != 0) {
                try {
                    SAMLAssertionStore sAMLAssertionStore = (SAMLAssertionStore) SAMLUtil.instantiatePlugin(str, SAMLAssertionStore.class.getName());
                    if (sAMLAssertionStore != null) {
                        sAMLAssertionStore.initStore(properties);
                    }
                } catch (Exception e) {
                    throw new ProviderInitializationException(SecurityLogger.logSAMLAssertionCacheInitFailLoggable(str, e).getFormattedMessageBody());
                }
            }
            if (str2 == null || str2.length() == 0) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSourceSiteConfig("URL"));
            }
            if (instantiateSourceId(str2) == null) {
                throw new ProviderInitializationException(ServiceLogger.getSAMLInvalidSourceSiteConfig("source id"));
            }
        }
    }

    private void validateDestinationSite(boolean z, boolean z2, String str, Properties properties) throws ProviderInitializationException {
        if (!z || !z2 || str == null || str.length() == 0) {
            return;
        }
        try {
            SAMLUsedAssertionCache sAMLUsedAssertionCache = (SAMLUsedAssertionCache) SAMLUtil.instantiatePlugin(str, SAMLUsedAssertionCache.class.getName());
            if (sAMLUsedAssertionCache != null) {
                sAMLUsedAssertionCache.initCache(properties);
            }
        } catch (Exception e) {
            throw new ProviderInitializationException(SecurityLogger.logSAMLAssertionCacheInitFailLoggable(str, e).getFormattedMessageBody());
        }
    }

    private SAMLSourceId instantiateSourceId(String str) throws ProviderInitializationException {
        if (str == null || str.equals("")) {
            return null;
        }
        try {
            return new SAMLSourceId(str);
        } catch (IllegalArgumentException e) {
            return null;
        }
    }

    public boolean isV1Config() {
        return false;
    }

    public boolean isV2Config() {
        return this.configVersion == CONFIG_V2;
    }

    public byte[] getSourceIdBytes() {
        return this.sourceIdBytes;
    }

    public String getSourceIdHex() {
        return this.sourceIdHex;
    }

    public String[] getIntersiteTransferURIs() {
        return this.itsURIs;
    }

    public String[] getAssertionRetrievalURIs() {
        return this.arsURIs;
    }

    public String[] getAssertionConsumerURIs() {
        return this.acsURIs;
    }

    public String getAssertionStoreClassName() {
        return this.assertionStoreClassName;
    }

    public Properties getAssertionStoreProperties() {
        return this.assertionStoreProperties;
    }

    public String getUsedAssertionCacheClassName() {
        return this.usedAssertionCacheClassName;
    }

    public Properties getUsedAssertionCacheProperties() {
        return this.usedAssertionCacheProperties;
    }

    public boolean isSourceSiteEnabled() {
        return (this.sourceSiteDisabled || !this.fsMBean.isSourceSiteEnabled() || this.itsURIs == null) ? false : true;
    }

    public boolean isDestinationSiteEnabled() {
        return (this.destinationSiteDisabled || !this.fsMBean.isDestinationSiteEnabled() || this.acsURIs == null) ? false : true;
    }

    public boolean isITSArtifactEnabled() {
        return isSourceSiteEnabled();
    }

    public boolean isITSPostEnabled() {
        return isSourceSiteEnabled();
    }

    public boolean isACSArtifactEnabled() {
        if (isDestinationSiteEnabled()) {
            return this.fsMBean.isDestinationSiteEnabled();
        }
        return false;
    }

    public boolean isACSPostEnabled() {
        if (isDestinationSiteEnabled()) {
            return this.fsMBean.isDestinationSiteEnabled();
        }
        return false;
    }

    public boolean isITSRequiresSSL() {
        return this.fsMBean.isITSRequiresSSL();
    }

    public boolean isACSRequiresSSL() {
        return this.fsMBean.isACSRequiresSSL();
    }

    public boolean isARSRequiresSSL() {
        return this.fsMBean.isARSRequiresSSL();
    }

    public boolean isARSRequiresTwoWaySSL() {
        return this.fsMBean.isARSRequiresTwoWaySSL();
    }

    public boolean isPOSTOneUseCheckEnabled() {
        return this.fsMBean.isPOSTOneUseCheckEnabled();
    }

    public boolean isPOSTRecipientCheckEnabled() {
        return this.fsMBean.isPOSTRecipientCheckEnabled();
    }

    public String getSigningKeyAlias() {
        return this.fsMBean.getSigningKeyAlias();
    }

    public String getSigningKeyPassPhrase() {
        return this.fsMBean.getSigningKeyPassPhrase();
    }

    public String getSSLClientIdentityAlias() {
        return this.fsMBean.getSSLClientIdentityAlias();
    }

    public String getSSLClientIdentityPassPhrase() {
        return this.fsMBean.getSSLClientIdentityPassPhrase();
    }

    public void close() {
        if (this.fsMBean == null || this.listener == null) {
            return;
        }
        this.fsMBean.removeBeanUpdateListener(this.listener);
    }
}
