package com.bea.security.saml2.config.impl;

import com.bea.common.logger.spi.LoggerSpi;
import com.bea.common.security.legacy.spi.LegacyEncryptorSpi;
import com.bea.common.security.saml2.SingleSignOnServicesConfigSpi;
import com.bea.common.security.service.AuditService;
import com.bea.common.security.service.CredentialMappingService;
import com.bea.common.security.service.IdentityAssertionService;
import com.bea.common.security.service.IdentityService;
import com.bea.common.security.service.LoginSessionService;
import com.bea.common.security.service.SAMLKeyInfoSpi;
import com.bea.common.security.service.SAMLKeyService;
import com.bea.common.security.utils.CSSPlatformProxy;
import com.bea.common.store.service.StoreService;
import com.bea.security.saml2.Saml2Logger;
import com.bea.security.saml2.artifact.ArtifactResolver;
import com.bea.security.saml2.artifact.ArtifactStore;
import com.bea.security.saml2.artifact.SAML2ArtifactException;
import com.bea.security.saml2.artifact.impl.ArtifactResolverJSSEImpl;
import com.bea.security.saml2.artifact.impl.ArtifactResolverWLSImpl;
import com.bea.security.saml2.artifact.impl.ArtifactStoreImpl;
import com.bea.security.saml2.binding.BindingHandlerFactory;
import com.bea.security.saml2.config.SAML2ConfigSpi;
import com.bea.security.saml2.registry.PartnerManager;
import com.bea.security.saml2.service.ServiceFactory;
import com.bea.security.saml2.util.key.KeyManagerException;
import com.bea.security.saml2.util.key.SAML2KeyManager;
import weblogic.descriptor.BeanUpdateEvent;
import weblogic.descriptor.BeanUpdateFailedException;
import weblogic.descriptor.BeanUpdateListener;
import weblogic.descriptor.BeanUpdateRejectedException;
import weblogic.descriptor.DescriptorBean;

/* loaded from: input_file:com/bea/security/saml2/config/impl/SAML2ConfigSpiImpl.class */
public class SAML2ConfigSpiImpl implements SAML2ConfigSpi, BeanUpdateListener {
    private String domainName;
    private String realmName;
    private LoggerSpi logger;
    private CredentialMappingService cmService;
    private Object cmProvider;
    private IdentityAssertionService iaService;
    private Object iaProvider;
    private LoginSessionService sessionService;
    private StoreService storeService;
    private AuditService auditService;
    private IdentityService identityService;
    private SAMLKeyService keyService;
    private SingleSignOnServicesConfigSpi localConfig;
    private ArtifactStore artifactStore;
    private ServiceFactory serviceFactory;
    private PartnerManager partnerManager;
    private BindingHandlerFactory bindingHandlerFactory;
    private LegacyEncryptorSpi encryptSpi;
    private SAML2KeyManager saml2KeyManager;
    private DescriptorBean mBean;
    private static String TMP_KEY_NAME = "SAML2_TMP_VALIDATE_KEY";

    /* loaded from: input_file:com/bea/security/saml2/config/impl/SAML2ConfigSpiImpl$SingleSignOnServicesConfigSpiImpl.class */
    private static class SingleSignOnServicesConfigSpiImpl implements SingleSignOnServicesConfigSpi {
        private int artifactMaxCacheSize;
        private int artifactTimeout;
        private int authnRequestMaxCacheSize;
        private int authnRequestTimeout;
        private String basicAuthPassword;
        private String contactPersonSurName;
        private String contactPersonGivenName;
        private String contactPersonEmailAddress;
        private String contactPersonCompany;
        private String basicAuthUsername;
        private byte[] basicAuthPasswordEncrypted;
        private String contactPersonTelephoneNumber;
        private String contactPersonType;
        private String defaultURL;
        private String entityID;
        private String errorPath;
        private String identityProviderPreferredBinding;
        private String loginReturnQueryParameter;
        private String loginURL;
        private String organizationName;
        private String organizationURL;
        private String publishedSiteURL;
        private String ssoSigningKeyAlias;
        private String ssoSigningKeyPassPhrase;
        private byte[] ssoSigningKeyPassPhraseEncrypted;
        private String serviceProviderPreferredBinding;
        private String transportLayerSecurityKeyAlias;
        private String transportLayerSecurityKeyPassPhrase;
        private byte[] transportLayerSecurityKeyPassPhraseEncrypted;
        private boolean forceAuthn;
        private boolean identityProviderArtifactBindingEnabled;
        private boolean identityProviderEnabled;
        private boolean identityProviderPOSTBindingEnabled;
        private boolean identityProviderRedirectBindingEnabled;
        private boolean postOneUseCheckEnabled;
        private boolean recipientCheckEnabled;
        private boolean passive;
        private boolean serviceProviderEnabled;
        private boolean serviceProviderArtifactBindingEnabled;
        private boolean signAuthnRequests;
        private boolean serviceProviderPOSTBindingEnabled;
        private boolean wantArtifactRequestsSigned;
        private boolean wantAssertionsSigned;
        private boolean wantAuthnRequestsSigned;
        private boolean wantBasicAuthClientAuthentication;
        private boolean wantTransportLayerSecurityClientAuthentication;
        private boolean useReplicatedCache;

        public SingleSignOnServicesConfigSpiImpl(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) {
            updateConfig(singleSignOnServicesConfigSpi);
        }

        public void updateConfig(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) {
            this.artifactMaxCacheSize = singleSignOnServicesConfigSpi.getArtifactMaxCacheSize();
            this.artifactTimeout = singleSignOnServicesConfigSpi.getArtifactTimeout();
            this.authnRequestMaxCacheSize = singleSignOnServicesConfigSpi.getAuthnRequestMaxCacheSize();
            this.authnRequestTimeout = singleSignOnServicesConfigSpi.getAuthnRequestTimeout();
            this.basicAuthPassword = singleSignOnServicesConfigSpi.getBasicAuthPassword();
            this.basicAuthPasswordEncrypted = singleSignOnServicesConfigSpi.getBasicAuthPasswordEncrypted();
            this.basicAuthUsername = singleSignOnServicesConfigSpi.getBasicAuthUsername();
            this.contactPersonCompany = singleSignOnServicesConfigSpi.getContactPersonCompany();
            this.contactPersonEmailAddress = singleSignOnServicesConfigSpi.getContactPersonEmailAddress();
            this.contactPersonGivenName = singleSignOnServicesConfigSpi.getContactPersonGivenName();
            this.contactPersonSurName = singleSignOnServicesConfigSpi.getContactPersonSurName();
            this.contactPersonTelephoneNumber = singleSignOnServicesConfigSpi.getContactPersonTelephoneNumber();
            this.contactPersonType = singleSignOnServicesConfigSpi.getContactPersonType();
            this.defaultURL = singleSignOnServicesConfigSpi.getDefaultURL();
            this.entityID = singleSignOnServicesConfigSpi.getEntityID();
            this.errorPath = singleSignOnServicesConfigSpi.getErrorPath();
            this.forceAuthn = singleSignOnServicesConfigSpi.isForceAuthn();
            this.identityProviderArtifactBindingEnabled = singleSignOnServicesConfigSpi.isIdentityProviderArtifactBindingEnabled();
            this.identityProviderEnabled = singleSignOnServicesConfigSpi.isIdentityProviderEnabled();
            this.identityProviderPOSTBindingEnabled = singleSignOnServicesConfigSpi.isIdentityProviderPOSTBindingEnabled();
            this.identityProviderPreferredBinding = singleSignOnServicesConfigSpi.getIdentityProviderPreferredBinding();
            this.identityProviderRedirectBindingEnabled = singleSignOnServicesConfigSpi.isIdentityProviderRedirectBindingEnabled();
            this.loginReturnQueryParameter = singleSignOnServicesConfigSpi.getLoginReturnQueryParameter();
            this.loginURL = singleSignOnServicesConfigSpi.getLoginURL();
            this.organizationName = singleSignOnServicesConfigSpi.getOrganizationName();
            this.organizationURL = singleSignOnServicesConfigSpi.getOrganizationURL();
            this.passive = singleSignOnServicesConfigSpi.isPassive();
            this.postOneUseCheckEnabled = singleSignOnServicesConfigSpi.isPOSTOneUseCheckEnabled();
            this.publishedSiteURL = singleSignOnServicesConfigSpi.getPublishedSiteURL();
            this.recipientCheckEnabled = singleSignOnServicesConfigSpi.isRecipientCheckEnabled();
            this.serviceProviderArtifactBindingEnabled = singleSignOnServicesConfigSpi.isServiceProviderArtifactBindingEnabled();
            this.serviceProviderEnabled = singleSignOnServicesConfigSpi.isServiceProviderEnabled();
            this.serviceProviderPOSTBindingEnabled = singleSignOnServicesConfigSpi.isServiceProviderPOSTBindingEnabled();
            this.serviceProviderPreferredBinding = singleSignOnServicesConfigSpi.getServiceProviderPreferredBinding();
            this.signAuthnRequests = singleSignOnServicesConfigSpi.isSignAuthnRequests();
            this.ssoSigningKeyAlias = singleSignOnServicesConfigSpi.getSSOSigningKeyAlias();
            this.ssoSigningKeyPassPhrase = singleSignOnServicesConfigSpi.getSSOSigningKeyPassPhrase();
            this.ssoSigningKeyPassPhraseEncrypted = singleSignOnServicesConfigSpi.getSSOSigningKeyPassPhraseEncrypted();
            this.transportLayerSecurityKeyAlias = singleSignOnServicesConfigSpi.getTransportLayerSecurityKeyAlias();
            this.transportLayerSecurityKeyPassPhrase = singleSignOnServicesConfigSpi.getTransportLayerSecurityKeyPassPhrase();
            this.transportLayerSecurityKeyPassPhraseEncrypted = singleSignOnServicesConfigSpi.getTransportLayerSecurityKeyPassPhraseEncrypted();
            this.wantArtifactRequestsSigned = singleSignOnServicesConfigSpi.isWantArtifactRequestsSigned();
            this.wantAssertionsSigned = singleSignOnServicesConfigSpi.isWantAssertionsSigned();
            this.wantAuthnRequestsSigned = singleSignOnServicesConfigSpi.isWantAuthnRequestsSigned();
            this.wantBasicAuthClientAuthentication = singleSignOnServicesConfigSpi.isWantBasicAuthClientAuthentication();
            this.wantTransportLayerSecurityClientAuthentication = singleSignOnServicesConfigSpi.isWantTransportLayerSecurityClientAuthentication();
            this.useReplicatedCache = singleSignOnServicesConfigSpi.isReplicatedCacheEnabled();
        }

        public int getArtifactMaxCacheSize() {
            return this.artifactMaxCacheSize;
        }

        public int getArtifactTimeout() {
            return this.artifactTimeout;
        }

        public int getAuthnRequestMaxCacheSize() {
            return this.authnRequestMaxCacheSize;
        }

        public int getAuthnRequestTimeout() {
            return this.authnRequestTimeout;
        }

        public String getBasicAuthPassword() {
            return this.basicAuthPassword;
        }

        public byte[] getBasicAuthPasswordEncrypted() {
            return this.basicAuthPasswordEncrypted;
        }

        public String getBasicAuthUsername() {
            return this.basicAuthUsername;
        }

        public String getContactPersonCompany() {
            return this.contactPersonCompany;
        }

        public String getContactPersonEmailAddress() {
            return this.contactPersonEmailAddress;
        }

        public String getContactPersonGivenName() {
            return this.contactPersonGivenName;
        }

        public String getContactPersonSurName() {
            return this.contactPersonSurName;
        }

        public String getContactPersonTelephoneNumber() {
            return this.contactPersonTelephoneNumber;
        }

        public String getContactPersonType() {
            return this.contactPersonType;
        }

        public String getDefaultURL() {
            return this.defaultURL;
        }

        public String getEntityID() {
            return this.entityID;
        }

        public String getErrorPath() {
            return this.errorPath;
        }

        public String getIdentityProviderPreferredBinding() {
            return this.identityProviderPreferredBinding;
        }

        public String getLoginReturnQueryParameter() {
            return this.loginReturnQueryParameter;
        }

        public String getLoginURL() {
            return this.loginURL;
        }

        public String getOrganizationName() {
            return this.organizationName;
        }

        public String getOrganizationURL() {
            return this.organizationURL;
        }

        public String getPublishedSiteURL() {
            return this.publishedSiteURL;
        }

        public String getSSOSigningKeyAlias() {
            return this.ssoSigningKeyAlias;
        }

        public String getSSOSigningKeyPassPhrase() {
            return this.ssoSigningKeyPassPhrase;
        }

        public byte[] getSSOSigningKeyPassPhraseEncrypted() {
            return this.ssoSigningKeyPassPhraseEncrypted;
        }

        public String getServiceProviderPreferredBinding() {
            return this.serviceProviderPreferredBinding;
        }

        public String getTransportLayerSecurityKeyAlias() {
            return this.transportLayerSecurityKeyAlias;
        }

        public String getTransportLayerSecurityKeyPassPhrase() {
            return this.transportLayerSecurityKeyPassPhrase;
        }

        public byte[] getTransportLayerSecurityKeyPassPhraseEncrypted() {
            return this.transportLayerSecurityKeyPassPhraseEncrypted;
        }

        public boolean isForceAuthn() {
            return this.forceAuthn;
        }

        public boolean isIdentityProviderArtifactBindingEnabled() {
            return this.identityProviderArtifactBindingEnabled;
        }

        public boolean isIdentityProviderEnabled() {
            return this.identityProviderEnabled;
        }

        public boolean isIdentityProviderPOSTBindingEnabled() {
            return this.identityProviderPOSTBindingEnabled;
        }

        public boolean isIdentityProviderRedirectBindingEnabled() {
            return this.identityProviderRedirectBindingEnabled;
        }

        public boolean isPOSTOneUseCheckEnabled() {
            return this.postOneUseCheckEnabled;
        }

        public boolean isPassive() {
            return this.passive;
        }

        public boolean isRecipientCheckEnabled() {
            return this.recipientCheckEnabled;
        }

        public boolean isServiceProviderArtifactBindingEnabled() {
            return this.serviceProviderArtifactBindingEnabled;
        }

        public boolean isServiceProviderEnabled() {
            return this.serviceProviderEnabled;
        }

        public boolean isServiceProviderPOSTBindingEnabled() {
            return this.serviceProviderPOSTBindingEnabled;
        }

        public boolean isSignAuthnRequests() {
            return this.signAuthnRequests;
        }

        public boolean isWantArtifactRequestsSigned() {
            return this.wantArtifactRequestsSigned;
        }

        public boolean isWantAssertionsSigned() {
            return this.wantAssertionsSigned;
        }

        public boolean isWantAuthnRequestsSigned() {
            return this.wantAuthnRequestsSigned;
        }

        public boolean isWantBasicAuthClientAuthentication() {
            return this.wantBasicAuthClientAuthentication;
        }

        public boolean isWantTransportLayerSecurityClientAuthentication() {
            return this.wantTransportLayerSecurityClientAuthentication;
        }

        public boolean isReplicatedCacheEnabled() {
            return this.useReplicatedCache;
        }
    }

    public SAML2ConfigSpiImpl(LoggerSpi loggerSpi, CredentialMappingService credentialMappingService, Object obj, IdentityAssertionService identityAssertionService, Object obj2, LoginSessionService loginSessionService, StoreService storeService, AuditService auditService, IdentityService identityService, SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi, SAMLKeyService sAMLKeyService) {
        this.mBean = null;
        this.logger = loggerSpi;
        this.cmService = credentialMappingService;
        this.cmProvider = obj;
        this.iaService = identityAssertionService;
        this.iaProvider = obj2;
        this.sessionService = loginSessionService;
        this.storeService = storeService;
        this.auditService = auditService;
        this.identityService = identityService;
        this.localConfig = new SingleSignOnServicesConfigSpiImpl(singleSignOnServicesConfigSpi);
        this.keyService = sAMLKeyService;
        if (singleSignOnServicesConfigSpi instanceof DescriptorBean) {
            this.mBean = (DescriptorBean) singleSignOnServicesConfigSpi;
            this.mBean.addBeanUpdateListener(this);
        }
    }

    public void close() {
        if (this.mBean != null) {
            this.mBean.removeBeanUpdateListener(this);
        }
        if (this.serviceFactory != null) {
            this.serviceFactory.updateConfig(null);
        }
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public LoggerSpi getLogger() {
        return this.logger;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public CredentialMappingService getCredentialMappingService() {
        return this.cmService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public Object getSAML2CredentialMapperMBean() {
        return this.cmProvider;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public IdentityAssertionService getIdentityAssertionService() {
        return this.iaService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public Object getSAML2IdentityAsserterMBean() {
        return this.iaProvider;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public LoginSessionService getSessionService() {
        return this.sessionService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public IdentityService getIdentityService() {
        return this.identityService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public StoreService getStoreService() {
        return this.storeService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public AuditService getAuditService() {
        return this.auditService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public SAMLKeyService getSAMLKeyService() {
        return this.keyService;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public synchronized SingleSignOnServicesConfigSpi getLocalConfiguration() {
        return this.localConfig;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public ArtifactStore getArtifactStore() {
        if (this.artifactStore == null) {
            synchronized (this) {
                if (this.artifactStore == null) {
                    this.artifactStore = new ArtifactStoreImpl(this);
                }
            }
        }
        return this.artifactStore;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public synchronized ArtifactResolver getArtifactResolver() {
        return CSSPlatformProxy.getInstance().isOnWLS() ? new ArtifactResolverWLSImpl(this) : new ArtifactResolverJSSEImpl(this);
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public PartnerManager getPartnerManager() {
        if (this.partnerManager == null) {
            synchronized (this) {
                if (this.partnerManager == null) {
                    this.partnerManager = PartnerManager.newInstance(this);
                }
            }
        }
        return this.partnerManager;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public ServiceFactory getServiceFactory() {
        if (this.serviceFactory == null) {
            synchronized (this) {
                if (this.serviceFactory == null) {
                    this.serviceFactory = ServiceFactory.newServiceFactory(this);
                }
            }
        }
        return this.serviceFactory;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public BindingHandlerFactory getBindingHandlerFactory() {
        if (this.bindingHandlerFactory == null) {
            synchronized (this) {
                if (this.bindingHandlerFactory == null) {
                    this.bindingHandlerFactory = new BindingHandlerFactory(this);
                }
            }
        }
        return this.bindingHandlerFactory;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public String getRealmName() {
        return this.realmName;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public String getDomainName() {
        return this.domainName;
    }

    public void setRealmName(String str) {
        this.realmName = str;
    }

    public void setDomainName(String str) {
        this.domainName = str;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public LegacyEncryptorSpi getEncryptSpi() {
        return this.encryptSpi;
    }

    public void setEncryptSpi(LegacyEncryptorSpi legacyEncryptorSpi) {
        this.encryptSpi = legacyEncryptorSpi;
    }

    public synchronized void setSAML2KeyManager(SAML2KeyManager sAML2KeyManager) {
        this.saml2KeyManager = sAML2KeyManager;
    }

    @Override // com.bea.security.saml2.config.SAML2ConfigSpi
    public synchronized SAML2KeyManager getSAML2KeyManager() {
        return this.saml2KeyManager;
    }

    public synchronized void activateUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateFailedException {
        ((SingleSignOnServicesConfigSpiImpl) this.localConfig).updateConfig((SingleSignOnServicesConfigSpi) beanUpdateEvent.getProposedBean());
        try {
            this.saml2KeyManager = new SAML2KeyManager(this);
            if (this.artifactStore != null) {
                try {
                    this.artifactStore.updateConfig(getLocalConfiguration().getArtifactMaxCacheSize(), getLocalConfiguration().getArtifactTimeout());
                } catch (SAML2ArtifactException e) {
                    e.printStackTrace();
                }
                this.artifactStore = null;
            }
            this.partnerManager = null;
            if (this.serviceFactory != null) {
                this.serviceFactory.updateConfig(this);
            }
            this.bindingHandlerFactory = null;
        } catch (KeyManagerException e2) {
            throw new BeanUpdateFailedException(e2.getMessage());
        }
    }

    public void prepareUpdate(BeanUpdateEvent beanUpdateEvent) throws BeanUpdateRejectedException {
        checkLocalConfig((SingleSignOnServicesConfigSpi) beanUpdateEvent.getProposedBean());
    }

    public synchronized void rollbackUpdate(BeanUpdateEvent beanUpdateEvent) {
        ((SingleSignOnServicesConfigSpiImpl) this.localConfig).updateConfig((SingleSignOnServicesConfigSpi) beanUpdateEvent.getSourceBean());
        try {
            this.saml2KeyManager = new SAML2KeyManager(this);
        } catch (KeyManagerException e) {
            throw new RuntimeException(e.getMessage());
        }
    }

    private void checkLocalConfig(SingleSignOnServicesConfigSpi singleSignOnServicesConfigSpi) throws BeanUpdateRejectedException {
        checkKeyManagerConfig(singleSignOnServicesConfigSpi.getSSOSigningKeyPassPhrase(), singleSignOnServicesConfigSpi.getSSOSigningKeyAlias());
        checkKeyManagerConfig(singleSignOnServicesConfigSpi.getTransportLayerSecurityKeyPassPhrase(), singleSignOnServicesConfigSpi.getTransportLayerSecurityKeyAlias());
    }

    private void checkKeyManagerConfig(String str, String str2) throws BeanUpdateRejectedException {
        char[] cArr = null;
        if (str != null) {
            cArr = str.toCharArray();
        }
        if (str2 == null || str2.trim().length() == 0 || cArr == null || cArr.length == 0) {
            return;
        }
        SAMLKeyInfoSpi keyInfo = this.keyService.getKeyInfo(TMP_KEY_NAME, str2, cArr);
        if (keyInfo == null || !keyInfo.isValid()) {
            throw new BeanUpdateRejectedException(Saml2Logger.getInvalidKeyInfo());
        }
    }
}
