package weblogic.wsee.security.saml;

import java.io.InputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.rpc.handler.MessageContext;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.kernel.Kernel;
import weblogic.security.UsernameAndPassword;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.jaxrpc.WLStub;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.policy.framework.NormalizedExpression;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.policy.runtime.PolicyFinder;
import weblogic.wsee.policy.runtime.PolicyServer;
import weblogic.wsee.security.util.BSTCredentialProviderUtil;
import weblogic.wsee.security.wst.binding.BinarySecret;
import weblogic.wsee.security.wst.binding.KeySize;
import weblogic.wsee.security.wst.binding.RequestSecurityTokenResponse;
import weblogic.wsee.security.wst.binding.RequestedSecurityToken;
import weblogic.wsee.security.wst.binding.TokenType;
import weblogic.wsee.security.wst.faults.InvalidRequestException;
import weblogic.wsee.security.wst.faults.InvalidScopeException;
import weblogic.wsee.security.wst.faults.RequestFailedException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.framework.TrustSoapClient;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.wsee.security.wst.framework.WSTCredentialProviderHelper;
import weblogic.wsee.security.wst.helpers.BindingHelper;
import weblogic.wsee.security.wst.helpers.EncryptedKeyInfoBuilder;
import weblogic.wsee.security.wst.helpers.SOAPHelper;
import weblogic.wsee.util.StringUtil;
import weblogic.xml.crypto.utils.KeyUtils;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.UsernameTokenImpl;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.dom.DOMUtils;

/* loaded from: input_file:weblogic/wsee/security/saml/SAMLTrustCredentialProvider.class */
public class SAMLTrustCredentialProvider extends AbstractSAMLCredentialProvider {
    private SAMLCredential samlCredential = null;
    private static final Logger LOGGER = Logger.getLogger(SAMLTrustCredentialProvider.class.getName());
    protected static final ContextHandler EMPTY_CONTEXT = new SecurityTokenContextHandler();
    protected static final String[] SAML_VALUE_TYPES = {SAML2Constants.SAML11_TOKEN_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", SAMLConstants.SAML_VALUE_TYPE_2004_01, SAML2Constants.SAML20_TOKEN_TYPE};
    private static String[] specialChars = {"&", "<", ">"};
    private static String[] predEntities = {"&amp;", "&lt;", "&gt;"};

    @Override // weblogic.wsee.security.saml.AbstractSAMLCredentialProvider, weblogic.xml.crypto.wss.provider.CredentialProvider
    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        MessageContext messageContext;
        if (null == this.samlCredential) {
            if (Kernel.isServer() && setActAsLocalSAMLToken(str, str2, contextHandler, purpose) == null) {
                setOnBehalfOfLocalSAMLToken(str, str2, contextHandler, purpose);
            }
            this.samlCredential = getCredentialSTSCSS(str, contextHandler);
            return this.samlCredential;
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "return with saved SAML Credential");
        }
        SecurityTokenContextHandler securityCtxHandler = getSecurityCtxHandler(contextHandler);
        if (securityCtxHandler != null && (messageContext = getMessageContext(securityCtxHandler)) != null) {
            SAMLTokenHandler sAMLTokenHandler = new SAMLTokenHandler();
            SAML2TokenHandler sAML2TokenHandler = new SAML2TokenHandler();
            WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
            if (securityContext != null) {
                securityContext.setTokenHandler(sAMLTokenHandler);
                securityContext.setTokenHandler(sAML2TokenHandler);
            }
        }
        return this.samlCredential;
    }

    private Object getCredentialLocalCSS(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        if ((!purpose.equals(Purpose.IDENTITY) && !purpose.equals(Purpose.SIGN)) || !(contextHandler instanceof SecurityTokenContextHandler)) {
            return null;
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Acquiring SAML credential locally .....");
        }
        SecurityTokenContextHandler securityTokenContextHandler = new SecurityTokenContextHandler();
        Object value = contextHandler.getValue("com.bea.contextelement.saml.CachingRequested");
        if (value != null) {
            securityTokenContextHandler.addContextElement("com.bea.contextelement.saml.CachingRequested", value);
        }
        CSSUtils.processSAMLClaims(false, securityTokenContextHandler, (Node) contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP));
        CSSUtils.setupSAMLContextElements(false, securityTokenContextHandler, contextHandler);
        Object obj = null;
        if (CSSUtils.isHolderOfKey(false, securityTokenContextHandler)) {
            obj = getKeyInfoCredential(str, str2, (SecurityTokenContextHandler) contextHandler, purpose);
        }
        try {
            return CSSUtils.getSAMLCredential(false, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", securityTokenContextHandler, obj);
        } catch (WSSecurityException e) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return null;
            }
            LOGGER.log(Level.FINE, "Exception while acquiring SAML credential", (Throwable) e);
            return null;
        }
    }

    private SAMLCredential getCredentialSTSCSS(String str, ContextHandler contextHandler) {
        MessageContext messageContext;
        SecurityTokenContextHandler securityCtxHandler = getSecurityCtxHandler(contextHandler);
        if (securityCtxHandler == null || (messageContext = getMessageContext(securityCtxHandler)) == null) {
            return null;
        }
        Node node = (Node) contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP);
        CSSUtils.processSAMLClaims(str.equals(SAML2Constants.SAML20_TOKEN_TYPE), securityCtxHandler, node);
        SAMLTokenHandler sAMLTokenHandler = new SAMLTokenHandler();
        SAML2TokenHandler sAML2TokenHandler = new SAML2TokenHandler();
        WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
        if (securityContext != null) {
            securityContext.setTokenHandler(sAMLTokenHandler);
            securityContext.setTokenHandler(sAML2TokenHandler);
        }
        Element firstElement = DOMUtils.getFirstElement(node, SAMLIssuedTokenHelper.ISSUED_TK_POLICY_QNAME);
        WSTContext wSTContext = WSTContext.getWSTContext(messageContext);
        try {
            if (null == firstElement) {
                intWSTContext(str, wSTContext, messageContext, securityCtxHandler);
            } else {
                intWSTContext(str, wSTContext, messageContext, securityCtxHandler, firstElement);
            }
            try {
                return createCredential(new TrustSoapClient(wSTContext), wSTContext, sAMLTokenHandler, str);
            } catch (WSTFaultException e) {
                e.printStackTrace();
                LogUtils.logWss("Could not retrieve SAML token through WS-Trust, WS-Trust fault: " + e.getMessage());
                return null;
            } catch (InvalidRequestException e2) {
                LogUtils.logWss("Could not retrieve SAML token through WS-Trust, request was invalid." + e2.getMessage());
                return null;
            }
        } catch (PolicyException e3) {
            LogUtils.logWss("Could not load policy for SAML STS: " + e3.getMessage());
            return null;
        } catch (WSSecurityException e4) {
            LogUtils.logWss("Could not create OnBehalfOf token: " + e4.getMessage());
            return null;
        }
    }

    private void intWSTContext(String str, WSTContext wSTContext, MessageContext messageContext, SecurityTokenContextHandler securityTokenContextHandler) throws PolicyException, WSSecurityException {
        String str2 = (String) securityTokenContextHandler.getValue(SecurityTokenContextHandler.TRUST_VERSION);
        if (str2 == null) {
            str2 = (String) messageContext.getProperty(SecurityTokenContextHandler.TRUST_VERSION);
        }
        if (str2 == null) {
            str2 = SAMLIssuedTokenHelper.TRUST_VERSOIN_13;
        }
        String str3 = (String) messageContext.getProperty("weblogic.wsee.security.trust_soap_version");
        if (str3 != null) {
            wSTContext.setSoapVersion(str3);
        }
        wSTContext.setAction(SAMLSTSHelper.getAction(str2));
        wSTContext.setTokenType(str);
        wSTContext.setTrustVersion(str2);
        wSTContext.initEndpoints(messageContext);
        String stsUri = wSTContext.getStsUri();
        if (stsUri == null || stsUri.equals(wSTContext.getEndpointUri())) {
            String sTSURIFromConfig = WSTCredentialProviderHelper.getSTSURIFromConfig(securityTokenContextHandler, messageContext, getClass().getName());
            if (sTSURIFromConfig == null) {
                sTSURIFromConfig = wSTContext.getEndpointUri();
            }
            wSTContext.setStsUri(sTSURIFromConfig);
        }
        initPolicy(securityTokenContextHandler, wSTContext, messageContext);
        String str4 = (String) securityTokenContextHandler.getValue("com.bea.contextelement.saml.subject.ConfirmationMethod");
        if (str4 != null) {
            if (str4.contains("bearer")) {
                wSTContext.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
            } else if ("sender-vouches".equals(str4) || "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches".equals(str4)) {
                if (WLStub.POLICY_COMPATIBILITY_METRO.equals(messageContext.getProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE))) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Setting keytype to \"http://schemas.oracle.com/ws/2010/03/securitypolicy/ws-sx/ws-trust/SenderVouches\" ");
                    }
                    wSTContext.setKeyType("http://schemas.oracle.com/ws/2010/03/securitypolicy/ws-sx/ws-trust/SenderVouches");
                }
            } else if (str4.contains("holder-of-key")) {
                wSTContext.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");
            }
        }
        String str5 = (String) messageContext.getProperty("weblogic.wsee.security.trust_key_type");
        if (str5 != null) {
            wSTContext.setKeyType(str5);
        }
        wSTContext.setLifetimePeriod(-1L);
        wSTContext.setKeySize(-1);
        wSTContext.setBinarySecretType("none");
        if (null == setActAsToken(wSTContext, messageContext)) {
            setOnBehalfOfToken(wSTContext, messageContext);
        }
    }

    private void setOnBehalfOfLocalSAMLToken(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        SecurityTokenContextHandler securityCtxHandler;
        MessageContext messageContext;
        Object property;
        if (!Kernel.isServer() || (securityCtxHandler = getSecurityCtxHandler(contextHandler)) == null || (messageContext = getMessageContext(securityCtxHandler)) == null || null == (property = messageContext.getProperty("weblogic.wsee.security.wst_onbehalfof_user")) || !(property instanceof String)) {
            return;
        }
        String str3 = (String) property;
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Getting OnBehalfOf String =" + str3);
        }
        if (isSamlValueType(str3)) {
            Object credentialLocalCSS = getCredentialLocalCSS(str, str2, contextHandler, purpose);
            if (credentialLocalCSS != null) {
                messageContext.setProperty("weblogic.wsee.security.wst_onbehalfof_user", credentialLocalCSS);
            } else {
                messageContext.setProperty("weblogic.wsee.security.wst_onbehalfof_user", (Object) null);
            }
        }
    }

    private Object setActAsLocalSAMLToken(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        SecurityTokenContextHandler securityCtxHandler;
        MessageContext messageContext;
        Object property;
        if (!Kernel.isServer() || (securityCtxHandler = getSecurityCtxHandler(contextHandler)) == null || (messageContext = getMessageContext(securityCtxHandler)) == null || null == (property = messageContext.getProperty("weblogic.wsee.security.wst_act_as"))) {
            return null;
        }
        if (property instanceof String) {
            String str3 = (String) property;
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Getting ActAs String =" + str3);
            }
            if (isSamlValueType(str3)) {
                Object credentialLocalCSS = getCredentialLocalCSS(str, str2, contextHandler, purpose);
                if (credentialLocalCSS != null) {
                    messageContext.setProperty("weblogic.wsee.security.wst_act_as", credentialLocalCSS);
                } else {
                    messageContext.setProperty("weblogic.wsee.security.wst_act_as", (Object) null);
                }
            }
        }
        return property;
    }

    private Object setActAsToken(WSTContext wSTContext, MessageContext messageContext) throws PolicyException, WSSecurityException {
        SecurityToken samlSecurityToken;
        Object property = messageContext.getProperty("weblogic.wsee.security.wst_act_as");
        if (null == property) {
            if (!LOGGER.isLoggable(Level.FINE)) {
                return null;
            }
            LOGGER.log(Level.FINE, "ActAs is not required");
            return null;
        }
        if (property instanceof SAMLCredential) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Setting ActAs from SAMLCredential of" + property.toString());
            }
            wSTContext.setActAsToken(new SAMLTokenImpl(property));
        } else if (property instanceof SecurityToken) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Setting ActAs to SecurityToken of" + property.toString());
            }
            wSTContext.setActAsToken((SecurityToken) property);
        } else if (property instanceof String) {
            String str = (String) property;
            if (isSamlTokenString(str) && null != (samlSecurityToken = getSamlSecurityToken(str))) {
                wSTContext.setActAsToken(samlSecurityToken);
                return property;
            }
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Setting ActAs to Username Token for user " + str);
            }
            UsernameAndPassword usernameAndPassword = new UsernameAndPassword();
            usernameAndPassword.setUsername(str);
            wSTContext.setActAsToken(new UsernameTokenImpl(usernameAndPassword, EMPTY_CONTEXT));
        } else if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "ActAs is not supported for unknown object of =" + property.toString());
        }
        return property;
    }

    private static boolean isSamlTokenString(String str) {
        return (str == null || str.indexOf("Assertion") == -1 || str.indexOf("SAML") == -1) ? false : true;
    }

    private static String decodeSamlXml(String str) {
        if (null == str) {
            return str;
        }
        String str2 = str;
        for (int i = 0; i < predEntities.length; i++) {
            str2 = str2.replaceAll(predEntities[i], specialChars[i]);
        }
        return str2;
    }

    private SecurityToken getSamlSecurityToken(String str) {
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Getting String for SAML [" + str + "]");
        }
        try {
            SAMLCredentialImpl sAMLCredentialImpl = new SAMLCredentialImpl(null, decodeSamlXml(str), null);
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Converted to SAMLCredential [" + sAMLCredentialImpl.toString() + "]");
            }
            return new SAMLTokenImpl(sAMLCredentialImpl);
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private static boolean isSamlValueType(String str) {
        for (int i = 0; i < SAML_VALUE_TYPES.length; i++) {
            if (SAML_VALUE_TYPES[i].equals(str)) {
                return true;
            }
        }
        return false;
    }

    private void setOnBehalfOfToken(WSTContext wSTContext, MessageContext messageContext) throws PolicyException, WSSecurityException {
        SecurityToken samlSecurityToken;
        Object property = messageContext.getProperty("weblogic.wsee.security.wst_onbehalfof_user");
        if (null == property) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "OnBehalfOf is not required");
                return;
            }
            return;
        }
        if (property instanceof SAMLCredential) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Setting OnBehalfOf from SAMLCredential of" + property.toString());
            }
            wSTContext.setOnBehalfOfToken(new SAMLTokenImpl(property));
            return;
        }
        if (property instanceof SecurityToken) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Setting OnBehalfOf to SecurityToken of" + property.toString());
            }
            wSTContext.setOnBehalfOfToken((SecurityToken) property);
            return;
        }
        if (!(property instanceof String)) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "OnBehalfOf is not supported for unknown object of =" + property.toString());
                return;
            }
            return;
        }
        String str = (String) property;
        if (isSamlTokenString(str) && null != (samlSecurityToken = getSamlSecurityToken(str))) {
            wSTContext.setOnBehalfOfToken(samlSecurityToken);
            return;
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Setting OnBehalfOf to Username Token for user " + str);
        }
        UsernameAndPassword usernameAndPassword = new UsernameAndPassword();
        usernameAndPassword.setUsername(str);
        wSTContext.setOnBehalfOfToken(new UsernameTokenImpl(usernameAndPassword, EMPTY_CONTEXT));
    }

    private void intWSTContext(String str, WSTContext wSTContext, MessageContext messageContext, SecurityTokenContextHandler securityTokenContextHandler, Element element) throws PolicyException, WSSecurityException {
        if (null == element) {
            intWSTContext(str, wSTContext, messageContext, securityTokenContextHandler);
            return;
        }
        wSTContext.setIssuedTokenClaims(element);
        messageContext.setProperty("weblogic.wsee.security.trust_claim", element);
        SAMLIssuedTokenHelper sAMLIssuedTokenHelper = new SAMLIssuedTokenHelper(element);
        String trustVersion = sAMLIssuedTokenHelper.getTrustVersion();
        if (trustVersion == null) {
            trustVersion = (String) securityTokenContextHandler.getValue(SecurityTokenContextHandler.TRUST_VERSION);
        }
        if (trustVersion == null) {
            trustVersion = (String) messageContext.getProperty(SecurityTokenContextHandler.TRUST_VERSION);
        }
        if (trustVersion == null) {
            trustVersion = SAMLIssuedTokenHelper.TRUST_VERSOIN_13;
        }
        String str2 = (String) messageContext.getProperty("weblogic.wsee.security.trust_soap_version");
        if (str2 != null) {
            wSTContext.setSoapVersion(str2);
        }
        wSTContext.setAction(SAMLSTSHelper.getAction(trustVersion));
        wSTContext.setTokenType(str);
        wSTContext.setTrustVersion(trustVersion);
        wSTContext.initEndpoints(messageContext);
        if (StringUtil.isEmpty((String) messageContext.getProperty("weblogic.wsee.wst.saml.sts_endpoint_uri"))) {
            String issuerAddressUri = sAMLIssuedTokenHelper.getIssuerAddressUri();
            if (issuerAddressUri != null) {
                wSTContext.setStsUri(issuerAddressUri);
            } else {
                String stsUri = wSTContext.getStsUri();
                if (stsUri == null || stsUri.equals(wSTContext.getEndpointUri())) {
                    String sTSURIFromConfig = WSTCredentialProviderHelper.getSTSURIFromConfig(securityTokenContextHandler, messageContext, getClass().getName());
                    if (sTSURIFromConfig == null) {
                        sTSURIFromConfig = wSTContext.getEndpointUri();
                    }
                    wSTContext.setStsUri(sTSURIFromConfig);
                }
            }
        }
        initPolicy(securityTokenContextHandler, wSTContext, messageContext);
        String keyType = sAMLIssuedTokenHelper.getKeyType();
        if (null == keyType) {
            keyType = (String) messageContext.getProperty("weblogic.wsee.security.trust_key_type");
        }
        if (keyType != null) {
            wSTContext.setKeyType(keyType);
        } else {
            String str3 = (String) securityTokenContextHandler.getValue("com.bea.contextelement.saml.subject.ConfirmationMethod");
            if (str3 != null) {
                if (str3.contains("bearer")) {
                    wSTContext.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
                } else if ("sender-vouches".equals(str3) || "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches".equals(str3)) {
                    if (WLStub.POLICY_COMPATIBILITY_METRO.equals(messageContext.getProperty(WLStub.POLICY_COMPATIBILITY_PREFERENCE))) {
                        if (LOGGER.isLoggable(Level.FINE)) {
                            LOGGER.log(Level.FINE, "Setting keytype to \"http://schemas.oracle.com/ws/2010/03/securitypolicy/ws-sx/ws-trust/SenderVouches\" ");
                        }
                        wSTContext.setKeyType("http://schemas.oracle.com/ws/2010/03/securitypolicy/ws-sx/ws-trust/SenderVouches");
                    }
                } else if (str3.contains("holder-of-key")) {
                    wSTContext.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");
                }
            }
        }
        wSTContext.setLifetimePeriod(-1L);
        wSTContext.setKeySize(sAMLIssuedTokenHelper.getKeySize());
        if (keyType == null || !keyType.endsWith("/SymmetricKey")) {
            wSTContext.setBinarySecretType("none");
        }
        if (null == setActAsToken(wSTContext, messageContext)) {
            setOnBehalfOfToken(wSTContext, messageContext);
        }
    }

    private void initPolicy(SecurityTokenContextHandler securityTokenContextHandler, WSTContext wSTContext, MessageContext messageContext) throws PolicyException {
        NormalizedExpression sTSPolicyFromConfig = WSTCredentialProviderHelper.getSTSPolicyFromConfig(securityTokenContextHandler, messageContext, getClass().getName());
        if (messageContext.getProperty("weblogic.wsee.security.wst_bootstrap_policy") != null) {
            Object property = messageContext.getProperty("weblogic.wsee.security.wst_bootstrap_policy");
            if (property instanceof NormalizedExpression) {
                sTSPolicyFromConfig = (NormalizedExpression) property;
            } else if (property instanceof InputStream) {
                sTSPolicyFromConfig = PolicyFinder.readPolicyFromStream((PolicyServer) null, "SAMLSTSPolicy.xml", (InputStream) messageContext.getProperty("weblogic.wsee.security.wst_bootstrap_policy"), true).normalize();
            }
        }
        if (sTSPolicyFromConfig == null) {
            sTSPolicyFromConfig = SAMLSTSHelper.getTrustBootStrapPolicy(wSTContext.getStsUri().toLowerCase(Locale.ENGLISH).startsWith("https"));
            wSTContext.setWssp(false);
        } else {
            wSTContext.setWssp(true);
        }
        wSTContext.setBootstrapPolicy(sTSPolicyFromConfig);
    }

    public static SAMLCredential createCredential(TrustSoapClient trustSoapClient, WSTContext wSTContext, SecurityTokenHandler securityTokenHandler, String str) throws WSTFaultException {
        RequestSecurityTokenResponse unmarshalRSTRNode;
        Node rSTBaseNode = SOAPHelper.getRSTBaseNode(trustSoapClient.requestTrustToken());
        if ("RequestSecurityTokenResponseCollection".equals(rSTBaseNode.getLocalName())) {
            List requestSecurityTokenResponseCollection = BindingHelper.unmarshalRSTRCNode(rSTBaseNode, securityTokenHandler).getRequestSecurityTokenResponseCollection();
            if (requestSecurityTokenResponseCollection == null || requestSecurityTokenResponseCollection.isEmpty()) {
                throw new WSTFaultException("Empty RequestSecurityTokenResponseCollection.");
            }
            unmarshalRSTRNode = (RequestSecurityTokenResponse) requestSecurityTokenResponseCollection.get(0);
        } else {
            unmarshalRSTRNode = BindingHelper.unmarshalRSTRNode(rSTBaseNode, securityTokenHandler);
        }
        return getCredentialFromRSTR(wSTContext, unmarshalRSTRNode, str);
    }

    protected static SecurityTokenContextHandler getSecurityCtxHandler(ContextHandler contextHandler) {
        if (contextHandler instanceof SecurityTokenContextHandler) {
            return (SecurityTokenContextHandler) contextHandler;
        }
        return null;
    }

    protected static MessageContext getMessageContext(SecurityTokenContextHandler securityTokenContextHandler) {
        WSSecurityContext wSSecurityContext = (WSSecurityContext) securityTokenContextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO);
        if (wSSecurityContext == null) {
            return null;
        }
        return wSSecurityContext.getMessageContext();
    }

    private String getIssueAction(String str) {
        return str + "/Issue";
    }

    static SAMLCredential getFromContext(MessageContext messageContext) {
        if (messageContext == null) {
            return null;
        }
        return (SAMLCredential) messageContext.getProperty(WlMessageContext.SAML_CREDENTIAL);
    }

    static void setToContext(MessageContext messageContext, SAMLCredential sAMLCredential) {
        if (messageContext != null) {
            messageContext.setProperty(WlMessageContext.SAML_CREDENTIAL, sAMLCredential);
            Map map = (Map) messageContext.getProperty(WLStub.INVOKE_PROPERTIES);
            if (map != null) {
                map.put(WlMessageContext.SAML_CREDENTIAL, sAMLCredential);
            }
        }
    }

    private static SAMLCredential getCredentialFromRSTR(WSTContext wSTContext, RequestSecurityTokenResponse requestSecurityTokenResponse, String str) throws WSTFaultException {
        TokenType tokenType = requestSecurityTokenResponse.getTokenType();
        if (tokenType != null && !tokenType.getTokenType().equals(str)) {
            throw new RequestFailedException("Unexpected token type in RSTR: " + tokenType.getTokenType());
        }
        RequestedSecurityToken requestedSecurityToken = requestSecurityTokenResponse.getRequestedSecurityToken();
        if (requestedSecurityToken == null) {
            throw new RequestFailedException("RequestedSecurityToken must be specified");
        }
        SecurityToken securityToken = requestedSecurityToken.getSecurityToken();
        if (!(securityToken instanceof SAMLToken)) {
            throw new RequestFailedException(securityToken.getValueType() + " is not a SAML token.");
        }
        LogUtils.logWss("From  RequestedSecurityToken, got SAML Token = " + securityToken.toString() + " id =" + securityToken.getId());
        SAMLCredential sAMLCredential = (SAMLCredential) ((SAMLToken) securityToken).getCredential();
        if (sAMLCredential.isHolderOfKey()) {
            if (SAMLUtils.isSymmetricKeyType(wSTContext.getKeyType())) {
                if (null != wSTContext.getSymmetricKey()) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Setting Symmetric Key from Entropy");
                    }
                    sAMLCredential.setSymmetircKey(wSTContext.getSymmetricKey());
                } else {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Getting Symmetric Key from RSTR");
                    }
                    sAMLCredential.setSymmetircKey(getSymmetricKeyFromRstr(requestSecurityTokenResponse, wSTContext));
                }
            } else if (sAMLCredential.getPrivateKey() == null) {
                X509Certificate x509Cert = sAMLCredential.getX509Cert();
                if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "setting key for SAML HofK for cert =" + x509Cert.toString());
                }
                sAMLCredential.setPrivateKey(BSTCredentialProviderUtil.findX509Credential(wSTContext.getMessageContext(), x509Cert).getPrivateKey());
            }
        }
        return sAMLCredential;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v35, types: [java.security.Key] */
    private static Key getSymmetricKeyFromRstr(RequestSecurityTokenResponse requestSecurityTokenResponse, WSTContext wSTContext) throws RequestFailedException, InvalidScopeException {
        SecretKeySpec secretKeySpec;
        if (requestSecurityTokenResponse.getRequestedProofToken() == null) {
            throw new RequestFailedException("RequestedProofToken must be specified");
        }
        try {
            try {
                BinarySecret binarySecret = getBinarySecret(requestSecurityTokenResponse);
                String type = binarySecret.getType();
                if (type != null && type.endsWith("/Nonce")) {
                    String symmetricKeyAlgorithm = wSTContext.getSymmetricKeyAlgorithm();
                    if (symmetricKeyAlgorithm == null) {
                        symmetricKeyAlgorithm = "AES";
                    }
                    int keySize = wSTContext.getKeySize();
                    KeySize keySize2 = requestSecurityTokenResponse.getKeySize();
                    if (keySize2 != null) {
                        keySize = keySize2.getSize();
                    }
                    secretKeySpec = KeyUtils.generateKey(wSTContext.getRstNonce(), binarySecret.getValue(), symmetricKeyAlgorithm, keySize);
                } else {
                    if (type == null || !type.endsWith("/SymmetricKey")) {
                        throw new RequestFailedException("Not yet supported BinarySecret type: " + type);
                    }
                    String symmetricKeyAlgorithm2 = wSTContext.getSymmetricKeyAlgorithm();
                    if (symmetricKeyAlgorithm2 == null) {
                        symmetricKeyAlgorithm2 = "AES";
                    }
                    secretKeySpec = new SecretKeySpec(binarySecret.getValue(), symmetricKeyAlgorithm2);
                }
                EncryptedKeyInfoBuilder.debugKey(secretKeySpec, "Key got from RSTR BinarySecret");
                return secretKeySpec;
            } catch (InvalidKeyException e) {
                throw new RequestFailedException("Unable to compute key from entropies");
            } catch (NoSuchAlgorithmException e2) {
                throw new RequestFailedException("Unable to compute key from entropies");
            }
        } catch (Exception e3) {
            throw new InvalidScopeException(e3.getMessage());
        }
    }

    private static BinarySecret getBinarySecret(RequestSecurityTokenResponse requestSecurityTokenResponse) throws RequestFailedException {
        if (null != requestSecurityTokenResponse.getEntropy()) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Getting BinarySecret from Entropy");
            }
            return requestSecurityTokenResponse.getEntropy().getBinarySecret();
        }
        if (null != requestSecurityTokenResponse.getRequestedProofToken()) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Getting BinarySecret from RequestedProofToken");
            }
            return requestSecurityTokenResponse.getRequestedProofToken().getBinarySecret();
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "BinarySecret not found from either Entropy or  RequestedProofToken");
        }
        throw new RequestFailedException("BinarySecret is expected in Entropy or RequestedProofToken");
    }

    @Override // weblogic.wsee.security.saml.AbstractSAMLCredentialProvider, weblogic.xml.crypto.wss.provider.CredentialProvider
    public String[] getValueTypes() {
        return SAML_VALUE_TYPES;
    }
}
