package org.apache.rahas.impl;

import java.io.StringReader;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axis2.context.MessageContext;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.impl.util.SAMLAttributeCallback;
import org.apache.rahas.impl.util.SAMLCallbackHandler;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLCondition;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;

/* loaded from: input_file:org/apache/rahas/impl/SAMLPassiveTokenIssuer.class */
public class SAMLPassiveTokenIssuer extends SAMLTokenIssuer {
    private SAMLTokenIssuerConfig config = null;
    private RahasData data = null;
    private Element audienceRestriction = null;
    private static final DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();

    public void setConfig(SAMLTokenIssuerConfig sAMLTokenIssuerConfig) {
        this.config = sAMLTokenIssuerConfig;
    }

    public OMElement issuePassiveRSTR(RahasData rahasData) throws TrustException {
        OMElement createRequestSecurityTokenResponseElement;
        try {
            MessageContext inMessageContext = rahasData.getInMessageContext();
            this.data = rahasData;
            DocumentBuilderFactoryImpl.setDOOMRequired(true);
            Element createSOAPEnvelope = TrustUtil.createSOAPEnvelope(inMessageContext.getEnvelope().getNamespace().getNamespaceURI());
            Crypto cryptoFactory = this.config.cryptoElement != null ? CryptoFactory.getInstance(TrustUtil.toProperties(this.config.cryptoElement), inMessageContext.getAxisService().getClassLoader()) : (this.config.cryptoPropertiesElement == null || this.config.cryptoPropertiesElement.getFirstElement() == null) ? CryptoFactory.getInstance(this.config.cryptoPropertiesFile, inMessageContext.getAxisService().getClassLoader()) : CryptoFactory.getInstance(TrustUtil.toProperties(this.config.cryptoPropertiesElement.getFirstElement()), inMessageContext.getAxisService().getClassLoader());
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date.getTime() + this.config.ttl);
            Document ownerDocument = createSOAPEnvelope.getOwnerDocument();
            int keysize = rahasData.getKeysize();
            int i = keysize == -1 ? this.config.keySize : keysize;
            SAMLAssertion createBearerAssertion = createBearerAssertion(this.config, ownerDocument, cryptoFactory, date, date2, rahasData);
            OMElement oMElement = null;
            int version = rahasData.getVersion();
            if (1 == version) {
                createRequestSecurityTokenResponseElement = TrustUtil.createRequestSecurityTokenResponseElement(version, createSOAPEnvelope.getBody());
            } else {
                oMElement = TrustUtil.createRequestSecurityTokenResponseCollectionElement(version, createSOAPEnvelope.getBody());
                createRequestSecurityTokenResponseElement = TrustUtil.createRequestSecurityTokenResponseElement(version, oMElement);
            }
            TrustUtil.createTokenTypeElement(version, createRequestSecurityTokenResponseElement).setText(RahasConstants.TOK_TYPE_SAML_10);
            if (this.config.addRequestedAttachedRef) {
                createAttachedRef(createRequestSecurityTokenResponseElement, createBearerAssertion.getId(), version);
            }
            if (this.config.addRequestedUnattachedRef) {
                createUnattachedRef(createRequestSecurityTokenResponseElement, createBearerAssertion.getId(), version);
            }
            if (rahasData.getAppliesToAddress() != null) {
                TrustUtil.createAppliesToElement(createRequestSecurityTokenResponseElement, rahasData.getAppliesToAddress(), rahasData.getAddressingNs());
            }
            XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
            TrustUtil.createLifetimeElement(version, createRequestSecurityTokenResponseElement, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
            try {
                TrustUtil.createRequestedSecurityTokenElement(version, createRequestSecurityTokenResponseElement).addChild(((Element) createRequestSecurityTokenResponseElement).getOwnerDocument().importNode(createBearerAssertion.toDOM(), true));
                Token token = new Token(createBearerAssertion.getId(), createBearerAssertion.toDOM(), date, date2);
                token.setSecret(rahasData.getEphmeralKey());
                TrustUtil.getTokenStore(inMessageContext).add(token);
                if (oMElement != null) {
                    return oMElement;
                }
                OMElement oMElement2 = createRequestSecurityTokenResponseElement;
                DocumentBuilderFactoryImpl.setDOOMRequired(false);
                return oMElement2;
            } catch (SAMLException e) {
                throw new TrustException("samlConverstionError", (Throwable) e);
            }
        } finally {
            DocumentBuilderFactoryImpl.setDOOMRequired(false);
        }
    }

    protected SAMLAssertion createAuthAssertion(Document document, String str, SAMLNameIdentifier sAMLNameIdentifier, Element element, SAMLTokenIssuerConfig sAMLTokenIssuerConfig, Crypto crypto, Date date, Date date2, String str2) throws TrustException {
        SAMLAttribute[] sAMLAttributeArr;
        try {
            String[] strArr = {str};
            Element element2 = null;
            if (element != null) {
                element2 = document.createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
                ((OMElement) element).declareNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
                ((OMElement) element).declareNamespace("http://www.w3.org/2001/04/xmlenc#", "xenc");
                element2.appendChild(element);
            }
            SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, Arrays.asList(strArr), (Element) null, element2);
            ArrayList arrayList = new ArrayList();
            if (sAMLTokenIssuerConfig.getCallbackHander() != null) {
                SAMLAttributeCallback sAMLAttributeCallback = new SAMLAttributeCallback(this.data);
                sAMLTokenIssuerConfig.getCallbackHander().handle(sAMLAttributeCallback);
                sAMLAttributeArr = sAMLAttributeCallback.getAttributes();
            } else if (sAMLTokenIssuerConfig.getCallbackHandlerName() == null || sAMLTokenIssuerConfig.getCallbackHandlerName().trim().length() <= 0) {
                sAMLAttributeArr = new SAMLAttribute[]{new SAMLAttribute(RahasConstants.LocalNames.NAME_ATTR, "https://rahas.apache.org/saml/attrns", (QName) null, -1L, Arrays.asList("Colombo/Rahas"))};
            } else {
                SAMLAttributeCallback sAMLAttributeCallback2 = new SAMLAttributeCallback(this.data);
                try {
                    try {
                        ((SAMLCallbackHandler) Loader.loadClass(this.data.getInMessageContext().getAxisService().getClassLoader(), sAMLTokenIssuerConfig.getCallbackHandlerName()).newInstance()).handle(sAMLAttributeCallback2);
                        sAMLAttributeArr = sAMLAttributeCallback2.getAttributes();
                    } catch (Exception e) {
                        throw new TrustException("cannotCreatePWCBInstance", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e);
                    }
                } catch (ClassNotFoundException e2) {
                    throw new TrustException("cannotLoadPWCBClass", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e2);
                }
            }
            List asList = Arrays.asList(sAMLAttributeArr);
            if (this.data.getActAs() != null) {
                asList.add(new SAMLAttribute(RahasConstants.LocalNames.ACTAS, "https://rahas.apache.org/saml/attrns", (QName) null, -1L, Arrays.asList(this.data.getActAs())));
            }
            arrayList.add(new SAMLAttributeStatement(sAMLSubject, asList));
            ArrayList arrayList2 = null;
            if (this.audienceRestriction != null) {
                SAMLCondition sAMLCondition = SAMLCondition.getInstance(this.audienceRestriction);
                arrayList2 = new ArrayList();
                arrayList2.add(sAMLCondition);
            }
            SAMLAssertion sAMLAssertion = new SAMLAssertion(sAMLTokenIssuerConfig.issuerName, date, date2, arrayList2, (Collection) null, arrayList);
            X509Certificate[] certificates = crypto.getCertificates(sAMLTokenIssuerConfig.issuerKeyAlias);
            sAMLAssertion.sign(certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1", crypto.getPrivateKey(sAMLTokenIssuerConfig.issuerKeyAlias, sAMLTokenIssuerConfig.issuerKeyPassword), Arrays.asList(certificates));
            return sAMLAssertion;
        } catch (Exception e3) {
            throw new TrustException("samlAssertionCreationError", e3);
        }
    }

    public void setAudienceRestrictionCondition(String str) throws TrustException {
        try {
            this.audienceRestriction = factory.newDocumentBuilder().parse(new InputSource(new StringReader("<saml1:AudienceRestrictionCondition xmlns:saml1=\"urn:oasis:names:tc:SAML:1.0:assertion\"><saml1:Audience>" + str + "</saml1:Audience></saml1:AudienceRestrictionCondition>"))).getDocumentElement();
        } catch (Exception e) {
            throw new TrustException("samlAssertionCreationError");
        }
    }
}
