package org.wso2.carbon.identity.sts;

import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.util.UUIDGenerator;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.rahas.Token;
import org.apache.rahas.TokenIssuer;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.keys.KeyInfo;
import org.joda.time.DateTime;
import org.opensaml.SAMLException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.wso2.carbon.identity.base.IdentityException;
import org.wso2.carbon.identity.core.admin.ParameterAdmin;
import org.wso2.carbon.identity.provider.GenericIdentityProviderData;
import org.wso2.carbon.identity.provider.IdentityProviderException;
import org.wso2.carbon.identity.provider.saml.SAML1TokenBuilder;
import org.wso2.carbon.identity.provider.saml.SAML2TokenBuilder;
import org.wso2.carbon.identity.provider.saml.SAMLTokenDirector;

/* loaded from: input_file:org/wso2/carbon/identity/sts/GenericTokenIssuer.class */
public class GenericTokenIssuer implements TokenIssuer {
    private static final String WSS_SAML_NS = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#";
    protected GenericIdentityProviderData ipData = null;
    public static final String ISSUER_SELF = "http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";
    private boolean isTokenLogDebug;
    private static Log log = LogFactory.getLog(IdentityTokenIssuer.class);
    private static Log tokenIssuerLog = LogFactory.getLog("org.wso2.solutions.identity.token");

    public GenericTokenIssuer() {
        this.isTokenLogDebug = false;
        this.isTokenLogDebug = tokenIssuerLog.isDebugEnabled();
    }

    public String getResponseAction(RahasData rahasData) throws TrustException {
        return "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue";
    }

    public void setConfigurationElement(OMElement oMElement) {
    }

    public void setConfigurationFile(String str) {
    }

    public void setConfigurationParamName(String str) {
    }

    public SOAPEnvelope issue(RahasData rahasData) throws TrustException {
        try {
            try {
                if (log.isDebugEnabled()) {
                    log.debug("Request: \n" + rahasData.getRstElement().toString() + "\n\n");
                }
                this.ipData = mo3getIdentityProviderData(rahasData);
                if (this.isTokenLogDebug) {
                    tokenIssuerLog.debug("validInfoCard");
                }
                SOAPEnvelope createResponse = createResponse(rahasData);
                log.info("Issued token");
                return createResponse;
            } catch (Exception e) {
                throw new TrustException("RequestFailed", e);
            }
        } catch (Throwable th) {
            log.info("Issued token");
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SOAPEnvelope createResponse(RahasData rahasData) throws TrustException {
        WSSecEncryptedKey wSSecEncryptedKey = null;
        try {
            Element createSOAPEnvelope = TrustUtil.createSOAPEnvelope(rahasData.getInMessageContext().getEnvelope().getNamespace().getNamespaceURI());
            Document ownerDocument = createSOAPEnvelope.getOwnerDocument();
            X509Certificate rpCert = this.ipData.getRpCert();
            if (rpCert != null) {
                wSSecEncryptedKey = new WSSecEncryptedKey();
                wSSecEncryptedKey.setUseThisCert(rpCert);
                wSSecEncryptedKey.setKeySize(256);
                wSSecEncryptedKey.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
                wSSecEncryptedKey.setKeyIdentifierType(8);
                wSSecEncryptedKey.prepare(ownerDocument, (Crypto) null);
                OMElement encryptedKeyElement = wSSecEncryptedKey.getEncryptedKeyElement();
                Element createElementNS = ownerDocument.createElementNS("http://www.w3.org/2000/09/xmldsig#", "KeyInfo");
                encryptedKeyElement.declareNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
                encryptedKeyElement.declareNamespace("http://www.w3.org/2001/04/xmlenc#", "xenc");
                createElementNS.appendChild(encryptedKeyElement);
            }
            if (!checkIsValidTokenType(this.ipData)) {
                throw new IdentityProviderException("invalidTokenType");
            }
            DateTime dateTime = new DateTime();
            DateTime dateTime2 = new DateTime(dateTime.getMillis() + 300000);
            String uuid = UUIDGenerator.getUUID();
            if (this.isTokenLogDebug) {
                tokenIssuerLog.debug("startSAMLTokenCreation");
            }
            Element createSAMLAssertionAsDOM = createSAMLAssertionAsDOM(this.ipData, rahasData, dateTime, dateTime2, uuid);
            if (this.isTokenLogDebug) {
                tokenIssuerLog.debug("finishSAMLTokenCreation");
            }
            OMElement createRSTR = createRSTR(rahasData, dateTime.toDate(), dateTime2.toDate(), createSOAPEnvelope, ownerDocument, createSAMLAssertionAsDOM, uuid, wSSecEncryptedKey);
            if (this.isTokenLogDebug) {
                tokenIssuerLog.debug("RSTRCreationDone");
            }
            if (log.isDebugEnabled()) {
                log.debug("Response created");
                log.debug("Response body : \n" + createRSTR.toString() + "\n\n");
            }
            return createSOAPEnvelope;
        } catch (Exception e) {
            log.error(e.getMessage());
            throw new TrustException("RequestFailed", e);
        }
    }

    protected OMElement createRSTR(RahasData rahasData, Date date, Date date2, SOAPEnvelope sOAPEnvelope, Document document, Node node, String str, WSSecEncryptedKey wSSecEncryptedKey) throws TrustException, SAMLException, IdentityProviderException {
        if (log.isDebugEnabled()) {
            log.debug("Begin RSTR Element creation.");
        }
        int version = rahasData.getVersion();
        MessageContext inMessageContext = rahasData.getInMessageContext();
        OMElement createRequestSecurityTokenResponseElement = TrustUtil.createRequestSecurityTokenResponseElement(version, sOAPEnvelope.getBody());
        TrustUtil.createTokenTypeElement(version, createRequestSecurityTokenResponseElement).setText(rahasData.getTokenType());
        createDisplayToken(createRequestSecurityTokenResponseElement, this.ipData);
        if (wSSecEncryptedKey != null) {
            int keysize = rahasData.getKeysize();
            if (keysize == -1) {
                keysize = wSSecEncryptedKey.getEphemeralKey().length * 8;
            }
            TrustUtil.createKeySizeElement(version, createRequestSecurityTokenResponseElement, keysize);
            try {
                createRequestSecurityTokenResponseElement.getOMFactory().createOMElement(new QName("http://schemas.xmlsoap.org/ws/2004/09/policy", "AppliesTo", "wsp"), createRequestSecurityTokenResponseElement).addChild(document.importNode(DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new ByteArrayInputStream(rahasData.getAppliesToEpr().toString().getBytes())).getDocumentElement(), true));
            } catch (Exception e) {
                throw new TrustException("RequestFailed", e);
            }
        }
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        TrustUtil.createLifetimeElement(version, createRequestSecurityTokenResponseElement, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
        OMElement createRequestedSecurityTokenElement = TrustUtil.createRequestedSecurityTokenElement(version, createRequestSecurityTokenResponseElement);
        OMNode importNode = document.importNode(node, true);
        createRequestedSecurityTokenElement.addChild(importNode);
        if (log.isDebugEnabled()) {
            log.debug(importNode.toString());
        }
        if (wSSecEncryptedKey != null) {
            encryptSAMLAssertion(document, (Element) importNode, wSSecEncryptedKey);
        }
        createAttachedRef(createRequestSecurityTokenResponseElement, str);
        createUnattachedRef(createRequestSecurityTokenResponseElement, str);
        Token token = new Token(str, document.importNode(node, true), date, date2);
        token.setSecret(rahasData.getEphmeralKey());
        TrustUtil.getTokenStore(inMessageContext).add(token);
        if (log.isDebugEnabled()) {
            log.debug("RSTR Elem created.");
        }
        return createRequestSecurityTokenResponseElement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createAttachedRef(OMElement oMElement, String str) {
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier", "wsse"), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", "wsse"), oMFactory.createOMElement(new QName("http://schemas.xmlsoap.org/ws/2005/02/trust", "RequestedAttachedReference", "wst"), oMElement)));
        createOMElement.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", (OMNamespace) null);
        createOMElement.setText(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createUnattachedRef(OMElement oMElement, String str) {
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier", "wsse"), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", "wsse"), oMFactory.createOMElement(new QName("http://schemas.xmlsoap.org/ws/2005/02/trust", "RequestedUnattachedReference", "wst"), oMElement)));
        createOMElement.addAttribute("ValueType", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", (OMNamespace) null);
        createOMElement.setText(str);
    }

    protected OMElement createDisplayToken(OMElement oMElement, GenericIdentityProviderData genericIdentityProviderData) throws IdentityProviderException {
        return null;
    }

    /* renamed from: getIdentityProviderData */
    protected GenericIdentityProviderData mo3getIdentityProviderData(RahasData rahasData) throws Exception {
        return new GenericIdentityProviderData(rahasData);
    }

    protected Element createSAMLAssertionAsDOM(GenericIdentityProviderData genericIdentityProviderData, RahasData rahasData, DateTime dateTime, DateTime dateTime2, String str) throws IdentityProviderException {
        SAML2TokenBuilder sAML2TokenBuilder = null;
        String requiredTokenType = genericIdentityProviderData.getRequiredTokenType();
        if (requiredTokenType.equals("urn:oasis:names:tc:SAML:1.0:assertion") || requiredTokenType.equals("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1")) {
            sAML2TokenBuilder = new SAML1TokenBuilder();
        } else if (requiredTokenType.equals("urn:oasis:names:tc:SAML:2.0:assertion")) {
            sAML2TokenBuilder = new SAML2TokenBuilder();
        }
        return new SAMLTokenDirector(sAML2TokenBuilder, rahasData, genericIdentityProviderData).createSAMLToken(dateTime, dateTime2, str);
    }

    protected boolean checkIsValidTokenType(GenericIdentityProviderData genericIdentityProviderData) throws IdentityProviderException {
        boolean z = false;
        String requiredTokenType = genericIdentityProviderData.getRequiredTokenType();
        try {
            String[] split = new ParameterAdmin().getParameterValue("SupportedTokenTypes").split(",");
            int i = 0;
            while (true) {
                if (i >= split.length) {
                    break;
                }
                if (split[i].equals(requiredTokenType)) {
                    z = true;
                    break;
                }
                i++;
            }
            return z;
        } catch (IdentityException e) {
            throw new IdentityProviderException(e.getMessage(), e);
        }
    }

    private void encryptSAMLAssertion(Document document, Element element, WSSecEncryptedKey wSSecEncryptedKey) throws TrustException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
            xMLCipher.init(1, WSSecurityUtil.prepareSecretKey("http://www.w3.org/2001/04/xmlenc#aes256-cbc", wSSecEncryptedKey.getEphemeralKey()));
            String str = "EncDataId-" + element.hashCode();
            KeyInfo keyInfo = new KeyInfo(document);
            keyInfo.addUnknownElement(wSSecEncryptedKey.getEncryptedKeyElement());
            EncryptedData encryptedData = xMLCipher.getEncryptedData();
            encryptedData.setId(str);
            encryptedData.setKeyInfo(keyInfo);
            xMLCipher.doFinal(document, element, false);
        } catch (Exception e) {
            throw new TrustException("RequestFailed", e);
        }
    }
}
