package com.ibm.ws.wssecurity.saml.saml20.assertion.impl;

import com.ibm.ws.wssecurity.saml.common.SAML20Constants;
import com.ibm.ws.wssecurity.saml.common.SAMLCommonConstants;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData;
import com.ibm.ws.wssecurity.saml.security.HoKAssertion;
import com.ibm.ws.wssecurity.saml.security.impl.HoKAssertionImpl;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/saml/saml20/assertion/impl/SubjectConfirmationDataImpl.class */
public class SubjectConfirmationDataImpl implements SubjectConfirmationData {
    private static final String comp = "security.wssecurity";
    protected List<Object> content;
    protected Date notBefore;
    protected Date notOnOrAfter;
    protected String recipient;
    protected String inResponseTo;
    protected String address;
    private Map<QName, String> otherAttributes;
    private HoKAssertion keyInfoAssertion;
    private OMElement keyInfoElm;
    private ProviderConfig issueCfg;
    private RequesterConfig reqData;
    private CredentialConfig cred;
    private OMElement xml;
    private ConsumerConfig assertionConfigCfg;
    private static final TraceComponent tc = Tr.register(SubjectConfirmationDataImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = SubjectConfirmationDataImpl.class.getName();
    private static final OMFactory omFactory = OMAbstractFactory.getOMFactory();

    public SubjectConfirmationDataImpl() {
        this.otherAttributes = new HashMap();
        this.keyInfoAssertion = null;
        this.keyInfoElm = null;
        this.issueCfg = null;
        this.reqData = null;
        this.cred = null;
        this.assertionConfigCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SubjectConfirmationDataImpl");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SubjectConfirmationDataImpl");
        }
    }

    public SubjectConfirmationDataImpl(ConsumerConfig consumerConfig) {
        this.otherAttributes = new HashMap();
        this.keyInfoAssertion = null;
        this.keyInfoElm = null;
        this.issueCfg = null;
        this.reqData = null;
        this.cred = null;
        this.assertionConfigCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SubjectConfirmationDataImpl(ConsumerConfig)");
        }
        this.assertionConfigCfg = consumerConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SubjectConfirmationDataImpl(ConsumerConfig)");
        }
    }

    public SubjectConfirmationDataImpl(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        this.otherAttributes = new HashMap();
        this.keyInfoAssertion = null;
        this.keyInfoElm = null;
        this.issueCfg = null;
        this.reqData = null;
        this.cred = null;
        this.assertionConfigCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "SubjectConfirmationDataImpl(ConsumerConfig, RequesterConfig, CredentialConfig)");
        }
        this.issueCfg = providerConfig;
        this.reqData = requesterConfig;
        this.cred = credentialConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "SubjectConfirmationDataImpl(ConsumerConfig, RequesterConfig, CredentialConfig)");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public List<Object> getContent() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getContent()");
        }
        if (this.content == null) {
            this.content = new ArrayList();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getContent()");
        }
        return this.content;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public Date getNotBefore() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNotBefore()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNotBefore(): " + (this.notBefore == null ? null : this.notBefore.toString()));
        }
        return this.notBefore;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setNotBefore(Date date) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNotBefore(): " + (date == null ? null : date.toString()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setNotBefore(): " + (date == null ? null : date.toString()));
        }
        this.notBefore = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public Date getNotOnOrAfter() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNotOnOrAfter()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNotOnOrAfter(): " + (this.notOnOrAfter == null ? null : this.notOnOrAfter.toString()));
        }
        return this.notOnOrAfter;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setNotOnOrAfter(Date date) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNotOnOrAfter(): " + (date == null ? null : date.toString()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setNotOnOrAfter(): " + (date == null ? null : date.toString()));
        }
        this.notOnOrAfter = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public String getRecipient() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getRecipient()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getRecipient(): " + this.recipient);
        }
        return this.recipient;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setRecipient(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setRecipient(): " + str);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setRecipient(): " + str);
        }
        this.recipient = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public String getInResponseTo() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getInResponseTo()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getInResponseTo(): " + this.inResponseTo);
        }
        return this.inResponseTo;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setInResponseTo(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInResponseTo(" + str + ")");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setInResponseTo(" + str + ")");
        }
        this.inResponseTo = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public String getAddress() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAddress()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAddress(): " + this.address);
        }
        return this.address;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setAddress(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAddress(" + str + ")");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAddress(" + str + ")");
        }
        this.address = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public Map<QName, String> getOtherAttributes() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getOtherAttributes()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getOtherAttributes()");
        }
        return this.otherAttributes;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public HoKAssertion getKeyInfoAssertion() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoAssertion()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInfoAssertion()");
        }
        return this.keyInfoAssertion;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setKeyInfoAssertion(HoKAssertion hoKAssertion) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setKeyInfoAssertion()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setKeyInfoAssertion()");
        }
        this.keyInfoAssertion = hoKAssertion;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public OMElement getKeyInfoElement() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKeyInfoElement()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKeyInfoElement()");
        }
        return this.keyInfoElm;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData
    public void setKeyInfoElement(OMElement oMElement) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setKeyInfoElement()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setKeyInfoElement()");
        }
        this.keyInfoElm = oMElement;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getXML()");
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getXML()");
        return null;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "marshal(OMElement parent): " + (oMElement == null ? null : oMElement.toString()));
        }
        if (this.xml != null) {
            return this.xml;
        }
        if (this.notBefore == null && this.notOnOrAfter == null && this.address == null && this.inResponseTo == null && this.recipient == null && this.keyInfoAssertion == null && this.keyInfoElm == null) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "marshal(OMElement parent): returning null");
            return null;
        }
        if (oMElement == null) {
            this.xml = omFactory.createOMElement("SubjectConfirmationData", SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
            this.xml.declareNamespace(SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
        } else {
            this.xml = oMElement.getOMFactory().createOMElement("SubjectConfirmationData", SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
        }
        if (this.notBefore != null) {
            this.xml.addAttribute("NotBefore", UTC.format(this.notBefore), (OMNamespace) null);
        }
        if (this.notOnOrAfter != null) {
            this.xml.addAttribute("NotOnOrAfter", UTC.format(this.notOnOrAfter), (OMNamespace) null);
        }
        if (this.address != null) {
            this.xml.addAttribute("Address", this.address, (OMNamespace) null);
        }
        if (this.inResponseTo != null) {
            this.xml.addAttribute("InResponseTo", this.inResponseTo, (OMNamespace) null);
        }
        if (this.recipient != null) {
            this.xml.addAttribute("Recipient", this.recipient, (OMNamespace) null);
        }
        if (this.keyInfoAssertion != null) {
            OMElement marshal = this.keyInfoAssertion.marshal(this.xml);
            if (marshal != null) {
                this.xml.addChild(marshal);
            }
        } else if (this.keyInfoElm != null) {
            this.xml.addChild(this.keyInfoElm);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "marshal(OMElement parent): " + (this.xml == null ? null : this.xml.toString()));
        }
        return this.xml;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "unMarshal(OMElement om): " + (oMElement == null ? null : oMElement.toString()));
        }
        String attributeValue = oMElement.getAttributeValue(new QName(null, "NotBefore"));
        if (attributeValue != null) {
            try {
                this.notBefore = UTC.parse(attributeValue);
            } catch (Exception e) {
                throw new SoapSecurityException(e.getMessage(), e.getCause());
            }
        }
        String attributeValue2 = oMElement.getAttributeValue(new QName(null, "NotOnOrAfter"));
        if (attributeValue2 != null) {
            try {
                this.notOnOrAfter = UTC.parse(attributeValue2);
            } catch (Exception e2) {
            }
        }
        this.inResponseTo = oMElement.getAttributeValue(new QName(null, "InResponseTo"));
        this.recipient = oMElement.getAttributeValue(new QName(null, "Recipient"));
        OMElement firstElement = OMUtil.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            if ("KeyInfo".equalsIgnoreCase(oMElement2.getLocalName())) {
                this.keyInfoElm = oMElement2;
                this.keyInfoAssertion = new HoKAssertionImpl(this.assertionConfigCfg);
                this.keyInfoAssertion.unMarshal(oMElement2);
            }
            firstElement = OMUtil.getNextElement(oMElement2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "unMarshal(OMElement om)");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "create()");
        }
        this.recipient = this.reqData.getRecipient();
        this.inResponseTo = this.reqData.getInResponseTo();
        this.address = this.reqData.getAddress();
        if (this.reqData.enableNotBefore()) {
            this.notBefore = new Date();
            this.notBefore.setTime(this.notBefore.getTime() - this.reqData.getClockSkew());
        }
        if (this.reqData.getNotOnOrAfter() > 0) {
            this.notOnOrAfter = new Date();
            this.notOnOrAfter = new Date(this.notOnOrAfter.getTime() + this.reqData.getNotOnOrAfter() + this.reqData.getClockSkew());
        }
        if (SAML20Constants._HOLDER_OF_KEY.equals(SamlConfigUtil.getConfirmationMethod(this.reqData, this.issueCfg))) {
            this.keyInfoAssertion = new HoKAssertionImpl(this.issueCfg, this.reqData, this.cred);
            this.keyInfoAssertion.create();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "create()");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate()");
        }
        if (this.notBefore != null || this.notOnOrAfter != null) {
            Date date = new Date();
            if ((this.notBefore != null && date.before(this.notBefore)) || (this.notOnOrAfter != null && !date.before(this.notOnOrAfter))) {
                long j = 180000;
                if (this.assertionConfigCfg != null) {
                    j = this.assertionConfigCfg.getClockSkew();
                }
                long time = date.getTime() + j;
                long time2 = date.getTime() - j;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "current time: [" + UTC.format(date) + "], [" + date.getTime() + "]");
                    Tr.debug(tc, "clockskew: [" + ((j / 60) / 1000) + " minutes], [" + j + " millis]");
                    if (this.notBefore != null) {
                        Tr.debug(tc, "notBefore: [" + UTC.format(this.notBefore) + "], [" + this.notBefore.getTime() + "]");
                    }
                    if (this.notBefore == null) {
                        Tr.debug(tc, "notBefore: [null]");
                    }
                    if (this.notOnOrAfter != null) {
                        Tr.debug(tc, "notOnOrAfter: [" + UTC.format(this.notOnOrAfter) + "], [" + this.notOnOrAfter.getTime() + "]");
                    }
                    if (this.notOnOrAfter == null) {
                        Tr.debug(tc, "notOnOrAfter: [null]");
                    }
                    Tr.debug(tc, "time adjusted forward for clockskew=" + time);
                    Tr.debug(tc, "time adjusted backward for clockskew=" + time2);
                }
                if (this.notBefore != null && time < this.notBefore.getTime()) {
                    Tr.debug(tc, "timeForward < notBefore. notBefore test failed.");
                    throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7020E", new String[]{UTC.format(this.notBefore), UTC.format(date), String.valueOf((j / 60) / 1000)}));
                }
                if (this.notOnOrAfter != null && time2 > this.notOnOrAfter.getTime()) {
                    Tr.debug(tc, "timeBackward > notOnOrAfter. notOnOrAfter test failed.");
                    throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7021E", new String[]{UTC.format(this.notOnOrAfter), UTC.format(date), String.valueOf((j / 60) / 1000)}));
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "validate() returns true");
        return true;
    }
}
