package com.ibm.ws.wssecurity.trust.server.sts.ext.sct;

import com.ibm.ws.wssecurity.trust.client.ITrustConstants;
import com.ibm.ws.wssecurity.trust.server.sts.ext.InvalidRequestException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler;
import com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandlerException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.UninitializedHandlerException;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT13;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Date;
import java.util.Enumeration;
import java.util.Properties;
import javax.xml.namespace.QName;
import org.eclipse.higgins.sts.IAppliesTo;
import org.eclipse.higgins.sts.IConstants;
import org.eclipse.higgins.sts.IElement;
import org.eclipse.higgins.sts.IEndpointReference;
import org.eclipse.higgins.sts.ILifetime;
import org.eclipse.higgins.sts.IRequestSecurityToken;
import org.eclipse.higgins.sts.IRequestSecurityTokenResponse;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/trust/server/sts/ext/sct/SCTIssue.class */
public class SCTIssue implements RequestHandler {
    private int lifetimeMSec;
    protected int renewalWindowMSec;
    private boolean renewableAfterExpiration;
    private String provider;
    private String provider_short;
    private String algorithm;
    private String algorithm_short;
    private String keySizeStr;
    private String keySizeStr_short;
    private int keySize;
    private String supportWSTrust10Draft;
    private static URI wsc10Draft;
    private static URI wsc13;
    protected static final int MINUTE_MSEC_CONVERSION_FACTOR = 60000;
    private static final String CLASS_NAME = SCTIssue.class.getName();
    private static final TraceComponent tc = Tr.register(SCTIssue.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private URI wsc = null;
    private URI wscURI = wsc13;
    private boolean initialized = false;

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public IRequestSecurityTokenResponse handleRequest(IRequestSecurityToken iRequestSecurityToken, String str, IConstants iConstants) throws RequestHandlerException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleRequest()");
        }
        if (!this.initialized) {
            String str2 = CLASS_NAME + " has not been initialized. Initialize the handler before handling requests.";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, str2);
            }
            Tr.error(tc, SCTHelper.getMessage(Constants.ERROR_CODE_ISSUE_HANDLER_UNINITIALIZED, null));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((UninitializedHandlerException) SCTHelper.populateIFault(new UninitializedHandlerException(str2), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_REQUEST_FAILED, Constants.FAULT_STRING_KEY_REQUEST_FAILED));
        }
        String uri = iConstants.getWSTrustNamespace().toString();
        if (!this.supportWSTrust10Draft.equalsIgnoreCase("true") && uri.equals("http://schemas.xmlsoap.org/ws/2005/02/trust")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "supportWSTrust10Draft: " + this.supportWSTrust10Draft);
                Tr.debug(tc, "WSTrust 10 Draft not supported.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("WSTrust 10 Draft not supported."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        IAppliesTo appliesTo = iRequestSecurityToken.getAppliesTo();
        if (appliesTo == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AppliesTo element should not be null.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("AppliesTo element should not be null."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        IEndpointReference endpointReference = appliesTo.getEndpointReference();
        if (endpointReference == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "AppliesTo endpoint reference should not be null.");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("AppliesTo endpoint reference should not be null."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        IElement entropy = iRequestSecurityToken.getEntropy();
        byte[] extractBinarySecret = extractBinarySecret(entropy);
        String extractAttributeFrom = SCTHelper.extractAttributeFrom(entropy, new String[]{"BinarySecret"}, "Type");
        if (extractBinarySecret == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestSecurityToken is missing Entropy/BinarySecret");
            }
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_SECRET_MISSING, null));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("RequestSecurityToken is missing Entropy/BinarySecret"), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        ILifetime lifetime = iRequestSecurityToken.getLifetime();
        Date date = null;
        Date date2 = null;
        if (lifetime != null) {
            date = lifetime.getCreated();
            date2 = lifetime.getExpires();
        }
        if (date == null) {
            date = new Date();
        }
        Date date3 = new Date(date.getTime() + this.lifetimeMSec);
        if (date2 == null) {
            date2 = date3;
        }
        if (date2.getTime() - date.getTime() > this.lifetimeMSec) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Requested lifetime is greater than the configured maximum lifetime. Using the configured maximum lifetime.");
            }
            date2 = date3;
        }
        Integer keySize = iRequestSecurityToken.getKeySize();
        if (keySize == null) {
            keySize = Integer.valueOf(this.keySize);
        }
        IElement renewing = iRequestSecurityToken.getRenewing();
        String extractAttributeFrom2 = SCTHelper.extractAttributeFrom(renewing, new String[0], "Allow");
        String extractAttributeFrom3 = SCTHelper.extractAttributeFrom(renewing, new String[0], "OK");
        boolean booleanValue = extractAttributeFrom2 == null ? true : Boolean.valueOf(extractAttributeFrom2).booleanValue();
        boolean booleanValue2 = extractAttributeFrom3 == null ? this.renewableAfterExpiration : Boolean.valueOf(extractAttributeFrom3).booleanValue();
        if (!this.renewableAfterExpiration && booleanValue2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Current configuration prohibits renewing of this token after expiration.");
            }
            booleanValue2 = false;
        }
        URI tokenType = iRequestSecurityToken.getTokenType();
        if (tokenType == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "RequestSecurityToken is missing TokenType");
            }
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_SECRET_MISSING, null));
        }
        SCT createSCT = createSCT(tokenType, extractBinarySecret, keySize.intValue(), date, date2, booleanValue, booleanValue2, endpointReference, uri);
        String str3 = null;
        QName valueType = createSCT.getValueType();
        if (valueType != null) {
            str3 = valueType.getLocalPart();
        }
        if (str3 == null) {
            str3 = tokenType.toString();
        }
        String generateUUID = SCTHelper.generateUUID();
        String str4 = createSCT.getInstances()[0];
        IElement generateRequestedSecurityToken = generateRequestedSecurityToken(createSCT, this.wscURI, generateUUID, str4, iConstants);
        IEndpointReference generateAppliesTo = generateAppliesTo(endpointReference.getAddress());
        IElement generateRequestedAttachedReference = generateRequestedAttachedReference(generateUUID, str3, iConstants);
        IElement generateRequestedUnattachedReference = generateRequestedUnattachedReference(createSCT.getUUID(), str3, iConstants);
        IElement generateEntropy = generateEntropy(createSCT.getServerSecret(str4), extractAttributeFrom, iConstants);
        IElement generateRequestedProofToken = generateRequestedProofToken(iConstants);
        ILifetime generateLifetime = generateLifetime(createSCT.getCreation(str4), createSCT.getExpiration(str4));
        IElement generateRenewing = generateRenewing(booleanValue, booleanValue2, iConstants);
        IRequestSecurityTokenResponse createRSTR = SCTHelper.createRSTR(iRequestSecurityToken.getContext());
        createRSTR.setRequestedSecurityToken(generateRequestedSecurityToken);
        createRSTR.setAppliesTo(generateAppliesTo);
        createRSTR.setRequestedAttachedReference(generateRequestedAttachedReference);
        createRSTR.setRequestedUnattachedReference(generateRequestedUnattachedReference);
        createRSTR.setEntropy(generateEntropy);
        createRSTR.setRequestedProofToken(generateRequestedProofToken);
        createRSTR.setLifetime(generateLifetime);
        createRSTR.setRenewing(generateRenewing);
        createRSTR.setKeySize(keySize.intValue());
        if (cacheSCT(createSCT)) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            return createRSTR;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SCT was not cached successfully.");
        }
        Tr.error(tc, SCTHelper.getMessage(Constants.ERROR_CODE_SCT_NOT_CACHED_SUCCESSFULLY, null));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleRequest()");
        }
        throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("SCT was not cached successfully."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_REQUEST_FAILED, Constants.FAULT_STRING_KEY_REQUEST_FAILED));
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public void initialize(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize");
        }
        String property = properties.getProperty("lifetimeMinutes");
        String property2 = properties.getProperty("renewalWindowMinutes");
        String property3 = properties.getProperty("renewableAfterExpiration");
        this.lifetimeMSec = Integer.valueOf(property).intValue() * 60000;
        this.renewalWindowMSec = Integer.valueOf(property2).intValue() * 60000;
        this.renewableAfterExpiration = Boolean.valueOf(property3).booleanValue();
        this.provider_short = properties.getProperty("provider", "IBMJCE");
        this.provider = properties.getProperty(Constants.PROPERTY_PROVIDER, this.provider_short);
        this.algorithm_short = properties.getProperty(Constants.PROPERTY_ALGORITHM, "AES");
        this.algorithm = properties.getProperty("algorithm", this.algorithm_short);
        this.keySizeStr_short = properties.getProperty(Constants.PROPERTY_KEY_SIZE, "128");
        this.keySizeStr = properties.getProperty(Constants.PROPERTY_KEY_SIZE, this.keySizeStr_short);
        this.keySize = Integer.valueOf(this.keySizeStr).intValue();
        this.supportWSTrust10Draft = properties.getProperty(Constants.PROPERTY_SUPPORT_WSTRUST10_DRAFT, "false");
        if (tc.isDebugEnabled()) {
            Enumeration<?> propertyNames = properties.propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                Tr.debug(tc, "(" + str + ", " + properties.getProperty(str) + ")");
            }
            Tr.debug(tc, "Configured value - lifetimeMSec: " + this.lifetimeMSec);
            Tr.debug(tc, "Configured value - renewalWindowMSec: " + this.renewalWindowMSec);
            Tr.debug(tc, "Configured value - renewableAfterExpiration: " + this.renewableAfterExpiration);
            Tr.debug(tc, "Configured value - provider: " + this.provider);
            Tr.debug(tc, "Configured value - algorithm: " + this.algorithm);
            Tr.debug(tc, "Configured value - keySize: " + this.keySize);
            Tr.debug(tc, "Configured value - supportWSTrust10Draft: " + this.supportWSTrust10Draft);
        }
        this.initialized = true;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initialize");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] extractBinarySecret(IElement iElement) {
        String extractTextFrom;
        byte[] bArr = null;
        if (iElement != null && (extractTextFrom = SCTHelper.extractTextFrom(iElement, new String[]{"BinarySecret"})) != null) {
            bArr = SCTHelper.decode(extractTextFrom);
        }
        return bArr;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IElement generateRequestedSecurityToken(SCT sct, URI uri, String str, String str2, IConstants iConstants) {
        IElement iElement = null;
        if (sct != null) {
            iElement = SCTHelper.createIElement("RequestedSecurityToken", "wst", iConstants.getWSTrustNamespace());
            IElement createIElement = SCTHelper.createIElement("SecurityContextToken", "wsc", uri);
            SCTHelper.addAttributeTo(createIElement, "Id", "wsu", iConstants.getWSSecurityUtilityNamespace(), str);
            IElement createIElement2 = SCTHelper.createIElement("Identifier", "wsc", uri);
            SCTHelper.addTextTo(createIElement2, sct.getUUID());
            SCTHelper.addChildTo(createIElement, createIElement2);
            SCTHelper.addChildTo(iElement, createIElement);
            if (str2 != null) {
                IElement createIElement3 = SCTHelper.createIElement("Instance", "wsc", uri);
                SCTHelper.addTextTo(createIElement3, str2);
                SCTHelper.addChildTo(createIElement, createIElement3);
            }
        }
        return iElement;
    }

    protected IEndpointReference generateAppliesTo(URI uri) {
        return SCTHelper.createIEndpointReference(uri);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IElement generateRequestedAttachedReference(String str, String str2, IConstants iConstants) {
        IElement createIElement = SCTHelper.createIElement("RequestedAttachedReference", "wst", iConstants.getWSTrustNamespace());
        IElement createIElement2 = SCTHelper.createIElement("SecurityTokenReference", "wsse", iConstants.getWSSecurityNamespace());
        IElement createIElement3 = SCTHelper.createIElement("Reference", "wsse", iConstants.getWSSecurityNamespace());
        SCTHelper.addAttributeTo(createIElement3, "URI", null, null, "#" + str);
        SCTHelper.addAttributeTo(createIElement3, "ValueType", null, null, str2);
        SCTHelper.addChildTo(createIElement, createIElement2);
        SCTHelper.addChildTo(createIElement2, createIElement3);
        return createIElement;
    }

    protected IElement generateRequestedUnattachedReference(String str, String str2, IConstants iConstants) {
        IElement iElement = null;
        if (str != null) {
            iElement = SCTHelper.createIElement("RequestedUnattachedReference", "wst", iConstants.getWSTrustNamespace());
            IElement createIElement = SCTHelper.createIElement("SecurityTokenReference", "wsse", iConstants.getWSSecurityNamespace());
            IElement createIElement2 = SCTHelper.createIElement("Reference", "wsse", iConstants.getWSSecurityNamespace());
            SCTHelper.addAttributeTo(createIElement2, "URI", null, null, str);
            SCTHelper.addAttributeTo(createIElement2, "ValueType", null, null, str2);
            SCTHelper.addChildTo(iElement, createIElement);
            SCTHelper.addChildTo(createIElement, createIElement2);
        }
        return iElement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IElement generateEntropy(byte[] bArr, String str, IConstants iConstants) {
        String encode;
        IElement iElement = null;
        if (bArr != null && (encode = SCTHelper.encode(bArr)) != null) {
            iElement = SCTHelper.createIElement("Entropy", "wst", iConstants.getWSTrustNamespace());
            IElement createIElement = SCTHelper.createIElement("BinarySecret", "wst", iConstants.getWSTrustNamespace());
            if (str != null && !str.equals("")) {
                SCTHelper.addAttributeTo(createIElement, "Type", null, null, str);
            }
            SCTHelper.addTextTo(createIElement, encode);
            SCTHelper.addChildTo(iElement, createIElement);
        }
        return iElement;
    }

    protected IElement generateRequestedProofToken(IConstants iConstants) {
        IElement createIElement = SCTHelper.createIElement("RequestedProofToken", "wst", iConstants.getWSTrustNamespace());
        IElement createIElement2 = SCTHelper.createIElement("ComputedKey", "wst", iConstants.getWSTrustNamespace());
        SCTHelper.addTextTo(createIElement2, iConstants.getPSHA1ComputedKey().toString());
        SCTHelper.addChildTo(createIElement, createIElement2);
        return createIElement;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ILifetime generateLifetime(Date date, Date date2) {
        return SCTHelper.createILifetime(date, date2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public IElement generateRenewing(boolean z, boolean z2, IConstants iConstants) {
        IElement createIElement = SCTHelper.createIElement("Renewing", "wst", iConstants.getWSTrustNamespace());
        SCTHelper.addAttributeTo(createIElement, "Allow", null, null, new Boolean(z).toString());
        SCTHelper.addAttributeTo(createIElement, "OK", null, null, new Boolean(z2).toString());
        return createIElement;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [com.ibm.ws.wssecurity.wssapi.token.impl.SCT] */
    /* JADX WARN: Type inference failed for: r0v44, types: [com.ibm.ws.wssecurity.wssapi.token.impl.SCT] */
    private SCT createSCT(URI uri, byte[] bArr, int i, Date date, Date date2, boolean z, boolean z2, IEndpointReference iEndpointReference, String str) throws InvalidRequestException {
        String str2;
        SCT13 sct13;
        SCT.KeyHistoryEntry keyHistoryEntry = new SCT.KeyHistoryEntry(SCTHelper.generateUUID(), bArr, SCTHelper.generateSecret(this.algorithm, this.provider, i), date, date2, SCT.SCTState.ISSUED);
        String generateUUID = SCTHelper.generateUUID();
        while (true) {
            str2 = generateUUID;
            if (!SCTHelper.isCached(str2)) {
                break;
            }
            generateUUID = SCTHelper.generateUUID();
        }
        String str3 = null;
        if (uri != null) {
            str3 = uri.toString();
        }
        if (str3 == null) {
            if (str.equals("http://schemas.xmlsoap.org/ws/2005/02/trust")) {
                sct13 = new SCT(str2, new SCT.KeyHistoryEntry[]{keyHistoryEntry});
                this.wscURI = wsc10Draft;
            } else {
                sct13 = new SCT13(str2, new SCT.KeyHistoryEntry[]{keyHistoryEntry});
                this.wscURI = wsc13;
            }
        } else if (str3.equals("http://schemas.xmlsoap.org/ws/2005/02/sc/sct")) {
            sct13 = new SCT(str2, new SCT.KeyHistoryEntry[]{keyHistoryEntry});
            this.wscURI = wsc10Draft;
        } else {
            if (!str3.equals("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct")) {
                String str4 = "Invalid TokenType, tokentype = " + str3;
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "createSCT()");
                }
                throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException(str4), "wst", uri, Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
            }
            sct13 = new SCT13(str2, new SCT.KeyHistoryEntry[]{keyHistoryEntry});
            this.wscURI = wsc13;
        }
        if (sct13 != null) {
            sct13.setRenewable(z);
            sct13.setRenewableAfterExpiration(z2);
            sct13.setAlgorithm(this.algorithm);
            sct13.setProvider(this.provider);
            sct13.setKeySize(i);
            sct13.setAppliesTo(iEndpointReference.getAddress().toString());
        }
        return sct13;
    }

    private boolean cacheSCT(SCT sct) throws UninitializedHandlerException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cacheSCT()");
        }
        if (!this.initialized) {
            String str = CLASS_NAME + " has not been initialized. Initialize the handler before handling requests.";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, str);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "cacheSCT()");
            }
            throw new UninitializedHandlerException(str);
        }
        String identifier = sct.getIdentifier();
        if (identifier != null && SCTHelper.getCache() != null && !SCTHelper.getCache().containsToken(identifier)) {
            String[] instances = sct.getInstances();
            if (instances.length > 0) {
                String str2 = instances[0];
                Date expiration = sct.getExpiration(str2);
                Date date = new Date();
                if (!SCTHelper.getCache().getPreV70InteropMode()) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Issue key = " + identifier + str2);
                    }
                    SCTHelper.getCache().cacheToken(identifier + str2, sct, expiration == null ? -1L : (expiration.getTime() - date.getTime()) + this.renewalWindowMSec);
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Issue key again = " + identifier);
                }
                return SCTHelper.getCache().cacheToken(identifier, sct, expiration == null ? -1L : (expiration.getTime() - date.getTime()) + this.renewalWindowMSec);
            }
        }
        if (!tc.isEntryEnabled()) {
            return false;
        }
        Tr.exit(tc, "cacheSCT()");
        return false;
    }

    static {
        wsc10Draft = null;
        wsc13 = null;
        try {
            wsc10Draft = new URI("http://schemas.xmlsoap.org/ws/2005/02/sc");
            wsc13 = new URI(ITrustConstants.v13.NS_WSC);
        } catch (URISyntaxException e) {
            Tr.warning(tc, "unable to instantiate wsc URIs");
        }
    }
}
