package com.ibm.ws.wssecurity.util;

import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.ws.wssecurity.token.CacheableSubjectHelperFactory;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import java.util.Date;
import javax.security.auth.Subject;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;
import org.apache.axis2.handlers.addressing.AddressingPreSecurityHandler;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/util/SAMLTokenCacheHelper.class */
public class SAMLTokenCacheHelper {
    private static final String comp = "security.wssecurity";
    public static final String TOKEN_GENERATOR_CONFIG = "com.ibm.ws.wssecurity.saml.internal.tokenGeneratorCfg";
    public static final String WSSUBJECT_EPR = "com.ibm.ws.wssecurity.saml.internal.wssubject.epr";
    public static final String CUSHION = "com.ibm.ws.wssecurity.saml.internal.cushion";
    private static final long default_cacheCushion = 300000;
    private static final TraceComponent tc = Tr.register(SAMLTokenCacheHelper.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = SAMLTokenCacheHelper.class.getName();
    private static int default_Cache_Entries = 250;
    private static int sizeLimit = 0;
    private static LimitedCache cacheInstance = null;
    private static long cacheTimeout = SamlConstants.DEFAULT_SAML_EXPIRES_IN_MILLISECONDS;
    private static long default_Cache_Timeout = 60;

    private static LimitedCache getInstance() {
        if (cacheInstance == null) {
            init();
            cacheInstance = LimitedCacheFactory.getInstance(0, sizeLimit, cacheTimeout);
        }
        return cacheInstance;
    }

    private static void init() {
        sizeLimit = (int) ConfigUtil.processLongProperty(SamlConstants.SAMLTOKEN_CLIENT_CACHE_ENTRIES, System.getProperty(SamlConstants.SAMLTOKEN_CLIENT_CACHE_ENTRIES), default_Cache_Entries);
        cacheTimeout = Long.valueOf(ConfigUtil.processLongProperty(SamlConstants.SAMLTOKEN_CLIENT_CACHE_TIMEOUT, System.getProperty(SamlConstants.SAMLTOKEN_CLIENT_CACHE_TIMEOUT), default_Cache_Timeout)).longValue() * 60 * 1000;
    }

    public static SAMLToken getSAMLToken(MessageContext messageContext, TokenGeneratorConfig tokenGeneratorConfig, long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLToken(msgContext, config, cushion[" + j + "])");
        }
        String key = getKey(messageContext, tokenGeneratorConfig);
        if (key == null || key.isEmpty()) {
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "getSAMLToken: No cache key. No Cache returned.");
            return null;
        }
        SAMLToken sAMLToken = (SAMLToken) getInstance().get(key);
        SAMLTokenImpl sAMLTokenImpl = null;
        if (sAMLToken != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found Token from cache " + sAMLToken.getSamlID());
                Tr.debug(tc, "Found Token from cache " + sAMLToken.getSamlExpires());
            }
            Date samlExpires = sAMLToken.getSamlExpires();
            if (samlExpires != null) {
                if (samlExpires.getTime() - new Date().getTime() > j) {
                    try {
                        sAMLTokenImpl = SAMLTokenHelper.cloneSAMLToken(sAMLToken);
                        getInstance().put(key, sAMLToken);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Found valid token from cache");
                        }
                    } catch (Exception e) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "fail to clone Token:" + e.getMessage());
                        }
                    }
                } else {
                    getInstance().remove(key);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "remove token:" + sAMLToken.getSamlID());
                    }
                }
            } else {
                try {
                    sAMLTokenImpl = SAMLTokenHelper.cloneSAMLToken(sAMLToken);
                    getInstance().put(key, sAMLToken);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Found valid token from cache");
                    }
                } catch (Exception e2) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "fail to clone Token:" + e2.getMessage());
                    }
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No cached token for EndpointAddress" + messageContext.getTo().getAddress());
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSAMLToken returns [" + ConfigUtil.getObjState(sAMLToken) + "]");
        }
        return sAMLTokenImpl;
    }

    public static void cacheSAMLToken(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cacheSAMLToken(MessageContext msgContext)");
        }
        boolean z = true;
        try {
            z = Axis2Util.isServiceProvider(messageContext);
        } catch (Exception e) {
        }
        if (z) {
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "cacheSAMLToken(MessageContext msgContext): No cache on receiver side.");
                return;
            }
            return;
        }
        SAMLToken sAMLToken = (SAMLToken) Axis2Util.getProperty(messageContext, SAMLTokenHelper.SAMLTOKEN);
        if (sAMLToken != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "cacheSAMLToken: " + sAMLToken.getSamlID());
            }
            messageContext.setProperty(SamlConstants.SAMLTOKEN_OUT_MESSAGECONTEXT, sAMLToken);
            if (sAMLToken.isOneTimeUse()) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "cacheSAMLToken(MessageContext msgContext): Do not Cache OneTimeUse Token.");
                    return;
                }
                return;
            }
            String str = (String) Axis2Util.getProperty(messageContext, WSSUBJECT_EPR);
            if (str == null) {
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "cacheSAMLToken(MessageContext msgContext): Cache key does not exist.");
                    return;
                }
                return;
            }
            long processLongProperty = ConfigUtil.processLongProperty(CUSHION, (String) Axis2Util.getProperty(messageContext, CUSHION), 300000L);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Cache cushion: " + processLongProperty);
            }
            Date samlExpires = sAMLToken.getSamlExpires();
            long j = 0;
            if (samlExpires != null) {
                Date date = new Date();
                j = samlExpires.getTime() - date.getTime();
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "exp.getTime() [" + samlExpires.getTime() + "], now.getTime() [" + date.getTime() + "], time [" + j + "]");
                }
            }
            if (samlExpires == null) {
                j = cacheTimeout;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Expires is null. Using cacheTimeout value. time[" + j + "]");
                }
            }
            if (j > processLongProperty || j == 0) {
                getInstance().put(str, sAMLToken);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Cache Token:" + sAMLToken.getSamlID());
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Did not Cache Token:" + sAMLToken.getSamlID());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No SAML Token for cache");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "cacheSAMLToken(MessageContext msgContext)");
        }
    }

    public static void setSAMLTokenCacheKeys(SAMLToken sAMLToken, MessageContext messageContext, TokenGeneratorConfig tokenGeneratorConfig, long j) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSAMLTokenCacheKeys(SAMLToken token, MessageContext msgContext, TokenGeneratorConfig config, long cushion)");
        }
        Object key = getKey(messageContext, tokenGeneratorConfig);
        String l = Long.toString(j);
        messageContext.setProperty(TOKEN_GENERATOR_CONFIG, tokenGeneratorConfig);
        messageContext.setProperty(CUSHION, l);
        messageContext.setProperty(WSSUBJECT_EPR, key);
        OperationContext operationContext = messageContext.getOperationContext();
        if (operationContext == null) {
            operationContext = (OperationContext) messageContext.getProperty(AddressingPreSecurityHandler.UNVERIFIED_OPERATION_CONTEXT);
        }
        if (operationContext != null) {
            operationContext.setProperty(TOKEN_GENERATOR_CONFIG, tokenGeneratorConfig);
            operationContext.setProperty(CUSHION, l);
            operationContext.setProperty(WSSUBJECT_EPR, key);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The operation context is NULL!!!");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSAMLTokenCacheKeys( SAMLToken=" + sAMLToken.getSamlID() + " , MessageContext msgContext, TokenGeneratorConfig config, long cushion=" + l);
        }
    }

    private static String getKey(MessageContext messageContext, TokenGeneratorConfig tokenGeneratorConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey(MessageContext, TokenGeneratorConfig)");
        }
        String str = null;
        String address = messageContext.getTo().getAddress();
        Subject runAsSubject = SAMLTokenHelper.getRunAsSubject(messageContext);
        int i = 0;
        if (address != null) {
            i = address.hashCode();
        }
        String str2 = null;
        if (runAsSubject != null) {
            str2 = CacheableSubjectHelperFactory.getInstance().getIdentifier(runAsSubject);
            i = (str2 == null || str2.isEmpty()) ? (i * 31) + runAsSubject.hashCode() : (i * 31) + str2.hashCode();
        }
        if (tokenGeneratorConfig != null) {
            i = (i * 31) + tokenGeneratorConfig.hashCode();
        }
        if (i < 0) {
            str = "A0" + (i * (-1));
        } else if (i > 0) {
            str = "B" + i;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "endpointAddress[" + address + "], id[" + str2 + "], subject[" + ConfigUtil.getObjState(runAsSubject) + "], config[" + ConfigUtil.getObjState(tokenGeneratorConfig) + "]");
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey(MessageContext, TokenGeneratorConfig)");
        }
        return str;
    }
}
