package com.ibm.ws.security.web.saml;

import com.ibm.websphere.management.NotificationConstants;
import com.ibm.websphere.management.application.AppConstants;
import com.ibm.ws.security.config.SecurityConfig;
import com.ibm.ws.security.config.SecurityObjectLocator;
import com.ibm.ws.security.web.saml.filter.HTTPHeaderFilter;
import com.ibm.ws.security.web.saml.filter.SAMLSSOFilter;
import com.ibm.ws.security.web.saml.util.Util;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.wssecurity.saml.binding.saml20.PostBindingIdPConfig;
import com.ibm.ws.wssecurity.saml.binding.saml20.PostBindingSPConfig;
import com.ibm.ws.wssecurity.saml.binding.saml20.PropertyConfigUtil;
import com.ibm.ws.wssecurity.saml.binding.saml20.SAMLSpConstants;
import com.ibm.ws.wssecurity.saml.config.impl.ConsumerConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.KeyInformationConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.KeyStoreConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.security.web.saml.AuthnRequestProvider;
import com.ibm.wsspi.security.web.saml.IdentityProviderMapping;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import org.apache.axis2.engine.DependencyManager;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/security/web/saml/PostBindingConfig.class */
public class PostBindingConfig {
    private static final TraceComponent tc = Tr.register(PostBindingConfig.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    protected Properties postBindingProps;
    private ArrayList<PostBindingIdPConfig> idpCfgs = new ArrayList<>();
    private ArrayList<String> idpUrls = new ArrayList<>();
    private PostBindingSPConfig spCfg = null;
    private ConsumerConfig samlConsumerCfg = null;
    private SAMLIdAssertionRule idMapRule = null;
    private IdentityProviderMapping idProvider = null;
    private HTTPHeaderFilter acceptanceFilter = null;
    protected boolean filterDefined = false;
    private String ssoIndex = null;

    public PostBindingConfig(Properties properties) throws SoapSecurityException {
        this.postBindingProps = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "PostBindingConfig(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        this.postBindingProps = properties;
        init(properties);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "PostBindingConfig(Properties p)");
        }
    }

    private void init(Properties properties) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "init(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        buildIdPConfig(properties);
        buildSPConfig(properties);
        buildSamlConfig(properties);
        buildIdAssertionRule(properties);
        initIdentityProviderMapping(properties);
        createAcceptanceFilter(properties);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, DependencyManager.SERVICE_INIT_METHOD);
        }
    }

    private void buildIdPConfig(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "buildIdPConfig(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        ArrayList<Properties> sortPropertiesForEachIdP = PostBindingIdPConfig.sortPropertiesForEachIdP(properties);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The number of partners are " + sortPropertiesForEachIdP.size());
        }
        Iterator<Properties> it = sortPropertiesForEachIdP.iterator();
        while (it.hasNext()) {
            PostBindingIdPConfig postBindingIdPConfig = new PostBindingIdPConfig(it.next());
            this.idpCfgs.add(postBindingIdPConfig);
            this.idpUrls.add(postBindingIdPConfig.getSingleSignOnService());
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "SSO URL is " + postBindingIdPConfig.getSingleSignOnService());
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "buildIdPConfig");
        }
    }

    private void buildSPConfig(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "buildSPConfig(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        extractGeneralSecurityCustomProperties(properties);
        this.spCfg = new PostBindingSPConfig(properties);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "buildSPConfig");
        }
    }

    private void extractGeneralSecurityCustomProperties(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractGeneralSecurityCustomProperties(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        if (properties != null) {
            try {
                SecurityConfig securityConfig = SecurityObjectLocator.getSecurityConfig();
                if (securityConfig != null && securityConfig.getPropertyBool(SecurityConfig.DISABLE_SAML_DECODE_REDIRECT_URL)) {
                    properties.setProperty(SecurityConfig.DISABLE_SAML_DECODE_REDIRECT_URL, "true");
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "com.ibm.ws.security.web.saml.disableDecodeURL is set to true in security.xml");
                    }
                }
            } catch (Exception e) {
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "extractGeneralSecurityCustomProperties");
        }
    }

    private void buildSamlConfig(Properties properties) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "buildSamlConfig(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        initConsumerConfig(properties);
        if (properties != null) {
            setClockSkew(this.samlConsumerCfg, properties);
            createTrustStore(this.samlConsumerCfg, properties);
            createKeyStore(this.samlConsumerCfg, properties);
            createKeyInformationConfig(this.samlConsumerCfg, properties);
            initCertPath();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "buildSamlConfig");
        }
    }

    private void initCertPath() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initCertPath");
        }
        this.samlConsumerCfg.setX509Path(this.spCfg.getX509Paths());
        this.samlConsumerCfg.setCRLPath(this.spCfg.getCRLPaths());
        SamlConfigUtil.createCertStoreObject(this.samlConsumerCfg);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initCertPath");
        }
    }

    private void initConsumerConfig(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initConsumerConfig(Properties([" + ConfigUtil.getObjState(properties) + "])");
        }
        this.samlConsumerCfg = new ConsumerConfigImpl();
        boolean z = false;
        if (PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.TRUST_ANY_SIGNER) != null) {
            z = PropertyConfigUtil.getPropertyBoolean(properties, SAMLSpConstants.TRUST_ANY_SIGNER, false);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustAny is " + z);
        }
        this.samlConsumerCfg.setTrustAnySTS(z);
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.TRUSTED_IdP_ALIAS);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "trustedAlias is " + propertyString);
        }
        if (propertyString != null) {
            this.samlConsumerCfg.setAliasForTokenProvider(propertyString);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initConsumerConfig");
        }
    }

    private void setClockSkew(ConsumerConfig consumerConfig, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setClockSkew(ConsumerConfig(" + ConfigUtil.getObjState(consumerConfig) + "], Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.ALLOWED_CLOCK_SKEW);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "[" + SAMLSpConstants.ALLOWED_CLOCK_SKEW + "] is [" + propertyString + "]");
        }
        if (propertyString == null) {
            propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.DEFAULT_ALLOWED_CLOCK_SKEW);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "[" + SAMLSpConstants.DEFAULT_ALLOWED_CLOCK_SKEW + "] is [" + propertyString + "]");
            }
        }
        try {
            long parseLong = Long.parseLong(propertyString);
            if (parseLong > 0) {
                consumerConfig.setClockSkew(parseLong * 60 * 1000);
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "The specified clock skew [" + propertyString + "] is not greater than zero. [5] will be used.");
                }
                consumerConfig.setClockSkew(NotificationConstants.HANDLE_NOTIFICATION_TIMEOUT_DEFAULT);
            }
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "The specified clock skew is invalid [" + propertyString + "].  [180000] will be used.");
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setClockSkew() clockskew is [" + consumerConfig.getClockSkew() + "]");
        }
    }

    private void createTrustStore(ConsumerConfig consumerConfig, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTrustStore(ConsumerConfig(" + ConfigUtil.getObjState(consumerConfig) + "], Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.TRUST_STORE);
        if (propertyString == null) {
            propertyString = KeyStoreManager.getDefaultKeyStoreName(SAMLSpConstants.DEFAULT_MANAGED_TRUST_STORE);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "TrustStore:" + propertyString);
        }
        if (propertyString != null) {
            consumerConfig.setTrustStoreConfig(new KeyStoreConfigImpl(null, null, null, propertyString));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTrustStore");
        }
    }

    private void createKeyStore(ConsumerConfig consumerConfig, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyStore(ConsumerConfig(" + ConfigUtil.getObjState(consumerConfig) + "], Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.KEY_STORE);
        if (propertyString == null) {
            propertyString = KeyStoreManager.getDefaultKeyStoreName(SAMLSpConstants.DEFAULT_MANAGED_KEY_STORE);
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyStore:" + propertyString);
        }
        if (propertyString != null) {
            consumerConfig.setKeyStoreConfig(new KeyStoreConfigImpl(null, null, null, propertyString));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyStore");
        }
    }

    private void createKeyInformationConfig(ConsumerConfig consumerConfig, Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyInformationConfig(ConsumerConfig(" + ConfigUtil.getObjState(consumerConfig) + "], Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.KEY_NAME);
        String propertyString2 = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.KEY_PASSWORD);
        String propertyString3 = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.KEY_ALIAS);
        if (propertyString3 != null) {
            consumerConfig.setKeyInformationConfig(new KeyInformationConfigImpl(propertyString3, propertyString2, propertyString));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyInformationConfig");
        }
    }

    protected void createAcceptanceFilter(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAcceptanceFilter(Properties([" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.FILTER);
        if (propertyString != null) {
            this.filterDefined = true;
        }
        this.acceptanceFilter = new SAMLSSOFilter();
        this.acceptanceFilter.init(propertyString);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAcceptanceFilter");
        }
    }

    private void buildIdAssertionRule(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "buildIdAssertionRule(Properties([" + ConfigUtil.getObjState(properties) + "])");
        }
        this.idMapRule = new SAMLIdAssertionRule(properties);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "buildIdAssertionRule");
        }
    }

    public ConsumerConfig getAssertionConsumerConfig() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getAssertionConsumerConfig returns [" + ConfigUtil.getObjState(this.samlConsumerCfg) + "]");
        }
        return this.samlConsumerCfg;
    }

    public void setAssertionConsumerConfig(ConsumerConfig consumerConfig) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setAssertionConsumerConfig(" + ConfigUtil.getObjState(consumerConfig) + ")");
        }
        this.samlConsumerCfg = consumerConfig;
    }

    public ArrayList<PostBindingIdPConfig> getPostBindingIdPConfig() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getPostBindingIdPConfig returns [" + ConfigUtil.getObjType(this.idpCfgs) + (this.idpCfgs == null ? "" : "(size=" + this.idpCfgs.size() + ")") + "]");
        }
        return this.idpCfgs;
    }

    public PostBindingSPConfig getPostBindingSPConfig() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getPostBindingSPConfig returns [" + this.spCfg + "]");
        }
        return this.spCfg;
    }

    public SAMLIdAssertionRule getSAMLIdAssertionRule() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSAMLIdAssertionRule returns [" + this.idMapRule + "]");
        }
        return this.idMapRule;
    }

    public void setSAMLIdAssertionRule(SAMLIdAssertionRule sAMLIdAssertionRule) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setSAMLIdAssertionRule(" + ConfigUtil.getObjState(sAMLIdAssertionRule) + ")");
        }
        this.idMapRule = sAMLIdAssertionRule;
    }

    public IdentityProviderMapping getIdentityProviderMapping() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getIdentityProviderMapping returns [" + ConfigUtil.getObjType(this.idProvider) + (this.idProvider == null ? "" : this.idProvider instanceof AuthnRequestProvider ? ":(is AuthnRequestProvider)" : ":(is not AuthnRequestProvider)") + "]");
        }
        return this.idProvider;
    }

    protected IdentityProviderMapping initIdentityProviderMapping(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initIdentityProviderMapping(Properties[" + ConfigUtil.getObjState(properties) + "])");
        }
        String propertyString = PropertyConfigUtil.getPropertyString(properties, SAMLSpConstants.LOGIN_ERROR_PAGE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "reloginPage=[" + propertyString + "]");
        }
        if (propertyString != null && !propertyString.startsWith(SAMLSpConstants.HTTP_PREFIX) && !propertyString.startsWith(SAMLSpConstants.HTTPS_PREFIX)) {
            this.idProvider = (IdentityProviderMapping) Util.getClassForName(propertyString);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "idProvider[" + ConfigUtil.getObjType(this.idProvider) + "]");
                if (this.idProvider != null) {
                    if (this.idProvider instanceof AuthnRequestProvider) {
                        Tr.debug(tc, "idProvider is an instanceof AuthnRequestProvider");
                    } else {
                        Tr.debug(tc, "idProvider is NOT an instanceof AuthnRequestProvider");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initIdentityProviderMapping returns [" + ConfigUtil.getObjType(this.idProvider) + (this.idProvider == null ? "" : this.idProvider instanceof AuthnRequestProvider ? ":(is AuthnRequestProvider)" : ":(is not AuthnRequestProvider)") + "]");
        }
        return this.idProvider;
    }

    public HTTPHeaderFilter getHTTPHeaderFilter() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getHTTPHeaderFilter returns [" + ConfigUtil.getObjState(this.acceptanceFilter) + "]");
        }
        return this.acceptanceFilter;
    }

    public boolean hasFilter() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "hasFilter returns [" + this.filterDefined + "]");
        }
        return this.filterDefined;
    }

    public ArrayList<String> getSingleSignOnServiceURLs() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSingleSignOnServiceURLs returns [" + ConfigUtil.getObjState(this.idpUrls) + "]");
        }
        return this.idpUrls;
    }

    public String getSSOIndex() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSSOIndex returns [" + this.ssoIndex + "]");
        }
        return this.ssoIndex;
    }

    public void setSSOIndex(String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "setSSOIndex(" + str + ")");
        }
        this.ssoIndex = str;
    }

    public String toString() {
        StringBuffer append = new StringBuffer(getClass().getName()).append("(");
        append.append("ssoIndex=[").append(this.ssoIndex).append("], ");
        append.append("filterDefined=[").append(this.filterDefined).append("], ");
        append.append("idProvider=[").append(ConfigUtil.getObjType(this.idProvider)).append(this.idProvider == null ? "" : this.idProvider instanceof AuthnRequestProvider ? ":(is AuthnRequestProvider)" : ":(is not AuthnRequestProvider)").append("], ");
        append.append("idpUrls=[").append(this.idpUrls == null ? AppConstants.NULL_STRING : this.idpUrls.toString()).append("], ");
        append.append("idpCfgs=[").append(ConfigUtil.getObjType(this.idpCfgs)).append(this.idpCfgs == null ? "" : "(size=" + this.idpCfgs.size() + ")").append("], ");
        append.append("idMapRule=[").append(this.idMapRule).append("], ");
        append.append("samlConsumerCfg=[").append(this.samlConsumerCfg).append("], ");
        append.append("spCfg=[").append(this.spCfg).append("]");
        append.append(")");
        return append.toString();
    }
}
