package com.ibm.ws.wssecurity.saml.saml11.assertion.impl;

import com.ibm.ws.wssecurity.common.TraceLog;
import com.ibm.ws.wssecurity.saml.common.SAML11Constants;
import com.ibm.ws.wssecurity.saml.common.SAMLCommonConstants;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement;
import com.ibm.ws.wssecurity.saml.saml11.assertion.AuthorityBinding;
import com.ibm.ws.wssecurity.saml.saml11.assertion.NameIdentifier;
import com.ibm.ws.wssecurity.saml.saml11.assertion.Subject;
import com.ibm.ws.wssecurity.saml.saml11.assertion.SubjectConfirmation;
import com.ibm.ws.wssecurity.saml.saml11.assertion.SubjectLocality;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.util.ConfigUtil;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.Date;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/saml/saml11/assertion/impl/AuthenticationStatementImpl.class */
public class AuthenticationStatementImpl implements AuthenticationStatement {
    private static final String comp = "security.wssecurity";
    private SubjectLocality subjectLocality;
    private List<AuthorityBinding> authorityBinding;
    private Date authenticationInstant;
    private String authenticationMethod;
    private Subject subject;
    private NameIdentifier nameId;
    private SubjectConfirmation subjectConfirm;
    private OMElement xml;
    private ProviderConfig issueCfg;
    private RequesterConfig requestData;
    private CredentialConfig cred;
    private ConsumerConfig consumer;
    public static final String AUTHENTICATION_STATEMENT = "AuthenticationStatementImpl";
    private static final TraceLog log = new TraceLog(AuthenticationStatementImpl.class);
    private static final OMFactory omFactory = OMAbstractFactory.getOMFactory();

    public AuthenticationStatementImpl(ConsumerConfig consumerConfig) {
        this.subjectLocality = null;
        this.authorityBinding = null;
        this.authenticationInstant = null;
        this.authenticationMethod = null;
        this.subject = null;
        this.nameId = null;
        this.subjectConfirm = null;
        this.xml = null;
        this.cred = null;
        this.consumer = null;
        this.authenticationMethod = SAML11Constants.AuthenticationMethod_Unspecified;
        this.authenticationInstant = new Date();
        this.consumer = consumerConfig;
    }

    public AuthenticationStatementImpl(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        this.subjectLocality = null;
        this.authorityBinding = null;
        this.authenticationInstant = null;
        this.authenticationMethod = null;
        this.subject = null;
        this.nameId = null;
        this.subjectConfirm = null;
        this.xml = null;
        this.cred = null;
        this.consumer = null;
        this.issueCfg = providerConfig;
        this.requestData = requesterConfig;
        this.cred = credentialConfig;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.SubjectStatementAbstract
    public Subject getSubject() {
        return this.subject;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.SubjectStatementAbstract
    public void setSubject(Subject subject) {
        this.subject = subject;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public SubjectLocality getSubjectLocality() {
        return this.subjectLocality;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public void setSubjectLocality(SubjectLocality subjectLocality) {
        this.subjectLocality = subjectLocality;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public List<AuthorityBinding> getAuthorityBinding() {
        return this.authorityBinding;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public Date getAuthenticationInstant() {
        return this.authenticationInstant;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public void setAuthenticationInstant(Date date) {
        this.authenticationInstant = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public String getAuthenticationMethod() {
        return this.authenticationMethod;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement
    public void setAuthenticationMethod(String str) {
        this.authenticationMethod = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() throws SoapSecurityException {
        return this.xml;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) throws SoapSecurityException {
        OMElement createOMElement;
        OMElement marshal;
        log.entry("marshal(OMElement)");
        try {
            if (oMElement == null) {
                createOMElement = omFactory.createOMElement("AuthenticationStatement", SAMLCommonConstants._saml_ns, SAMLCommonConstants._saml_prefix);
                createOMElement.declareNamespace(SAMLCommonConstants._saml_ns, SAMLCommonConstants._saml_prefix);
            } else {
                createOMElement = oMElement.getOMFactory().createOMElement("AuthenticationStatement", SAMLCommonConstants._saml_ns, SAMLCommonConstants._saml_prefix);
            }
            createOMElement.addAttribute("AuthenticationInstant", UTC.format(this.authenticationInstant), null);
            createOMElement.addAttribute("AuthenticationMethod", this.authenticationMethod, null);
            if (this.subject != null && (marshal = this.subject.marshal(createOMElement)) != null) {
                createOMElement.addChild(marshal);
            }
            if (this.subjectLocality != null) {
                createOMElement.addChild(this.subjectLocality.marshal(createOMElement));
            }
            this.xml = createOMElement;
            log.exit("marshal(OMElement)");
            return createOMElement;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        log.entry("unMarshal(OMElement)");
        this.xml = oMElement;
        try {
            String attributeValue = oMElement.getAttributeValue(new QName(null, "AuthenticationInstant"));
            if (!ConfigUtil.hasValue(attributeValue)) {
                log.debug("AuthenticationInstant is missing or empty.");
                throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"AuthenticationInstant", "AuthenticationStatement"}));
            }
            this.authenticationInstant = UTC.parse(attributeValue);
            this.authenticationMethod = oMElement.getAttributeValue(new QName(null, "AuthenticationMethod"));
            for (OMElement firstElement = OMUtil.getFirstElement(oMElement); firstElement != null; firstElement = OMUtil.getNextElement(firstElement)) {
                String localName = firstElement.getLocalName();
                if ("Subject".equals(localName)) {
                    this.subject = new SubjectImpl(this.consumer);
                    this.subject.unMarshal(firstElement);
                } else if ("SubjectLocality".equals(localName)) {
                    this.subjectLocality = new SubjectLocalityImpl();
                    this.subjectLocality.unMarshal(firstElement);
                }
            }
            log.exit("unMarshal(OMElement)");
        } catch (Exception e) {
            throw new SoapSecurityException(e);
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
        String str;
        log.entry("create()");
        String authenticationMethod = this.requestData.getAuthenticationMethod();
        if (authenticationMethod == null || authenticationMethod.startsWith(SAML11Constants.prefix)) {
            this.authenticationMethod = authenticationMethod;
        } else {
            this.authenticationMethod = SAML11Constants.prefix + authenticationMethod;
        }
        this.authenticationInstant = new Date();
        if (this.cred != null && this.cred.getProperties() != null) {
            Date date = (Date) this.cred.getProperties().get("AuthenticationInstant");
            if (date != null) {
                this.authenticationInstant = date;
            }
            if (this.authenticationMethod == null && (str = (String) this.cred.getProperties().get("AuthenticationMethod")) != null && !str.isEmpty()) {
                this.authenticationMethod = str;
            }
        }
        this.subject = new SubjectImpl(this.issueCfg, this.requestData, this.cred);
        this.subject.create();
        this.subjectLocality = null;
        if (this.requestData.getRequesterIPAddress() != null && !this.requestData.getRequesterIPAddress().isEmpty()) {
            this.subjectLocality = new SubjectLocalityImpl(this.issueCfg, this.requestData, this.cred);
            this.subjectLocality.create();
        }
        log.exit("create()");
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        log.entry("validate(");
        if (this.authenticationMethod == null || this.authenticationMethod.isEmpty()) {
            log.debug("AuthenticationMethod is missing or empty.  validation failed");
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"AuthenticationMethod", "AuthenticationStatement"}));
        }
        if (this.authenticationInstant == null) {
            log.debug("AuthenticationInstant is missing or empty.  validation failed");
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7006E", new String[]{"AuthenticationInstant", "AuthenticationStatement"}));
        }
        long j = 180000;
        if (this.consumer != null) {
            j = this.consumer.getClockSkew();
        }
        Date date = new Date();
        long time = j + date.getTime();
        log.debug("current time: [" + UTC.format(date) + "], [" + date.getTime() + "]");
        log.debug("authenticationInstant: [" + UTC.format(this.authenticationInstant) + "], [" + this.authenticationInstant.getTime() + "]");
        log.debug("clockskew: [" + ((j / 60) / 1000) + " minutes], [" + j + " millis]");
        log.debug("time adjusted forward for clockskew=" + time);
        if (time < this.authenticationInstant.getTime()) {
            log.debug("token issued after current date/time.  Possible clockskew issue. Validate failed.");
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7014E", new String[]{UTC.format(this.authenticationInstant), UTC.format(date), String.valueOf((j / 5) / 1000)}));
        }
        if (this.subject != null) {
            this.subject.validate();
        }
        if (this.nameId != null) {
            this.nameId.validate();
        }
        log.exit("validate()");
        return true;
    }
}
