package com.ibm.ws.wssecurity.trust.server.sts.ext.sct;

import com.ibm.ws.wssecurity.trust.server.sts.ext.InvalidRequestException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import java.net.URI;
import java.util.Properties;
import org.eclipse.higgins.sts.IConstants;
import org.eclipse.higgins.sts.IElement;
import org.eclipse.higgins.sts.IRequestSecurityToken;
import org.eclipse.higgins.sts.IRequestSecurityTokenResponse;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/ws/wssecurity/trust/server/sts/ext/sct/SCTValidate.class */
public class SCTValidate implements RequestHandler {
    private static final TraceComponent tc = Tr.register(SCTValidate.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public IRequestSecurityTokenResponse handleRequest(IRequestSecurityToken iRequestSecurityToken, String str, IConstants iConstants) throws InvalidRequestException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handleRequest()");
        }
        IElement validateTarget = iRequestSecurityToken.getValidateTarget();
        if (validateTarget == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Missing ValidateTarget element.");
            }
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_VALIDATE_TARGET_MISSING, null));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("Missing ValidateTarget element."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        String extractUUIDFromValidateTarget = extractUUIDFromValidateTarget(validateTarget);
        if (extractUUIDFromValidateTarget == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "UUID was not successfully extracted from validate request. Validate failed.");
            }
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_EXTRACTION_FROM_VALIDATE_TARGET_FAILED, null));
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "handleRequest()");
            }
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("UUID was not successfully extracted from validate request. Validate failed."), "wst", iConstants.getWSTrustNamespace(), Constants.FAULT_CODE_INVALID_REQUEST, Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        boolean z = false;
        SCT sct = (SCT) SCTHelper.getCache().getToken(extractUUIDFromValidateTarget);
        if (sct == null) {
            String str2 = "SCT with the UUID " + extractUUIDFromValidateTarget + " does not exist. Validate failed.";
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, str2);
            }
        } else {
            String[] instances = sct.getInstances();
            int length = instances.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (sct.isValid(instances[i], 0L)) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z && tc.isDebugEnabled()) {
                Tr.debug(tc, "All keys associated with the specified SCT have expired. Validate failed.");
            }
        }
        IElement generateStatus = generateStatus(z ? iConstants.getValidStatusCode() : iConstants.getInvalidStatusCode(), null, iConstants);
        IRequestSecurityTokenResponse createRSTR = SCTHelper.createRSTR(iRequestSecurityToken.getContext());
        createRSTR.setStatus(generateStatus);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handleRequest()");
        }
        return createRSTR;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public void initialize(Properties properties) {
    }

    private static String extractUUIDFromValidateTarget(IElement iElement) {
        return SCTHelper.extractTextFrom(iElement, new String[]{"SecurityContextToken", "Identifier"});
    }

    private static IElement generateStatus(URI uri, String str, IConstants iConstants) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "generateStatus()");
        }
        if (uri == null || uri.equals("")) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Code is null or empty: this parameter is required.");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "generateStatus()");
            return null;
        }
        IElement createIElement = SCTHelper.createIElement("Status", "wst", iConstants.getWSTrustNamespace());
        IElement createIElement2 = SCTHelper.createIElement("Code", "wst", iConstants.getWSTrustNamespace());
        SCTHelper.addTextTo(createIElement2, uri.toString());
        SCTHelper.addChildTo(createIElement, createIElement2);
        if (str != null && !str.equals("")) {
            IElement createIElement3 = SCTHelper.createIElement("Reason", "wst", iConstants.getWSTrustNamespace());
            SCTHelper.addTextTo(createIElement3, str);
            SCTHelper.addChildTo(createIElement, createIElement3);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "generateStatus()");
        }
        return createIElement;
    }
}
