package com.ibm.ws.wssecurity.saml.saml20.assertion.impl;

import com.ibm.ws.wssecurity.saml.common.SAMLCommonConstants;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.common.util.UUIDGenerator;
import com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnContext;
import com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement;
import com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectLocality;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.Date;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/saml/saml20/assertion/impl/AuthnStatementImpl.class */
public class AuthnStatementImpl extends StatementAbstractImpl implements AuthnStatement {
    private static final String comp = "security.wssecurity";
    private SubjectLocality subjectLocality;
    private AuthnContext authnContext;
    private Date authnInstant;
    private String authnInstantUTC;
    private String sessionIndex;
    private Date sessionNotOnOrAfter;
    private OMElement xml;
    private ProviderConfig issueCfg;
    private RequesterConfig requestData;
    private CredentialConfig cred;
    private ConsumerConfig assertionConsumingCfg;
    private static final TraceComponent tc = Tr.register(AuthnStatementImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = AuthnStatementImpl.class.getName();
    private static final OMFactory omFactory = OMAbstractFactory.getOMFactory();

    public AuthnStatementImpl() {
        this.authnInstantUTC = null;
        this.xml = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "AuthnStatementImpl()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "AuthnStatementImpl()");
        }
    }

    public AuthnStatementImpl(ConsumerConfig consumerConfig) {
        this.authnInstantUTC = null;
        this.xml = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "AuthnStatementImpl()");
        }
        this.assertionConsumingCfg = consumerConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "AuthnStatementImpl()");
        }
    }

    public AuthnStatementImpl(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        this.authnInstantUTC = null;
        this.xml = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "AuthnStatementImpl(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        this.issueCfg = providerConfig;
        this.requestData = requesterConfig;
        this.cred = credentialConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "AuthnStatementImpl(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
    }

    private AuthnContext createAuthnContext(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createAuthnContext(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        AuthnContextImpl authnContextImpl = new AuthnContextImpl(providerConfig, requesterConfig, credentialConfig);
        authnContextImpl.createAuthnContext();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createAuthnContext(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        return authnContextImpl;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public SubjectLocality getSubjectLocality() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSubjectLocality()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSubjectLocality()");
        }
        return this.subjectLocality;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public void setSubjectLocality(SubjectLocality subjectLocality) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSubjectLocality");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSubjectLocality");
        }
        this.subjectLocality = subjectLocality;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public AuthnContext getAuthnContext() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthnContext()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthnContext()");
        }
        return this.authnContext;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public void setAuthnContext(AuthnContext authnContext) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAuthnContext(AuthnContext value):" + (authnContext == null ? null : authnContext.getAuthnContextClassRef()));
        }
        if (authnContext == null) {
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.WSSML6008E"));
        }
        this.authnContext = authnContext;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthnContext");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public Date getAuthnInstant() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getAuthnInstant()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getAuthnInstant()");
        }
        return this.authnInstant;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public void setAuthnInstant(Date date) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setAuthnInstant(" + date.toString() + ")");
        }
        if (date == null) {
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.WSSML6009E"));
        }
        this.authnInstant = date;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setAuthnInstant(Date date)");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public String getSessionIndex() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSessionIndex()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSessionIndex()");
        }
        return this.sessionIndex;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public void setSessionIndex(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSessionIndex(" + str + ")");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSessionIndex(" + str + ")");
        }
        this.sessionIndex = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public Date getSessionNotOnOrAfter() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSessionNotOnOrAfter()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSessionNotOnOrAfter(): " + (this.sessionNotOnOrAfter == null ? null : this.sessionNotOnOrAfter.toString()));
        }
        return this.sessionNotOnOrAfter;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.AuthnStatement
    public void setSessionNotOnOrAfter(Date date) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSessionNotOnOrAfter(Date value): " + (date == null ? null : date.toString()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSessionNotOnOrAfter(Date value): " + (date == null ? null : date.toString()));
        }
        this.sessionNotOnOrAfter = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.impl.StatementAbstractImpl, com.ibm.ws.wssecurity.saml.saml20.assertion.StatementAbstract
    public QName getQName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getQName()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getQName(): " + (AuthnStatement.qName == null ? null : AuthnStatement.qName.toString()));
        }
        return AuthnStatement.qName;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.impl.StatementAbstractImpl, com.ibm.ws.wssecurity.saml.saml20.assertion.StatementAbstract
    public String getLocalName() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getLocalName()");
        }
        if (!tc.isEntryEnabled()) {
            return AuthnStatement.localName;
        }
        Tr.exit(tc, "getLocalName(): AuthnStatement");
        return AuthnStatement.localName;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getXML()");
        }
        if (!tc.isEntryEnabled()) {
            return null;
        }
        Tr.exit(tc, "getXML()");
        return null;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) throws SoapSecurityException {
        OMElement createOMElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "marshal(OMElement parent): " + (oMElement == null ? null : oMElement.toString()));
        }
        if (this.authnContext.getAuthnContextClassRef() == null) {
            return null;
        }
        try {
            if (oMElement == null) {
                createOMElement = omFactory.createOMElement(AuthnStatement.localName, SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
                createOMElement.declareNamespace(SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
            } else {
                createOMElement = oMElement.getOMFactory().createOMElement(AuthnStatement.localName, SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
            }
            createOMElement.addAttribute(AuthnStatement.AuthnInstant, this.authnInstantUTC, (OMNamespace) null);
            if (this.sessionIndex != null && this.sessionIndex.length() > 0) {
                createOMElement.addAttribute(AuthnStatement.SessionIndex, this.sessionIndex, (OMNamespace) null);
            }
            OMElement marshal = this.authnContext.marshal(createOMElement);
            if (marshal != null) {
                createOMElement.addChild(marshal);
            }
            if (this.subjectLocality != null) {
                createOMElement.addChild(this.subjectLocality.marshal(createOMElement));
            }
            this.xml = createOMElement;
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "marshal(OMElement parent): " + (createOMElement == null ? null : createOMElement.toString()));
            }
            return createOMElement;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "marshal(OMElement parent): " + (oMElement == null ? null : oMElement.toString()));
        }
        this.xml = oMElement;
        this.authnInstantUTC = oMElement.getAttributeValue(new QName(null, AuthnStatement.AuthnInstant));
        if (this.authnInstantUTC != null) {
            try {
                this.authnInstant = UTC.parse(this.authnInstantUTC);
            } catch (Exception e) {
                throw new SoapSecurityException(e.getMessage(), e.getCause());
            }
        }
        OMElement firstElement = OMUtil.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            String localName = oMElement2.getLocalName();
            if (AuthnContext.localName.equals(localName)) {
                this.authnContext = new AuthnContextImpl();
                this.authnContext.unMarshal(oMElement2);
            } else if ("SubjectLocality".equals(localName)) {
                this.subjectLocality = new SubjectLocalityImpl();
                this.subjectLocality.unMarshal(oMElement2);
            }
            firstElement = OMUtil.getNextElement(oMElement2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "marshal(OMElement parent): " + (oMElement == null ? null : oMElement.toString()));
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
        Date date;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "create()");
        }
        this.authnInstant = new Date();
        if (this.cred != null && this.cred.getProperties() != null && (date = (Date) this.cred.getProperties().get("AuthenticationInstant")) != null) {
            this.authnInstant = date;
        }
        this.authnInstantUTC = UTC.format(this.authnInstant);
        if (this.requestData.isSessionIndexEnabled()) {
            this.sessionIndex = UUIDGenerator.generateUUID();
        }
        if (this.requestData.getRequesterIPAddress() != null && !this.requestData.getRequesterIPAddress().isEmpty()) {
            this.subjectLocality = new SubjectLocalityImpl(this.issueCfg, this.requestData, this.cred);
            this.subjectLocality.create();
        }
        this.authnContext = createAuthnContext(this.issueCfg, this.requestData, this.cred);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "create()");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate()");
        }
        if (this.authnInstant == null) {
            return false;
        }
        long j = 180000;
        if (this.assertionConsumingCfg != null) {
            j = this.assertionConsumingCfg.getClockSkew();
        }
        if (j + new Date().getTime() < this.authnInstant.getTime()) {
            return false;
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "validate()");
        return true;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.impl.StatementAbstractImpl, com.ibm.ws.wssecurity.saml.saml20.assertion.StatementAbstract
    public boolean isSupported() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "isSupported()");
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "isSupported(): " + new Boolean(true).toString());
        return true;
    }
}
