package org.picketlink.identity.federation.bindings.wildfly.rest;

import java.io.InputStream;
import java.net.URI;
import javax.annotation.PostConstruct;
import javax.servlet.ServletConfig;
import javax.servlet.ServletContext;
import javax.ws.rs.core.Context;
import javax.xml.datatype.XMLGregorianCalendar;
import org.picketlink.common.constants.JBossSAMLURIConstants;
import org.picketlink.common.exceptions.ConfigurationException;
import org.picketlink.common.exceptions.ParsingException;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.config.federation.STSType;
import org.picketlink.identity.federation.bindings.wildfly.providers.OAuth2TokenProvider;
import org.picketlink.identity.federation.bindings.wildfly.providers.OAuthProtocolContext;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLProtocolContext;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
import org.picketlink.identity.federation.web.util.PostBindingUtil;

/* loaded from: input_file:org/picketlink/identity/federation/bindings/wildfly/rest/STSEndpoint.class */
public class STSEndpoint {
    protected static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:saml2-bearer";
    protected static final String GRANT_TYPE_PARAMETER = "grant_type";
    protected static final String ASSERTION_PARAMETER = "assertion";

    @Context
    protected ServletContext servletContext;

    @Context
    protected ServletConfig servletConfig;
    protected String subjectConfirmationMethod = JBossSAMLURIConstants.SUBJECT_CONFIRMATION_BEARER.get();
    protected String issuer = null;
    protected PicketLinkCoreSTS sts = null;

    @PostConstruct
    public void initialize() {
        if (this.servletConfig != null) {
            this.issuer = this.servletConfig.getInitParameter("issuer");
            if (this.issuer == null) {
                this.issuer = "PicketLink_SAML_REST";
            }
        }
        checkAndSetUpSTS();
    }

    protected void checkAndSetUpSTS() {
        if (this.sts == null) {
            if (this.servletContext != null) {
                this.sts = (PicketLinkCoreSTS) this.servletContext.getAttribute("STS");
            }
            if (this.sts == null) {
                this.sts = PicketLinkCoreSTS.instance();
                try {
                    loadConfiguration();
                    if (this.servletContext != null) {
                        this.servletContext.setAttribute("STS", this.sts);
                    }
                } catch (ParsingException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLProtocolContext getSAMLProtocolContext(String str) throws ConfigurationException {
        XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
        SubjectType subjectType = new SubjectType();
        NameIDType nameIDType = new NameIDType();
        nameIDType.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get()));
        nameIDType.setValue(str);
        SubjectType.STSubType sTSubType = new SubjectType.STSubType();
        sTSubType.addBaseID(nameIDType);
        subjectType.setSubType(sTSubType);
        SubjectConfirmationType subjectConfirmationType = new SubjectConfirmationType();
        subjectConfirmationType.setMethod(this.subjectConfirmationMethod);
        SubjectConfirmationDataType subjectConfirmationDataType = new SubjectConfirmationDataType();
        subjectConfirmationDataType.setInResponseTo("REST_REQUEST");
        subjectConfirmationDataType.setNotOnOrAfter(issueInstant);
        subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationDataType);
        subjectType.addConfirmation(subjectConfirmationType);
        SAMLProtocolContext sAMLProtocolContext = new SAMLProtocolContext();
        sAMLProtocolContext.setSubjectType(subjectType);
        NameIDType nameIDType2 = new NameIDType();
        nameIDType2.setValue(this.issuer);
        sAMLProtocolContext.setIssuerID(nameIDType2);
        return sAMLProtocolContext;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AssertionType parseAssertion(String str) throws ParsingException {
        return (AssertionType) new SAMLParser().parse(PostBindingUtil.base64DecodeAsStream(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AssertionType issueSAMLAssertion(SAMLProtocolContext sAMLProtocolContext) throws ProcessingException {
        checkAndSetUpSTS();
        this.sts.issueToken(sAMLProtocolContext);
        return sAMLProtocolContext.getIssuedAssertion();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String issueOAuthToken(String str) throws ProcessingException {
        checkAndSetUpSTS();
        OAuthProtocolContext oAuthProtocolContext = new OAuthProtocolContext();
        oAuthProtocolContext.setSamlAssertionID(str);
        this.sts.issueToken(oAuthProtocolContext);
        return oAuthProtocolContext.getToken();
    }

    public boolean validate(SAMLProtocolContext sAMLProtocolContext) {
        try {
            checkAndSetUpSTS();
            this.sts.validateToken(sAMLProtocolContext);
            return true;
        } catch (ProcessingException e) {
            return false;
        }
    }

    protected void loadConfiguration() throws ParsingException {
        InputStream inputStream = null;
        if (this.servletContext != null) {
            inputStream = this.servletContext.getResourceAsStream("/WEB-INF/picketlink.xml");
        }
        if (inputStream == null) {
            inputStream = getClass().getClassLoader().getResourceAsStream("picketlink.xml");
        }
        if (inputStream != null) {
            STSType stsType = ConfigurationUtil.getConfiguration(inputStream).getStsType();
            if (stsType != null) {
                this.sts.initialize(new PicketLinkSTSConfiguration(stsType));
                return;
            }
            return;
        }
        this.sts.installDefaultConfiguration(new String[0]);
        try {
            this.sts.getConfiguration().addTokenProvider(OAuthProtocolContext.OAUTH_2_0_NS, (SecurityTokenProvider) OAuth2TokenProvider.class.newInstance());
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }
}
