package org.picketlink.identity.federation.core.wstrust;

import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.picketlink.identity.federation.PicketLinkLogger;
import org.picketlink.identity.federation.PicketLinkLoggerFactory;
import org.picketlink.identity.federation.core.config.AuthPropertyType;
import org.picketlink.identity.federation.core.config.ClaimsProcessorType;
import org.picketlink.identity.federation.core.config.ClaimsProcessorsType;
import org.picketlink.identity.federation.core.config.KeyProviderType;
import org.picketlink.identity.federation.core.config.KeyValueType;
import org.picketlink.identity.federation.core.config.STSType;
import org.picketlink.identity.federation.core.config.ServiceProviderType;
import org.picketlink.identity.federation.core.config.ServiceProvidersType;
import org.picketlink.identity.federation.core.config.TokenProviderType;
import org.picketlink.identity.federation.core.config.TokenProvidersType;
import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
import org.picketlink.identity.federation.core.sts.STSCoreConfig;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.web.constants.GeneralConstants;

/* loaded from: input_file:org/picketlink/identity/federation/core/wstrust/PicketLinkSTSConfiguration.class */
public class PicketLinkSTSConfiguration implements STSConfiguration {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    private final STSType delegate;
    private final Map<String, SecurityTokenProvider> tokenProviders;
    private final Map<String, ServiceProviderType> spMetadata;
    private final Map<String, ClaimsProcessor> claimsProcessors;
    private TrustKeyManager trustManager;
    private WSTrustRequestHandler handler;
    private String certificateAlias;

    public PicketLinkSTSConfiguration() {
        this.tokenProviders = new HashMap();
        this.spMetadata = new HashMap();
        this.claimsProcessors = new HashMap();
        this.delegate = new STSType();
        this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName());
    }

    public PicketLinkSTSConfiguration(STSType sTSType) {
        this.tokenProviders = new HashMap();
        this.spMetadata = new HashMap();
        this.claimsProcessors = new HashMap();
        this.delegate = sTSType;
        if (this.delegate.getRequestHandler() == null) {
            this.delegate.setRequestHandler(StandardRequestHandler.class.getCanonicalName());
        }
        TokenProvidersType tokenProviders = this.delegate.getTokenProviders();
        if (tokenProviders != null) {
            for (TokenProviderType tokenProviderType : tokenProviders.getTokenProvider()) {
                HashMap hashMap = new HashMap();
                try {
                    List<KeyValueType> properties = CoreConfigUtil.getProperties(tokenProviderType);
                    hashMap.put(GeneralConstants.ASSERTIONS_VALIDITY, String.valueOf(sTSType.getTokenTimeout()));
                    hashMap.put(GeneralConstants.CLOCK_SKEW, String.valueOf(sTSType.getClockSkew()));
                    for (KeyValueType keyValueType : properties) {
                        hashMap.put(keyValueType.getKey(), keyValueType.getValue());
                    }
                    SecurityTokenProvider createTokenProvider = WSTrustServiceFactory.getInstance().createTokenProvider(tokenProviderType.getProviderClass(), hashMap);
                    this.tokenProviders.put(tokenProviderType.getTokenType(), createTokenProvider);
                    this.tokenProviders.put(createTokenProvider.family() + "$" + tokenProviderType.getTokenElement() + "$" + tokenProviderType.getTokenElementNS(), createTokenProvider);
                } catch (GeneralSecurityException e) {
                    throw new RuntimeException(e);
                }
            }
        }
        ClaimsProcessorsType claimsProcessors = this.delegate.getClaimsProcessors();
        if (claimsProcessors != null) {
            for (ClaimsProcessorType claimsProcessorType : claimsProcessors.getClaimsProcessor()) {
                HashMap hashMap2 = new HashMap();
                try {
                    for (KeyValueType keyValueType2 : CoreConfigUtil.getProperties(claimsProcessorType)) {
                        hashMap2.put(keyValueType2.getKey(), keyValueType2.getValue());
                    }
                    this.claimsProcessors.put(claimsProcessorType.getDialect(), WSTrustServiceFactory.getInstance().createClaimsProcessor(claimsProcessorType.getProcessorClass(), hashMap2));
                } catch (GeneralSecurityException e2) {
                    throw new RuntimeException(e2);
                }
            }
        }
        ServiceProvidersType serviceProviders = this.delegate.getServiceProviders();
        if (serviceProviders != null) {
            for (ServiceProviderType serviceProviderType : serviceProviders.getServiceProvider()) {
                this.spMetadata.put(serviceProviderType.getEndpoint(), serviceProviderType);
            }
        }
        KeyProviderType keyProvider = sTSType.getKeyProvider();
        if (keyProvider != null) {
            String className = keyProvider.getClassName();
            try {
                List<AuthPropertyType> keyProviderProperties = CoreConfigUtil.getKeyProviderProperties(keyProvider);
                Class<?> loadClass = SecurityActions.loadClass(getClass(), className);
                if (loadClass == null) {
                    throw logger.classNotLoadedError(className);
                }
                this.trustManager = (TrustKeyManager) loadClass.newInstance();
                this.trustManager.setAuthProperties(keyProviderProperties);
                this.trustManager.setValidatingAlias(keyProvider.getValidatingAlias());
                if (keyProviderProperties != null) {
                    Iterator<AuthPropertyType> it = keyProviderProperties.iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        AuthPropertyType next = it.next();
                        if (GeneralConstants.X509CERTIFICATE.equals(next.getKey())) {
                            this.trustManager.addAdditionalOption(GeneralConstants.X509CERTIFICATE, next.getValue());
                            break;
                        }
                    }
                }
            } catch (Exception e3) {
                throw logger.stsUnableToConstructKeyManagerError(e3);
            }
        }
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public String getSTSName() {
        return this.delegate.getSTSName();
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public boolean encryptIssuedToken() {
        return this.delegate.isEncryptToken();
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public boolean signIssuedToken() {
        return this.delegate.isSignToken();
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public long getIssuedTokenTimeout() {
        return this.delegate.getTokenTimeout() * 1000;
    }

    @Override // org.picketlink.identity.federation.core.wstrust.STSConfiguration
    public WSTrustRequestHandler getRequestHandler() {
        if (this.handler == null) {
            this.handler = WSTrustServiceFactory.getInstance().createRequestHandler(this.delegate.getRequestHandler(), this);
        }
        return this.handler;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public SecurityTokenProvider getProviderForService(String str) {
        if (str == null) {
            throw logger.nullArgumentError("serviceName");
        }
        ServiceProviderType serviceProviderType = this.spMetadata.get(str);
        if (serviceProviderType != null) {
            return this.tokenProviders.get(serviceProviderType.getTokenType());
        }
        return null;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public SecurityTokenProvider getProviderForTokenType(String str) {
        if (str == null) {
            throw logger.nullArgumentError("tokenType");
        }
        return this.tokenProviders.get(str);
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public SecurityTokenProvider getProviderForTokenElementNS(String str, QName qName) {
        return this.tokenProviders.get(str + "$" + qName.getLocalPart() + "$" + qName.getNamespaceURI());
    }

    @Override // org.picketlink.identity.federation.core.wstrust.STSConfiguration
    public ClaimsProcessor getClaimsProcessor(String str) {
        return this.claimsProcessors.get(str);
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public String getTokenTypeForService(String str) {
        ServiceProviderType serviceProviderType = this.spMetadata.get(str);
        if (serviceProviderType != null) {
            return serviceProviderType.getTokenType();
        }
        return null;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public PublicKey getServiceProviderPublicKey(String str) {
        PublicKey publicKey = null;
        if (this.trustManager != null) {
            try {
                ServiceProviderType serviceProviderType = this.spMetadata.get(str);
                if (serviceProviderType != null && serviceProviderType.getTruststoreAlias() != null) {
                    publicKey = this.trustManager.getPublicKey(serviceProviderType.getTruststoreAlias());
                }
                if (publicKey == null) {
                    publicKey = this.trustManager.getValidatingKey(str);
                }
            } catch (Exception e) {
                throw logger.stsPublicKeyError(str, e);
            }
        }
        return publicKey;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public X509Certificate getServiceProviderCertificate(String str) {
        X509Certificate x509Certificate = null;
        if (this.trustManager != null) {
            try {
                ServiceProviderType serviceProviderType = this.spMetadata.get(str);
                if (serviceProviderType != null && serviceProviderType.getTruststoreAlias() != null) {
                    Certificate certificate = this.trustManager.getCertificate(serviceProviderType.getTruststoreAlias());
                    if (certificate instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) certificate;
                    }
                }
                if (x509Certificate == null) {
                    Certificate certificate2 = this.trustManager.getCertificate(str);
                    if (certificate2 instanceof X509Certificate) {
                        x509Certificate = (X509Certificate) certificate2;
                    }
                }
            } catch (Exception e) {
                throw logger.stsPublicKeyError(str, e);
            }
        }
        return x509Certificate;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public KeyPair getSTSKeyPair() {
        KeyPair keyPair = null;
        if (this.trustManager != null) {
            try {
                keyPair = this.trustManager.getSigningKeyPair();
            } catch (Exception e) {
                throw logger.stsSigningKeyPairError(e);
            }
        }
        return keyPair;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public Certificate getCertificate(String str) {
        Certificate certificate = null;
        if (this.trustManager != null) {
            try {
                certificate = this.trustManager.getCertificate(str);
            } catch (Exception e) {
                throw logger.stsPublicKeyCertError(e);
            }
        }
        return certificate;
    }

    @Override // org.picketlink.identity.federation.core.wstrust.STSConfiguration
    public String getXMLDSigCanonicalizationMethod() {
        return this.delegate.getCanonicalizationMethod();
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public void addTokenProvider(String str, SecurityTokenProvider securityTokenProvider) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(PicketLinkCoreSTS.rte);
        }
        this.tokenProviders.put(str, securityTokenProvider);
        QName supportedQName = securityTokenProvider.getSupportedQName();
        if (supportedQName != null) {
            this.tokenProviders.put(securityTokenProvider.family() + "$" + supportedQName.getLocalPart() + "$" + supportedQName.getNamespaceURI(), securityTokenProvider);
        }
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public void removeTokenProvider(String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(PicketLinkCoreSTS.rte);
        }
        this.tokenProviders.remove(str);
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public List<SecurityTokenProvider> getTokenProviders() {
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(this.tokenProviders.values());
        return Collections.unmodifiableList(arrayList);
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public List<SecurityTokenProvider> getProvidersByFamily(String str) {
        ArrayList arrayList = new ArrayList();
        for (SecurityTokenProvider securityTokenProvider : this.tokenProviders.values()) {
            if (securityTokenProvider.family().equals(str)) {
                arrayList.add(securityTokenProvider);
            }
        }
        return arrayList;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public String getSigningCertificateAlias() {
        if (this.certificateAlias == null) {
            this.certificateAlias = (String) this.trustManager.getAdditionalOption(GeneralConstants.X509CERTIFICATE);
        }
        return this.certificateAlias;
    }

    public void setSigningCertificateAlias(String str) {
        this.certificateAlias = str;
    }

    @Override // org.picketlink.identity.federation.core.sts.STSCoreConfig
    public void copy(STSCoreConfig sTSCoreConfig) {
        if (!(sTSCoreConfig instanceof PicketLinkSTSConfiguration)) {
            throw new RuntimeException("Unknown config :" + sTSCoreConfig);
        }
        PicketLinkSTSConfiguration picketLinkSTSConfiguration = (PicketLinkSTSConfiguration) sTSCoreConfig;
        this.tokenProviders.putAll(picketLinkSTSConfiguration.tokenProviders);
        this.claimsProcessors.putAll(picketLinkSTSConfiguration.claimsProcessors);
    }

    public String toString() {
        return "PicketLinkSTSConfiguration [delegate=" + this.delegate + ", tokenProviders=" + this.tokenProviders + ", spMetadata=" + this.spMetadata + ", claimsProcessors=" + this.claimsProcessors + ", trustManager=" + this.trustManager + ", handler=" + this.handler + "]";
    }
}
