package org.apache.cxf.sts.operation;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.handler.MessageContext;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.rt.security.claims.Claim;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.sts.IdentityMapper;
import org.apache.cxf.sts.QNameConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.claims.ClaimsManager;
import org.apache.cxf.sts.event.AbstractSTSEvent;
import org.apache.cxf.sts.event.STSEventListener;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.request.ReceivedToken;
import org.apache.cxf.sts.request.RequestParser;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.sts.service.ServiceMBean;
import org.apache.cxf.sts.token.delegation.TokenDelegationHandler;
import org.apache.cxf.sts.token.provider.TokenProvider;
import org.apache.cxf.sts.token.provider.TokenProviderParameters;
import org.apache.cxf.sts.token.provider.TokenReference;
import org.apache.cxf.sts.token.realm.Relationship;
import org.apache.cxf.sts.token.realm.RelationshipResolver;
import org.apache.cxf.sts.token.validator.TokenValidator;
import org.apache.cxf.sts.token.validator.TokenValidatorParameters;
import org.apache.cxf.sts.token.validator.TokenValidatorResponse;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.sts.provider.model.LifetimeType;
import org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType;
import org.apache.cxf.ws.security.sts.provider.model.RequestedReferenceType;
import org.apache.cxf.ws.security.sts.provider.model.secext.KeyIdentifierType;
import org.apache.cxf.ws.security.sts.provider.model.secext.ReferenceType;
import org.apache.cxf.ws.security.sts.provider.model.secext.SecurityTokenReferenceType;
import org.apache.cxf.ws.security.sts.provider.model.utility.AttributedDateTime;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventConstants;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-020.zip:modules/system/layers/fuse/org/apache/cxf/3.0/cxf-services-sts-core-3.0.4.redhat-621020.jar:org/apache/cxf/sts/operation/AbstractOperation.class */
public abstract class AbstractOperation {
    public static final QName TOKEN_TYPE = new QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "TokenType", "wsse11");
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractOperation.class);
    protected STSPropertiesMBean stsProperties;
    protected boolean encryptIssuedToken;
    protected List<ServiceMBean> services;
    protected TokenStore tokenStore;
    protected STSEventListener eventPublisher;
    protected List<TokenProvider> tokenProviders = new ArrayList();
    protected List<TokenValidator> tokenValidators = new ArrayList();
    protected boolean returnReferences = true;
    protected ClaimsManager claimsManager = new ClaimsManager();
    protected List<TokenDelegationHandler> delegationHandlers = new ArrayList();

    public boolean isReturnReferences() {
        return this.returnReferences;
    }

    public void setReturnReferences(boolean z) {
        this.returnReferences = z;
    }

    public TokenStore getTokenStore() {
        return this.tokenStore;
    }

    public void setTokenStore(TokenStore tokenStore) {
        this.tokenStore = tokenStore;
    }

    public void setStsProperties(STSPropertiesMBean sTSPropertiesMBean) {
        this.stsProperties = sTSPropertiesMBean;
    }

    public void setEncryptIssuedToken(boolean z) {
        this.encryptIssuedToken = z;
    }

    public void setServices(List<ServiceMBean> list) {
        this.services = list;
    }

    public void setTokenProviders(List<TokenProvider> list) {
        this.tokenProviders = list;
    }

    public List<TokenDelegationHandler> getDelegationHandlers() {
        return this.delegationHandlers;
    }

    public void setDelegationHandlers(List<TokenDelegationHandler> list) {
        this.delegationHandlers = list;
    }

    public List<TokenProvider> getTokenProviders() {
        return this.tokenProviders;
    }

    public void setTokenValidators(List<TokenValidator> list) {
        this.tokenValidators = list;
    }

    public List<TokenValidator> getTokenValidators() {
        return this.tokenValidators;
    }

    public ClaimsManager getClaimsManager() {
        return this.claimsManager;
    }

    public void setClaimsManager(ClaimsManager claimsManager) {
        this.claimsManager = claimsManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RequestParser parseRequest(RequestSecurityTokenType requestSecurityTokenType, WebServiceContext webServiceContext) {
        if (webServiceContext == null || webServiceContext.getMessageContext() == null) {
            throw new STSException("No message context found");
        }
        if (this.stsProperties == null) {
            throw new STSException("No STSProperties object found");
        }
        this.stsProperties.configureProperties();
        RequestParser requestParser = new RequestParser();
        requestParser.parseRequest(requestSecurityTokenType, webServiceContext, this.stsProperties, this.claimsManager.getClaimParsers());
        return requestParser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RequestedReferenceType createRequestedReference(TokenReference tokenReference, boolean z) {
        RequestedReferenceType createRequestedReferenceType = QNameConstants.WS_TRUST_FACTORY.createRequestedReferenceType();
        SecurityTokenReferenceType createSecurityTokenReferenceType = QNameConstants.WSSE_FACTORY.createSecurityTokenReferenceType();
        String wsse11TokenType = tokenReference.getWsse11TokenType();
        if (wsse11TokenType != null) {
            createSecurityTokenReferenceType.getOtherAttributes().put(TOKEN_TYPE, wsse11TokenType);
        }
        if (tokenReference.isUseKeyIdentifier()) {
            String identifier = tokenReference.getIdentifier();
            if (identifier.charAt(0) == '#') {
                identifier = identifier.substring(1);
            }
            KeyIdentifierType createKeyIdentifierType = QNameConstants.WSSE_FACTORY.createKeyIdentifierType();
            createKeyIdentifierType.setValue(identifier);
            String wsseValueType = tokenReference.getWsseValueType();
            if (wsseValueType != null) {
                createKeyIdentifierType.setValueType(wsseValueType);
            }
            createSecurityTokenReferenceType.getAny().add(QNameConstants.WSSE_FACTORY.createKeyIdentifier(createKeyIdentifierType));
        } else if (tokenReference.isUseDirectReference()) {
            String identifier2 = tokenReference.getIdentifier();
            if (z && identifier2.charAt(0) != '#') {
                identifier2 = "#" + identifier2;
            } else if (!z && identifier2.charAt(0) == '#') {
                identifier2 = identifier2.substring(1);
            }
            ReferenceType createReferenceType = QNameConstants.WSSE_FACTORY.createReferenceType();
            createReferenceType.setURI(identifier2);
            String wsseValueType2 = tokenReference.getWsseValueType();
            if (wsseValueType2 != null) {
                createReferenceType.setValueType(wsseValueType2);
            }
            createSecurityTokenReferenceType.getAny().add(QNameConstants.WSSE_FACTORY.createReference(createReferenceType));
        }
        createRequestedReferenceType.setSecurityTokenReference(createSecurityTokenReferenceType);
        return createRequestedReferenceType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static RequestedReferenceType createRequestedReference(String str, String str2, boolean z) {
        TokenReference tokenReference = new TokenReference();
        tokenReference.setIdentifier(str);
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(str2) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(str2)) {
            tokenReference.setWsse11TokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            tokenReference.setUseKeyIdentifier(true);
            tokenReference.setWsseValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
        } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(str2) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(str2)) {
            tokenReference.setWsse11TokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            tokenReference.setUseKeyIdentifier(true);
            tokenReference.setWsseValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID");
        } else {
            tokenReference.setUseDirectReference(true);
            tokenReference.setWsseValueType(str2);
        }
        return createRequestedReference(tokenReference, z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static LifetimeType createLifetime(Date date, Date date2) {
        AttributedDateTime createAttributedDateTime = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
        AttributedDateTime createAttributedDateTime2 = QNameConstants.UTIL_FACTORY.createAttributedDateTime();
        Date date3 = date;
        if (date3 == null) {
            date3 = new Date();
        }
        Date date4 = date2;
        if (date4 == null) {
            date4 = new Date();
            date4.setTime(date3.getTime() + (300 * 1000));
        }
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        createAttributedDateTime.setValue(xmlSchemaDateFormat.format(date3));
        LOG.fine("Token lifetime creation: " + createAttributedDateTime.getValue());
        createAttributedDateTime2.setValue(xmlSchemaDateFormat.format(date4));
        LOG.fine("Token lifetime expiration: " + createAttributedDateTime2.getValue());
        LifetimeType createLifetimeType = QNameConstants.WS_TRUST_FACTORY.createLifetimeType();
        createLifetimeType.setCreated(createAttributedDateTime);
        createLifetimeType.setExpires(createAttributedDateTime2);
        return createLifetimeType;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element encryptToken(Element element, String str, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements, WebServiceContext webServiceContext) throws WSSecurityException {
        String encryptionName = encryptionProperties.getEncryptionName();
        if (encryptionName == null) {
            encryptionName = this.stsProperties.getEncryptionUsername();
        }
        if (encryptionName == null) {
            LOG.fine("No encryption alias is configured");
            return element;
        }
        String encryptionAlgorithm = keyRequirements.getEncryptionAlgorithm();
        if (encryptionAlgorithm == null) {
            encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
        } else if (!encryptionProperties.getAcceptedEncryptionAlgorithms().contains(encryptionAlgorithm)) {
            encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
            LOG.fine("EncryptionAlgorithm not supported, defaulting to: " + encryptionAlgorithm);
        }
        String keywrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
        if (keywrapAlgorithm == null) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
        } else if (!encryptionProperties.getAcceptedKeyWrapAlgorithms().contains(keywrapAlgorithm)) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
            LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keywrapAlgorithm);
        }
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encryptionName)) {
            wSSecEncrypt.setUseThisCert(getReqSigCert(webServiceContext.getMessageContext()));
        } else {
            wSSecEncrypt.setUserInfo(encryptionName);
        }
        wSSecEncrypt.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
        wSSecEncrypt.setSymmetricEncAlgorithm(encryptionAlgorithm);
        wSSecEncrypt.setKeyEncAlgo(keywrapAlgorithm);
        wSSecEncrypt.setEmbedEncryptedKey(true);
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str, "Element");
        wSEncryptionPart.setElement(element);
        Document ownerDocument = element.getOwnerDocument();
        ownerDocument.appendChild(element);
        wSSecEncrypt.prepare(element.getOwnerDocument(), this.stsProperties.getEncryptionCrypto());
        wSSecEncrypt.encryptForRef(null, Collections.singletonList(wSEncryptionPart));
        return ownerDocument.getDocumentElement();
    }

    protected Element encryptSecret(byte[] bArr, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements) throws WSSecurityException {
        String encryptionName = encryptionProperties.getEncryptionName();
        if (encryptionName == null) {
            encryptionName = this.stsProperties.getEncryptionUsername();
        }
        if (encryptionName == null) {
            throw new STSException("No encryption alias is configured", STSException.REQUEST_FAILED);
        }
        String keywrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
        if (keywrapAlgorithm == null) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
        } else if (!encryptionProperties.getAcceptedKeyWrapAlgorithms().contains(keywrapAlgorithm)) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
            LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keywrapAlgorithm);
        }
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setUserInfo(encryptionName);
        wSSecEncryptedKey.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
        wSSecEncryptedKey.setEphemeralKey(bArr);
        wSSecEncryptedKey.setKeyEncAlgo(keywrapAlgorithm);
        wSSecEncryptedKey.prepare(DOMUtils.createDocument(), this.stsProperties.getEncryptionCrypto());
        return wSSecEncryptedKey.getEncryptedKeyElement();
    }

    protected String extractAddressFromAppliesTo(Element element) {
        Element firstChildWithName;
        LOG.fine("Parsing AppliesTo element");
        if (element != null) {
            Element firstChildWithName2 = DOMUtils.getFirstChildWithName(element, "http://www.w3.org/2005/08/addressing", "EndpointReference");
            if (firstChildWithName2 != null) {
                LOG.fine("Found EndpointReference element");
                Element firstChildWithName3 = DOMUtils.getFirstChildWithName(firstChildWithName2, "http://www.w3.org/2005/08/addressing", "Address");
                if (firstChildWithName3 != null) {
                    LOG.fine("Found address element");
                    return firstChildWithName3.getTextContent();
                }
            } else if (element.getNamespaceURI() != null && (firstChildWithName = DOMUtils.getFirstChildWithName(element, element.getNamespaceURI(), "URI")) != null) {
                LOG.fine("Found URI element");
                return firstChildWithName.getTextContent();
            }
        }
        LOG.fine("AppliesTo element does not exist or could not be parsed");
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenProviderParameters createTokenProviderParameters(RequestParser requestParser, WebServiceContext webServiceContext) {
        TokenProviderParameters tokenProviderParameters = new TokenProviderParameters();
        tokenProviderParameters.setStsProperties(this.stsProperties);
        tokenProviderParameters.setPrincipal(webServiceContext.getUserPrincipal());
        tokenProviderParameters.setWebServiceContext(webServiceContext);
        tokenProviderParameters.setTokenStore(getTokenStore());
        KeyRequirements keyRequirements = requestParser.getKeyRequirements();
        TokenRequirements tokenRequirements = requestParser.getTokenRequirements();
        tokenProviderParameters.setKeyRequirements(keyRequirements);
        tokenProviderParameters.setTokenRequirements(tokenRequirements);
        String extractAddressFromAppliesTo = extractAddressFromAppliesTo(tokenRequirements.getAppliesTo());
        LOG.fine("The AppliesTo address that has been received is: " + extractAddressFromAppliesTo);
        tokenProviderParameters.setAppliesToAddress(extractAddressFromAppliesTo);
        if (this.stsProperties.getRealmParser() != null) {
            tokenProviderParameters.setRealm(this.stsProperties.getRealmParser().parseRealm(webServiceContext));
        }
        tokenProviderParameters.setRequestedPrimaryClaims(tokenRequirements.getPrimaryClaims());
        tokenProviderParameters.setRequestedSecondaryClaims(tokenRequirements.getSecondaryClaims());
        EncryptionProperties encryptionProperties = this.stsProperties.getEncryptionProperties();
        if (extractAddressFromAppliesTo != null) {
            boolean z = false;
            if (this.services != null) {
                Iterator<ServiceMBean> it = this.services.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    ServiceMBean next = it.next();
                    if (next.isAddressInEndpoints(extractAddressFromAppliesTo)) {
                        EncryptionProperties encryptionProperties2 = next.getEncryptionProperties();
                        if (encryptionProperties2 != null) {
                            encryptionProperties = encryptionProperties2;
                        }
                        if (tokenRequirements.getTokenType() == null) {
                            String tokenType = next.getTokenType();
                            tokenRequirements.setTokenType(tokenType);
                            LOG.fine("Using default token type of: " + tokenType);
                        }
                        if (keyRequirements.getKeyType() == null) {
                            String keyType = next.getKeyType();
                            keyRequirements.setKeyType(keyType);
                            LOG.fine("Using default key type of: " + keyType);
                        }
                        z = true;
                    }
                }
            }
            if (!z) {
                LOG.log(Level.WARNING, "The Service cannot match the received AppliesTo address");
                throw new STSException("No service corresponding to " + extractAddressFromAppliesTo + " is known", STSException.REQUEST_FAILED);
            }
        }
        tokenProviderParameters.setEncryptionProperties(encryptionProperties);
        return tokenProviderParameters;
    }

    private X509Certificate getReqSigCert(MessageContext messageContext) {
        X509Certificate x509Certificate;
        List list = (List) messageContext.get(WSHandlerConstants.RECV_RESULTS);
        if (list != null) {
            Iterator it = list.iterator();
            while (it.hasNext()) {
                for (WSSecurityEngineResult wSSecurityEngineResult : ((WSHandlerResult) it.next()).getResults()) {
                    if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 2 && (x509Certificate = (X509Certificate) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE)) != null) {
                        return x509Certificate;
                    }
                }
            }
        }
        List<SecurityEvent> list2 = (List) messageContext.get(SecurityEvent.class.getName() + ".in");
        if (list2 == null) {
            return null;
        }
        for (SecurityEvent securityEvent : list2) {
            if (WSSecurityEventConstants.SignedPart == securityEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == securityEvent.getSecurityEventType()) {
                SecurityToken securityToken = ((AbstractSecuredElementSecurityEvent) securityEvent).getSecurityToken();
                if (securityToken != null) {
                    try {
                        if (securityToken.getX509Certificates() != null && securityToken.getX509Certificates().length > 0) {
                            return securityToken.getX509Certificates()[0];
                        }
                    } catch (XMLSecurityException e) {
                        LOG.log(Level.FINE, e.getMessage(), (Throwable) e);
                        return null;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TokenValidatorResponse validateReceivedToken(WebServiceContext webServiceContext, String str, TokenRequirements tokenRequirements, ReceivedToken receivedToken) {
        receivedToken.setState(ReceivedToken.STATE.NONE);
        TokenRequirements tokenRequirements2 = new TokenRequirements();
        tokenRequirements2.setValidateTarget(receivedToken);
        TokenValidatorParameters tokenValidatorParameters = new TokenValidatorParameters();
        tokenValidatorParameters.setStsProperties(this.stsProperties);
        tokenValidatorParameters.setPrincipal(webServiceContext.getUserPrincipal());
        tokenValidatorParameters.setWebServiceContext(webServiceContext);
        tokenValidatorParameters.setTokenStore(getTokenStore());
        tokenValidatorParameters.setKeyRequirements(null);
        tokenValidatorParameters.setTokenRequirements(tokenRequirements2);
        tokenValidatorParameters.setToken(receivedToken);
        TokenValidatorResponse tokenValidatorResponse = null;
        Iterator<TokenValidator> it = this.tokenValidators.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            TokenValidator next = it.next();
            if (str == null ? next.canHandleToken(receivedToken) : next.canHandleToken(receivedToken, str)) {
                try {
                    tokenValidatorResponse = next.validateToken(tokenValidatorParameters);
                    receivedToken = tokenValidatorResponse.getToken();
                    receivedToken.setPrincipal(tokenValidatorResponse.getPrincipal());
                    receivedToken.setRoles(tokenValidatorResponse.getRoles());
                    break;
                } catch (RuntimeException e) {
                    LOG.log(Level.WARNING, "Failed to validate the token", (Throwable) e);
                    receivedToken.setState(ReceivedToken.STATE.INVALID);
                }
            }
        }
        return tokenValidatorResponse;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Code restructure failed: missing block: B:11:0x00d6, code lost:
    
        if (r16.isDelegationAllowed() != false) goto L18;
     */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x00f3, code lost:
    
        return;
     */
    /* JADX WARN: Code restructure failed: missing block: B:14:0x00d9, code lost:
    
        org.apache.cxf.sts.operation.AbstractOperation.LOG.log(java.util.logging.Level.WARNING, "No matching token delegation handler found");
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x00f2, code lost:
    
        throw new org.apache.cxf.ws.security.sts.provider.STSException("No matching token delegation handler found", org.apache.cxf.ws.security.sts.provider.STSException.REQUEST_FAILED);
     */
    /* JADX WARN: Code restructure failed: missing block: B:9:0x00ce, code lost:
    
        if (r16 == null) goto L16;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void performDelegationHandling(org.apache.cxf.sts.request.RequestParser r7, javax.xml.ws.WebServiceContext r8, org.apache.cxf.sts.request.ReceivedToken r9, java.security.Principal r10, java.util.Set<java.security.Principal> r11) {
        /*
            r6 = this;
            org.apache.cxf.sts.token.delegation.TokenDelegationParameters r0 = new org.apache.cxf.sts.token.delegation.TokenDelegationParameters
            r1 = r0
            r1.<init>()
            r12 = r0
            r0 = r12
            r1 = r6
            org.apache.cxf.sts.STSPropertiesMBean r1 = r1.stsProperties
            r0.setStsProperties(r1)
            r0 = r12
            r1 = r8
            java.security.Principal r1 = r1.getUserPrincipal()
            r0.setPrincipal(r1)
            r0 = r12
            r1 = r8
            r0.setWebServiceContext(r1)
            r0 = r12
            r1 = r6
            org.apache.cxf.ws.security.tokenstore.TokenStore r1 = r1.getTokenStore()
            r0.setTokenStore(r1)
            r0 = r12
            r1 = r10
            r0.setTokenPrincipal(r1)
            r0 = r12
            r1 = r11
            r0.setTokenRoles(r1)
            r0 = r7
            org.apache.cxf.sts.request.KeyRequirements r0 = r0.getKeyRequirements()
            r13 = r0
            r0 = r7
            org.apache.cxf.sts.request.TokenRequirements r0 = r0.getTokenRequirements()
            r14 = r0
            r0 = r12
            r1 = r13
            r0.setKeyRequirements(r1)
            r0 = r12
            r1 = r14
            r0.setTokenRequirements(r1)
            r0 = r6
            r1 = r14
            org.w3c.dom.Element r1 = r1.getAppliesTo()
            java.lang.String r0 = r0.extractAddressFromAppliesTo(r1)
            r15 = r0
            r0 = r12
            r1 = r15
            r0.setAppliesToAddress(r1)
            r0 = r12
            r1 = r9
            r0.setToken(r1)
            r0 = 0
            r16 = r0
            r0 = r6
            java.util.List<org.apache.cxf.sts.token.delegation.TokenDelegationHandler> r0 = r0.delegationHandlers
            java.util.Iterator r0 = r0.iterator()
            r17 = r0
        L7a:
            r0 = r17
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto Lcc
            r0 = r17
            java.lang.Object r0 = r0.next()
            org.apache.cxf.sts.token.delegation.TokenDelegationHandler r0 = (org.apache.cxf.sts.token.delegation.TokenDelegationHandler) r0
            r18 = r0
            r0 = r18
            r1 = r9
            boolean r0 = r0.canHandleToken(r1)
            if (r0 == 0) goto Lc9
            r0 = r18
            r1 = r12
            org.apache.cxf.sts.token.delegation.TokenDelegationResponse r0 = r0.isDelegationAllowed(r1)     // Catch: java.lang.RuntimeException -> La9
            r16 = r0
            goto Lcc
        La9:
            r19 = move-exception
            java.util.logging.Logger r0 = org.apache.cxf.sts.operation.AbstractOperation.LOG
            java.util.logging.Level r1 = java.util.logging.Level.WARNING
            java.lang.String r2 = ""
            r3 = r19
            r0.log(r1, r2, r3)
            org.apache.cxf.ws.security.sts.provider.STSException r0 = new org.apache.cxf.ws.security.sts.provider.STSException
            r1 = r0
            java.lang.String r2 = "Error in delegation handling"
            r3 = r19
            javax.xml.namespace.QName r4 = org.apache.cxf.ws.security.sts.provider.STSException.REQUEST_FAILED
            r1.<init>(r2, r3, r4)
            throw r0
        Lc9:
            goto L7a
        Lcc:
            r0 = r16
            if (r0 == 0) goto Ld9
            r0 = r16
            boolean r0 = r0.isDelegationAllowed()
            if (r0 != 0) goto Lf3
        Ld9:
            java.util.logging.Logger r0 = org.apache.cxf.sts.operation.AbstractOperation.LOG
            java.util.logging.Level r1 = java.util.logging.Level.WARNING
            java.lang.String r2 = "No matching token delegation handler found"
            r0.log(r1, r2)
            org.apache.cxf.ws.security.sts.provider.STSException r0 = new org.apache.cxf.ws.security.sts.provider.STSException
            r1 = r0
            java.lang.String r2 = "No matching token delegation handler found"
            javax.xml.namespace.QName r3 = org.apache.cxf.ws.security.sts.provider.STSException.REQUEST_FAILED
            r1.<init>(r2, r3)
            throw r0
        Lf3:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.cxf.sts.operation.AbstractOperation.performDelegationHandling(org.apache.cxf.sts.request.RequestParser, javax.xml.ws.WebServiceContext, org.apache.cxf.sts.request.ReceivedToken, java.security.Principal, java.util.Set):void");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkClaimsSupport(ClaimCollection claimCollection) {
        if (claimCollection != null) {
            ArrayList arrayList = new ArrayList();
            Iterator<Claim> it = claimCollection.iterator();
            while (it.hasNext()) {
                Claim next = it.next();
                if (!this.claimsManager.getSupportedClaimTypes().contains(next.getClaimType()) && !next.isOptional()) {
                    arrayList.add(next.getClaimType());
                }
            }
            if (arrayList.size() > 0) {
                LOG.log(Level.WARNING, "The requested claim " + arrayList.toString() + " cannot be fulfilled by the STS.");
                throw new STSException("The requested claim " + arrayList.toString() + " cannot be fulfilled by the STS.");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processValidToken(TokenProviderParameters tokenProviderParameters, ReceivedToken receivedToken, TokenValidatorResponse tokenValidatorResponse) {
        Principal principal = tokenValidatorResponse.getPrincipal();
        if (principal != null) {
            String realm = tokenProviderParameters.getRealm();
            String tokenRealm = tokenValidatorResponse.getTokenRealm();
            if (tokenRealm == null || tokenRealm.equals(realm)) {
                return;
            }
            RelationshipResolver relationshipResolver = this.stsProperties.getRelationshipResolver();
            Relationship relationship = null;
            if (relationshipResolver != null) {
                relationship = relationshipResolver.resolveRelationship(tokenRealm, realm);
                if (relationship != null) {
                    tokenValidatorResponse.getAdditionalProperties().put(Relationship.class.getName(), relationship);
                }
            }
            if (relationship != null && !relationship.getType().equals(Relationship.FED_TYPE_IDENTITY)) {
                if (relationship.getType().equals(Relationship.FED_TYPE_CLAIMS)) {
                    return;
                }
                LOG.log(Level.SEVERE, "Unkown federation type: " + relationship.getType());
                throw new STSException("Error in providing a token", STSException.BAD_REQUEST);
            }
            IdentityMapper identityMapper = relationship == null ? this.stsProperties.getIdentityMapper() : relationship.getIdentityMapper();
            if (identityMapper != null) {
                receivedToken.setPrincipal(identityMapper.mapPrincipal(tokenRealm, principal, realm));
            } else {
                LOG.log(Level.SEVERE, "No IdentityMapper configured in STSProperties or Relationship");
                throw new STSException("Error in providing a token", STSException.REQUEST_FAILED);
            }
        }
    }

    public void setEventListener(STSEventListener sTSEventListener) {
        this.eventPublisher = sTSEventListener;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void publishEvent(AbstractSTSEvent abstractSTSEvent) {
        if (this.eventPublisher != null) {
            this.eventPublisher.handleSTSEvent(abstractSTSEvent);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static SecurityToken findInboundSecurityToken(SecurityEventConstants.Event event, MessageContext messageContext) throws XMLSecurityException {
        List<SecurityEvent> list = (List) messageContext.get(SecurityEvent.class.getName() + ".in");
        if (list == null) {
            return null;
        }
        for (SecurityEvent securityEvent : list) {
            if (event == securityEvent.getSecurityEventType()) {
                return ((TokenSecurityEvent) securityEvent).getSecurityToken();
            }
        }
        return null;
    }
}
