package org.apache.cxf.sts.token.provider;

import java.util.Date;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.request.Renewing;
import org.apache.cxf.sts.request.TokenRequirements;
import org.apache.cxf.sts.token.renewer.SAMLTokenRenewer;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.message.token.SecurityContextToken;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-222-01.zip:modules/system/layers/fuse/org/apache/cxf/3.0/cxf-services-sts-core-3.0.4.redhat-621222-01.jar:org/apache/cxf/sts/token/provider/SCTProvider.class */
public class SCTProvider implements TokenProvider {
    private static final Logger LOG = LogUtils.getL7dLogger(SCTProvider.class);
    private boolean returnEntropy = true;
    private long lifetime = SAMLTokenRenewer.DEFAULT_MAX_EXPIRY;

    public long getLifetime() {
        return this.lifetime;
    }

    public void setLifetime(long j) {
        this.lifetime = j;
    }

    @Override // org.apache.cxf.sts.token.provider.TokenProvider
    public boolean canHandleToken(String str) {
        return canHandleToken(str, null);
    }

    @Override // org.apache.cxf.sts.token.provider.TokenProvider
    public boolean canHandleToken(String str, String str2) {
        return "http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(str) || "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct".equals(str);
    }

    public void setReturnEntropy(boolean z) {
        this.returnEntropy = z;
    }

    public boolean isReturnEntropy() {
        return this.returnEntropy;
    }

    @Override // org.apache.cxf.sts.token.provider.TokenProvider
    public TokenProviderResponse createToken(TokenProviderParameters tokenProviderParameters) {
        TokenRequirements tokenRequirements = tokenProviderParameters.getTokenRequirements();
        LOG.fine("Handling token of type: " + tokenRequirements.getTokenType());
        if (tokenProviderParameters.getTokenStore() == null) {
            LOG.log(Level.FINE, "A cache must be configured to use the SCTProvider");
            throw new STSException("Can't serialize SCT", STSException.REQUEST_FAILED);
        }
        SymmetricKeyHandler symmetricKeyHandler = new SymmetricKeyHandler(tokenProviderParameters);
        symmetricKeyHandler.createSymmetricKey();
        try {
            SecurityContextToken securityContextToken = new SecurityContextToken(getWSCVersion(tokenRequirements.getTokenType()), DOMUtils.createDocument());
            TokenProviderResponse tokenProviderResponse = new TokenProviderResponse();
            tokenProviderResponse.setToken(securityContextToken.getElement());
            tokenProviderResponse.setTokenId(securityContextToken.getIdentifier());
            if (this.returnEntropy) {
                tokenProviderResponse.setEntropy(symmetricKeyHandler.getEntropyBytes());
            }
            tokenProviderResponse.setKeySize(symmetricKeyHandler.getKeySize());
            tokenProviderResponse.setComputedKey(symmetricKeyHandler.isComputedKey());
            Date date = new Date();
            tokenProviderResponse.setCreated(date);
            Date date2 = null;
            if (this.lifetime > 0) {
                date2 = new Date();
                date2.setTime(date.getTime() + (this.lifetime * 1000));
            }
            tokenProviderResponse.setExpires(date2);
            SecurityToken securityToken = new SecurityToken(securityContextToken.getIdentifier(), date, date2);
            securityToken.setSecret(symmetricKeyHandler.getSecret());
            securityToken.setPrincipal(tokenProviderParameters.getPrincipal());
            Properties properties = securityToken.getProperties();
            if (properties == null) {
                properties = new Properties();
            }
            securityToken.setProperties(properties);
            if (tokenProviderParameters.getRealm() != null) {
                properties.setProperty(STSConstants.TOKEN_REALM, tokenProviderParameters.getRealm());
            }
            Renewing renewing = tokenProviderParameters.getTokenRequirements().getRenewing();
            if (renewing != null) {
                properties.put(STSConstants.TOKEN_RENEWING_ALLOW, String.valueOf(renewing.isAllowRenewing()));
                properties.put(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, String.valueOf(renewing.isAllowRenewingAfterExpiry()));
            } else {
                properties.setProperty(STSConstants.TOKEN_RENEWING_ALLOW, "true");
                properties.setProperty(STSConstants.TOKEN_RENEWING_ALLOW_AFTER_EXPIRY, "false");
            }
            tokenProviderParameters.getTokenStore().add(securityToken);
            TokenReference tokenReference = new TokenReference();
            tokenReference.setIdentifier(securityContextToken.getID());
            tokenReference.setUseDirectReference(true);
            tokenReference.setWsseValueType(tokenRequirements.getTokenType());
            tokenProviderResponse.setAttachedReference(tokenReference);
            TokenReference tokenReference2 = new TokenReference();
            tokenReference2.setIdentifier(securityContextToken.getIdentifier());
            tokenReference2.setUseDirectReference(true);
            tokenReference2.setWsseValueType(tokenRequirements.getTokenType());
            tokenProviderResponse.setUnattachedReference(tokenReference2);
            return tokenProviderResponse;
        } catch (Exception e) {
            LOG.log(Level.WARNING, "", (Throwable) e);
            throw new STSException("Can't serialize SCT", e, STSException.REQUEST_FAILED);
        }
    }

    private static int getWSCVersion(String str) throws WSSecurityException {
        if (str == null) {
            return 2;
        }
        if (str.startsWith("http://schemas.xmlsoap.org/ws/2005/02/sc")) {
            return ConversationConstants.getWSTVersion("http://schemas.xmlsoap.org/ws/2005/02/sc");
        }
        if (str.startsWith("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512")) {
            return ConversationConstants.getWSTVersion("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512");
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "unsupportedSecConvVersion", new Object[0]);
    }
}
