package org.apache.cxf.sts.token.provider;

import java.text.ParseException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.logging.Logger;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.sts.request.Lifetime;
import org.apache.cxf.sts.request.Participants;
import org.apache.cxf.sts.token.renewer.SAMLTokenRenewer;
import org.apache.cxf.ws.security.sts.provider.STSException;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.joda.time.DateTime;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630416-04.jar:org/apache/cxf/sts/token/provider/DefaultConditionsProvider.class */
public class DefaultConditionsProvider implements ConditionsProvider {
    public static final long DEFAULT_MAX_LIFETIME = 43200;
    private static final Logger LOG = LogUtils.getL7dLogger(DefaultConditionsProvider.class);
    private boolean acceptClientLifetime;
    private long lifetime = SAMLTokenRenewer.DEFAULT_MAX_EXPIRY;
    private long maxLifetime = 43200;
    private boolean failLifetimeExceedance = true;
    private long futureTimeToLive = 60;

    public long getFutureTimeToLive() {
        return this.futureTimeToLive;
    }

    public void setFutureTimeToLive(long j) {
        this.futureTimeToLive = j;
    }

    public void setLifetime(long j) {
        this.lifetime = j;
    }

    @Override // org.apache.cxf.sts.token.provider.ConditionsProvider
    public long getLifetime() {
        return this.lifetime;
    }

    public void setMaxLifetime(long j) {
        this.maxLifetime = j;
    }

    public long getMaxLifetime() {
        return this.maxLifetime;
    }

    public boolean isAcceptClientLifetime() {
        return this.acceptClientLifetime;
    }

    public void setAcceptClientLifetime(boolean z) {
        this.acceptClientLifetime = z;
    }

    public boolean isFailLifetimeExceedance() {
        return this.failLifetimeExceedance;
    }

    public void setFailLifetimeExceedance(boolean z) {
        this.failLifetimeExceedance = z;
    }

    @Override // org.apache.cxf.sts.token.provider.ConditionsProvider
    public ConditionsBean getConditions(TokenProviderParameters tokenProviderParameters) {
        ConditionsBean conditionsBean = new ConditionsBean();
        Lifetime lifetime = tokenProviderParameters.getTokenRequirements().getLifetime();
        if (this.lifetime <= 0) {
            conditionsBean.setTokenPeriodMinutes(5);
        } else if (!this.acceptClientLifetime || lifetime == null || lifetime.getCreated() == null || lifetime.getExpires() == null) {
            conditionsBean.setTokenPeriodSeconds(this.lifetime);
        } else {
            try {
                XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
                Date parse = xmlSchemaDateFormat.parse(lifetime.getCreated());
                Date parse2 = xmlSchemaDateFormat.parse(lifetime.getExpires());
                if (parse == null || parse2 == null) {
                    LOG.fine("Error in parsing Timestamp Created or Expiration Strings");
                    throw new STSException("Error in parsing Timestamp Created or Expiration Strings", STSException.INVALID_TIME);
                }
                Date date = new Date();
                long time = date.getTime();
                if (this.futureTimeToLive > 0) {
                    date.setTime(time + (this.futureTimeToLive * 1000));
                }
                if (parse.after(date)) {
                    LOG.fine("The Created Time is too far in the future");
                    throw new STSException("The Created Time is too far in the future", STSException.INVALID_TIME);
                }
                long time2 = parse2.getTime() - parse.getTime();
                if (time2 > getMaxLifetime() * 1000) {
                    StringBuilder sb = new StringBuilder();
                    sb.append("Requested lifetime [").append(time2 / 1000);
                    sb.append(" sec] exceed configured maximum lifetime [").append(getMaxLifetime());
                    sb.append(" sec]");
                    LOG.warning(sb.toString());
                    if (isFailLifetimeExceedance()) {
                        throw new STSException("Requested lifetime exceeds maximum lifetime", STSException.INVALID_TIME);
                    }
                    parse2.setTime(parse.getTime() + (getMaxLifetime() * 1000));
                }
                DateTime dateTime = new DateTime(parse.getTime());
                conditionsBean.setNotAfter(new DateTime(parse2.getTime()));
                conditionsBean.setNotBefore(dateTime);
            } catch (ParseException e) {
                LOG.warning("Failed to parse life time element: " + e.getMessage());
                conditionsBean.setTokenPeriodSeconds(this.lifetime);
            }
        }
        List<AudienceRestrictionBean> createAudienceRestrictions = createAudienceRestrictions(tokenProviderParameters);
        if (createAudienceRestrictions != null && !createAudienceRestrictions.isEmpty()) {
            conditionsBean.setAudienceRestrictions(createAudienceRestrictions);
        }
        return conditionsBean;
    }

    protected List<AudienceRestrictionBean> createAudienceRestrictions(TokenProviderParameters tokenProviderParameters) {
        String extractAddressFromParticipantsEPR;
        ArrayList arrayList = new ArrayList();
        String appliesToAddress = tokenProviderParameters.getAppliesToAddress();
        if (appliesToAddress != null) {
            AudienceRestrictionBean audienceRestrictionBean = new AudienceRestrictionBean();
            audienceRestrictionBean.setAudienceURIs(Collections.singletonList(appliesToAddress));
            arrayList.add(audienceRestrictionBean);
        }
        Participants participants = tokenProviderParameters.getTokenRequirements().getParticipants();
        if (participants != null) {
            String extractAddressFromParticipantsEPR2 = extractAddressFromParticipantsEPR(participants.getPrimaryParticipant());
            if (extractAddressFromParticipantsEPR2 != null) {
                AudienceRestrictionBean audienceRestrictionBean2 = new AudienceRestrictionBean();
                audienceRestrictionBean2.setAudienceURIs(Collections.singletonList(extractAddressFromParticipantsEPR2));
                arrayList.add(audienceRestrictionBean2);
            }
            if (participants.getParticipants() != null) {
                for (Object obj : participants.getParticipants()) {
                    if (obj != null && (extractAddressFromParticipantsEPR = extractAddressFromParticipantsEPR(obj)) != null) {
                        AudienceRestrictionBean audienceRestrictionBean3 = new AudienceRestrictionBean();
                        audienceRestrictionBean3.setAudienceURIs(Collections.singletonList(extractAddressFromParticipantsEPR));
                        arrayList.add(audienceRestrictionBean3);
                    }
                }
            }
        }
        return arrayList;
    }

    protected String extractAddressFromParticipantsEPR(Object obj) {
        return TokenProviderUtils.extractAddressFromParticipantsEPR(obj);
    }
}
