package org.picketlink.trust.jbossws.jaas;

import java.net.URI;
import java.util.GregorianCalendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.net.ssl.SSLSocketFactory;
import javax.security.auth.login.LoginException;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.ws.Binding;
import javax.xml.ws.Dispatch;
import javax.xml.ws.handler.Handler;
import org.picketlink.identity.federation.PicketLinkLogger;
import org.picketlink.identity.federation.PicketLinkLoggerFactory;
import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.wstrust.STSClient;
import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.core.wstrust.WSTrustException;
import org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
import org.picketlink.trust.jbossws.Constants;
import org.picketlink.trust.jbossws.PicketLinkDispatch;
import org.picketlink.trust.jbossws.handler.BinaryTokenHandler;
import org.picketlink.trust.jbossws.handler.MapBasedTokenHandler;
import org.picketlink.trust.jbossws.handler.SAML2Handler;
import org.w3c.dom.Element;

/* loaded from: input_file:org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule.class */
public class JBWSTokenIssuingLoginModule extends STSIssuingLoginModule {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();
    public static final String WSA_ISSUER = "wsaIssuer";
    public static final String WSP_APPIESTO = "wspAppliesTo";

    /* loaded from: input_file:org/picketlink/trust/jbossws/jaas/JBWSTokenIssuingLoginModule$JBWSTokenClient.class */
    public class JBWSTokenClient extends STSClient {
        private String requestType;
        private DatatypeFactory dataTypefactory;

        public JBWSTokenClient() {
            this.requestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";
            try {
                this.dataTypefactory = DatatypeFactory.newInstance();
            } catch (DatatypeConfigurationException e) {
                throw JBWSTokenIssuingLoginModule.logger.wsTrustUnableToGetDataTypeFactory(e);
            }
        }

        public JBWSTokenClient(STSClientConfig sTSClientConfig) {
            super(sTSClientConfig);
            this.requestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";
            this.requestType = sTSClientConfig.getRequestType();
            try {
                this.dataTypefactory = DatatypeFactory.newInstance();
            } catch (DatatypeConfigurationException e) {
                throw JBWSTokenIssuingLoginModule.logger.wsTrustUnableToGetDataTypeFactory(e);
            }
        }

        public JBWSTokenClient(STSClientConfig sTSClientConfig, Map<String, ? super Object> map) {
            super(sTSClientConfig);
            this.requestType = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";
            try {
                this.dataTypefactory = DatatypeFactory.newInstance();
                this.requestType = (String) map.get("requestType");
                if (this.requestType == null) {
                    this.requestType = sTSClientConfig.getRequestType();
                }
                String str = (String) map.get("soapBinding");
                if (str != null) {
                    setSoapBinding(str);
                }
                Dispatch dispatch = super.getDispatch();
                String str2 = (String) map.get("overrideDispatch");
                if (StringUtil.isNotNull(str2) && Boolean.valueOf(str2).booleanValue()) {
                    dispatch = new PicketLinkDispatch(dispatch, (String) map.get("endpointAddress"));
                    String str3 = (String) map.get("useWSSE");
                    if (StringUtil.isNotNull(str3) && str3.equalsIgnoreCase("true")) {
                        ((PicketLinkDispatch) dispatch).setUseWSSE(true);
                    }
                }
                Binding binding = dispatch.getBinding();
                List handlerChain = binding.getHandlerChain();
                String str4 = (String) map.get("handlerChain");
                if (StringUtil.isNotNull(str4)) {
                    for (String str5 : StringUtil.tokenize(str4)) {
                        if (str5.equalsIgnoreCase("binary")) {
                            handlerChain.add(new BinaryTokenHandler());
                        } else if (str5.equalsIgnoreCase("saml2")) {
                            handlerChain.add(new SAML2Handler());
                        } else if (str5.equalsIgnoreCase("map")) {
                            handlerChain.add(new MapBasedTokenHandler(map));
                        } else {
                            try {
                                handlerChain.add((Handler) SecurityActions.getClassLoader(getClass()).loadClass(str5).newInstance());
                            } catch (Exception e) {
                                throw JBWSTokenIssuingLoginModule.logger.authUnableToInstantiateHandler(str5, e);
                            }
                        }
                    }
                }
                binding.setHandlerChain(handlerChain);
                setDispatch(dispatch);
                String str6 = (String) map.get("securityDomainForFactory");
                if (StringUtil.isNotNull(str6)) {
                    JBWSTokenIssuingLoginModule.logger.trace("We got security domain for domain ssl factory = " + str6);
                    JBWSTokenIssuingLoginModule.logger.trace("Setting it on the system property org.jboss.security.ssl.domain.name");
                    SecurityActions.setSystemProperty("org.jboss.security.ssl.domain.name", str6);
                    dispatch.getRequestContext().put("org.jboss.ws.socketFactory", "org.jboss.security.ssl.JaasSecurityDomainSocketFactory");
                    if (dispatch instanceof PicketLinkDispatch) {
                        ClassLoader classLoader = SecurityActions.getClassLoader(getClass());
                        SSLSocketFactory sSLSocketFactory = null;
                        try {
                            if (classLoader == null) {
                                JBWSTokenIssuingLoginModule.logger.trace("Classloader is null. Unable to set the SSLSocketFactory on PicketLinkDispatch");
                                return;
                            }
                            try {
                                sSLSocketFactory = (SSLSocketFactory) classLoader.loadClass("org.jboss.security.ssl.JaasSecurityDomainSocketFactory").newInstance();
                                if (sSLSocketFactory == null) {
                                    throw JBWSTokenIssuingLoginModule.logger.jbossWSUnableToFindSSLSocketFactory();
                                }
                                ((PicketLinkDispatch) dispatch).setSSLSocketFactory(sSLSocketFactory);
                            } catch (Exception e2) {
                                try {
                                    sSLSocketFactory = (SSLSocketFactory) SecurityActions.getContextClassLoader().loadClass("org.jboss.security.ssl.JaasSecurityDomainSocketFactory").newInstance();
                                    if (sSLSocketFactory == null) {
                                        throw JBWSTokenIssuingLoginModule.logger.jbossWSUnableToFindSSLSocketFactory();
                                    }
                                    ((PicketLinkDispatch) dispatch).setSSLSocketFactory(sSLSocketFactory);
                                } catch (Exception e3) {
                                    throw JBWSTokenIssuingLoginModule.logger.jbossWSUnableToCreateSSLSocketFactory(e3);
                                }
                            }
                        } catch (Throwable th) {
                            if (sSLSocketFactory == null) {
                                throw JBWSTokenIssuingLoginModule.logger.jbossWSUnableToFindSSLSocketFactory();
                            }
                            ((PicketLinkDispatch) dispatch).setSSLSocketFactory(sSLSocketFactory);
                            throw th;
                        }
                    }
                }
            } catch (DatatypeConfigurationException e4) {
                throw JBWSTokenIssuingLoginModule.logger.wsTrustUnableToGetDataTypeFactory(e4);
            }
        }

        public Element issueToken(RequestSecurityToken requestSecurityToken) throws WSTrustException {
            if (this.requestType.equals("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Validate")) {
                requestSecurityToken.setRequestType(URI.create(this.requestType));
                ValidateTargetType validateTargetType = new ValidateTargetType();
                try {
                    String sharedUsername = JBWSTokenIssuingLoginModule.this.getSharedUsername();
                    char[] sharedPassword = JBWSTokenIssuingLoginModule.this.getSharedPassword();
                    validateTargetType.add(createUsernameToken(sharedUsername, sharedPassword != null ? new String(sharedPassword) : null));
                    requestSecurityToken.setValidateTarget(validateTargetType);
                } catch (SOAPException e) {
                    throw new WSTrustException(e);
                }
            }
            return super.issueToken(requestSecurityToken);
        }

        private Element createUsernameToken(String str, String str2) throws SOAPException {
            QName qName = new QName(Constants.WSSE_NS, Constants.WSSE_USERNAME_TOKEN, Constants.WSSE_PREFIX);
            QName qName2 = new QName(Constants.WSSE_NS, Constants.WSSE_USERNAME, Constants.WSSE_PREFIX);
            QName qName3 = new QName(Constants.WSSE_NS, Constants.WSSE_PASSWORD, Constants.WSSE_PREFIX);
            QName qName4 = new QName(Constants.WSU_NS, "Created", Constants.WSU_PREFIX);
            SOAPFactory newInstance = SOAPFactory.newInstance();
            SOAPElement createElement = newInstance.createElement(qName);
            createElement.addNamespaceDeclaration(Constants.WSSE_PREFIX, Constants.WSSE_NS);
            createElement.addNamespaceDeclaration(Constants.WSU_PREFIX, Constants.WSU_NS);
            SOAPElement createElement2 = newInstance.createElement(qName2);
            createElement2.addTextNode(str);
            SOAPElement createElement3 = newInstance.createElement(qName3);
            createElement3.addAttribute(new QName("Type"), Constants.PASSWORD_TEXT_TYPE);
            createElement3.addTextNode(str2);
            SOAPElement createElement4 = newInstance.createElement(qName4);
            createElement4.addTextNode(this.dataTypefactory.newXMLGregorianCalendar(new GregorianCalendar()).normalize().toXMLFormat());
            createElement.addChildElement(createElement2);
            createElement.addChildElement(createElement3);
            createElement.addChildElement(createElement4);
            return createElement;
        }
    }

    protected STSClientConfig.Builder createBuilder() {
        STSClientConfig.Builder createBuilder = super.createBuilder();
        createBuilder.wsaIssuer((String) this.options.get(WSA_ISSUER));
        createBuilder.wspAppliesTo((String) this.options.get(WSP_APPIESTO));
        return createBuilder;
    }

    protected STSClient createWSTrustClient(STSClientConfig sTSClientConfig) {
        String str = (String) this.options.get(MapBasedTokenHandler.SYS_PROP_TOKEN_KEY);
        if (str == null) {
            str = SecurityActions.getSystemProperty(MapBasedTokenHandler.SYS_PROP_TOKEN_KEY, MapBasedTokenHandler.DEFAULT_TOKEN_KEY);
        }
        Object obj = this.sharedState.get(str);
        HashMap hashMap = new HashMap(this.options);
        if (obj != null) {
            hashMap.put(str, obj);
        }
        return new JBWSTokenClient(sTSClientConfig, hashMap);
    }

    public boolean commit() throws LoginException {
        boolean commit = super.commit();
        if (commit) {
            SamlCredential samlCredential = null;
            Iterator<Object> it = this.subject.getPublicCredentials().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Object next = it.next();
                if (next instanceof SamlCredential) {
                    samlCredential = (SamlCredential) next;
                    break;
                }
            }
            if (samlCredential == null) {
                throw logger.authSAMLCredentialNotAvailable();
            }
            PicketLinkPrincipal picketLinkPrincipal = new PicketLinkPrincipal("");
            if (super.isUseFirstPass()) {
                this.sharedState.put("javax.security.auth.login.name", picketLinkPrincipal);
                ((STSIssuingLoginModule) this).sharedState.put("javax.security.auth.login.password", samlCredential);
            }
        }
        return commit;
    }
}
