package com.ibm.ws.wssecurity.saml.assertion.wssapi;

import com.ibm.ws.wssecurity.common.Messages;
import com.ibm.ws.wssecurity.common.TraceLog;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.common.SAMLCommonConstants;
import com.ibm.ws.wssecurity.saml.saml11.assertion.utils.SAMLBuilder;
import com.ibm.ws.wssecurity.saml.security.impl.SamlSignatureUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAML20TokenFactoryImpl;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/assertion/wssapi/SAMLAssertionBuilder.class */
public class SAMLAssertionBuilder {
    private static final String comp = "security.wssecurity";
    private static final TraceLog log = new TraceLog(SAMLAssertionBuilder.class);
    private static final TraceComponent tc = Tr.register(SAML20TokenFactoryImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = SAML20TokenFactoryImpl.class.getName();

    public static SAMLAssertion createUnsignedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) throws SoapSecurityException {
        SAMLAssertion createUnsignedAssertion;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createUnsignedSAMLAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + SAMLCommonConstants.CREATE_SAMLTOKEN_PERM.toString());
            }
            securityManager.checkPermission(SAMLCommonConstants.CREATE_SAMLTOKEN_PERM);
        }
        String str = requesterConfig.getRSTTProperties().get(RequesterConfiguration.RSTT.TOKENTYPE);
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equalsIgnoreCase(str)) {
            createUnsignedAssertion = SAMLBuilder.createUnsignedAssertion(providerConfig, requesterConfig, credentialConfig);
        } else {
            if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equalsIgnoreCase(str)) {
                throw new SoapSecurityException(str + Messages.getString("CWSML2037E"));
            }
            createUnsignedAssertion = com.ibm.ws.wssecurity.saml.saml20.assertion.utils.SAMLBuilder.createUnsignedAssertion(providerConfig, requesterConfig, credentialConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createUnsignedSAMLAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        return createUnsignedAssertion;
    }

    public static SAMLAssertion createSignedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) throws SoapSecurityException {
        SAMLAssertion createSignedAssertion;
        if (!requesterConfig.isAssertionSignatureRequired()) {
            return createUnsignedSAMLAssertion(providerConfig, requesterConfig, credentialConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSignedSAMLAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + SAMLCommonConstants.CREATE_SAMLTOKEN_PERM.toString());
            }
            securityManager.checkPermission(SAMLCommonConstants.CREATE_SAMLTOKEN_PERM);
        }
        String str = requesterConfig.getRSTTProperties().get(RequesterConfiguration.RSTT.TOKENTYPE);
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equalsIgnoreCase(str)) {
            createSignedAssertion = SAMLBuilder.createSignedAssertion(providerConfig, requesterConfig, credentialConfig);
        } else {
            if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equalsIgnoreCase(str)) {
                throw new SoapSecurityException(str + Messages.getString("CWSML2037E"));
            }
            createSignedAssertion = com.ibm.ws.wssecurity.saml.saml20.assertion.utils.SAMLBuilder.createSignedAssertion(providerConfig, requesterConfig, credentialConfig);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSignedSAMLAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        return createSignedAssertion;
    }

    public static OMElement signedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, SAMLAssertion sAMLAssertion) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "signedSAMLAssertion(ProviderConfig, RequesterConfig, SAMLAssertion)");
        }
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + SAMLCommonConstants.CREATE_SAMLTOKEN_PERM.toString());
            }
            securityManager.checkPermission(SAMLCommonConstants.CREATE_SAMLTOKEN_PERM);
        }
        OMElement signedSAML = SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, sAMLAssertion);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "signedSAMLAssertion(ProviderConfig, RequesterConfig, SAMLAssertion)");
        }
        return signedSAML;
    }

    public static OMElement signedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, OMElement oMElement, String str) throws SoapSecurityException {
        log.entry("signedSAMLAssertion( ProviderConfig, RequesterConfig, OMElement, String)");
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Performing Java 2 Security Permission Check ...");
                Tr.debug(tc, "Expecting : " + SAMLCommonConstants.CREATE_SAMLTOKEN_PERM.toString());
            }
            securityManager.checkPermission(SAMLCommonConstants.CREATE_SAMLTOKEN_PERM);
        }
        OMElement signedSAML = SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, oMElement, str);
        log.exit("signedSAMLAssertion(ProviderConfig, RequesterConfig, OMElement, String)");
        return signedSAML;
    }
}
