package com.ibm.ws.wssecurity.saml.saml20.assertion.utils;

import com.ibm.ws.wssecurity.saml.assertion.wsspi.callback.AssertionModifierCallback;
import com.ibm.ws.wssecurity.saml.assertion.wsspi.callback.SamlCallbackHandlerLoader;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.config.impl.RequesterConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.SamlConfigUtil;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Assertion;
import com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmation;
import com.ibm.ws.wssecurity.saml.saml20.assertion.SubjectConfirmationData;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.AssertionImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.AttributeStatementImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.AuthnStatementImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.ConditionsImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.IssuerImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.SubjectImpl;
import com.ibm.ws.wssecurity.saml.security.impl.EncryptedKeyGenerate;
import com.ibm.ws.wssecurity.saml.security.impl.SamlSignatureUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.Date;
import org.apache.axiom.om.OMElement;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/saml20/assertion/utils/SAMLBuilder.class */
public class SAMLBuilder {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SAMLBuilder.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = SAMLBuilder.class.getName();

    public static Assertion createUnsignedAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) throws SoapSecurityException {
        Assertion createAssertion = createAssertion(providerConfig, requesterConfig, credentialConfig);
        OMElement generateEncryptedAssertion = EncryptedKeyGenerate.generateEncryptedAssertion(requesterConfig, providerConfig, createAssertion);
        if (generateEncryptedAssertion != null) {
            ((AssertionImpl) createAssertion).setXML(generateEncryptedAssertion);
        }
        return createAssertion;
    }

    public static Assertion createAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) throws SoapSecurityException {
        SubjectConfirmation subjectConfirmation;
        SubjectConfirmationData subjectConfirmationData;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createUnsignedAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        Assertion assertionImpl = new AssertionImpl(providerConfig, requesterConfig, credentialConfig);
        assertionImpl.create();
        boolean z = false;
        if (requesterConfig instanceof RequesterConfigImpl) {
            z = ((RequesterConfigImpl) requesterConfig).getTestingMode();
        }
        if (z) {
            assertionImpl.setIssueInstant(new Date(0L));
            assertionImpl.setID("hardcodedId");
        }
        IssuerImpl issuerImpl = new IssuerImpl(providerConfig, requesterConfig, credentialConfig);
        issuerImpl.create();
        assertionImpl.setIssuer(issuerImpl);
        ConditionsImpl conditionsImpl = new ConditionsImpl(providerConfig, requesterConfig, credentialConfig);
        conditionsImpl.create();
        if (z) {
            conditionsImpl.setNotOnOrAfter(new Date(0L));
            conditionsImpl.setNotBefore(new Date(0L));
        }
        assertionImpl.setConditions(conditionsImpl);
        SubjectImpl subjectImpl = new SubjectImpl(providerConfig, requesterConfig, credentialConfig);
        subjectImpl.create();
        if (z && (subjectConfirmation = subjectImpl.getSubjectConfirmation()) != null && (subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData()) != null) {
            if (subjectConfirmationData.getNotOnOrAfter() != null) {
                subjectConfirmationData.setNotOnOrAfter(new Date(0L));
            }
            if (subjectConfirmationData.getNotBefore() != null) {
                subjectConfirmationData.setNotBefore(new Date(0L));
            }
        }
        assertionImpl.setSubject(subjectImpl);
        if (SamlConfigUtil.createAuthnStatement(credentialConfig, requesterConfig, providerConfig)) {
            AuthnStatementImpl authnStatementImpl = new AuthnStatementImpl(providerConfig, requesterConfig, credentialConfig);
            authnStatementImpl.create();
            if (z) {
                if (authnStatementImpl.getAuthnInstant() != null) {
                    authnStatementImpl.setAuthnInstant(new Date(0L));
                }
                if (authnStatementImpl.getSessionNotOnOrAfter() != null) {
                    authnStatementImpl.setSessionNotOnOrAfter(new Date(0L));
                }
            }
            assertionImpl.addStatement(authnStatementImpl);
        }
        if (SamlConfigUtil.createAttributeStatement(credentialConfig, requesterConfig, providerConfig)) {
            AttributeStatementImpl attributeStatementImpl = new AttributeStatementImpl(providerConfig, requesterConfig, credentialConfig);
            attributeStatementImpl.create();
            assertionImpl.addStatement(attributeStatementImpl);
        }
        if (providerConfig.getSamlModifier() != null && !providerConfig.getSamlModifier().isEmpty()) {
            AssertionModifierCallback assertionModifierCallback = new AssertionModifierCallback(providerConfig, requesterConfig, credentialConfig, assertionImpl);
            SamlCallbackHandlerLoader.getCallbackHandler(providerConfig.getSamlModifier()).handle(assertionModifierCallback);
            assertionImpl = (Assertion) assertionModifierCallback.getAssertion();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createUnsignedAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        return assertionImpl;
    }

    public static OMElement getSignedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, SAMLAssertion sAMLAssertion) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignedSAMLAssertion(ProviderConfig, RequesterConfig, SAMLAssertion)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignedSAMLAssertion(ProviderConfig, RequesterConfig, SAMLAssertion)");
        }
        return SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, sAMLAssertion);
    }

    public static OMElement getSignedSAMLAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, OMElement oMElement, String str) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSignedSAMLAssertion(ProviderConfig, RequesterConfig, OMElement)");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSignedSAMLAssertion(ProviderConfig, RequesterConfig, OMElement)");
        }
        return SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, oMElement, str);
    }

    public static Assertion createSignedAssertion(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createSignedAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        Assertion createAssertion = createAssertion(providerConfig, requesterConfig, credentialConfig);
        OMElement signedSAML = SamlSignatureUtils.getSignedSAML(providerConfig, requesterConfig, createAssertion);
        if (createAssertion instanceof AssertionImpl) {
            ((AssertionImpl) createAssertion).setXML(signedSAML);
            OMElement generateEncryptedAssertion = EncryptedKeyGenerate.generateEncryptedAssertion(requesterConfig, providerConfig, createAssertion);
            if (generateEncryptedAssertion != null) {
                ((AssertionImpl) createAssertion).setXML(generateEncryptedAssertion);
            }
            ((AssertionImpl) createAssertion).setSigned();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createSignedAssertion(ProviderConfig, RequesterConfig, CredentialConfig)");
        }
        return createAssertion;
    }
}
