package com.ibm.ws.security.web.inbound.saml;

import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WebTrustAssociationFailedException;
import com.ibm.ws.security.web.inbound.saml.filter.SamlResourceProtectionFilter;
import com.ibm.ws.security.web.inbound.saml.util.ConfigUtil;
import com.ibm.ws.security.web.inbound.saml.util.MessageHelper;
import com.ibm.ws.ssl.config.KeyStoreManager;
import com.ibm.ws.wssecurity.saml.config.impl.ConsumerConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.KeyInformationConfigImpl;
import com.ibm.ws.wssecurity.saml.config.impl.KeyStoreConfigImpl;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import java.util.Properties;

/* loaded from: input_file:com/ibm/ws/security/web/inbound/saml/Configuration.class */
public class Configuration {
    private static final TraceComponent tc = Tr.register(Configuration.class, MessageHelper._TR_GROUP, MessageHelper._MSG_FILE);
    protected SamlResourceProtectionFilter filter;
    private String providerId = null;
    private String header = null;
    private String audiences = null;
    private String setLtpaCookie = "false";
    private String trustStore = null;
    private String keyStore = null;
    private String keyAlias = null;
    private long clockSkew = 0;
    private String realmIdentifier = null;
    private String realmName = null;
    private String uniqueUserIdentifier = null;
    private String userIdentifier = null;
    private String groupIdentifier = null;
    private boolean mapIdentityToRegistry = false;
    private String issuerIdentifier = null;
    private String signingAlg = Constants.SIGNATURE_ALG_SHA256;
    protected ConsumerConfig samlConsumerCfg = null;

    public int initialize(Properties properties) throws WebTrustAssociationFailedException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initialize(props[" + ConfigUtil.getObjState(properties) + "])");
        }
        this.header = ConfigUtil.getProperty(properties, Constants.HEADER_NAME, null);
        this.setLtpaCookie = ConfigUtil.getProperty(properties, Constants.LTPA_COOKIE, "false");
        this.mapIdentityToRegistry = Boolean.parseBoolean(ConfigUtil.getProperty(properties, Constants.MAP_IDENTITY_TO_REGISTRY, "false"));
        this.groupIdentifier = ConfigUtil.getOptionalProperty(properties, Constants.GROUP_IDENTIFIER, false);
        this.userIdentifier = ConfigUtil.getOptionalProperty(properties, Constants.USER_IDENTIFIER, false);
        if (this.userIdentifier != null) {
            this.uniqueUserIdentifier = ConfigUtil.getProperty(properties, Constants.UID_IDENTIFIER, this.userIdentifier);
        } else {
            this.uniqueUserIdentifier = ConfigUtil.getOptionalProperty(properties, Constants.UID_IDENTIFIER, false);
        }
        this.realmIdentifier = ConfigUtil.getOptionalProperty(properties, Constants.REALM_IDENTIFIER, false);
        this.realmName = ConfigUtil.getOptionalProperty(properties, Constants.REALM_NAME, false);
        this.filter = new SamlResourceProtectionFilter(ConfigUtil.getOptionalProperty(properties, Constants.FILTER, false), true);
        this.providerId = ConfigUtil.getOptionalProperty(properties, "identifier", false);
        this.signingAlg = ConfigUtil.getProperty(properties, Constants.SIGNING_ALG, Constants.SIGNATURE_ALG_SHA128);
        ConfigUtil.validateSignatureAlgorithm(this.signingAlg);
        this.clockSkew = ConfigUtil.processLongProperty("clockSkew", ConfigUtil.getProperty(properties, "clockSkew"), 180000L);
        this.trustStore = ConfigUtil.getProperty(properties, Constants.TRUST_STORE, KeyStoreManager.getDefaultKeyStoreName(Constants.DEFAULT_MANAGED_TRUST_STORE));
        this.keyStore = ConfigUtil.getProperty(properties, Constants.KEY_STORE, KeyStoreManager.getDefaultKeyStoreName(Constants.DEFAULT_MANAGED_KEY_STORE));
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Default trust store: " + this.trustStore);
        }
        this.audiences = ConfigUtil.getOptionalProperty(properties, Constants.AUDIENCES, false);
        initConsumerConfig(properties);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, toString());
        }
        if (!tc.isEntryEnabled()) {
            return 0;
        }
        Tr.exit(tc, "initialize returns [0]");
        return 0;
    }

    private void initConsumerConfig(Properties properties) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "initConsumerConfig(Properties([" + ConfigUtil.getObjState(properties) + "])");
        }
        this.samlConsumerCfg = new ConsumerConfigImpl();
        this.samlConsumerCfg.setTrustAnySTS(false);
        this.samlConsumerCfg.setClockSkew(this.clockSkew);
        createTrustStore();
        createKeyStore();
        createKeyInformationConfig();
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "initConsumerConfig");
        }
    }

    private void createTrustStore() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createTrustStore");
        }
        KeyStoreConfigImpl keyStoreConfigImpl = new KeyStoreConfigImpl(null, null, null, this.trustStore);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "SAML Token trust store: " + keyStoreConfigImpl);
        }
        this.samlConsumerCfg.setTrustStoreConfig(keyStoreConfigImpl);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createTrustStore");
        }
    }

    private void createKeyStore() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyStore()");
        }
        this.samlConsumerCfg.setKeyStoreConfig(new KeyStoreConfigImpl(null, null, null, this.keyStore));
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyStore");
        }
    }

    private void createKeyInformationConfig() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "createKeyInformationConfig");
        }
        if (this.keyAlias != null) {
            this.samlConsumerCfg.setKeyInformationConfig(new KeyInformationConfigImpl(this.keyAlias, null, null));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "createKeyInformationConfig");
        }
    }

    public String getProviderId() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getProviderId returns [" + this.providerId + "]");
        }
        return this.providerId;
    }

    public void setProviderId(String str) {
        this.providerId = str;
    }

    public String getRealmIdentifier() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getRealmIdentifier returns [" + this.realmIdentifier + "]");
        }
        return this.realmIdentifier;
    }

    public String getRealmName() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getRealmName returns [" + this.realmName + "]");
        }
        return this.realmName;
    }

    public String getUniqueUserIdentifier() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getUniqueUserIdentifier returns [" + this.uniqueUserIdentifier + "]");
        }
        return this.uniqueUserIdentifier;
    }

    public String getUserIdentifier() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getUserIdentifier returns [" + this.userIdentifier + "]");
        }
        return this.userIdentifier;
    }

    public String getGroupIdentifier() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getGroupIdentifier returns [" + this.groupIdentifier + "]");
        }
        return this.groupIdentifier;
    }

    public boolean getMapIdentityToRegistry() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getMapIdentityToRegistry returns [" + this.mapIdentityToRegistry + "]");
        }
        return this.mapIdentityToRegistry;
    }

    public SamlResourceProtectionFilter getFilter() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getFilter returns [" + ConfigUtil.getObjState(this.filter) + "]");
        }
        return this.filter;
    }

    public String getIssuerIdentifier() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getIssuerIdentifier returns [" + this.issuerIdentifier + "]");
        }
        return this.issuerIdentifier;
    }

    public String getSignatureAlgorithm() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSignatureAlgorithm returns [" + this.signingAlg + "]");
        }
        return this.signingAlg;
    }

    public String getHeaderName() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getHeaderName returns [" + this.header + "]");
        }
        return this.header;
    }

    public ConsumerConfig getConsumerConfig() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getConsumerConfig returns [" + this.samlConsumerCfg + "]");
        }
        return this.samlConsumerCfg;
    }

    public String getAudiences() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getAudiences returns [" + this.audiences + "]");
        }
        return this.audiences;
    }

    public String getSetLtpaCookie() {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "getSetLtpaCookie returns [" + this.setLtpaCookie + "]");
        }
        return this.setLtpaCookie;
    }

    public String toString() {
        StringBuffer append = new StringBuffer(getClass().getName()).append("(");
        append.append("identifier=[").append(this.providerId).append("], ");
        append.append("realmIdentifier=[").append(this.realmIdentifier).append("], ");
        append.append("realmName=[").append(this.realmName).append("], ");
        append.append("uniqueUserIdentifier=[").append(this.uniqueUserIdentifier).append("], ");
        append.append("userIdentifier=[").append(this.userIdentifier).append("], ");
        append.append("groupIdentifier=[").append(this.groupIdentifier).append("], ");
        append.append("mapIdentityToRegistryUser=[").append(this.mapIdentityToRegistry).append("], ");
        append.append("filter=[").append(ConfigUtil.getObjState(this.filter)).append("], ");
        append.append("issuerIdentifier=[").append(this.issuerIdentifier).append("], ");
        append.append("signatureAlgorithm=[").append(this.signingAlg).append("], ");
        append.append("header=[").append(this.header).append("], ");
        append.append("consumerConfig=[").append(this.samlConsumerCfg).append("], ");
        append.append("audiences=[").append(this.audiences).append("], ");
        append.append("setLtpaCookie=[").append(this.setLtpaCookie).append("], ");
        append.append("trustStore=[").append(this.trustStore).append("], ");
        append.append("keyStore=[").append(this.keyStore).append("], ");
        append.append("keyAlias=[").append(this.keyAlias).append("], ");
        append.append("clockSkew=[").append(this.clockSkew).append("]");
        append.append(")");
        return append.toString();
    }
}
