package com.ibm.ws.wssecurity.impl.auth.callback;

import com.ibm.nws.ffdc.FFDCFilter;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSConfigUtil;
import com.ibm.ws.wssecurity.trust.server.sts.Util.STSUriUtil;
import com.ibm.ws.wssecurity.trust.server.sts.ext.NoEntriesFoundException;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.DefaultIssuerRule;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.IdentityList;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.IssuerRule;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.Target;
import com.ibm.xmlns.prod.websphere._200608.securitytokenservice.targets.TokenTypeRule;
import java.net.URI;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:com/ibm/ws/wssecurity/impl/auth/callback/STSDefaultCallbackHandler.class */
public class STSDefaultCallbackHandler implements STSCallbackHandler {
    private URI appliesTo;
    private URI issuer;
    private URI tokenType;
    private SecurityToken token;
    private final String FFDC_ID_1 = "FFDC-1";
    private static final TraceComponent tc = Tr.register(STSDefaultCallbackHandler.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public void setAppliesTo(URI uri) {
        this.appliesTo = uri;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public URI getAppliesTo() {
        return this.appliesTo;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public void setIssuer(URI uri) {
        this.issuer = uri;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public URI getIssuer() {
        return this.issuer;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public void setTokenType(URI uri) {
        this.tokenType = uri;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public URI getTokenType() {
        return this.tokenType;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public void setToken(SecurityToken securityToken) {
        this.token = securityToken;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.STSCallbackHandler
    public SecurityToken getToken() {
        return this.token;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws UnsupportedCallbackException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "handle");
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof STSRulesCallback) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Handling instance of STSRulesCallback.");
                }
                STSRulesCallback sTSRulesCallback = (STSRulesCallback) callback;
                try {
                    sTSRulesCallback.setToken(this.token);
                    sTSRulesCallback.setRules(extractRules());
                    sTSRulesCallback.setSuccessful(true);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Succesfully extracted rules from the configuration.");
                    }
                } catch (NoEntriesFoundException e) {
                    sTSRulesCallback.setSuccessful(true);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No rules found in the configuration.");
                    }
                } catch (NoSuchElementException e2) {
                    sTSRulesCallback.setSuccessful(false);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to extract rules from the configuration.");
                    }
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "handle");
        }
    }

    private IdentityList extractRules() throws NoSuchElementException, NoEntriesFoundException {
        List<TokenTypeRule> tokenTypeRule;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "extractRules");
        }
        if (this.appliesTo == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Callback's appliesTo was not set.");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "extractRules");
            return null;
        }
        if (this.tokenType == null) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Callback's tokenType was not set.");
            }
            if (!tc.isEntryEnabled()) {
                return null;
            }
            Tr.exit(tc, "extractRules");
            return null;
        }
        if (tc.isDebugEnabled()) {
            if (this.issuer == null) {
                Tr.debug(tc, "Callback's issuer is null: attempting to extract default rule.");
            } else {
                Tr.debug(tc, "Attempting to extract rule.");
            }
        }
        try {
            Iterator<Target> it = STSConfigUtil.getSTSTargetMap().getTarget().iterator();
            Target target = null;
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Searching Targets for specified AppliesTo: " + this.appliesTo);
            }
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Target next = it.next();
                String appliesTo = next.getAppliesTo();
                if (appliesTo == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Configuration contains a Target with a null AppliesTo.");
                    } else if (STSUriUtil.URICompare(appliesTo, this.appliesTo.toString()) == 0) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Target found.");
                        }
                        target = next;
                    }
                }
            }
            if (target == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No Target matching the specified AppliesTo was found in the configuration.");
                }
                throw new NoSuchElementException("Target not found.");
            }
            DefaultIssuerRule defaultIssuerRule = target.getDefaultIssuerRule();
            List<IssuerRule> issuerRule = target.getIssuerRule();
            if (defaultIssuerRule == null && (issuerRule == null || issuerRule.size() == 0)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No Issuer Rules found in the configuration, trust authentication NOT configured.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "extractRules");
                }
                throw new NoEntriesFoundException("Issuer Rules not found.");
            }
            if (this.issuer == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Searching for TokenTypeRules under DefaultIssuerRule.");
                }
                if (defaultIssuerRule == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No rule exists for a null issuer for this endpoint: " + target.getAppliesTo());
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "extractRules");
                    }
                    throw new NoSuchElementException("DefaultIssuerRule not found.");
                }
                tokenTypeRule = defaultIssuerRule.getTokenTypeRule();
            } else {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Searching for TokenTypeRules under IssuerRules for Issuer: " + this.issuer);
                }
                if (issuerRule == null || issuerRule.size() == 0) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No issuer rule exists for a this endpoint: " + target.getAppliesTo());
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "extractRules");
                    }
                    throw new NoSuchElementException("IssuerRule not found.");
                }
                Iterator<IssuerRule> it2 = issuerRule.iterator();
                IssuerRule issuerRule2 = null;
                while (true) {
                    if (!it2.hasNext()) {
                        break;
                    }
                    IssuerRule next2 = it2.next();
                    String issuerURI = next2.getIssuerURI();
                    if (issuerURI == null) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Configuration contains an IssuerRule with a null IssuerURI.");
                        } else if (issuerURI.equals(this.issuer.toString())) {
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "IssuerRule found.");
                            }
                            issuerRule2 = next2;
                        }
                    }
                }
                if (issuerRule2 == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "No IssuerRule matching the specified IssuerURI was found in the configuration.");
                    }
                    if (tc.isEntryEnabled()) {
                        Tr.exit(tc, "extractRules");
                    }
                    throw new NoSuchElementException("IssuerRule not found.");
                }
                tokenTypeRule = issuerRule2.getTokenTypeRule();
            }
            if (tokenTypeRule == null || tokenTypeRule.size() == 0) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No TokenTypeRules were found under the IssuerRules/DefaultIssuerRule, trust authentication NOT configured.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "extractRules");
                }
                throw new NoEntriesFoundException("TokenTypeRules not found.");
            }
            TokenTypeRule tokenTypeRule2 = null;
            Iterator<TokenTypeRule> it3 = tokenTypeRule.iterator();
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Searching through TokenTypeRules for TokenType: " + this.tokenType);
            }
            while (true) {
                if (!it3.hasNext()) {
                    break;
                }
                TokenTypeRule next3 = it3.next();
                String requiredTokenTypeURI = next3.getRequiredTokenTypeURI();
                if (requiredTokenTypeURI == null) {
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Configuration contains a TokenTypeRule with a null RequiredTokenTypeURI.");
                    } else if (requiredTokenTypeURI.equals(this.tokenType.toString())) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "TokenTypeRule found.");
                        }
                        tokenTypeRule2 = next3;
                    }
                }
            }
            if (tokenTypeRule2 == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No TokenTypeRule matching the specified TokenType was found in the configuration.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "extractRules");
                }
                throw new NoSuchElementException("TokenTypeRule not found.");
            }
            IdentityList identityList = tokenTypeRule2.getIdentityList();
            if (identityList == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "No IdentityList was found under the matching TokenTypeRule.");
                }
                if (tc.isEntryEnabled()) {
                    Tr.exit(tc, "extractRules");
                }
                throw new NoEntriesFoundException("IdentityList not found, trust authentication NOT configured.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "IdentityList successfully extracted!");
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "extractRules");
            }
            return identityList;
        } catch (SoapSecurityException e) {
            FFDCFilter.processException(e, "STSDefaultCallbackHandler.extractRules", "FFDC-1", this);
            Tr.error(tc, "wssecurity.config.s03");
            throw new NoEntriesFoundException("Failed to get the STS target configuration.");
        }
    }
}
