package com.ibm.ws.wssecurity.wssapi.token.impl;

import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.security.token.WSCredentialTokenMapperInterface;
import com.ibm.ws.security.util.AccessController;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.IdUtils;
import com.ibm.ws.wssecurity.util.TokenUtils;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.security.token.AuthenticationToken;
import com.ibm.wsspi.security.token.SingleSignonToken;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.config.TokenGeneratorConfig;
import java.security.PrivilegedAction;
import java.util.ArrayList;
import java.util.Map;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;
import org.apache.axis2.context.MessageContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/LtpaTokenParser.class */
public class LtpaTokenParser extends AbstractTokenParser {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(LtpaTokenParser.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = LtpaTokenParser.class.getName();
    private static WSCredentialTokenMapperInterface wsCredTokenMapper = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ibm/ws/wssecurity/wssapi/token/impl/LtpaTokenParser$_wsCredToken.class */
    public static class _wsCredToken {
        static WSCredentialTokenMapperInterface _wsCredTokenMapper;

        private _wsCredToken() {
        }

        static {
            _wsCredTokenMapper = null;
            try {
                Object newInstance = Class.forName("com.ibm.ws.security.token.WSCredentialTokenMapper").newInstance();
                if (LtpaTokenParser.tc.isDebugEnabled()) {
                    Tr.debug(LtpaTokenParser.tc, "Got instance of WSCredTokenMapper.");
                }
                _wsCredTokenMapper = (WSCredentialTokenMapperInterface) newInstance;
            } catch (Exception e) {
                Tr.processException(e, LtpaTokenParser.clsName + "init", "981");
            }
        }
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.AbstractTokenParser, com.ibm.ws.wssecurity.wssapi.token.impl.TokenParser
    public SecurityToken getToken(XMLStructure xMLStructure, QName qName, int i, boolean z, Map map) throws SoapSecurityException {
        LTPATokenImpl lTPAv2TokenImpl = Constants.LTPAv2_TOKEN.equals(qName) ? new LTPAv2TokenImpl() : new LTPATokenImpl();
        lTPAv2TokenImpl.setXML(xMLStructure);
        OMElement node = ((OMStructure) xMLStructure).getNode();
        String str = null;
        QName idAttributeName = IdUtils.getInstance().getIdAttributeName(node);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The identifier attribute of the target element is [" + idAttributeName + "].");
        }
        if (idAttributeName != null) {
            str = node.getAttributeValue(idAttributeName);
        }
        lTPAv2TokenImpl.setId(str);
        lTPAv2TokenImpl.setBinary(Base64.decode(DOMUtils.getStringValue(node)));
        return lTPAv2TokenImpl;
    }

    @Override // com.ibm.ws.wssecurity.wssapi.token.impl.AbstractTokenParser, com.ibm.ws.wssecurity.wssapi.token.impl.TokenParser
    public ArrayList<SecurityToken> getToken(Map map, QName qName) throws SoapSecurityException {
        Object obj;
        Subject runAsSubject = TokenUtils.getRunAsSubject((MessageContext) map.get(com.ibm.wsspi.wssecurity.core.Constants.WSSECURITY_MESSAGE_CONTEXT));
        boolean z = true;
        TokenGeneratorConfig tokenGeneratorConfig = (TokenGeneratorConfig) map.get(TokenGeneratorConfig.CONFIG_KEY);
        Map<Object, Object> map2 = null;
        if (tokenGeneratorConfig != null) {
            map2 = tokenGeneratorConfig.getProperties();
        }
        if (map2 != null && (obj = map2.get(com.ibm.wsspi.wssecurity.core.Constants.REFRESH_LTPA_CREDENTIAL)) != null && "false".equalsIgnoreCase(((String) obj).trim())) {
            z = false;
        }
        if (z) {
            try {
                getWSCredentialTokenMapperInterface().checkValidityOfAllTokensAndRefresh(runAsSubject);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not refresh LTPA token:" + e.getMessage());
                }
            }
        }
        ArrayList<SecurityToken> token = getToken(runAsSubject, qName);
        if (token == null || token.isEmpty()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "There is no existing LTPAToken. Create LTPAToken from WSCredential directly.");
            }
            SecurityToken createToken = createToken(map, runAsSubject, qName);
            if (token == null) {
                token = new ArrayList<>();
            }
            token.add(createToken);
        }
        return token;
    }

    private SecurityToken createToken(Map map, Subject subject, QName qName) throws SoapSecurityException {
        byte[] bArr = null;
        AuthenticationToken authTokenFromSubject = Constants.LTPA_TOKEN.equals(qName) ? getAuthTokenFromSubject(subject) : getSSOTokenFromSubject(subject);
        if (authTokenFromSubject != null && authTokenFromSubject.isValid()) {
            bArr = authTokenFromSubject.getBytes();
        }
        String makeUniqueId = IdUtils.getInstance().makeUniqueId(map, "ltpa_");
        int i = 0;
        Object obj = map.get(Constants.WSS_VERSION);
        if (obj != null && (obj instanceof Integer)) {
            i = ((Integer) obj).intValue();
        }
        OMElement oMElement = (OMElement) map.get("com.ibm.ws.wssecurity.constants.processingElement");
        return getToken(new OMStructure(createOMTokenElement(oMElement.getOMFactory(), oMElement, qName, bArr, makeUniqueId, i)), qName, i, true, null);
    }

    private static final OMElement createOMTokenElement(OMFactory oMFactory, OMElement oMElement, QName qName, byte[] bArr, String str, int i) {
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer = new StringBuffer("createOMTokenElement(");
            stringBuffer.append("OMFactory factory,");
            stringBuffer.append("OMElement parent[").append(DOMUtils.getDisplayName((OMNode) oMElement)).append("], ");
            stringBuffer.append("TokenGeneratorConfig config, ");
            stringBuffer.append("byte[] credToken[");
            stringBuffer.append(bArr == null ? "null" : "not null");
            stringBuffer.append("], ");
            stringBuffer.append("String id[").append(str).append("], ");
            stringBuffer.append("int wssVersion[").append(i).append("])");
            Tr.entry(tc, stringBuffer.toString());
        }
        String str2 = Constants.NAMESPACES[0][i];
        String str3 = Constants.NAMESPACES[1][i];
        boolean z = false;
        String str4 = null;
        if (oMElement != null) {
            str4 = DOMUtils.getNamespacePrefix(oMElement, str2);
        }
        if (str4 == null) {
            z = true;
            str4 = "wsse";
        }
        OMElement createOMElement = oMFactory.createOMElement("BinarySecurityToken", str2, str4);
        if (z) {
            createOMElement.declareNamespace(str2, "wsse");
        }
        if (str != null) {
            boolean z2 = false;
            String namespacePrefix = DOMUtils.getNamespacePrefix(oMElement, str3);
            if (namespacePrefix == null) {
                z2 = true;
                namespacePrefix = "wsu";
            }
            if (z2) {
                createOMElement.declareNamespace(str3, "wsu");
            }
            createOMElement.addAttribute("Id", str, oMFactory.createOMNamespace(Constants.NS_WSU, namespacePrefix));
        }
        if (qName == null) {
            qName = Constants.LTPA_TOKEN;
        }
        createOMElement.declareNamespace(qName.getNamespaceURI(), "wsst");
        DOMUtils.setQNameAttr(createOMElement, null, "EncodingType", Constants.BASE64_BINARY, i);
        DOMUtils.setQNameAttr(createOMElement, null, "ValueType", qName, i);
        createOMElement.addChild(oMFactory.createOMText(Base64.encode(bArr)));
        if (tc.isEntryEnabled()) {
            StringBuffer stringBuffer2 = new StringBuffer("createOMTokenElement(");
            stringBuffer2.append("OMFactory, OMElement, TokenGeneratorConfig, byte[], String, int)");
            stringBuffer2.append(" returns OMElement[").append(createOMElement).append("]");
            Tr.exit(tc, stringBuffer2.toString());
        }
        return createOMElement;
    }

    private static AuthenticationToken getAuthTokenFromSubject(Subject subject) throws SoapSecurityException {
        if (subject == null) {
            return null;
        }
        try {
            for (AuthenticationToken authenticationToken : subject.getPrivateCredentials(AuthenticationToken.class)) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Processing AUTH token with name: " + authenticationToken.getName());
                }
                if (authenticationToken.getName().equals(Constants.AUTHENTICATION_TOKEN_LTPA_OID)) {
                    return authenticationToken;
                }
            }
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Could not find internally implemented AuthenticationToken.");
            return null;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting AuthenticationToken from Subject.", new Object[]{e});
            }
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    private static SingleSignonToken getSSOTokenFromSubject(final Subject subject) throws SoapSecurityException {
        if (subject == null) {
            return null;
        }
        try {
            return (SingleSignonToken) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.ibm.ws.wssecurity.wssapi.token.impl.LtpaTokenParser.1
                @Override // java.security.PrivilegedAction
                public Object run() {
                    for (SingleSignonToken singleSignonToken : subject.getPrivateCredentials(SingleSignonToken.class)) {
                        if (LtpaTokenParser.tc.isDebugEnabled()) {
                            Tr.debug(LtpaTokenParser.tc, "Processing SSO token with name: " + singleSignonToken.getName());
                        }
                        if (singleSignonToken.getName().equals("LtpaToken")) {
                            if (LtpaTokenParser.tc.isDebugEnabled()) {
                                Tr.debug(LtpaTokenParser.tc, "Found SSO token.");
                            }
                            return singleSignonToken;
                        }
                    }
                    if (!LtpaTokenParser.tc.isDebugEnabled()) {
                        return null;
                    }
                    Tr.debug(LtpaTokenParser.tc, "Could not find internally implemeted SSO token.");
                    return null;
                }
            });
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting SingleSignonToken from Subject.", new Object[]{e});
            }
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    private WSCredentialTokenMapperInterface getWSCredentialTokenMapperInterface() {
        if (wsCredTokenMapper != null) {
            return wsCredTokenMapper;
        }
        wsCredTokenMapper = _wsCredToken._wsCredTokenMapper;
        return wsCredTokenMapper;
    }
}
