package com.ibm.ws.wssecurity.saml.protocol.saml20.impl;

import com.ibm.security.krb5.wss.util.ElementLocalNames;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLTokenFactory;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionParser;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.common.util.UTC;
import com.ibm.ws.wssecurity.saml.protocol.saml20.Response;
import com.ibm.ws.wssecurity.saml.protocol.saml20.Status;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Assertion;
import com.ibm.ws.wssecurity.saml.saml20.assertion.NameID;
import com.ibm.ws.wssecurity.saml.saml20.assertion.impl.IssuerImpl;
import com.ibm.ws.wssecurity.saml.saml20.assertion.utils.SAMLTokenBuilder;
import com.ibm.ws.wssecurity.saml.security.impl.EncryptedDataConsumer;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
import java.security.AccessController;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.cert.X509Certificate;
import java.util.Date;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXBuilder;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/protocol/saml20/impl/ResponseImpl.class */
public class ResponseImpl implements Response {
    private static final String comp = "security.wssecurity";
    private SAMLToken samlToken;
    private OMElement xml;
    private OMElement decryptedSAML;
    private OMElement receivedSAML;
    private boolean isEncryptedAssertion;
    private ConsumerConfig consumerCfg;
    private SAMLAssertion samlAssertion;
    protected NameID issuer;
    protected SAMLNameID issuerName;
    protected OMElement signature;
    protected X509Certificate x509cert;
    protected OMElement extension;
    protected Status status;
    protected String id;
    protected String inResponseTo;
    protected String version;
    protected String destination;
    protected Date issueInstant;
    protected String consent;
    private static final TraceComponent tc = Tr.register(ResponseImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final String clsName = ResponseImpl.class.getName();

    public ResponseImpl(OMElement oMElement) throws SoapSecurityException {
        this(oMElement, null);
    }

    public ResponseImpl(OMElement oMElement, ConsumerConfig consumerConfig) throws SoapSecurityException {
        this.samlToken = null;
        this.xml = null;
        this.decryptedSAML = null;
        this.receivedSAML = null;
        this.isEncryptedAssertion = false;
        this.consumerCfg = null;
        this.samlAssertion = null;
        this.issuer = null;
        this.issuerName = null;
        this.signature = null;
        this.x509cert = null;
        this.extension = null;
        this.status = null;
        this.id = null;
        this.inResponseTo = null;
        this.version = null;
        this.destination = null;
        this.issueInstant = null;
        this.consent = null;
        this.xml = oMElement;
        this.consumerCfg = consumerConfig;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public void unMarshal() throws SoapSecurityException {
        unMarshal(this.xml);
    }

    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        if (oMElement == null) {
            oMElement = this.xml;
        }
        this.id = oMElement.getAttributeValue(new QName(null, Assertion.ID));
        this.version = oMElement.getAttributeValue(new QName(null, Assertion.VersionIdentifier));
        this.inResponseTo = oMElement.getAttributeValue(new QName(null, "InResponseTo"));
        this.destination = oMElement.getAttributeValue(new QName(null, "Destination"));
        String attributeValue = oMElement.getAttributeValue(new QName(null, "IssueInstant"));
        if (attributeValue != null) {
            try {
                this.issueInstant = UTC.parse(attributeValue);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not parse IssueInstant:", e.getMessage());
                }
                throw new SoapSecurityException(e.getMessage(), e.getCause());
            }
        }
        try {
            for (OMElement firstElement = OMUtil.getFirstElement(oMElement); firstElement != null; firstElement = OMUtil.getNextElement(firstElement)) {
                String localName = firstElement.getLocalName();
                if ("Issuer".equals(localName)) {
                    this.issuer = new IssuerImpl();
                    this.issuer.unMarshal(firstElement);
                    this.issuerName = new SAMLNameID(this.issuer.getValue(), this.issuer.getFormat(), this.issuer.getNameQualifier(), this.issuer.getSPNameQualifier(), this.issuer.getSPProvidedID());
                } else if ("Status".equals(localName)) {
                    this.status = new StatusImpl();
                    for (OMElement firstElement2 = OMUtil.getFirstElement(firstElement); firstElement2 != null; firstElement2 = OMUtil.getNextElement(firstElement2)) {
                        String localName2 = firstElement2.getLocalName();
                        if ("StatusCode".equals(localName2)) {
                            this.status.setStatusCode(new StatusCodeImpl(firstElement2.getAttributeValue(new QName(null, "Value"))));
                        }
                        if (ElementLocalNames.SAMLP_STATUS_MESSAGE.equals(localName2)) {
                            this.status.setStatusMessage(oMElement.getAttributeValue(new QName(null, "Value")));
                        }
                    }
                } else if ("Assertion".equals(localName)) {
                    if (this.receivedSAML != null) {
                        throw new Exception("Multiple Assertions are not supported!");
                    }
                    SAMLTokenFactory sAMLTokenFactory = SAMLTokenFactory.getInstance(SAMLTokenImpl.saml20ValueType.getLocalPart());
                    if (this.consumerCfg == null) {
                        this.consumerCfg = sAMLTokenFactory.newConsumerConfig();
                    }
                    OMElement cloneOMElement = firstElement.cloneOMElement();
                    if (cloneOMElement.getParent() != null) {
                        cloneOMElement.detach();
                        StAXBuilder builder = cloneOMElement.getBuilder();
                        if (builder != null) {
                            builder.releaseParserOnClose(true);
                        }
                    }
                    NamespaceUtil.moveUpNamespaceDeclaration(cloneOMElement, firstElement);
                    this.receivedSAML = cloneOMElement;
                    this.isEncryptedAssertion = false;
                    this.samlAssertion = parseSAMLElement(this.receivedSAML, this.consumerCfg);
                    this.samlToken = SAMLTokenBuilder.createSAMLToken(this.samlAssertion);
                } else if ("EncryptedAssertion".equals(localName)) {
                    if (this.receivedSAML != null) {
                        throw new Exception("Multiple Assertions are not supported!");
                    }
                    SAMLTokenFactory sAMLTokenFactory2 = SAMLTokenFactory.getInstance(SAMLTokenImpl.saml20ValueType.getLocalPart());
                    this.receivedSAML = firstElement;
                    this.isEncryptedAssertion = true;
                    if (this.consumerCfg == null) {
                        this.consumerCfg = sAMLTokenFactory2.newConsumerConfig();
                    }
                    this.decryptedSAML = EncryptedDataConsumer.DecryptEncryptedData(OMUtil.getFirstElement(firstElement), this.consumerCfg);
                    this.samlAssertion = parseSAMLElement(this.decryptedSAML, this.consumerCfg);
                    this.samlToken = SAMLTokenBuilder.createSAMLToken(this.samlAssertion);
                } else if ("Signature".equals(localName)) {
                    this.signature = firstElement;
                }
            }
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Could not parse Response:", e2.getMessage());
            }
            throw new SoapSecurityException(e2.getMessage(), e2.getCause());
        }
    }

    protected SAMLAssertion parseSAMLElement(final OMElement oMElement, final ConsumerConfig consumerConfig) throws SoapSecurityException {
        try {
            return (SAMLAssertion) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.saml.protocol.saml20.impl.ResponseImpl.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws SoapSecurityException {
                    return SAMLAssertionParser.parseSAML(oMElement, consumerConfig);
                }
            });
        } catch (PrivilegedActionException e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "caught exception calling doPrivileged method: " + e.getException().getMessage());
            }
            throw new SoapSecurityException(e.getException().getMessage(), e.getException().getCause());
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public OMElement getDecryptedSAML() {
        return this.decryptedSAML;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public OMElement getReceivedSAML() {
        return this.receivedSAML;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public boolean isEncryptedAssertion() {
        return this.isEncryptedAssertion;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public SAMLToken getSAMLToken() throws SoapSecurityException {
        return this.samlToken;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public SAMLNameID getIssuer() {
        return this.issuerName;
    }

    public void setIssuer(SAMLNameID sAMLNameID) {
        this.issuerName = sAMLNameID;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public OMElement getSignature() {
        return this.signature;
    }

    public void setSignature(OMElement oMElement) {
        this.signature = oMElement;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public Status getStatus() {
        return this.status;
    }

    public void setStatus(Status status) {
        this.status = status;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public String getID() {
        return this.id;
    }

    public void setID(String str) {
        this.id = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public String getInResponseTo() {
        return this.inResponseTo;
    }

    public void setInResponseTo(String str) {
        this.inResponseTo = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public String getVersion() {
        return this.version;
    }

    public void setVersion(String str) {
        this.version = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public Date getIssueInstant() {
        return this.issueInstant;
    }

    public void setIssueInstant(Date date) {
        this.issueInstant = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public String getDestination() {
        return this.destination;
    }

    public void setDestination(String str) {
        this.destination = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public String getConsent() {
        return this.consent;
    }

    public void setConsent(String str) {
        this.consent = str;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public OMElement getExtension() {
        return this.extension;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public SAMLAssertion getSAMLAssertion() {
        return this.samlAssertion;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public OMElement getResponseXML() {
        return this.xml;
    }

    @Override // com.ibm.ws.wssecurity.saml.protocol.saml20.Response
    public X509Certificate getSigningX509Certificate() {
        return this.x509cert;
    }

    public void setSigningX509Certificate(X509Certificate x509Certificate) {
        this.x509cert = x509Certificate;
    }
}
