package com.ibm.ws.wssecurity.util;

import com.ibm.websphere.wssecurity.callbackhandler.SAMLGenerateCallback;
import com.ibm.websphere.wssecurity.wssapi.token.SAMLToken;
import com.ibm.websphere.wssecurity.wssapi.token.SecurityToken;
import com.ibm.ws.wssecurity.common.Constants;
import com.ibm.ws.wssecurity.platform.auth.WSSContext;
import com.ibm.ws.wssecurity.platform.auth.WSSContextFactory;
import com.ibm.ws.wssecurity.platform.util.PasswordUtilFactory;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.token.impl.CommonTokenParser;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAML11TokenFactoryImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAML20TokenFactoryImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedAction;
import java.security.PrivilegedExceptionAction;
import java.util.Iterator;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.xml.namespace.QName;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.context.OperationContext;

/* loaded from: input_file:com/ibm/ws/wssecurity/util/SAMLTokenHelper.class */
public class SAMLTokenHelper {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(SAMLTokenHelper.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = TokenHolder.class.getName();
    public static final String SAMLTOKEN = "SAMLTokenHelper.samlToken".intern();
    public static final String SAMLTOKEN_ID = "SAMLTokenHelper.samlToken.Id".intern();
    private static final String SAMLTOKEN_HOK = "SAMLTokenHelper.samlToken.hok".intern();

    public static void setSAMLTokenToContext(SAMLToken sAMLToken, MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInboundTokenToContext(TGSAuthToken newtoken, MessageContext messageContext)");
        }
        messageContext.setProperty(SAMLTOKEN, sAMLToken);
        OperationContext operationContext = messageContext.getOperationContext();
        if (operationContext == null) {
            operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
        }
        if (operationContext != null) {
            operationContext.setProperty(SAMLTOKEN, sAMLToken);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The operation context is NULL!!!");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Added token uuid = " + sAMLToken.getId() + " to the message context");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setInboundTokenToContext(X509Token newtoken, MessageContext messageContext)");
        }
    }

    public static SAMLToken getSAMLTokenFromContext(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLTokenFromContext(MessageContext messageContext");
        }
        SAMLToken sAMLToken = (SAMLToken) Axis2Util.getProperty(messageContext, SAMLTOKEN);
        String str = null;
        if (sAMLToken != null) {
            str = sAMLToken.getId();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSAMLTokenFromContext( MessageContext messageContext) with " + str);
        }
        return sAMLToken;
    }

    public static void setInboundSAMLTokenAssertionIDToContext(SAMLToken sAMLToken, MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setInboundSAMLTokenAssertionIDToContext(SAMLToken newtoken, MessageContext messageContext)");
        }
        String samlID = sAMLToken.getSamlID();
        messageContext.setProperty(SAMLTOKEN_ID, samlID);
        OperationContext operationContext = messageContext.getOperationContext();
        if (operationContext == null) {
            operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
        }
        if (operationContext != null) {
            operationContext.setProperty(SAMLTOKEN_ID, samlID);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The operation context is NULL!!!");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Added token uuid = " + samlID + " to the message context");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setInboundSAMLTokenAssertionIDToContext(SAMLToken newtoken, MessageContext messageContext)");
        }
    }

    public static String getSAMLTokenAssertionIDFromContext(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLTokenAssertionIDFromContext(MessageContext messageContext");
        }
        String str = (String) Axis2Util.getProperty(messageContext, SAMLTOKEN_ID);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSAMLTokenAssertionIDFromContext( MessageContext messageContext) with " + str);
        }
        return str;
    }

    public static SAMLToken getSAMLTokenFromSubject(final Subject subject) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLTokenFromSubject() entry... " + subject);
        }
        if (subject == null) {
            return null;
        }
        try {
            SAMLToken sAMLToken = (SAMLToken) AccessController.doPrivileged(new PrivilegedExceptionAction() { // from class: com.ibm.ws.wssecurity.util.SAMLTokenHelper.1
                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws Exception {
                    Iterator it = subject.getPrivateCredentials(SAMLToken.class).iterator();
                    if (!it.hasNext()) {
                        return null;
                    }
                    SAMLToken sAMLToken2 = (SAMLToken) it.next();
                    if (sAMLToken2 != null) {
                        if (SAMLTokenHelper.tc.isDebugEnabled()) {
                            Tr.debug(SAMLTokenHelper.tc, "Found SAMLToken: " + sAMLToken2.getSamlID());
                        }
                    } else if (SAMLTokenHelper.tc.isDebugEnabled()) {
                        Tr.debug(SAMLTokenHelper.tc, "NO SAMLToken is found to be processed...");
                    }
                    return sAMLToken2;
                }
            });
            if (sAMLToken == null) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Could not find SAMLToken.");
                }
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Found SAMLToken from runAsSubject: " + sAMLToken);
            }
            if (tc.isEntryEnabled()) {
                Tr.exit(tc, "getSAMLTokenFromSubject() exits... ");
            }
            return sAMLToken;
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception getting SAMLToken from Subject.", new Object[]{e});
            }
            throw new SoapSecurityException(e);
        }
    }

    public static Subject getRunAsSubject(MessageContext messageContext) {
        Subject subject = null;
        WSSContext wSSContextFactory = WSSContextFactory.getInstance();
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Found a WSSContext: " + wSSContextFactory.toString());
        }
        if (wSSContextFactory != null) {
            try {
                subject = wSSContextFactory.getRunAsSubject(messageContext);
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Unable to get RunAsSubject.");
                }
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "No WSSContext is found. Return.");
        }
        if (tc.isEntryEnabled()) {
            if (subject != null) {
                Tr.exit(tc, "RunAsSubject: " + subject.toString());
            } else {
                Tr.exit(tc, "Not RunAsSubject exists");
            }
        }
        return subject;
    }

    public static SAMLTokenImpl cloneSAMLToken(SAMLToken sAMLToken) throws SoapSecurityException {
        SAMLTokenImpl sAMLTokenImpl = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cloneSAMLToken(SAMLToken token)" + (sAMLToken != null ? sAMLToken.getValueType().getLocalPart() : ""));
        }
        if (sAMLToken != null && (sAMLToken instanceof SAMLTokenImpl)) {
            QName valueType = sAMLToken.getValueType();
            try {
                sAMLTokenImpl = SAMLTokenImpl.saml20ValueType.equals(valueType) ? new SAML20TokenFactoryImpl().newSecurityToken(valueType.getLocalPart()) : new SAML11TokenFactoryImpl().newSecurityToken(valueType.getLocalPart());
                sAMLTokenImpl.initialize(((SAMLTokenImpl) sAMLToken).getTokenBytes());
                if (tc.isEntryEnabled()) {
                    Tr.entry(tc, "cloned Token" + sAMLTokenImpl.getValueType().getLocalPart());
                }
            } catch (Exception e) {
                throw new SoapSecurityException(e);
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "cloneSAMLToken(SAMLToken token)");
        }
        return sAMLTokenImpl;
    }

    public static SecurityToken clone(SAMLToken sAMLToken, SAMLGenerateCallback sAMLGenerateCallback, Map map) throws LoginException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "clone(SAMLToken token)" + (sAMLToken != null ? sAMLToken.getValueType().getLocalPart() : ""));
        }
        SecurityToken securityToken = null;
        OMStructure oMStructure = (OMStructure) sAMLToken.getXML();
        if (oMStructure != null) {
            OMStructure oMStructure2 = new OMStructure(oMStructure.getNode());
            int i = 0;
            Object obj = map.get(Constants.WSS_VERSION);
            if (obj != null && (obj instanceof Integer)) {
                i = ((Integer) obj).intValue();
            }
            try {
                QName valueType = sAMLToken.getValueType();
                map.put(CommonTokenParser.TOKEN_CALLBACK, sAMLGenerateCallback);
                securityToken = CommonTokenParser.getSecurityToken(oMStructure2, valueType, i, true, map);
                map.remove(CommonTokenParser.TOKEN_CALLBACK);
            } catch (Exception e) {
                LoginException loginException = new LoginException(e.getMessage());
                loginException.initCause(e.getCause());
                throw loginException;
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "clone(SAMLToken token)");
        }
        return securityToken;
    }

    public static void setSAMLHoKToContext(final SAMLToken sAMLToken, MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setSAMLHoKToContext(SAMLToken newtoken, MessageContext messageContext)");
        }
        Key key = (Key) AccessController.doPrivileged(new PrivilegedAction<Object>() { // from class: com.ibm.ws.wssecurity.util.SAMLTokenHelper.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                try {
                    return SAMLToken.this.getKey(63);
                } catch (Exception e) {
                    return null;
                }
            }
        });
        messageContext.setProperty(SAMLTOKEN_HOK, key);
        OperationContext operationContext = messageContext.getOperationContext();
        if (operationContext == null) {
            operationContext = (OperationContext) messageContext.getProperty("unverifiedOperationContext");
        }
        if (operationContext != null) {
            operationContext.setProperty(SAMLTOKEN_HOK, key);
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "The operation context is NULL!!!");
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "Added token uuid = " + sAMLToken.getId() + " to the message context");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setSAMLHoKToContext(SAMLToken newtoken, MessageContext messageContext)");
        }
    }

    public static Key getSAMLHoKFromContext(MessageContext messageContext) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getSAMLHoKFromContext(MessageContext messageContext");
        }
        Key key = (Key) Axis2Util.getProperty(messageContext, SAMLTOKEN_HOK);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getSAMLHoKFromContext( MessageContext messageContext)  ");
        }
        return key;
    }

    public static char[] decodePassword(char[] cArr) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "decodePassword(password [" + ((cArr == null || cArr.length == 0) ? "null" : "not null") + "]");
        }
        if (cArr != null && cArr.length == 0) {
            cArr = PasswordUtilFactory.getInstance().passwordDecode(new String(cArr)).toCharArray();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "decodePassword");
        }
        return cArr;
    }
}
