package com.ibm.ws.wssecurity.saml.saml11.assertion.utils;

import com.ibm.websphere.wssecurity.wssapi.XMLStructure;
import com.ibm.ws.wssecurity.common.TraceLog;
import com.ibm.ws.wssecurity.saml.assertion.wssapi.SAMLAssertionParser;
import com.ibm.ws.wssecurity.saml.common.SAMLAssertion;
import com.ibm.ws.wssecurity.saml.common.SAMLObjectElement;
import com.ibm.ws.wssecurity.saml.common.util.Base64;
import com.ibm.ws.wssecurity.saml.common.util.KeyUtils;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.saml11.assertion.Assertion;
import com.ibm.ws.wssecurity.saml.saml11.assertion.Attribute;
import com.ibm.ws.wssecurity.saml.saml11.assertion.AttributeStatement;
import com.ibm.ws.wssecurity.saml.saml11.assertion.AudienceRestrictionCondition;
import com.ibm.ws.wssecurity.saml.saml11.assertion.AuthenticationStatement;
import com.ibm.ws.wssecurity.saml.saml11.assertion.ConditionAbstract;
import com.ibm.ws.wssecurity.saml.saml11.assertion.Conditions;
import com.ibm.ws.wssecurity.saml.saml11.assertion.DoNotCacheCondition;
import com.ibm.ws.wssecurity.saml.saml11.assertion.StatementAbstract;
import com.ibm.ws.wssecurity.saml.saml11.assertion.SubjectLocality;
import com.ibm.ws.wssecurity.saml.security.HoKAssertion;
import com.ibm.ws.wssecurity.util.DOMUtils;
import com.ibm.ws.wssecurity.util.WSSecurityFactoryBuilder;
import com.ibm.ws.wssecurity.wssapi.OMStructure;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAML11TokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.SAMLTokenImpl;
import com.ibm.ws.wssecurity.wssapi.token.impl.TokenFactory;
import com.ibm.ws.wssecurity.wssapi.token.impl.TokenFactoryFactory;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.saml.data.SAMLAttribute;
import com.ibm.wsspi.wssecurity.saml.data.SAMLNameID;
import com.ibm.wsspi.wssecurity.trust.config.ConsumerConfig;
import java.security.AccessController;
import java.security.Key;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:com/ibm/ws/wssecurity/saml/saml11/assertion/utils/SAMLTokenBuilder.class */
public class SAMLTokenBuilder {
    private static final TraceLog log = new TraceLog(SAMLTokenBuilder.class);
    private static String _factoryKey = (String) WSSecurityFactoryBuilder.getImplClassName("com.ibm.ws.wssecurity.platform.SAML11Token");
    private static TokenFactory _tokenFactory = TokenFactoryFactory.getTokenFactory(_factoryKey);

    public static SAML11TokenImpl createSAMLToken(SAMLAssertion sAMLAssertion) throws SoapSecurityException {
        HoKAssertion keyInfoAssertion;
        HoKAssertion keyInfoAssertion2;
        log.entry("createSAMLToken(SAMLAssertion)");
        Assertion assertion = (Assertion) sAMLAssertion;
        SAML11TokenImpl sAML11TokenImpl = (SAML11TokenImpl) _tokenFactory.getToken(true);
        sAML11TokenImpl.setAssertionQName(assertion.getAssertionQName());
        sAML11TokenImpl.setConfirmationMethod(assertion.getConfirmationMethod());
        sAML11TokenImpl.setSAMLIssuerName(assertion.getIssuer());
        boolean z = false;
        StatementAbstract[] allStatements = assertion.getAllStatements();
        int length = allStatements.length;
        for (int i = 0; i < length; i++) {
            if (allStatements[i] instanceof AttributeStatement) {
                AttributeStatement attributeStatement = (AttributeStatement) allStatements[i];
                Iterator<Attribute> it = attributeStatement.getAttribute().iterator();
                ArrayList arrayList = new ArrayList();
                HashMap hashMap = new HashMap();
                while (it.hasNext()) {
                    Attribute next = it.next();
                    String name = next.getName();
                    int size = next.getAttributeValue().size();
                    List<Object> attributeValue = next.getAttributeValue();
                    String attributeNamespace = next.getAttributeNamespace();
                    String nameFormat = next.getNameFormat();
                    String friendlyName = next.getFriendlyName();
                    ArrayList arrayList2 = new ArrayList();
                    ArrayList arrayList3 = new ArrayList();
                    for (Object obj : attributeValue) {
                        if (obj instanceof String) {
                            arrayList3.add((String) obj);
                        } else if (obj instanceof XMLStructure) {
                            arrayList2.add((XMLStructure) obj);
                        }
                    }
                    String[] strArr = null;
                    XMLStructure[] xMLStructureArr = null;
                    if (!arrayList3.isEmpty()) {
                        strArr = new String[arrayList3.size()];
                        for (int i2 = 0; i2 < strArr.length; i2++) {
                            strArr[i2] = (String) arrayList3.get(i2);
                        }
                    }
                    if (!arrayList2.isEmpty()) {
                        xMLStructureArr = new XMLStructure[arrayList2.size()];
                        for (int i3 = 0; i3 < xMLStructureArr.length; i3++) {
                            xMLStructureArr[i3] = (XMLStructure) arrayList2.get(i3);
                        }
                    }
                    arrayList.add(new SAMLAttribute(name, strArr, xMLStructureArr, attributeNamespace, nameFormat, friendlyName));
                    if (size == 1 && !hasValue(attributeNamespace) && !hasValue(nameFormat) && !hasValue(friendlyName) && (attributeValue.get(0) instanceof String)) {
                        hashMap.put(name, (String) attributeValue.get(0));
                    }
                }
                sAML11TokenImpl.addSAMLAttributes(arrayList);
                sAML11TokenImpl.addSAMLAttributeStatement(arrayList);
                sAML11TokenImpl.setStringAttributes(hashMap);
                if (attributeStatement.getSubject() != null) {
                    if (attributeStatement.getSubject().getNameIdentifier() != null) {
                        String value = attributeStatement.getSubject().getNameIdentifier().getValue();
                        sAML11TokenImpl.setPrincipal(value);
                        sAML11TokenImpl.setSAMLNameID(new SAMLNameID(value, attributeStatement.getSubject().getNameIdentifier().getFormat(), attributeStatement.getSubject().getNameIdentifier().getNameQualifier(), null, null));
                    }
                    if (attributeStatement.getSubject().getSubjectConfirmation() != null && (keyInfoAssertion2 = attributeStatement.getSubject().getSubjectConfirmation().getKeyInfoAssertion()) != null && keyInfoAssertion2.getPrivateOrSharedKey() != null) {
                        z = true;
                    }
                }
            } else if (allStatements[i] instanceof AuthenticationStatement) {
                AuthenticationStatement authenticationStatement = (AuthenticationStatement) allStatements[i];
                SubjectLocality subjectLocality = authenticationStatement.getSubjectLocality();
                if (subjectLocality != null) {
                    sAML11TokenImpl.setSubjectIPAddress(subjectLocality.getIPAddress());
                    sAML11TokenImpl.setSubjectDNS(subjectLocality.getDNSAddress());
                }
                if (authenticationStatement.getSubject() != null) {
                    if (authenticationStatement.getSubject().getNameIdentifier() != null) {
                        String value2 = authenticationStatement.getSubject().getNameIdentifier().getValue();
                        sAML11TokenImpl.setPrincipal(value2);
                        sAML11TokenImpl.setSAMLNameID(new SAMLNameID(value2, authenticationStatement.getSubject().getNameIdentifier().getFormat(), authenticationStatement.getSubject().getNameIdentifier().getNameQualifier(), null, null));
                    }
                    if (authenticationStatement.getSubject().getSubjectConfirmation() != null && (keyInfoAssertion = authenticationStatement.getSubject().getSubjectConfirmation().getKeyInfoAssertion()) != null && keyInfoAssertion.getPrivateOrSharedKey() != null) {
                        z = true;
                    }
                }
                if (authenticationStatement.getAuthenticationMethod() != null) {
                    sAML11TokenImpl.setAuthenticationMethod(authenticationStatement.getAuthenticationMethod());
                    sAML11TokenImpl.setAuthenticationInstant(authenticationStatement.getAuthenticationInstant());
                }
            }
        }
        if (assertion.getConditions() != null) {
            Conditions conditions = assertion.getConditions();
            sAML11TokenImpl.setSamlCreated(conditions.getNotBefore());
            sAML11TokenImpl.setSamlExpires(conditions.getNotOnOrAfter());
            if (conditions.getAudienceRestrictionConditionOrDoNotCacheConditionOrCondition() != null) {
                for (ConditionAbstract conditionAbstract : conditions.getAudienceRestrictionConditionOrDoNotCacheConditionOrCondition()) {
                    if (conditionAbstract instanceof AudienceRestrictionCondition) {
                        sAML11TokenImpl.setAudienceRestriction(((AudienceRestrictionCondition) conditionAbstract).getAudience());
                    } else if (conditionAbstract instanceof DoNotCacheCondition) {
                        boolean doNotCache = ((DoNotCacheCondition) conditionAbstract).doNotCache();
                        sAML11TokenImpl.setIsOneTimeUse(doNotCache);
                        log.debug("DoNotCache:" + doNotCache);
                    }
                }
            }
        }
        if (assertion.getHolderOfKey() == null) {
            sAML11TokenImpl.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer");
        } else if (z) {
            byte[] encoded = assertion.getHolderOfKey().getEncoded();
            sAML11TokenImpl.setHolderOfKeyBytes(encoded);
            Key genertaeEncryptionKey = KeyUtils.genertaeEncryptionKey(encoded, "AES");
            sAML11TokenImpl.setKey(62, genertaeEncryptionKey);
            sAML11TokenImpl.setKey(64, genertaeEncryptionKey);
            Key genertaeSigningKey = KeyUtils.genertaeSigningKey(encoded, null);
            sAML11TokenImpl.setKey(61, genertaeSigningKey);
            sAML11TokenImpl.setKey(63, genertaeSigningKey);
            sAML11TokenImpl.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey");
        } else {
            sAML11TokenImpl.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey");
            sAML11TokenImpl.setKey(63, assertion.getHolderOfKey());
            sAML11TokenImpl.setKey(62, assertion.getHolderOfKey());
        }
        sAML11TokenImpl.setKeyIdentifier(assertion.getSamlID());
        sAML11TokenImpl.setKeyIdentifierValueType(SAMLTokenImpl.saml11KeyIdentifierValueType);
        sAML11TokenImpl.setSamlID(assertion.getSamlID());
        sAML11TokenImpl.setId(assertion.getSamlID());
        sAML11TokenImpl.setXML(new OMStructure(assertion.getXML()));
        log.exit("createSAMLToken(SAMLAssertion)");
        return sAML11TokenImpl;
    }

    public static SAML11TokenImpl createSAMLToken(Map map, Map map2, OMElement oMElement) throws SoapSecurityException {
        SAML11TokenImpl createSAMLToken = createSAMLToken(map, oMElement);
        if (map2 != null) {
            createSAMLToken.setProperties(map2);
        }
        return createSAMLToken;
    }

    public static SAML11TokenImpl createSAMLToken(Map map, final OMElement oMElement) throws SoapSecurityException {
        OMElement firstElement;
        log.entry("createEncryptedSAMLToken(Map, OMElement)");
        SAML11TokenImpl sAML11TokenImpl = (SAML11TokenImpl) _tokenFactory.getToken(true);
        if (!oMElement.getLocalName().equals("EncryptedData") && !oMElement.getLocalName().equals("EncryptedAssertion")) {
            try {
                sAML11TokenImpl = createSAMLToken((SAMLAssertion) AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { // from class: com.ibm.ws.wssecurity.saml.saml11.assertion.utils.SAMLTokenBuilder.1
                    @Override // java.security.PrivilegedExceptionAction
                    public Object run() throws SoapSecurityException {
                        return SAMLAssertionParser.parseSAML(oMElement);
                    }
                }));
            } catch (PrivilegedActionException e) {
                log.debug("caught exception calling doPrivileged method: " + e.getException().getMessage());
            }
        }
        OMElement oMElement2 = (OMElement) map.get(ConsumerConfig.RSTR.REQUESTEDPROOFTOKENXML);
        if (oMElement2 != null) {
            byte[] decode = Base64.decode(OMUtil.getFirstElement(oMElement2).getText());
            try {
                sAML11TokenImpl.setHolderOfKeyBytes(decode);
                Key genertaeEncryptionKey = KeyUtils.genertaeEncryptionKey(decode, "AES");
                sAML11TokenImpl.setKey(62, genertaeEncryptionKey);
                sAML11TokenImpl.setKey(64, genertaeEncryptionKey);
                Key genertaeSigningKey = KeyUtils.genertaeSigningKey(decode, null);
                sAML11TokenImpl.setKey(61, genertaeSigningKey);
                sAML11TokenImpl.setKey(63, genertaeSigningKey);
                sAML11TokenImpl.setKeyType("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey");
                log.debug("Extracted proof key in RSTR");
            } catch (Exception e2) {
                log.debug("fail to extract proof key in RSTR");
                throw new SoapSecurityException(e2);
            }
        } else {
            log.debug("No proof key included in RSTR");
        }
        sAML11TokenImpl.setXML(new OMStructure(oMElement));
        if (sAML11TokenImpl.getSamlCreated() == null) {
            sAML11TokenImpl.setSamlCreated((Date) map.get(ConsumerConfig.RSTR.LIFETIME_CREATED));
        }
        if (sAML11TokenImpl.getSamlExpires() == null) {
            sAML11TokenImpl.setSamlExpires((Date) map.get(ConsumerConfig.RSTR.LIFETIME_EXPIRES));
        }
        sAML11TokenImpl.setAssertionQName(SAMLObjectElement._saml_ns_qname);
        String str = null;
        OMElement oMElement3 = (OMElement) map.get(ConsumerConfig.RSTR.REQUESTEDUNATTACHEDREFERENCEXML);
        if (oMElement3 == null) {
            oMElement3 = (OMElement) map.get(ConsumerConfig.RSTR.REQUESTEDATTACHEDREFERENCEXML);
        }
        OMElement firstElement2 = DOMUtils.getFirstElement((OMNode) oMElement3);
        while (true) {
            OMElement oMElement4 = firstElement2;
            if (oMElement4 == null) {
                sAML11TokenImpl.setKeyIdentifier(str);
                sAML11TokenImpl.setKeyIdentifierValueType(SAMLTokenImpl.saml11KeyIdentifierValueType);
                sAML11TokenImpl.setSamlID(str);
                sAML11TokenImpl.setId(str);
                sAML11TokenImpl.setXML(new OMStructure(oMElement));
                log.exit("createEncryptedSAMLToken(Map, OMElement)");
                return sAML11TokenImpl;
            }
            if ("SecurityTokenReference".equals(oMElement4.getLocalName()) && (firstElement = DOMUtils.getFirstElement((OMNode) oMElement4)) != null && "KeyIdentifier".equals(firstElement.getLocalName())) {
                str = firstElement.getText();
            }
            firstElement2 = DOMUtils.getNextElement(oMElement4);
        }
    }

    public static boolean hasValue(String str) {
        log.entry("hasValue(String)");
        if (str == null || str.isEmpty()) {
            return false;
        }
        log.exit("hasValue(String)");
        return true;
    }
}
