package com.sun.xml.ws.security.trust.impl;

import com.sun.xml.ws.api.WSService;
import com.sun.xml.ws.api.security.trust.Claims;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.STSIssuedTokenConfiguration;
import com.sun.xml.ws.api.security.trust.client.SecondaryIssuedTokenParameters;
import com.sun.xml.ws.api.server.Container;
import com.sun.xml.ws.mex.client.MetadataClient;
import com.sun.xml.ws.mex.client.PortInfo;
import com.sun.xml.ws.mex.client.schema.Metadata;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.Token;
import com.sun.xml.ws.security.trust.Configuration;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.ws.security.trust.TrustPlugin;
import com.sun.xml.ws.security.trust.WSTrustConstants;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.ws.security.trust.WSTrustFactory;
import com.sun.xml.ws.security.trust.WSTrustVersion;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection;
import com.sun.xml.ws.security.trust.elements.SecondaryParameters;
import com.sun.xml.ws.security.trust.logging.LogDomainConstants;
import com.sun.xml.ws.security.trust.logging.LogStringsMessages;
import com.sun.xml.ws.security.trust.util.WSTrustUtil;
import com.sun.xml.wss.XWSSConstants;
import com.sun.xml.wss.impl.dsig.WSSPolicyConsumerImpl;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.rmi.RemoteException;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.Dispatch;
import javax.xml.ws.RespectBindingFeature;
import javax.xml.ws.Service;
import javax.xml.ws.WebServiceException;
import javax.xml.ws.soap.AddressingFeature;
import org.w3c.dom.Document;

/* loaded from: input_file:WEB-INF/lib/metro-webservices-rt-1.2.jar:com/sun/xml/ws/security/trust/impl/TrustPluginImpl.class */
public class TrustPluginImpl implements TrustPlugin {
    private static final Logger log = Logger.getLogger("com.sun.xml.ws.security.trust", LogDomainConstants.TRUST_IMPL_DOMAIN_BUNDLE);
    private final Configuration config;

    public TrustPluginImpl(Configuration configuration) {
        this.config = configuration;
    }

    @Override // com.sun.xml.ws.security.trust.TrustPlugin
    public void process(IssuedTokenContext issuedTokenContext) throws WSTrustException {
        URI create;
        String endpointAddress = issuedTokenContext.getEndpointAddress();
        STSIssuedTokenConfiguration sTSIssuedTokenConfiguration = (STSIssuedTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        String sTSEndpoint = sTSIssuedTokenConfiguration.getSTSEndpoint();
        if (sTSEndpoint == null) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0029_COULD_NOT_GET_STS_LOCATION(endpointAddress));
            throw new WebServiceException(LogStringsMessages.WST_0029_COULD_NOT_GET_STS_LOCATION(endpointAddress));
        }
        QName qName = null;
        QName qName2 = null;
        String sTSMEXAddress = sTSIssuedTokenConfiguration.getSTSMEXAddress();
        if (sTSMEXAddress != null) {
            create = URI.create(sTSMEXAddress);
        } else {
            String sTSNamespace = sTSIssuedTokenConfiguration.getSTSNamespace();
            String sTSWSDLLocation = sTSIssuedTokenConfiguration.getSTSWSDLLocation();
            if (sTSWSDLLocation == null) {
                sTSWSDLLocation = sTSEndpoint;
            } else {
                String sTSServiceName = sTSIssuedTokenConfiguration.getSTSServiceName();
                if (sTSServiceName != null && sTSNamespace != null) {
                    qName = new QName(sTSNamespace, sTSServiceName);
                }
                String sTSPortName = sTSIssuedTokenConfiguration.getSTSPortName();
                if (sTSPortName != null && sTSNamespace != null) {
                    qName2 = new QName(sTSNamespace, sTSPortName);
                }
            }
            create = URI.create(sTSWSDLLocation);
        }
        try {
            RequestSecurityToken createRequest = createRequest(sTSIssuedTokenConfiguration, endpointAddress, sTSIssuedTokenConfiguration.getOBOToken());
            WSTrustFactory.createWSTrustClientContract(this.config).handleRSTR(createRequest, invokeRST(createRequest, create, qName, qName2, sTSEndpoint, sTSIssuedTokenConfiguration), issuedTokenContext);
            KeyPair keyPair = (KeyPair) sTSIssuedTokenConfiguration.getOtherOptions().get(WSTrustConstants.USE_KEY_RSA_KEY_PAIR);
            if (keyPair != null) {
                issuedTokenContext.setProofKeyPair(keyPair);
            }
        } catch (URISyntaxException e) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0016_PROBLEM_IT_CTX(sTSEndpoint, endpointAddress), (Throwable) e);
            throw new WSTrustException(LogStringsMessages.WST_0016_PROBLEM_IT_CTX(sTSEndpoint, endpointAddress));
        } catch (RemoteException e2) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0016_PROBLEM_IT_CTX(sTSEndpoint, endpointAddress), e2);
            throw new WSTrustException(LogStringsMessages.WST_0016_PROBLEM_IT_CTX(sTSEndpoint, endpointAddress), e2);
        }
    }

    private RequestSecurityToken createRequest(STSIssuedTokenConfiguration sTSIssuedTokenConfiguration, String str, Token token) throws URISyntaxException, WSTrustException, NumberFormatException {
        Claims claims;
        String canonicalizationAlgorithm;
        String encryptionAlgorithm;
        String encryptWith;
        String tokenType;
        SecondaryIssuedTokenParameters secondaryIssuedTokenParameters;
        WSTrustVersion wSTrustVersion = WSTrustVersion.getInstance(sTSIssuedTokenConfiguration.getProtocol());
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        URI create = URI.create(wSTrustVersion.getIssueRequestTypeURI());
        AppliesTo appliesTo = null;
        if (str != null) {
            appliesTo = WSTrustUtil.createAppliesTo(str);
            if (sTSIssuedTokenConfiguration.getOtherOptions().containsKey("Identity")) {
                appliesTo.getAny().add(sTSIssuedTokenConfiguration.getOtherOptions().get("Identity"));
            }
        }
        RequestSecurityToken createRSTForIssue = newInstance.createRSTForIssue(null, create, null, appliesTo, null, null, null);
        if (token != null) {
            createRSTForIssue.setOnBehalfOf(newInstance.createOnBehalfOf(token));
        }
        String str2 = null;
        String str3 = null;
        long j = -1;
        String str4 = null;
        String str5 = null;
        String str6 = null;
        String str7 = null;
        String str8 = null;
        Claims claims2 = null;
        if (wSTrustVersion.getNamespaceURI().equals(WSTrustVersion.WS_TRUST_13.getNamespaceURI()) && (secondaryIssuedTokenParameters = sTSIssuedTokenConfiguration.getSecondaryIssuedTokenParameters()) != null) {
            SecondaryParameters createSecondaryParameters = newInstance.createSecondaryParameters();
            str2 = secondaryIssuedTokenParameters.getTokenType();
            if (str2 != null) {
                createSecondaryParameters.setTokenType(URI.create(str2));
            }
            str3 = secondaryIssuedTokenParameters.getKeyType();
            if (str3 != null) {
                createSecondaryParameters.setKeyType(URI.create(str3));
            }
            j = secondaryIssuedTokenParameters.getKeySize();
            if (j > 0) {
                createSecondaryParameters.setKeySize(j);
            }
            str5 = secondaryIssuedTokenParameters.getEncryptWith();
            if (str5 != null) {
                createSecondaryParameters.setEncryptWith(URI.create(str5));
            }
            str4 = secondaryIssuedTokenParameters.getSignWith();
            if (str4 != null) {
                createSecondaryParameters.setSignWith(URI.create(str4));
            }
            str6 = secondaryIssuedTokenParameters.getSignatureAlgorithm();
            if (str6 != null) {
                createSecondaryParameters.setSignatureAlgorithm(URI.create(str6));
            }
            str7 = secondaryIssuedTokenParameters.getEncryptionAlgorithm();
            if (str7 != null) {
                createSecondaryParameters.setEncryptionAlgorithm(URI.create(str7));
            }
            str8 = secondaryIssuedTokenParameters.getCanonicalizationAlgorithm();
            if (str8 != null) {
                createSecondaryParameters.setCanonicalizationAlgorithm(URI.create(str8));
            }
            claims2 = secondaryIssuedTokenParameters.getClaims();
            if (claims2 != null) {
                createSecondaryParameters.setClaims(claims2);
            }
            createRSTForIssue.setSecondaryParameters(createSecondaryParameters);
        }
        if (str2 == null && (tokenType = sTSIssuedTokenConfiguration.getTokenType()) != null) {
            createRSTForIssue.setTokenType(URI.create(tokenType));
        }
        if (str3 == null) {
            str3 = sTSIssuedTokenConfiguration.getKeyType();
            if (str3 != null) {
                createRSTForIssue.setKeyType(URI.create(str3));
            }
        }
        if (j < 1) {
            j = sTSIssuedTokenConfiguration.getKeySize();
            if (j > 0) {
                createRSTForIssue.setKeySize(j);
            }
        }
        if (str5 == null && (encryptWith = sTSIssuedTokenConfiguration.getEncryptWith()) != null) {
            createRSTForIssue.setEncryptWith(URI.create(encryptWith));
        }
        if (str4 == null) {
            str4 = sTSIssuedTokenConfiguration.getSignWith();
            if (str4 != null) {
                createRSTForIssue.setSignWith(URI.create(str4));
            }
        }
        if (str6 == null && sTSIssuedTokenConfiguration.getSignatureAlgorithm() != null) {
            createRSTForIssue.setSignWith(URI.create(str4));
        }
        if (str7 == null && (encryptionAlgorithm = sTSIssuedTokenConfiguration.getEncryptionAlgorithm()) != null) {
            createRSTForIssue.setEncryptionAlgorithm(URI.create(encryptionAlgorithm));
        }
        if (str8 == null && (canonicalizationAlgorithm = sTSIssuedTokenConfiguration.getCanonicalizationAlgorithm()) != null) {
            createRSTForIssue.setCanonicalizationAlgorithm(URI.create(canonicalizationAlgorithm));
        }
        if (claims2 == null && (claims = sTSIssuedTokenConfiguration.getClaims()) != null) {
            createRSTForIssue.setClaims(claims);
        }
        int i = 32;
        if (j > 0) {
            i = ((int) j) / 8;
        }
        if (wSTrustVersion.getSymmetricKeyTypeURI().equals(str3)) {
            byte[] bArr = new byte[i];
            new SecureRandom().nextBytes(bArr);
            createRSTForIssue.setEntropy(newInstance.createEntropy(newInstance.createBinarySecret(bArr, wSTrustVersion.getNonceBinarySecretTypeURI())));
            createRSTForIssue.setComputedKeyAlgorithm(URI.create(wSTrustVersion.getCKPSHA1algorithmURI()));
        } else if (wSTrustVersion.getPublicKeyTypeURI().equals(str3) && j > 1) {
            try {
                KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
                keyPairGenerator.initialize((int) j);
                KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
                KeyInfo createKeyInfo = createKeyInfo(generateKeyPair.getPublic());
                try {
                    Document newDocument = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
                    createKeyInfo.marshal(new DOMStructure(newDocument), null);
                    createRSTForIssue.setUseKey(newInstance.createUseKey(new GenericToken(newDocument.getDocumentElement()), null));
                    sTSIssuedTokenConfiguration.getOtherOptions().put(WSTrustConstants.USE_KEY_RSA_KEY_PAIR, generateKeyPair);
                } catch (MarshalException e) {
                    log.log(Level.SEVERE, LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), (Throwable) e);
                    throw new WSTrustException(LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), e);
                } catch (ParserConfigurationException e2) {
                    log.log(Level.SEVERE, LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), (Throwable) e2);
                    throw new WSTrustException(LogStringsMessages.WST_0039_ERROR_CREATING_DOCFACTORY(), e2);
                }
            } catch (NoSuchAlgorithmException e3) {
                throw new WSTrustException("Unable to create key pairs for UseKey", e3);
            }
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, LogStringsMessages.WST_1006_CREATED_RST_ISSUE(WSTrustUtil.elemToString(createRSTForIssue, wSTrustVersion)));
        }
        return createRSTForIssue;
    }

    private BaseSTSResponse invokeRST(RequestSecurityToken requestSecurityToken, URI uri, QName qName, QName qName2, String str, STSIssuedTokenConfiguration sTSIssuedTokenConfiguration) throws RemoteException, WSTrustException {
        Service create;
        WSTrustVersion wSTrustVersion = WSTrustVersion.getInstance(sTSIssuedTokenConfiguration.getProtocol());
        WSTrustElementFactory newInstance = WSTrustElementFactory.newInstance(wSTrustVersion);
        if (qName == null || qName2 == null) {
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WST_1012_SERVICE_PORTNAME_MEX(qName, qName2));
            }
            QName[] doMexRequest = doMexRequest(uri.toString(), str);
            qName = doMexRequest[0];
            qName2 = doMexRequest[1];
        }
        try {
            String uri2 = uri.toString();
            Container container = (Container) sTSIssuedTokenConfiguration.getOtherOptions().get("CONTAINER");
            if (container != null) {
                WSService.InitParams initParams = new WSService.InitParams();
                initParams.setContainer(container);
                create = WSService.create(new URL(uri2), qName, initParams);
            } else {
                create = Service.create(new URL(uri2), qName);
            }
            Dispatch<Object> createDispatch = create.createDispatch(qName2, WSTrustElementFactory.getContext(wSTrustVersion), Service.Mode.PAYLOAD, new RespectBindingFeature(), new AddressingFeature(false));
            if (str != null) {
                createDispatch.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, str);
            }
            createDispatch.getRequestContext().put(WSTrustConstants.IS_TRUST_MESSAGE, "true");
            createDispatch.getRequestContext().put(wSTrustVersion.getIssueRequestAction(), wSTrustVersion.getIssueRequestAction());
            String str2 = (String) sTSIssuedTokenConfiguration.getOtherOptions().get(XWSSConstants.USERNAME_PROPERTY);
            String str3 = (String) sTSIssuedTokenConfiguration.getOtherOptions().get("password");
            if (str2 != null) {
                createDispatch.getRequestContext().put(XWSSConstants.USERNAME_PROPERTY, str2);
            }
            if (str3 != null) {
                createDispatch.getRequestContext().put("password", str3);
            }
            KeyPair keyPair = (KeyPair) sTSIssuedTokenConfiguration.getOtherOptions().get(WSTrustConstants.USE_KEY_RSA_KEY_PAIR);
            String str4 = (String) sTSIssuedTokenConfiguration.getOtherOptions().get(WSTrustConstants.USE_KEY_SIGNATURE_ID);
            if (keyPair != null) {
                createDispatch.getRequestContext().put(WSTrustConstants.USE_KEY_RSA_KEY_PAIR, keyPair);
            }
            if (str4 != null) {
                createDispatch.getRequestContext().put(WSTrustConstants.USE_KEY_SIGNATURE_ID, str4);
            }
            RequestSecurityTokenResponseCollection createRSTRCollectionFrom = wSTrustVersion.getNamespaceURI().equals(WSTrustVersion.WS_TRUST_13.getNamespaceURI()) ? newInstance.createRSTRCollectionFrom((JAXBElement) createDispatch.invoke(newInstance.toJAXBElement(requestSecurityToken))) : newInstance.createRSTRFrom((JAXBElement) createDispatch.invoke(newInstance.toJAXBElement(requestSecurityToken)));
            if (log.isLoggable(Level.FINE)) {
                log.log(Level.FINE, LogStringsMessages.WST_1007_CREATED_RSTR_ISSUE(WSTrustUtil.elemToString((RequestSecurityTokenResponse) createRSTRCollectionFrom, wSTrustVersion)));
            }
            return createRSTRCollectionFrom;
        } catch (MalformedURLException e) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0041_SERVICE_NOT_CREATED(uri.toString()), (Throwable) e);
            throw new WebServiceException(LogStringsMessages.WST_0041_SERVICE_NOT_CREATED(uri.toString()), e);
        }
    }

    protected static QName[] doMexRequest(String str, String str2) throws WSTrustException {
        QName[] qNameArr = new QName[2];
        MetadataClient metadataClient = new MetadataClient();
        Metadata retrieveMetadata = metadataClient.retrieveMetadata(str);
        if (retrieveMetadata == null) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0017_SERVICE_PORTNAME_ERROR(str));
            throw new WSTrustException(LogStringsMessages.WST_0017_SERVICE_PORTNAME_ERROR(str));
        }
        Iterator<PortInfo> it = metadataClient.getServiceInformation(retrieveMetadata).iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            PortInfo next = it.next();
            if (next.getAddress().equals(str2)) {
                qNameArr[0] = next.getServiceName();
                qNameArr[1] = next.getPortName();
                break;
            }
        }
        if (qNameArr[0] != null && qNameArr[1] != null) {
            return qNameArr;
        }
        log.log(Level.SEVERE, LogStringsMessages.WST_0042_NO_MATCHING_SERVICE_MEX(str2));
        throw new WSTrustException(LogStringsMessages.WST_0042_NO_MATCHING_SERVICE_MEX(str2));
    }

    private KeyInfo createKeyInfo(PublicKey publicKey) throws WSTrustException {
        KeyInfoFactory keyInfoFactory = WSSPolicyConsumerImpl.getInstance().getKeyInfoFactory();
        try {
            KeyValue newKeyValue = keyInfoFactory.newKeyValue(publicKey);
            ArrayList arrayList = new ArrayList();
            arrayList.add(newKeyValue);
            return keyInfoFactory.newKeyInfo(arrayList);
        } catch (KeyException e) {
            throw new WSTrustException("Unable to create key value", e);
        }
    }
}
