package org.apache.cxf.ws.security.trust;

import java.util.HashMap;
import java.util.logging.Logger;
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.BindingFactoryManager;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.Configurer;
import org.apache.cxf.databinding.source.SourceDataBinding;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.endpoint.EndpointImpl;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.message.Message;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.ServiceImpl;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.InterfaceInfo;
import org.apache.cxf.service.model.MessageInfo;
import org.apache.cxf.service.model.MessagePartInfo;
import org.apache.cxf.service.model.OperationInfo;
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.transport.ConduitInitiatorManager;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.addressing.VersionTransformer;
import org.apache.neethi.Policy;
import org.apache.wss4j.policy.model.IssuedToken;
import org.opensaml.soap.wstrust.RequestSecurityToken;
import org.opensaml.soap.wstrust.RequestSecurityTokenResponseCollection;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/cxf-rt-ws-security-3.3.5.jar:org/apache/cxf/ws/security/trust/STSUtils.class */
public final class STSUtils {
    public static final String WST_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/trust";
    public static final String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    public static final String WST_NS_08_02 = "http://docs.oasis-open.org/ws-sx/ws-trust/200802";
    public static final String SCT_NS_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/sc";
    public static final String SCT_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512";
    public static final String TOKEN_TYPE_SCT_05_02 = "http://schemas.xmlsoap.org/ws/2005/02/sc/sct";
    public static final String TOKEN_TYPE_SCT_05_12 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct";
    private static final String TOKEN_TYPE_SAML_2_0 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
    private static final QName STS_SERVICE_NAME = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512/", "SecurityTokenService");
    private static final Logger LOG = LogUtils.getL7dLogger(STSUtils.class);

    private STSUtils() {
    }

    public static String getTokenTypeSCT(String str) {
        return "http://schemas.xmlsoap.org/ws/2005/02/trust".equals(str) ? "http://schemas.xmlsoap.org/ws/2005/02/sc/sct" : "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct";
    }

    public static STSClient getClient(Message message, String str) {
        return getClientWithIssuer(message, str, null);
    }

    public static STSClient getClient(Message message, String str, IssuedToken issuedToken) {
        return issuedToken != null ? getClientWithIssuer(message, str, issuedToken.getIssuer()) : getClientWithIssuer(message, str, null);
    }

    public static STSClient getClientWithIssuer(Message message, String str, Element element) {
        STSClient sTSClient = (STSClient) SecurityUtils.getSecurityPropertyValue(SecurityConstants.STS_CLIENT, message);
        if (sTSClient == null) {
            sTSClient = createSTSClient(message, str);
            Bus bus = message.getExchange().getBus();
            ((Configurer) bus.getExtension(Configurer.class)).configureBean("default.sts-client", sTSClient);
            if (sTSClient.getBeanName() != null) {
                ((Configurer) bus.getExtension(Configurer.class)).configureBean(sTSClient.getBeanName(), sTSClient);
            }
        }
        boolean securityPropertyBoolean = SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.PREFER_WSMEX_OVER_STS_CLIENT_CONFIG, message, false);
        if (element != null && (securityPropertyBoolean || (sTSClient.getLocation() == null && sTSClient.getWsdlLocation() == null))) {
            try {
                EndpointReferenceType parseEndpointReference = VersionTransformer.parseEndpointReference(element);
                if (securityPropertyBoolean && findMEXLocation(parseEndpointReference) != null) {
                    STSClient sTSClient2 = (STSClient) SecurityUtils.getSecurityPropertyValue("security.sts.client.wsmex", message);
                    if (sTSClient2 == null) {
                        sTSClient2 = createSTSClient(message, str);
                    }
                    sTSClient2.configureViaEPR(parseEndpointReference, false);
                    checkForRecursiveCall(sTSClient2, message);
                    return sTSClient2;
                }
                if (configureViaEPR(sTSClient, parseEndpointReference)) {
                    sTSClient.configureViaEPR(parseEndpointReference, !Boolean.valueOf((String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.DISABLE_STS_CLIENT_WSMEX_CALL_USING_EPR_ADDRESS, message)).booleanValue());
                    checkForRecursiveCall(sTSClient, message);
                    return sTSClient;
                }
            } catch (JAXBException e) {
                throw new IllegalArgumentException(e);
            }
        }
        checkForRecursiveCall(sTSClient, message);
        return sTSClient;
    }

    private static void checkForRecursiveCall(STSClient sTSClient, Message message) {
        if (SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.STS_CHECK_FOR_RECURSIVE_CALL, message, true)) {
            EndpointInfo endpointInfo = message.getExchange().getEndpoint().getEndpointInfo();
            if (endpointInfo.getName().equals(sTSClient.getEndpointQName()) && endpointInfo.getService().getName().equals(sTSClient.getServiceQName())) {
                throw new TrustException("ISSUED_TOKEN_POLICY_ERR", LOG);
            }
        }
    }

    public static boolean configureViaEPR(STSClient sTSClient, EndpointReferenceType endpointReferenceType) {
        return endpointReferenceType != null && sTSClient.getLocation() == null && sTSClient.getWsdlLocation() == null;
    }

    private static STSClient createSTSClient(Message message, String str) {
        String str2 = str == null ? "" : "." + str + "-client";
        STSClient sTSClient = new STSClient(message.getExchange().getBus());
        Endpoint endpoint = message.getExchange().getEndpoint();
        sTSClient.setEndpointName(endpoint.getEndpointInfo().getName().toString() + str2);
        sTSClient.setBeanName(endpoint.getEndpointInfo().getName().toString() + str2);
        if (SecurityUtils.getSecurityPropertyBoolean(SecurityConstants.STS_CLIENT_SOAP12_BINDING, message, false)) {
            sTSClient.setSoap12();
        }
        return sTSClient;
    }

    public static STSClient createSTSClient(STSAuthParams sTSAuthParams, String str, Bus bus) {
        STSClient sTSClient = new STSClient(bus);
        sTSClient.setWsdlLocation(str);
        sTSClient.setServiceName(STS_SERVICE_NAME.toString());
        sTSClient.setEndpointName(sTSAuthParams.getAuthMode().getEndpointName().toString());
        if (sTSAuthParams.getAuthMode().getKeyType() != null) {
            sTSClient.setKeyType(sTSAuthParams.getAuthMode().getKeyType());
        } else {
            sTSClient.setSendKeyType(false);
        }
        sTSClient.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        sTSClient.setAllowRenewingAfterExpiry(true);
        sTSClient.setEnableLifetime(true);
        HashMap hashMap = new HashMap();
        if (sTSAuthParams.getUserName() != null) {
            hashMap.put(SecurityConstants.USERNAME, sTSAuthParams.getUserName());
        }
        hashMap.put(SecurityConstants.CALLBACK_HANDLER, sTSAuthParams.getCallbackHandler());
        if (sTSAuthParams.getKeystoreProperties() != null) {
            hashMap.put(SecurityConstants.ENCRYPT_USERNAME, sTSAuthParams.getAlias());
            hashMap.put(SecurityConstants.ENCRYPT_PROPERTIES, sTSAuthParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.SIGNATURE_PROPERTIES, sTSAuthParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.STS_TOKEN_USERNAME, sTSAuthParams.getAlias());
            hashMap.put(SecurityConstants.STS_TOKEN_PROPERTIES, sTSAuthParams.getKeystoreProperties());
            hashMap.put(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO, "true");
        }
        sTSClient.setProperties(hashMap);
        return sTSClient;
    }

    public static String findMEXLocation(EndpointReferenceType endpointReferenceType) {
        String findMEXLocation;
        if (endpointReferenceType.getMetadata() == null || endpointReferenceType.getMetadata().getAny() == null) {
            return null;
        }
        for (Object obj : endpointReferenceType.getMetadata().getAny()) {
            if ((obj instanceof Element) && (findMEXLocation = findMEXLocation((Element) obj)) != null) {
                return findMEXLocation;
            }
        }
        return null;
    }

    public static String findMEXLocation(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            if ("Address".equals(element2.getLocalName()) && VersionTransformer.isSupported(element2.getNamespaceURI()) && "MetadataReference".equals(element.getLocalName())) {
                return DOMUtils.getContent(element2);
            }
            String findMEXLocation = findMEXLocation(element2);
            if (findMEXLocation != null) {
                return findMEXLocation;
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    public static Endpoint createSTSEndpoint(Bus bus, String str, String str2, String str3, String str4, Policy policy, QName qName) throws BusException, EndpointException {
        return createSTSEndpoint(bus, str, str2, str3, str4, policy, qName, false);
    }

    public static Endpoint createSCEndpoint(Bus bus, String str, String str2, String str3, String str4, Policy policy) throws BusException, EndpointException {
        return createSTSEndpoint(bus, str, str2, str3, str4, policy, null, true);
    }

    private static Endpoint createSTSEndpoint(Bus bus, String str, String str2, String str3, String str4, Policy policy, QName qName, boolean z) throws BusException, EndpointException {
        String str5 = str + "/wsdl";
        ServiceInfo serviceInfo = new ServiceInfo();
        QName qName2 = new QName(str5, z ? "SecureConversationTokenService" : "SecurityTokenService");
        serviceInfo.setName(qName2);
        InterfaceInfo interfaceInfo = new InterfaceInfo(serviceInfo, qName2);
        OperationInfo addIssueOperation = addIssueOperation(interfaceInfo, str, str5);
        OperationInfo addCancelOperation = addCancelOperation(interfaceInfo, str, str5);
        OperationInfo addRenewOperation = addRenewOperation(interfaceInfo, str, str5);
        serviceInfo.setInterface(interfaceInfo);
        ServiceImpl serviceImpl = new ServiceImpl(serviceInfo);
        BindingInfo createBindingInfo = ((BindingFactoryManager) bus.getExtension(BindingFactoryManager.class)).getBindingFactory(str4).createBindingInfo(serviceImpl, str4, null);
        serviceInfo.addBinding(createBindingInfo);
        if (str2 == null) {
            str2 = ((ConduitInitiatorManager) bus.getExtension(ConduitInitiatorManager.class)).getConduitInitiatorForUri(str3).getTransportIds().get(0);
        }
        EndpointInfo endpointInfo = new EndpointInfo(serviceInfo, str2);
        endpointInfo.setBinding(createBindingInfo);
        endpointInfo.setName(qName == null ? qName2 : qName);
        endpointInfo.setAddress(str3);
        serviceInfo.addEndpoint(endpointInfo);
        if (policy != null) {
            endpointInfo.addExtensor(policy);
        }
        BindingOperationInfo operation = createBindingInfo.getOperation(addIssueOperation);
        SoapOperationInfo soapOperationInfo = (SoapOperationInfo) operation.getExtensor(SoapOperationInfo.class);
        if (soapOperationInfo == null) {
            soapOperationInfo = new SoapOperationInfo();
            operation.addExtensor(soapOperationInfo);
        }
        soapOperationInfo.setAction(str + (z ? "/RST/SCT" : "/RST/Issue"));
        BindingOperationInfo operation2 = createBindingInfo.getOperation(addCancelOperation);
        SoapOperationInfo soapOperationInfo2 = (SoapOperationInfo) operation2.getExtensor(SoapOperationInfo.class);
        if (soapOperationInfo2 == null) {
            soapOperationInfo2 = new SoapOperationInfo();
            operation2.addExtensor(soapOperationInfo2);
        }
        soapOperationInfo2.setAction(str + (z ? "/RST/SCT/Cancel" : "/RST/Cancel"));
        BindingOperationInfo operation3 = createBindingInfo.getOperation(addRenewOperation);
        SoapOperationInfo soapOperationInfo3 = (SoapOperationInfo) operation3.getExtensor(SoapOperationInfo.class);
        if (soapOperationInfo3 == null) {
            soapOperationInfo3 = new SoapOperationInfo();
            operation3.addExtensor(soapOperationInfo3);
        }
        soapOperationInfo3.setAction(str + (z ? "/RST/SCT/Renew" : "/RST/Renew"));
        serviceImpl.setDataBinding(new SourceDataBinding());
        return new EndpointImpl(bus, serviceImpl, endpointInfo);
    }

    private static OperationInfo addIssueOperation(InterfaceInfo interfaceInfo, String str, String str2) {
        OperationInfo addOperation = interfaceInfo.addOperation(new QName(str2, RequestSecurityToken.ELEMENT_LOCAL_NAME));
        MessageInfo createMessage = addOperation.createMessage(new QName(str2, "RequestSecurityTokenMsg"), MessageInfo.Type.INPUT);
        addOperation.setInput("RequestSecurityTokenMsg", createMessage);
        createMessage.addMessagePart("request").setElementQName(new QName(str, RequestSecurityToken.ELEMENT_LOCAL_NAME));
        MessageInfo createMessage2 = addOperation.createMessage(new QName(str2, "RequestSecurityTokenResponseMsg"), MessageInfo.Type.OUTPUT);
        addOperation.setOutput("RequestSecurityTokenResponseMsg", createMessage2);
        MessagePartInfo addMessagePart = createMessage2.addMessagePart("response");
        if ("http://schemas.xmlsoap.org/ws/2005/02/trust".equals(str)) {
            addMessagePart.setElementQName(new QName(str, "RequestSecurityTokenResponse"));
        } else {
            addMessagePart.setElementQName(new QName(str, RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME));
        }
        return addOperation;
    }

    private static OperationInfo addCancelOperation(InterfaceInfo interfaceInfo, String str, String str2) {
        OperationInfo addOperation = interfaceInfo.addOperation(new QName(str2, "CancelSecurityToken"));
        MessageInfo createMessage = addOperation.createMessage(new QName(str2, "CancelSecurityTokenMsg"), MessageInfo.Type.INPUT);
        addOperation.setInput("CancelSecurityTokenMsg", createMessage);
        createMessage.addMessagePart("request").setElementQName(new QName(str, RequestSecurityToken.ELEMENT_LOCAL_NAME));
        MessageInfo createMessage2 = addOperation.createMessage(new QName(str2, "CancelSecurityTokenResponseMsg"), MessageInfo.Type.OUTPUT);
        addOperation.setOutput("CancelSecurityTokenResponseMsg", createMessage2);
        MessagePartInfo addMessagePart = createMessage2.addMessagePart("response");
        if ("http://schemas.xmlsoap.org/ws/2005/02/trust".equals(str)) {
            addMessagePart.setElementQName(new QName(str, "RequestSecurityTokenResponse"));
        } else {
            addMessagePart.setElementQName(new QName(str, RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME));
        }
        return addOperation;
    }

    private static OperationInfo addRenewOperation(InterfaceInfo interfaceInfo, String str, String str2) {
        OperationInfo addOperation = interfaceInfo.addOperation(new QName(str2, "RenewSecurityToken"));
        MessageInfo createMessage = addOperation.createMessage(new QName(str2, "RenewSecurityTokenMsg"), MessageInfo.Type.INPUT);
        addOperation.setInput("RenewSecurityTokenMsg", createMessage);
        createMessage.addMessagePart("request").setElementQName(new QName(str, RequestSecurityToken.ELEMENT_LOCAL_NAME));
        MessageInfo createMessage2 = addOperation.createMessage(new QName(str2, "RenewSecurityTokenResponseMsg"), MessageInfo.Type.OUTPUT);
        addOperation.setOutput("RenewSecurityTokenResponseMsg", createMessage2);
        MessagePartInfo addMessagePart = createMessage2.addMessagePart("response");
        if ("http://schemas.xmlsoap.org/ws/2005/02/trust".equals(str)) {
            addMessagePart.setElementQName(new QName(str, "RequestSecurityTokenResponse"));
        } else {
            addMessagePart.setElementQName(new QName(str, RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME));
        }
        return addOperation;
    }
}
