package com.adobe.edc.server.businessobject;

import com.adobe.edc.common.CommonException;
import com.adobe.edc.server.errors.Logger;
import java.io.Serializable;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.TimeZone;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.message.token.UsernameToken;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/adobe/edc/server/businessobject/AuthenticationToken.class */
public abstract class AuthenticationToken implements Serializable {
    private static final long serialVersionUID = -3531817241740280575L;
    public static final String WSS_NAMESPACE = "http://schemas.xmlsoap.org/ws/2002/04/secext";
    public static final QName KERBEROS_ST_VALUE_TYPE = new QName(WSS_NAMESPACE, "Kerberosv5ST");
    public static final QName BASE64_ENC_TYPE = new QName(WSS_NAMESPACE, "Base64Binary");
    protected static final QName BINARY_TOKEN = new QName(WSConstants.WSSE_NS, "BinarySecurityToken");
    protected static final QName USERNAME_TOKEN = new QName(WSConstants.WSSE_NS, "UsernameToken");
    protected static final QName TIMESTAMP = new QName(WSConstants.WSU_NS, "Timestamp");
    protected static final QName SAML_TOKEN = new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion");
    private static final Logger log = Logger.getLogger(AuthenticationToken.class);

    public static AuthenticationToken getInstance(Element element) throws Exception {
        NodeList childNodes = element.getChildNodes();
        int length = childNodes.getLength();
        AuthenticationToken authenticationToken = null;
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                QName qName = new QName(item.getNamespaceURI(), item.getLocalName());
                if (qName.equals(USERNAME_TOKEN)) {
                    UsernameToken usernameToken = new UsernameToken(WSSConfig.getDefaultWSConfig(), (Element) item);
                    String name = usernameToken.getName();
                    String password = usernameToken.getPassword();
                    if (usernameToken.isHashed()) {
                        throw new Exception("WS-Security header encountered a UsernameToken with unsupported password type. ");
                    }
                    UsernamePwdToken usernamePwdToken = new UsernamePwdToken();
                    usernamePwdToken.setUserName(name);
                    usernamePwdToken.setPassword(password.getBytes());
                    authenticationToken = usernamePwdToken;
                } else if (qName.equals(SAML_TOKEN)) {
                    authenticationToken = new EDCToken(new SAMLAssertion((Element) item));
                } else if (qName.equals(TIMESTAMP)) {
                    log.info("Found Timestamp list element");
                    handleTimestamp(new Timestamp(WSSConfig.getDefaultWSConfig(), (Element) item));
                } else {
                    if (!qName.equals(BINARY_TOKEN)) {
                        throw new CommonException("Inside AuthenticationToken: Unknown header element found");
                    }
                    BinarySecurity binarySecurity = new BinarySecurity(WSSConfig.getDefaultWSConfig(), (Element) item);
                    if (!"Kerberosv5ST".equals(binarySecurity.getValueType()) || !"Base64Binary".equals(binarySecurity.getEncodingType())) {
                        throw new CommonException("Inside AuthenticationToken: BinarySecurityToken is not of type Kerberos");
                    }
                    authenticationToken = new KerberosToken(binarySecurity.getToken());
                }
            }
        }
        return authenticationToken;
    }

    public static void handleTimestamp(Timestamp timestamp) throws WSSecurityException {
        log.info("Preparing to verify the timestamp");
        SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
        simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
        log.info("Current time: " + simpleDateFormat.format(Calendar.getInstance().getTime()));
        log.info("Timestamp created: " + simpleDateFormat.format(timestamp.getCreated().getTime()));
        log.info("Timestamp expires: " + simpleDateFormat.format(timestamp.getExpires().getTime()));
        if (timestamp.getExpires().before(Calendar.getInstance())) {
            throw new WSSecurityException(3, "invalidTimestamp", new Object[]{"The security semantics of message have expired"});
        }
    }

    public abstract Node getNode() throws Exception;
}
