package com.sun.xml.ws.security.trust.impl;

import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.STSIssuedTokenConfiguration;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.impl.policy.Constants;
import com.sun.xml.ws.security.trust.WSTrustClientContract;
import com.sun.xml.ws.security.trust.WSTrustVersion;
import com.sun.xml.ws.security.trust.elements.BaseSTSRequest;
import com.sun.xml.ws.security.trust.elements.BaseSTSResponse;
import com.sun.xml.ws.security.trust.elements.BinarySecret;
import com.sun.xml.ws.security.trust.elements.Entropy;
import com.sun.xml.ws.security.trust.elements.Lifetime;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection;
import com.sun.xml.ws.security.trust.elements.RequestedAttachedReference;
import com.sun.xml.ws.security.trust.elements.RequestedProofToken;
import com.sun.xml.ws.security.trust.elements.RequestedSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestedUnattachedReference;
import com.sun.xml.ws.security.trust.elements.SecondaryParameters;
import com.sun.xml.ws.security.trust.logging.LogDomainConstants;
import com.sun.xml.ws.security.trust.logging.LogStringsMessages;
import com.sun.xml.ws.security.trust.util.WSTrustUtil;
import com.sun.xml.ws.security.wsu10.AttributedDateTime;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import java.net.URI;
import java.util.Date;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/sun/xml/ws/security/trust/impl/WSTrustClientContractImpl.class */
public class WSTrustClientContractImpl implements WSTrustClientContract {
    private static final Logger log = Logger.getLogger("com.sun.xml.ws.security.trust", LogDomainConstants.TRUST_IMPL_DOMAIN_BUNDLE);

    @Override // com.sun.xml.ws.security.trust.WSTrustClientContract
    public void handleRSTR(BaseSTSRequest baseSTSRequest, BaseSTSResponse baseSTSResponse, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        WSTrustVersion wSTrustVersion = WSTrustVersion.getInstance(((STSIssuedTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0)).getProtocol());
        RequestSecurityToken requestSecurityToken = (RequestSecurityToken) baseSTSRequest;
        RequestSecurityTokenResponse requestSecurityTokenResponse = null;
        if (baseSTSResponse instanceof RequestSecurityTokenResponse) {
            requestSecurityTokenResponse = (RequestSecurityTokenResponse) baseSTSResponse;
        } else if (baseSTSResponse instanceof RequestSecurityTokenResponseCollection) {
            requestSecurityTokenResponse = (RequestSecurityTokenResponse) ((RequestSecurityTokenResponseCollection) baseSTSResponse).getRequestSecurityTokenResponses().get(0);
        }
        if (!requestSecurityToken.getRequestType().toString().equals(wSTrustVersion.getIssueRequestTypeURI())) {
            if (requestSecurityToken.getRequestType().toString().equals(wSTrustVersion.getValidateRequestTypeURI())) {
                issuedTokenContext.getOtherProperties().put("status", requestSecurityTokenResponse.getStatus());
                RequestedSecurityToken requestedSecurityToken = requestSecurityTokenResponse.getRequestedSecurityToken();
                if (requestedSecurityToken != null) {
                    issuedTokenContext.setSecurityToken(requestedSecurityToken.getToken());
                    return;
                }
                return;
            }
            return;
        }
        String str = null;
        AppliesTo appliesTo = requestSecurityToken.getAppliesTo();
        if (appliesTo != null) {
            str = WSTrustUtil.getAppliesToURI(appliesTo);
        }
        RequestedSecurityToken requestedSecurityToken2 = requestSecurityTokenResponse.getRequestedSecurityToken();
        RequestedAttachedReference requestedAttachedReference = requestSecurityTokenResponse.getRequestedAttachedReference();
        RequestedUnattachedReference requestedUnattachedReference = requestSecurityTokenResponse.getRequestedUnattachedReference();
        RequestedProofToken requestedProofToken = requestSecurityTokenResponse.getRequestedProofToken();
        byte[] key = getKey(wSTrustVersion, requestSecurityTokenResponse, requestedProofToken, requestSecurityToken, str);
        if (key != null) {
            issuedTokenContext.setProofKey(key);
        }
        setLifetime(requestSecurityTokenResponse, issuedTokenContext);
        if (requestedSecurityToken2 == null && requestedProofToken == null) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0018_TOKENS_NULL(str));
            throw new WSTrustException(LogStringsMessages.WST_0018_TOKENS_NULL(str));
        }
        if (requestedSecurityToken2 != null) {
            issuedTokenContext.setSecurityToken(requestedSecurityToken2.getToken());
        }
        if (requestedAttachedReference != null) {
            issuedTokenContext.setAttachedSecurityTokenReference(requestedAttachedReference.getSTR());
        }
        if (requestedUnattachedReference != null) {
            issuedTokenContext.setUnAttachedSecurityTokenReference(requestedUnattachedReference.getSTR());
        }
    }

    @Override // com.sun.xml.ws.security.trust.WSTrustClientContract
    public BaseSTSResponse handleRSTRForNegotiatedExchange(BaseSTSRequest baseSTSRequest, BaseSTSResponse baseSTSResponse, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: handleRSTRForNegotiatedExchange");
    }

    @Override // com.sun.xml.ws.security.trust.WSTrustClientContract
    public BaseSTSResponse createRSTRForClientInitiatedIssuedTokenContext(AppliesTo appliesTo, IssuedTokenContext issuedTokenContext) throws WSTrustException {
        throw new UnsupportedOperationException("Unsupported operation: createRSTRForClientInitiatedIssuedTokenContext");
    }

    @Override // com.sun.xml.ws.security.trust.WSTrustClientContract
    public boolean containsChallenge(RequestSecurityTokenResponse requestSecurityTokenResponse) {
        throw new UnsupportedOperationException("Unsupported operation: containsChallenge");
    }

    @Override // com.sun.xml.ws.security.trust.WSTrustClientContract
    public URI getComputedKeyAlgorithmFromProofToken(RequestSecurityTokenResponse requestSecurityTokenResponse) {
        throw new UnsupportedOperationException("Unsupported operation: getComputedKeyAlgorithmFromProofToken");
    }

    private void setLifetime(RequestSecurityTokenResponse requestSecurityTokenResponse, IssuedTokenContext issuedTokenContext) {
        Lifetime lifetime = requestSecurityTokenResponse.getLifetime();
        AttributedDateTime created = lifetime.getCreated();
        AttributedDateTime expires = lifetime.getExpires();
        if (created != null) {
            issuedTokenContext.setCreationTime(WSTrustUtil.parseAttributedDateTime(created));
        } else {
            issuedTokenContext.setCreationTime(new Date());
        }
        if (expires != null) {
            issuedTokenContext.setExpirationTime(WSTrustUtil.parseAttributedDateTime(expires));
        }
    }

    private byte[] getKey(WSTrustVersion wSTrustVersion, RequestSecurityTokenResponse requestSecurityTokenResponse, RequestedProofToken requestedProofToken, RequestSecurityToken requestSecurityToken, String str) throws WSTrustException {
        BinarySecret binarySecret;
        byte[] bArr = null;
        if (requestedProofToken != null) {
            String proofTokenType = requestedProofToken.getProofTokenType();
            if ("ComputedKey".equals(proofTokenType)) {
                bArr = computeKey(wSTrustVersion, requestSecurityTokenResponse, requestedProofToken, requestSecurityToken);
            } else {
                if (MessageConstants.WSSE_SECURITY_TOKEN_REFERENCE_LNAME.equals(proofTokenType)) {
                    log.log(Level.SEVERE, LogStringsMessages.WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(proofTokenType, str));
                    throw new WSTrustException(LogStringsMessages.WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(proofTokenType, str));
                }
                if ("EncryptedKey".equals(proofTokenType)) {
                    log.log(Level.SEVERE, LogStringsMessages.WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(proofTokenType, str));
                    throw new WSTrustException(LogStringsMessages.WST_0001_UNSUPPORTED_PROOF_TOKEN_TYPE(proofTokenType, str));
                }
                if (!"BinarySecret".equals(proofTokenType)) {
                    log.log(Level.SEVERE, LogStringsMessages.WST_0019_INVALID_PROOF_TOKEN_TYPE(proofTokenType, str));
                    throw new WSTrustException(LogStringsMessages.WST_0019_INVALID_PROOF_TOKEN_TYPE(proofTokenType, str));
                }
                bArr = requestedProofToken.getBinarySecret().getRawValue();
            }
        } else {
            Entropy entropy = requestSecurityToken.getEntropy();
            if (entropy != null && (binarySecret = entropy.getBinarySecret()) != null) {
                bArr = binarySecret.getRawValue();
            }
        }
        return bArr;
    }

    private byte[] computeKey(WSTrustVersion wSTrustVersion, RequestSecurityTokenResponse requestSecurityTokenResponse, RequestedProofToken requestedProofToken, RequestSecurityToken requestSecurityToken) throws WSTrustException, UnsupportedOperationException {
        SecondaryParameters secondaryParameters;
        URI computedKey = requestedProofToken.getComputedKey();
        Entropy entropy = requestSecurityToken.getEntropy();
        Entropy entropy2 = requestSecurityTokenResponse.getEntropy();
        BinarySecret binarySecret = entropy.getBinarySecret();
        BinarySecret binarySecret2 = entropy2.getBinarySecret();
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (binarySecret != null) {
            bArr = binarySecret.getRawValue();
        }
        if (binarySecret2 != null) {
            bArr2 = binarySecret2.getRawValue();
        }
        int keySize = ((int) requestSecurityTokenResponse.getKeySize()) / 8;
        if (keySize == 0) {
            keySize = ((int) requestSecurityToken.getKeySize()) / 8;
            if (keySize == 0 && wSTrustVersion.getNamespaceURI().equals(Constants.TRUST13_NS) && (secondaryParameters = requestSecurityToken.getSecondaryParameters()) != null) {
                keySize = ((int) secondaryParameters.getKeySize()) / 8;
            }
        }
        if (!computedKey.toString().equals(wSTrustVersion.getCKPSHA1algorithmURI())) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0026_INVALID_CK_ALGORITHM(computedKey));
            throw new WSTrustException(LogStringsMessages.WST_0026_INVALID_CK_ALGORITHM_E(computedKey));
        }
        try {
            return SecurityUtil.P_SHA1(bArr, bArr2, keySize);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WST_0037_ERROR_COMPUTING_KEY(), (Throwable) e);
            throw new WSTrustException(LogStringsMessages.WST_0037_ERROR_COMPUTING_KEY(), e);
        }
    }
}
