package com.sun.identity.wss.provider;

import com.iplanet.services.util.Crypt;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.wss.security.SecurityMechanism;
import com.sun.identity.xmlenc.EncryptionConstants;
import java.io.File;
import java.io.FileInputStream;
import java.security.AccessController;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import java.util.Set;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.2.jar:com/sun/identity/wss/provider/ProviderConfig.class */
public abstract class ProviderConfig {
    public static final String WSC = "WSCAgent";
    public static final String WSP = "WSPAgent";
    public static final String WSS_PROVIDER_CONFIG_PLUGIN = "com.sun.identity.wss.provider.config.plugin";
    protected static SSOToken customAdminToken = null;
    private static Class adapterClass;
    protected List secMech = null;
    protected String serviceURI = null;
    protected String providerName = null;
    protected String wspEndpoint = null;
    protected String wssProxyEndpoint = null;
    protected String providerType = null;
    protected KeyStore keyStore = null;
    protected String privateKeyAlias = null;
    protected String privateKeyType = null;
    protected String publicKeyAlias = null;
    protected boolean isResponseSigned = false;
    protected boolean isResponseEncrypted = false;
    protected boolean isRequestSigned = true;
    protected boolean isRequestEncrypted = false;
    protected boolean isRequestHeaderEncrypted = false;
    protected List trustAuthorities = null;
    protected String ksPasswd = null;
    protected String keyPasswd = null;
    protected String ksFile = null;
    protected Properties properties = new Properties();
    protected List usercredentials = null;
    protected String serviceType = null;
    protected boolean isDefaultKeyStore = false;
    protected boolean forceAuthn = false;
    protected boolean preserveSecHeaders = false;
    protected String authenticationChain = null;
    protected TrustAuthorityConfig taconfig = null;
    protected Set samlAttributes = null;
    protected boolean includeMemberships = false;
    protected String nameIDMapper = null;
    protected String attributeNS = null;
    protected String kdcDomain = null;
    protected String kdcServer = null;
    protected String ticketCacheDir = null;
    protected String servicePrincipal = null;
    protected String keytabFile = null;
    protected boolean verifyKrbSignature = false;
    protected boolean usePassThroughToken = false;
    protected String tokenConversionType = null;
    protected String encryptionAlgorithm = EncryptionConstants.TRIPLEDES;
    protected int encryptionStrength = 0;
    protected String signingRefType = "DirectReference";
    protected boolean detectUserTokenReplay = true;
    protected boolean detectMessageReplay = true;
    protected String dnsClaim = null;
    protected List signedElements = new ArrayList();

    public List getSecurityMechanisms() {
        return this.secMech;
    }

    public void setSecurityMechanisms(List list) {
        this.secMech = list;
    }

    public String getProviderName() {
        return this.providerName;
    }

    public String getProperty(String str) {
        return this.properties.getProperty(str);
    }

    public void setProperty(String str, String str2) {
        this.properties.put(str, str2);
    }

    public String getWSPEndpoint() {
        return this.wspEndpoint;
    }

    public void setWSPEndpoint(String str) {
        this.wspEndpoint = str;
    }

    public String getWSSProxyEndpoint() {
        return this.wssProxyEndpoint;
    }

    public void setWSSProxyEndpoint(String str) {
        this.wssProxyEndpoint = str;
    }

    public void setServiceType(String str) {
        this.serviceType = str;
    }

    public String getServiceType() {
        return this.serviceType;
    }

    public void setUsers(List list) {
        this.usercredentials = list;
    }

    public List getUsers() {
        return this.usercredentials;
    }

    public boolean isUserTokenDetectReplayEnabled() {
        return this.detectUserTokenReplay;
    }

    public void setDetectUserTokenReplay(boolean z) {
        this.detectUserTokenReplay = z;
    }

    public boolean isMessageReplayDetectionEnabled() {
        return this.detectMessageReplay;
    }

    public void setMessageReplayDetection(boolean z) {
        this.detectMessageReplay = z;
    }

    public String getProviderType() {
        return this.providerType;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public String getKeyStoreFile() {
        return this.ksFile;
    }

    public String getKeyStorePassword() {
        return Crypt.decrypt(this.ksPasswd);
    }

    public String getKeyStoreEncryptedPasswd() {
        return this.ksPasswd;
    }

    public String getKeyPassword() {
        return Crypt.decrypt(this.keyPasswd);
    }

    public String getKeyEncryptedPassword() {
        return this.keyPasswd;
    }

    public void setKeyStore(String str, String str2, String str3) throws ProviderException {
        this.ksFile = str;
        this.ksPasswd = Crypt.encrypt(str2);
        this.keyPasswd = Crypt.encrypt(str3);
        try {
            if (new File(str).exists()) {
                FileInputStream fileInputStream = new FileInputStream(str);
                this.keyStore = KeyStore.getInstance("JKS");
                this.keyStore.load(fileInputStream, str2.toCharArray());
            }
        } catch (Exception e) {
            ProviderUtils.debug.error("ProviderConfig.setKeyStore: Could notset the key store file information", e);
            throw new ProviderException(ProviderUtils.bundle.getString("invalidKeyStore"));
        }
    }

    public void setKeyStore(KeyStore keyStore, String str) {
        this.keyStore = keyStore;
        this.ksPasswd = str;
    }

    public String getKeyType() {
        return this.privateKeyType;
    }

    public void setKeyType(String str) {
        this.privateKeyType = str;
    }

    public String getKeyAlias() {
        return this.privateKeyAlias;
    }

    public void setKeyAlias(String str) {
        this.privateKeyAlias = str;
    }

    public String getPublicKeyAlias() {
        return this.publicKeyAlias;
    }

    public void setPublicKeyAlias(String str) {
        this.publicKeyAlias = str;
    }

    public boolean useDefaultKeyStore() {
        return this.isDefaultKeyStore;
    }

    public void setDefaultKeyStore(boolean z) {
        this.isDefaultKeyStore = z;
    }

    public Set getSAMLAttributeMapping() {
        return this.samlAttributes;
    }

    public void setSAMLAttributeMapping(Set set) {
        this.samlAttributes = set;
    }

    public boolean shouldIncludeMemberships() {
        return this.includeMemberships;
    }

    public void setIncludeMemberships(boolean z) {
        this.includeMemberships = z;
    }

    public String getNameIDMapper() {
        return this.nameIDMapper;
    }

    public void setNameIDMapper(String str) {
        this.nameIDMapper = str;
    }

    public String getSAMLAttributeNamespace() {
        return this.attributeNS;
    }

    public void setSAMLAttributeNamespace(String str) {
        this.attributeNS = str;
    }

    public String getKDCDomain() {
        return this.kdcDomain;
    }

    public void setKDCDomain(String str) {
        this.kdcDomain = str;
    }

    public String getKDCServer() {
        return this.kdcServer;
    }

    public void setKDCServer(String str) {
        this.kdcServer = str;
    }

    public String getKerberosTicketCacheDir() {
        return this.ticketCacheDir;
    }

    public void setKerberosTicketCacheDir(String str) {
        this.ticketCacheDir = str;
    }

    public String getKeyTabFile() {
        return this.keytabFile;
    }

    public void setKeyTabFile(String str) {
        this.keytabFile = str;
    }

    public String getKerberosServicePrincipal() {
        return this.servicePrincipal;
    }

    public void setKerberosServicePrincipal(String str) {
        this.servicePrincipal = str;
    }

    public boolean isValidateKerberosSignature() {
        return this.verifyKrbSignature;
    }

    public void setValidateKerberosSignature(boolean z) {
        this.verifyKrbSignature = z;
    }

    public String getDNSClaim() {
        return this.dnsClaim;
    }

    public void setDNSClaim(String str) {
        this.dnsClaim = str;
    }

    public List getSignedElements() {
        return this.signedElements;
    }

    public void setSignedElements(List list) {
        this.signedElements = list;
    }

    public TrustAuthorityConfig getTrustAuthorityConfig() {
        return this.taconfig;
    }

    public void setTrustAuthorityConfig(TrustAuthorityConfig trustAuthorityConfig) {
        this.taconfig = trustAuthorityConfig;
    }

    public boolean isResponseSignEnabled() {
        return this.isResponseSigned;
    }

    public void setResponseSignEnabled(boolean z) {
        this.isResponseSigned = z;
    }

    public boolean isResponseEncryptEnabled() {
        return this.isResponseEncrypted;
    }

    public void setResponseEncryptEnabled(boolean z) {
        this.isResponseEncrypted = z;
    }

    public boolean isRequestSignEnabled() {
        return this.isRequestSigned;
    }

    public void setRequestSignEnabled(boolean z) {
        this.isRequestSigned = z;
    }

    public boolean isRequestEncryptEnabled() {
        return this.isRequestEncrypted;
    }

    public void setRequestEncryptEnabled(boolean z) {
        this.isRequestEncrypted = z;
    }

    public boolean isRequestHeaderEncryptEnabled() {
        return this.isRequestHeaderEncrypted;
    }

    public void setRequestHeaderEncryptEnabled(boolean z) {
        this.isRequestHeaderEncrypted = z;
    }

    public boolean forceUserAuthentication() {
        return this.forceAuthn;
    }

    public void setForceUserAuthentication(boolean z) {
        this.forceAuthn = z;
    }

    public boolean preserveSecurityHeader() {
        return this.preserveSecHeaders;
    }

    public void setPreserveSecurityHeader(boolean z) {
        this.preserveSecHeaders = z;
    }

    public String getAuthenticationChain() {
        return this.authenticationChain;
    }

    public void setAuthenticationChain(String str) {
        this.authenticationChain = str;
    }

    public boolean usePassThroughSecurityToken() {
        return this.usePassThroughToken;
    }

    public void setPassThroughSecurityToken(boolean z) {
        this.usePassThroughToken = z;
    }

    public String getTokenConversionType() {
        return this.tokenConversionType;
    }

    public void setTokenConversionType(String str) {
        this.tokenConversionType = str;
    }

    public String getSigningRefType() {
        return this.signingRefType;
    }

    public void setSigningRefType(String str) {
        this.signingRefType = str;
    }

    public String getEncryptionAlgorithm() {
        return this.encryptionAlgorithm;
    }

    public void setEncryptionAlgorithm(String str) {
        this.encryptionAlgorithm = str;
    }

    public int getEncryptionStrength() {
        return this.encryptionStrength;
    }

    public void setEncryptionStrength(int i) {
        this.encryptionStrength = i;
    }

    protected abstract void store() throws ProviderException;

    protected abstract void delete() throws ProviderException;

    protected abstract boolean isExists();

    protected abstract void init(String str, String str2, SSOToken sSOToken, boolean z) throws ProviderException;

    public static void saveProvider(ProviderConfig providerConfig) throws ProviderException {
        providerConfig.store();
    }

    public static ProviderConfig getProvider(String str, String str2) throws ProviderException {
        ProviderConfig configAdapter = getConfigAdapter();
        configAdapter.init(str, str2, getAdminToken(), false);
        return configAdapter;
    }

    public static ProviderConfig getProvider(String str, String str2, boolean z) throws ProviderException {
        return !z ? getConfigAdapter() : getProvider(str, str2);
    }

    public static ProviderConfig getProviderByEndpoint(String str, String str2) throws ProviderException {
        ProviderConfig configAdapter = getConfigAdapter();
        configAdapter.init(str, str2, getAdminToken(), true);
        return configAdapter;
    }

    public static boolean isProviderExists(String str, String str2) {
        try {
            return getProvider(str, str2).isExists();
        } catch (ProviderException e) {
            ProviderUtils.debug.error("ProviderConfig.isProviderExists:: Provider Exception ", e);
            return false;
        }
    }

    public static boolean isProviderExists(String str, String str2, boolean z) {
        try {
            return getProviderByEndpoint(str, str2).isExists();
        } catch (ProviderException e) {
            ProviderUtils.debug.error("ProviderConfig.isProviderExists:: Provider Exception ", e);
            return false;
        }
    }

    public static void deleteProvider(String str, String str2) throws ProviderException {
        ProviderConfig configAdapter = getConfigAdapter();
        configAdapter.init(str, str2, getAdminToken(), false);
        configAdapter.delete();
    }

    public static List getAllSupportedSecurityMech() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(SecurityMechanism.WSS_NULL_SAML_SV);
        arrayList.add(SecurityMechanism.WSS_TLS_SAML_SV);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_SV);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML_HK);
        arrayList.add(SecurityMechanism.WSS_TLS_SAML_HK);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_SAML_HK);
        arrayList.add(SecurityMechanism.WSS_NULL_X509_TOKEN);
        arrayList.add(SecurityMechanism.WSS_TLS_X509_TOKEN);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_X509_TOKEN);
        arrayList.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN);
        arrayList.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML2_SV);
        arrayList.add(SecurityMechanism.WSS_TLS_SAML2_SV);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_SV);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML2_HK);
        arrayList.add(SecurityMechanism.WSS_TLS_SAML2_HK);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_SAML2_HK);
        arrayList.add(SecurityMechanism.WSS_NULL_ANONYMOUS);
        arrayList.add(SecurityMechanism.WSS_TLS_ANONYMOUS);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_ANONYMOUS);
        arrayList.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN);
        arrayList.add(SecurityMechanism.WSS_TLS_USERNAME_TOKEN_PLAIN);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_USERNAME_TOKEN_PLAIN);
        arrayList.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN);
        arrayList.add(SecurityMechanism.WSS_TLS_KERBEROS_TOKEN);
        arrayList.add(SecurityMechanism.WSS_CLIENT_TLS_KERBEROS_TOKEN);
        arrayList.add(SecurityMechanism.STS_SECURITY);
        return arrayList;
    }

    public static List getAllMessageLevelSecurityMech() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(SecurityMechanism.WSS_NULL_SAML_SV);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML_HK);
        arrayList.add(SecurityMechanism.WSS_NULL_X509_TOKEN);
        arrayList.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML2_SV);
        arrayList.add(SecurityMechanism.WSS_NULL_SAML2_HK);
        arrayList.add(SecurityMechanism.WSS_NULL_ANONYMOUS);
        arrayList.add(SecurityMechanism.WSS_NULL_USERNAME_TOKEN_PLAIN);
        arrayList.add(SecurityMechanism.WSS_NULL_KERBEROS_TOKEN);
        arrayList.add(SecurityMechanism.STS_SECURITY);
        return arrayList;
    }

    private static ProviderConfig getConfigAdapter() throws ProviderException {
        if (adapterClass == null) {
            try {
                adapterClass = Class.forName(SystemConfigurationUtil.getProperty(WSS_PROVIDER_CONFIG_PLUGIN, "com.sun.identity.wss.provider.plugins.AgentProvider"));
            } catch (Exception e) {
                ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: Failed in obtaining class", e);
                throw new ProviderException(ProviderUtils.bundle.getString("initializationFailed"));
            }
        }
        try {
            return (ProviderConfig) adapterClass.newInstance();
        } catch (Exception e2) {
            ProviderUtils.debug.error("ProviderConfig.getConfigAdapter: Failed in initialization", e2);
            throw new ProviderException(ProviderUtils.bundle.getString("initializationFailed"));
        }
    }

    private static SSOToken getAdminToken() throws ProviderException {
        SSOToken sSOToken;
        if (customAdminToken != null) {
            return customAdminToken;
        }
        try {
            sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            if (sSOToken != null && !SSOTokenManager.getInstance().isValidToken(sSOToken)) {
                if (ProviderUtils.debug.messageEnabled()) {
                    ProviderUtils.debug.message("ProviderConfig.getAdminToken: AdminTokenAction returned expired or invalid token, trying again...");
                }
                sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
        } catch (SSOException e) {
            ProviderUtils.debug.message("ProviderConfig.getAdminToken:: Trying second time ....");
            sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        }
        return sSOToken;
    }

    public void setAdminToken(SSOToken sSOToken) {
        customAdminToken = sSOToken;
    }
}
