package com.sun.identity.wss.provider;

import com.sun.identity.liberty.ws.common.Status;
import com.sun.identity.liberty.ws.disco.Description;
import com.sun.identity.liberty.ws.disco.Directive;
import com.sun.identity.liberty.ws.disco.DiscoveryClient;
import com.sun.identity.liberty.ws.disco.DiscoveryException;
import com.sun.identity.liberty.ws.disco.InsertEntry;
import com.sun.identity.liberty.ws.disco.Modify;
import com.sun.identity.liberty.ws.disco.RemoveEntry;
import com.sun.identity.liberty.ws.disco.ResourceID;
import com.sun.identity.liberty.ws.disco.ResourceOffering;
import com.sun.identity.liberty.ws.disco.ServiceInstance;
import com.sun.identity.liberty.ws.disco.common.DiscoConstants;
import com.sun.identity.wss.security.SecurityMechanism;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/wss/provider/DiscoveryConfig.class */
public abstract class DiscoveryConfig extends TrustAuthorityConfig {
    protected String authServiceEndpoint = null;

    public String getAuthServiceEndPoint() {
        return this.authServiceEndpoint;
    }

    public void setAuthServiceEndPoint(String str) {
        this.authServiceEndpoint = str;
    }

    public void registerProviderWithTA(ProviderConfig providerConfig, String str) throws ProviderException {
        registerProviderWithTA(providerConfig, str, false);
    }

    public void registerProviderWithTA(ProviderConfig providerConfig, String str, boolean z) throws ProviderException {
        if (z) {
            try {
                unregisterProviderWithTA(str);
            } catch (DiscoveryException e) {
                ProviderUtils.debug.error("DiscoveryConfig.registerProviderWithTA: is failed", e);
                throw new ProviderException(ProviderUtils.bundle.getString("registrationFailed"));
            }
        }
        Status status = new DiscoveryClient(this.endpoint, null).modify(getDiscoveryModify(providerConfig, str)).getStatus();
        if (status == null) {
            throw new ProviderException(ProviderUtils.bundle.getString("registrationFailed"));
        }
        if (!status.getCode().getLocalPart().equalsIgnoreCase("OK")) {
            throw new ProviderException(ProviderUtils.bundle.getString("registrationFailed"));
        }
    }

    public void unregisterProviderWithTA(String str) throws ProviderException {
        try {
            DiscoveryClient discoveryClient = new DiscoveryClient(this.endpoint, null);
            discoveryClient.setResourceID(DiscoConstants.IMPLIED_RESOURCE);
            ArrayList arrayList = new ArrayList();
            arrayList.add(str);
            List resourceOffering = discoveryClient.getResourceOffering(arrayList).getResourceOffering();
            if (resourceOffering == null || resourceOffering.isEmpty()) {
                if (ProviderUtils.debug.messageEnabled()) {
                    ProviderUtils.debug.message("DiscoveryConfig.unregisterProviderWithTA:: There are no resource offerings");
                    return;
                }
                return;
            }
            RemoveEntry removeEntry = new RemoveEntry(((ResourceOffering) resourceOffering.get(0)).getEntryID());
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(removeEntry);
            Modify modify = new Modify();
            modify.setResourceID(new ResourceID(DiscoConstants.IMPLIED_RESOURCE));
            modify.setRemoveEntry(arrayList2);
            discoveryClient.modify(modify);
        } catch (DiscoveryException e) {
            ProviderUtils.debug.error("DiscoveryConfig.unregisterProviderWithTA: is failed", e);
            throw new ProviderException(ProviderUtils.bundle.getString("unregisterFailed"));
        }
    }

    private Modify getDiscoveryModify(ProviderConfig providerConfig, String str) throws ProviderException {
        List<String> securityMechanisms = providerConfig.getSecurityMechanisms();
        ArrayList arrayList = new ArrayList();
        for (String str2 : securityMechanisms) {
            if (isLibertySecurityMechanism(str2)) {
                arrayList.add(str2);
            }
        }
        if (arrayList.isEmpty()) {
            throw new ProviderException(ProviderUtils.bundle.getString("noLibertyMechanisms"));
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            getDirectives((String) it.next(), arrayList2);
        }
        ResourceID resourceID = new ResourceID(DiscoConstants.IMPLIED_RESOURCE);
        Description description = new Description(providerConfig.getSecurityMechanisms(), null, providerConfig.getWSPEndpoint());
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(description);
        InsertEntry insertEntry = new InsertEntry(new ResourceOffering(resourceID, new ServiceInstance(str, providerConfig.getProviderName(), arrayList3)), null);
        if (!arrayList2.isEmpty()) {
            insertEntry.setAny(arrayList2);
        }
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(insertEntry);
        return new Modify(resourceID, arrayList4, (List) null);
    }

    private boolean isLibertySecurityMechanism(String str) {
        if (str == null) {
            return false;
        }
        return SecurityMechanism.getLibertySecurityMechanismURIs().contains(str);
    }

    private void getDirectives(String str, List list) {
        if (str == null) {
            return;
        }
        if ("urn:liberty:security:2005-02:null:SAML".equals(str) || "urn:liberty:security:2005-02:TLS:SAML".equals(str) || "urn:liberty:security:2005-02:ClientTLS:SAML".equals(str)) {
            list.add(new Directive("AuthenticateRequester"));
        } else if ("urn:liberty:security:2005-02:null:Bearer".equals(str) || "urn:liberty:security:2005-02:TLS:Bearer".equals(str) || "urn:liberty:security:2005-02:ClientTLS:Bearer".equals(str)) {
            list.add(new Directive("AuthenticateRequester"));
            list.add(new Directive("GenerateBearerToken"));
        }
    }
}
