package com.sun.xml.ws.security.secconv;

import com.sun.xml.ws.api.security.secconv.client.SCTokenConfiguration;
import com.sun.xml.ws.policy.impl.bindings.AppliesTo;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.SecurityContextTokenInfo;
import com.sun.xml.ws.security.secconv.impl.SecurityContextTokenInfoImpl;
import com.sun.xml.ws.security.secconv.logging.LogDomainConstants;
import com.sun.xml.ws.security.secconv.logging.LogStringsMessages;
import com.sun.xml.ws.security.trust.WSTrustVersion;
import com.sun.xml.ws.security.trust.elements.BinarySecret;
import com.sun.xml.ws.security.trust.elements.Entropy;
import com.sun.xml.ws.security.trust.elements.Lifetime;
import com.sun.xml.ws.security.trust.elements.RequestSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponse;
import com.sun.xml.ws.security.trust.elements.RequestSecurityTokenResponseCollection;
import com.sun.xml.ws.security.trust.elements.RequestedAttachedReference;
import com.sun.xml.ws.security.trust.elements.RequestedProofToken;
import com.sun.xml.ws.security.trust.elements.RequestedSecurityToken;
import com.sun.xml.ws.security.trust.elements.RequestedUnattachedReference;
import com.sun.xml.ws.security.trust.util.WSTrustUtil;
import com.sun.xml.ws.security.wsu10.AttributedDateTime;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import java.net.URI;
import java.util.Date;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:WEB-INF/lib/wsit-impl-2.4.4.jar:com/sun/xml/ws/security/secconv/WSSCClientContract.class */
public class WSSCClientContract {
    private static final Logger log = Logger.getLogger("com.sun.xml.ws.security.secconv", LogDomainConstants.WSSC_IMPL_DOMAIN_BUNDLE);
    private static final int DEFAULT_KEY_SIZE = 256;
    private WSSCVersion wsscVer = WSSCVersion.WSSC_10;
    private WSTrustVersion wsTrustVer = WSTrustVersion.WS_TRUST_10;

    public void handleRSTR(RequestSecurityToken requestSecurityToken, RequestSecurityTokenResponse requestSecurityTokenResponse, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        if (!issuedTokenContext.getSecurityPolicy().isEmpty()) {
            this.wsscVer = WSSCVersion.getInstance(((SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0)).getProtocol());
        }
        if (this.wsscVer.getNamespaceURI().equals("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512")) {
            this.wsTrustVer = WSTrustVersion.WS_TRUST_13;
        }
        if (requestSecurityToken.getRequestType().toString().equals(this.wsTrustVer.getIssueRequestTypeURI())) {
            RequestedSecurityToken requestedSecurityToken = requestSecurityTokenResponse.getRequestedSecurityToken();
            RequestedAttachedReference requestedAttachedReference = requestSecurityTokenResponse.getRequestedAttachedReference();
            RequestedUnattachedReference requestedUnattachedReference = requestSecurityTokenResponse.getRequestedUnattachedReference();
            RequestedProofToken requestedProofToken = requestSecurityTokenResponse.getRequestedProofToken();
            byte[] key = getKey(requestSecurityTokenResponse, requestedProofToken, requestSecurityToken);
            if (key != null) {
                issuedTokenContext.setProofKey(key);
            }
            setLifetime(requestSecurityTokenResponse, issuedTokenContext);
            if (requestedSecurityToken == null && requestedProofToken == null) {
                log.log(Level.SEVERE, LogStringsMessages.WSSC_0002_NULL_TOKEN());
                throw new WSSecureConversationException(LogStringsMessages.WSSC_0002_NULL_TOKEN());
            }
            if (requestedSecurityToken != null) {
                issuedTokenContext.setSecurityToken(requestedSecurityToken.getToken());
            }
            if (requestedAttachedReference != null) {
                issuedTokenContext.setAttachedSecurityTokenReference(requestedAttachedReference.getSTR());
            }
            if (requestedUnattachedReference != null) {
                issuedTokenContext.setUnAttachedSecurityTokenReference(requestedUnattachedReference.getSTR());
            }
        }
        if (!requestSecurityToken.getRequestType().toString().equals(this.wsTrustVer.getRenewRequestTypeURI())) {
            if (!requestSecurityToken.getRequestType().toString().equals(this.wsTrustVer.getCancelRequestTypeURI()) || requestSecurityTokenResponse.getRequestedTokenCancelled() == null) {
                return;
            }
            issuedTokenContext.setProofKey(null);
            return;
        }
        RequestedSecurityToken requestedSecurityToken2 = requestSecurityTokenResponse.getRequestedSecurityToken();
        byte[] key2 = getKey(requestSecurityTokenResponse, requestSecurityTokenResponse.getRequestedProofToken(), requestSecurityToken);
        setLifetime(requestSecurityTokenResponse, issuedTokenContext);
        if (requestedSecurityToken2 != null) {
            issuedTokenContext.setSecurityToken(requestedSecurityToken2.getToken());
        }
        SecurityContextTokenInfo securityContextTokenInfoImpl = issuedTokenContext.getSecurityContextTokenInfo() == null ? new SecurityContextTokenInfoImpl() : issuedTokenContext.getSecurityContextTokenInfo();
        securityContextTokenInfoImpl.setIdentifier(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getIdentifier().toString());
        securityContextTokenInfoImpl.setInstance(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getInstance());
        securityContextTokenInfoImpl.setExternalId(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getWsuId());
        if (key2 != null) {
            securityContextTokenInfoImpl.addInstance(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getInstance(), key2);
        }
        issuedTokenContext.setSecurityContextTokenInfo(securityContextTokenInfoImpl);
    }

    public void handleRSTRC(RequestSecurityToken requestSecurityToken, RequestSecurityTokenResponseCollection requestSecurityTokenResponseCollection, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        Iterator<RequestSecurityTokenResponse> it = requestSecurityTokenResponseCollection.getRequestSecurityTokenResponses().iterator();
        while (it.hasNext()) {
            handleRSTR(requestSecurityToken, it.next(), issuedTokenContext);
        }
    }

    private byte[] getKey(RequestSecurityTokenResponse requestSecurityTokenResponse, RequestedProofToken requestedProofToken, RequestSecurityToken requestSecurityToken) throws UnsupportedOperationException, WSSecureConversationException, WSSecureConversationException, UnsupportedOperationException {
        byte[] bArr = null;
        if (requestedProofToken != null) {
            String proofTokenType = requestedProofToken.getProofTokenType();
            if (RequestedProofToken.COMPUTED_KEY_TYPE.equals(proofTokenType)) {
                bArr = computeKey(requestSecurityTokenResponse, requestedProofToken, requestSecurityToken);
            } else {
                if ("SecurityTokenReference".equals(proofTokenType)) {
                    throw new UnsupportedOperationException("To Do");
                }
                if ("EncryptedKey".equals(proofTokenType)) {
                    throw new UnsupportedOperationException("To Do");
                }
                if (!"BinarySecret".equals(proofTokenType)) {
                    log.log(Level.SEVERE, LogStringsMessages.WSSC_0003_INVALID_PROOFTOKEN(proofTokenType));
                    throw new WSSecureConversationException(LogStringsMessages.WSSC_0003_INVALID_PROOFTOKEN(proofTokenType));
                }
                bArr = requestedProofToken.getBinarySecret().getRawValue();
            }
        }
        return bArr;
    }

    private void setLifetime(RequestSecurityTokenResponse requestSecurityTokenResponse, IssuedTokenContext issuedTokenContext) {
        Lifetime lifetime = requestSecurityTokenResponse.getLifetime();
        AttributedDateTime created = lifetime.getCreated();
        AttributedDateTime expires = lifetime.getExpires();
        if (created != null) {
            issuedTokenContext.setCreationTime(WSTrustUtil.parseAttributedDateTime(created));
        } else {
            issuedTokenContext.setCreationTime(new Date());
        }
        if (expires != null) {
            issuedTokenContext.setExpirationTime(WSTrustUtil.parseAttributedDateTime(expires));
        }
    }

    private byte[] computeKey(RequestSecurityTokenResponse requestSecurityTokenResponse, RequestedProofToken requestedProofToken, RequestSecurityToken requestSecurityToken) throws WSSecureConversationException, UnsupportedOperationException {
        URI computedKey = requestedProofToken.getComputedKey();
        Entropy entropy = requestSecurityToken.getEntropy();
        Entropy entropy2 = requestSecurityTokenResponse.getEntropy();
        BinarySecret binarySecret = entropy.getBinarySecret();
        BinarySecret binarySecret2 = entropy2.getBinarySecret();
        byte[] bArr = null;
        byte[] bArr2 = null;
        if (binarySecret != null) {
            bArr = binarySecret.getRawValue();
        }
        if (binarySecret2 != null) {
            bArr2 = binarySecret2.getRawValue();
        }
        int keySize = (int) requestSecurityTokenResponse.getKeySize();
        if (keySize == 0) {
            keySize = (int) requestSecurityToken.getKeySize();
        }
        if (keySize == 0) {
            keySize = 256;
        }
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, LogStringsMessages.WSSC_0005_COMPUTED_KEYSIZE(Integer.valueOf(keySize), 256));
        }
        if (!computedKey.toString().equals(this.wsTrustVer.getCKPSHA1algorithmURI())) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0026_UNSUPPORTED_COMPUTED_KEY(computedKey));
            throw new WSSecureConversationException(LogStringsMessages.WSSC_0026_UNSUPPORTED_COMPUTED_KEY_E(computedKey));
        }
        try {
            return SecurityUtil.P_SHA1(bArr, bArr2, keySize / 8);
        } catch (Exception e) {
            log.log(Level.SEVERE, LogStringsMessages.WSSC_0006_UNABLETOEXTRACT_KEY(), (Throwable) e);
            throw new WSSecureConversationException(LogStringsMessages.WSSC_0006_UNABLETOEXTRACT_KEY(), e);
        }
    }

    public RequestSecurityTokenResponse handleRSTRForNegotiatedExchange(RequestSecurityToken requestSecurityToken, RequestSecurityTokenResponse requestSecurityTokenResponse, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        return null;
    }

    public RequestSecurityTokenResponse createRSTRForClientInitiatedIssuedTokenContext(AppliesTo appliesTo, IssuedTokenContext issuedTokenContext) throws WSSecureConversationException {
        WSSCElementFactory newInstance = WSSCElementFactory.newInstance();
        byte[] generateRandomSecret = WSTrustUtil.generateRandomSecret(256);
        BinarySecret createBinarySecret = newInstance.createBinarySecret(generateRandomSecret, this.wsTrustVer.getSymmetricKeyTypeURI());
        RequestedProofToken createRequestedProofToken = newInstance.createRequestedProofToken();
        createRequestedProofToken.setProofTokenType("BinarySecret");
        createRequestedProofToken.setBinarySecret(createBinarySecret);
        SecurityContextToken createSecurityContextToken = WSTrustUtil.createSecurityContextToken(newInstance);
        RequestedSecurityToken createRequestedSecurityToken = newInstance.createRequestedSecurityToken(createSecurityContextToken);
        RequestSecurityTokenResponse createRSTR = newInstance.createRSTR();
        createRSTR.setAppliesTo(appliesTo);
        createRSTR.setRequestedSecurityToken(createRequestedSecurityToken);
        createRSTR.setRequestedProofToken(createRequestedProofToken);
        issuedTokenContext.setSecurityToken(createSecurityContextToken);
        issuedTokenContext.setProofKey(generateRandomSecret);
        if (log.isLoggable(Level.FINE)) {
            log.log(Level.FINE, LogStringsMessages.WSSC_0007_CREATED_RSTR(createRSTR.toString()));
        }
        return createRSTR;
    }

    public boolean containsChallenge(RequestSecurityTokenResponse requestSecurityTokenResponse) {
        return false;
    }

    public URI getComputedKeyAlgorithmFromProofToken(RequestSecurityTokenResponse requestSecurityTokenResponse) {
        return null;
    }
}
