package oracle.wsm.enforcer.security;

import com.sun.org.apache.xml.internal.serialize.LineSeparator;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.util.Map;
import java.util.zip.GZIPOutputStream;
import oracle.wsm.pep.ClientEnforcementContext;
import oracle.wsm.pep.EnforcementContext;
import oracle.wsm.pep.EnforcerContext;
import oracle.wsm.pep.IHTTPClientRequestContext;
import oracle.wsm.resource.MessageProtocol;
import oracle.wsm.wspolicy.PolicyAssertionChildParameters;
import oracle.wsm.xml.namespace.QualifiedName;
import sun.misc.BASE64Encoder;

/* loaded from: input_file:jvmlibs.zip:user/wsm-agent-common.jar:oracle/wsm/enforcer/security/HTTPSAML20TokenBearerEnforcer.class */
public class HTTPSAML20TokenBearerEnforcer extends SAMLEnforcer {
    public static final String LOCAL_PART = "http-saml20-bearer-security";
    public static final QualifiedName QNAME = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, LOCAL_PART, SecurityAssertionEnforcer.PREFIX);

    @Override // oracle.wsm.enforcer.security.SecurityAssertionEnforcer, oracle.wsm.pep.Enforcer
    public void enforceTransport(EnforcerContext enforcerContext, boolean z) throws IOException {
        if (z && null != enforcerContext.assertion.parameters) {
            Map<String, Object> credentialMap = getCredentialMap(enforcerContext, SecurityAssertionEnforcer.CREDENTIALS);
            enforcerContext.customHeaders = getCustomHeaderMap(credentialMap);
            try {
                for (PolicyAssertionChildParameters policyAssertionChildParameters : enforcerContext.assertion.parameters.children) {
                    if (AUTH_HEADER.equals(policyAssertionChildParameters.qName) && (enforcerContext.enforcementContext instanceof IHTTPClientRequestContext)) {
                        String[] createAuthHeader = createAuthHeader(enforcerContext, credentialMap);
                        ((IHTTPClientRequestContext) enforcerContext.enforcementContext).setTransportHeader(createAuthHeader[0], createAuthHeader[1]);
                    } else if (REQUIRE_TLS.equals(policyAssertionChildParameters.qName) && (enforcerContext.enforcementContext instanceof ClientEnforcementContext)) {
                        validateTLSClientRequirement(enforcerContext, (ClientEnforcementContext) enforcerContext.enforcementContext);
                    }
                }
            } catch (IllegalArgumentException e) {
                throw new IOException(e.getMessage(), e.getCause());
            } catch (IllegalStateException e2) {
                throw new IOException(e2.getMessage(), e2.getCause());
            }
        }
        super.enforceTransport(enforcerContext, z);
    }

    private String[] createAuthHeader(EnforcerContext enforcerContext, Map<String, Object> map) throws SecurityException, CredentialNotFoundException {
        try {
            return new String[]{"Authorization", replaceAll(replaceAll("oit " + new BASE64Encoder().encode(compressSAMLAssertion(getSAMLBearerToken(enforcerContext, SAMLTokenType.SAMLV20, map).getSamlAssertionREST())), "\n", ""), LineSeparator.Macintosh, "")};
        } catch (IOException e) {
            throw SecurityException.createSAMLAssertionCompressionFailure(e, enforcerContext);
        }
    }

    private byte[] compressSAMLAssertion(String str) throws IOException {
        GZIPOutputStream gZIPOutputStream = null;
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            gZIPOutputStream = new GZIPOutputStream(byteArrayOutputStream);
            gZIPOutputStream.write(str.getBytes());
            if (gZIPOutputStream != null) {
                gZIPOutputStream.flush();
                gZIPOutputStream.close();
            }
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            if (gZIPOutputStream != null) {
                gZIPOutputStream.flush();
                gZIPOutputStream.close();
            }
            throw th;
        }
    }

    @Override // oracle.wsm.pep.Enforcer
    public QualifiedName getQualifiedName() {
        return QNAME;
    }

    @Override // oracle.wsm.pep.Enforcer
    public boolean isCompatible(EnforcementContext enforcementContext) {
        return MessageProtocol.SOAP == enforcementContext.identifier.type.protocol || MessageProtocol.REST == enforcementContext.identifier.type.protocol;
    }

    private static String replaceAll(String str, String str2, String str3) {
        int lastIndexOf = str.lastIndexOf(str2);
        if (lastIndexOf != -1) {
            StringBuffer stringBuffer = new StringBuffer(str);
            stringBuffer.replace(lastIndexOf, lastIndexOf + str2.length(), str3);
            while (true) {
                int lastIndexOf2 = str.lastIndexOf(str2, lastIndexOf - 1);
                lastIndexOf = lastIndexOf2;
                if (lastIndexOf2 == -1) {
                    break;
                }
                stringBuffer.replace(lastIndexOf, lastIndexOf + str2.length(), str3);
            }
            str = stringBuffer.toString();
        }
        return str;
    }
}
