package oracle.wsm.enforcer.security;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.text.ParseException;
import java.util.Date;
import java.util.Map;
import oracle.adfmf.metadata.page.ActionDefinition;
import oracle.wsm.agent.WSClientFactory;
import oracle.wsm.enforcer.security.tokenstorage.SAMLToken;
import oracle.wsm.enforcer.security.tokenstorage.TokenStorageProvider;
import oracle.wsm.ksoap2.transport.HTTPTransport;
import oracle.wsm.pap.PolicyAccessPoint;
import oracle.wsm.pep.ClientEnforcementContext;
import oracle.wsm.pep.EnforcerContext;
import oracle.wsm.resource.ResourceIdentifier;
import oracle.wsm.resource.ResourceTerm;
import oracle.wsm.util.logging.DebugLogger;
import oracle.wsm.util.logging.LoggerFactory;
import oracle.wsm.xml.namespace.QualifiedName;
import org.ksoap2.SoapFault;
import org.ksoap2.serialization.PropertyInfo;
import org.ksoap2.serialization.SoapObject;
import org.ksoap2.serialization.SoapSerializationEnvelope;
import org.kxml2.io.KXmlParser;
import org.kxml2.kdom.Element;
import org.kxml2.kdom.Node;
import org.xmlpull.v1.XmlPullParser;
import org.xmlpull.v1.XmlPullParserException;

/* loaded from: input_file:jvmlibs.zip:user/wsm-agent-common.jar:oracle/wsm/enforcer/security/SAMLEnforcer.class */
public abstract class SAMLEnforcer extends SecurityAssertionEnforcer {
    private static final String WS_POLICY_NAMESPACE = "http://schemas.xmlsoap.org/ws/2004/09/policy";
    private static final String WS_POLICY_PREFIX = "wsp";
    private static final String REQUEST_TYPE_VALUE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue";
    private static final String KEY_TYPE_VALUE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer";
    private static final String ACTION_VALUE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue";
    private static final String ASSERTION_ELEMENT_PATTERN = "Assertion";
    private static final String ENCRYPTED_ASSERTION_ELEMENT_PATTERN = "EncryptedAssertion";
    private static final String EXPIRES_ELEMENT_PATTERN = "Expires";
    private static final DebugLogger LOGGER = LoggerFactory.getDebugLogger((Class<?>) SAMLEnforcer.class);
    private static final String WS_TRUST_NAMESPACE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    private static final String WS_TRUST_PREFIX = "wst";
    private static final QualifiedName REQUEST_SECURITY_TOKEN = new QualifiedName(WS_TRUST_NAMESPACE, "RequestSecurityToken", WS_TRUST_PREFIX);
    private static final QualifiedName WST_TOKEN_TYPE = new QualifiedName(WS_TRUST_NAMESPACE, "TokenType", WS_TRUST_PREFIX);
    private static final QualifiedName APPLIES_TO = new QualifiedName("http://schemas.xmlsoap.org/ws/2004/09/policy", "AppliesTo", "wsp");
    private static final String WS_ADDRESSING_NAMESPACE = "http://www.w3.org/2005/08/addressing";
    private static final String WS_ADDRESSING_PREFIX = "wsa";
    private static final QualifiedName ENDPOINT_REFERENCE = new QualifiedName(WS_ADDRESSING_NAMESPACE, "EndpointReference", WS_ADDRESSING_PREFIX);
    private static final QualifiedName ADDRESS = new QualifiedName(WS_ADDRESSING_NAMESPACE, "Address", WS_ADDRESSING_PREFIX);
    private static final QualifiedName REQUEST_TYPE = new QualifiedName(WS_TRUST_NAMESPACE, "RequestType", WS_TRUST_PREFIX);
    private static final QualifiedName KEY_TYPE = new QualifiedName(WS_TRUST_NAMESPACE, "KeyType", WS_TRUST_PREFIX);
    private static final QualifiedName LIFETIME = new QualifiedName(WS_TRUST_NAMESPACE, "Lifetime", WS_TRUST_PREFIX);
    private static final QualifiedName ACTION = new QualifiedName(WS_ADDRESSING_NAMESPACE, ActionDefinition.ACTION_ATTRIBUTE, WS_ADDRESSING_PREFIX);
    private static final QualifiedName TO = new QualifiedName(WS_ADDRESSING_NAMESPACE, "To", WS_ADDRESSING_PREFIX);

    /* JADX INFO: Access modifiers changed from: protected */
    public SAMLToken getSAMLBearerToken(EnforcerContext enforcerContext, SAMLTokenType sAMLTokenType, Map<String, Object> map) throws SecurityException, CredentialNotFoundException {
        ClientEnforcementContext clientEnforcementContext = (ClientEnforcementContext) enforcerContext.enforcementContext;
        WSClientFactory wSClientFactory = clientEnforcementContext.wsClientFactory;
        ResourceIdentifier resourceIdentifier = enforcerContext.enforcementContext.identifier;
        if (wSClientFactory == null || clientEnforcementContext.messageContext == null) {
            throw new IllegalStateException("Accessing web services protected by SAML policies is supported only when WSClientFactory.create... methods are used");
        }
        String constructKeyToIdentifyToken = wSClientFactory.constructKeyToIdentifyToken(enforcerContext, (String) map.get("javax.xml.ws.security.auth.username"));
        TokenStorageProvider tokenStorageProvider = wSClientFactory.tokenStorageProvider;
        SAMLToken sAMLToken = (SAMLToken) tokenStorageProvider.getToken(constructKeyToIdentifyToken);
        if (sAMLToken != null && !sAMLToken.isExpired()) {
            LOGGER.fine("Will NOT get SAML bearer token from STS; Using cached SAML assertion");
            return sAMLToken;
        }
        String sAMLBearerTokenFromSTS = getSAMLBearerTokenFromSTS(enforcerContext, wSClientFactory, resourceIdentifier, sAMLTokenType);
        Date expiryDate = getExpiryDate(enforcerContext, sAMLBearerTokenFromSTS);
        SAMLToken sAMLToken2 = ((enforcerContext.policyURI == null || !enforcerContext.policyURI.equals(PolicyAccessPoint.HTTP_SAML20_BEARER_TOKEN_POLICY)) && !enforcerContext.policyURI.equals(PolicyAccessPoint.HTTP_SAML20_BEARER_TOKEN_OVER_SSL_POLICY)) ? new SAMLToken(parseSamlAssertion(sAMLBearerTokenFromSTS, enforcerContext, sAMLTokenType), expiryDate) : new SAMLToken(getSAMLAssertion(sAMLBearerTokenFromSTS), expiryDate);
        tokenStorageProvider.putToken(constructKeyToIdentifyToken, sAMLToken2);
        return sAMLToken2;
    }

    private String getSAMLAssertion(String str) {
        String str2 = ASSERTION_ELEMENT_PATTERN;
        if (str.indexOf(ENCRYPTED_ASSERTION_ELEMENT_PATTERN) > -1) {
            str2 = ENCRYPTED_ASSERTION_ELEMENT_PATTERN;
        }
        int indexOf = str.indexOf(str2);
        return str.substring(str.substring(0, indexOf).lastIndexOf(60), str.indexOf(62, str.indexOf(str2, indexOf + str2.length())) + 1);
    }

    private Date getExpiryDate(EnforcerContext enforcerContext, String str) throws SecurityException {
        int indexOf = str.indexOf(62, str.indexOf(EXPIRES_ELEMENT_PATTERN, str.indexOf("RequestSecurityTokenResponse"))) + 1;
        String trim = str.substring(indexOf, str.indexOf(60, indexOf)).trim();
        try {
            return (trim.indexOf(".") > -1 ? Timestamp.getSimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'") : Timestamp.getSimpleDateFormat(Timestamp.DATE_TIME_PATTERN)).parse(trim);
        } catch (ParseException e) {
            throw SecurityException.createSAMLTokenExpiryDateParsingFailure(e, enforcerContext);
        }
    }

    private String getSAMLBearerTokenFromSTS(EnforcerContext enforcerContext, WSClientFactory wSClientFactory, ResourceIdentifier resourceIdentifier, SAMLTokenType sAMLTokenType) throws SecurityException {
        wSClientFactory.checkValidityOfSTSParameters();
        LOGGER.fine("Will get SAML bearer token from STS");
        SoapObject soapObject = new SoapObject(REQUEST_SECURITY_TOKEN.namespaceURI, REQUEST_SECURITY_TOKEN.localPart);
        PropertyInfo propertyInfo = new PropertyInfo();
        propertyInfo.name = WST_TOKEN_TYPE.localPart;
        propertyInfo.namespace = WST_TOKEN_TYPE.namespaceURI;
        propertyInfo.type = PropertyInfo.STRING_CLASS;
        soapObject.addProperty(propertyInfo, sAMLTokenType.getTokenType());
        PropertyInfo propertyInfo2 = new PropertyInfo();
        propertyInfo2.name = REQUEST_TYPE.localPart;
        propertyInfo2.namespace = REQUEST_TYPE.namespaceURI;
        propertyInfo2.type = PropertyInfo.STRING_CLASS;
        soapObject.addProperty(propertyInfo2, REQUEST_TYPE_VALUE);
        PropertyInfo propertyInfo3 = new PropertyInfo();
        propertyInfo3.name = KEY_TYPE.localPart;
        propertyInfo3.namespace = KEY_TYPE.namespaceURI;
        propertyInfo3.type = PropertyInfo.STRING_CLASS;
        soapObject.addProperty(propertyInfo3, KEY_TYPE_VALUE);
        SoapObject soapObject2 = new SoapObject(ENDPOINT_REFERENCE.namespaceURI, ENDPOINT_REFERENCE.localPart);
        PropertyInfo propertyInfo4 = new PropertyInfo();
        propertyInfo4.name = ADDRESS.localPart;
        propertyInfo4.namespace = ADDRESS.namespaceURI;
        propertyInfo4.type = PropertyInfo.STRING_CLASS;
        soapObject2.addProperty(propertyInfo4, wSClientFactory.appliesTo.toString());
        SoapObject soapObject3 = new SoapObject(APPLIES_TO.namespaceURI, APPLIES_TO.localPart);
        PropertyInfo propertyInfo5 = new PropertyInfo();
        propertyInfo5.name = ENDPOINT_REFERENCE.localPart;
        propertyInfo5.namespace = ENDPOINT_REFERENCE.namespaceURI;
        propertyInfo5.type = SoapObject.class;
        soapObject3.addProperty(propertyInfo5, soapObject2);
        PropertyInfo propertyInfo6 = new PropertyInfo();
        propertyInfo6.name = APPLIES_TO.localPart;
        propertyInfo6.namespace = APPLIES_TO.namespaceURI;
        propertyInfo6.type = SoapObject.class;
        soapObject.addProperty(propertyInfo6, soapObject3);
        SoapObject soapObject4 = new SoapObject(LIFETIME.namespaceURI, LIFETIME.localPart);
        PropertyInfo propertyInfo7 = new PropertyInfo();
        propertyInfo7.name = Timestamp.EXPIRES.localPart;
        propertyInfo7.namespace = Timestamp.EXPIRES.namespaceURI;
        propertyInfo7.type = PropertyInfo.STRING_CLASS;
        soapObject4.addProperty(propertyInfo7, new Timestamp(wSClientFactory.lifeTime).expires);
        PropertyInfo propertyInfo8 = new PropertyInfo();
        propertyInfo8.name = LIFETIME.localPart;
        propertyInfo8.namespace = LIFETIME.namespaceURI;
        propertyInfo8.type = SoapObject.class;
        soapObject.addProperty(propertyInfo8, soapObject4);
        SoapSerializationEnvelope soapSerializationEnvelope = new SoapSerializationEnvelope(120);
        soapSerializationEnvelope.headerOut = new Element[2];
        soapSerializationEnvelope.headerOut[0] = new Element().createElement(ACTION.namespaceURI, ACTION.localPart);
        soapSerializationEnvelope.headerOut[0].addChild(4, ACTION_VALUE);
        soapSerializationEnvelope.headerOut[1] = new Element().createElement(TO.namespaceURI, TO.localPart);
        soapSerializationEnvelope.headerOut[1].addChild(4, wSClientFactory.stsEndPoint.toString());
        soapSerializationEnvelope.setOutputSoapObject(soapObject);
        HTTPTransport createHTTPTransport = wSClientFactory.createHTTPTransport(wSClientFactory.stsEndPoint.toString(), resourceIdentifier.terms.get(ResourceTerm.APPLICATION), wSClientFactory.stsModule);
        createHTTPTransport.saveResponseInXmlFormat = true;
        createHTTPTransport.debug = true;
        try {
            createHTTPTransport.call(null, soapSerializationEnvelope, ((ClientEnforcementContext) enforcerContext.enforcementContext).messageContext, null);
            System.out.println("STS Request: " + createHTTPTransport.requestDump);
            System.out.println("STS Response: " + createHTTPTransport.responseDump);
            if (soapSerializationEnvelope.bodyIn == null) {
                throw SecurityException.createSAMLBearerTokenNotObtainedFromSTS(new IOException("Cause of the failure is not available"), enforcerContext);
            }
            if (soapSerializationEnvelope.bodyIn instanceof SoapFault) {
                throw SecurityException.createSAMLBearerTokenNotObtainedFromSTS(new IOException(((SoapFault) soapSerializationEnvelope.bodyIn).faultstring), enforcerContext);
            }
            return createHTTPTransport.responseDump;
        } catch (IOException e) {
            System.out.println("IOException :");
            e.printStackTrace();
            System.out.println("STS Request: " + createHTTPTransport.requestDump);
            System.out.println("STS Response: " + createHTTPTransport.responseDump);
            throw SecurityException.createSAMLBearerTokenNotObtainedFromSTS(e, enforcerContext);
        } catch (XmlPullParserException e2) {
            System.out.println("XmlPullParserException :");
            e2.printStackTrace();
            System.out.println("STS Request: " + createHTTPTransport.requestDump);
            System.out.println("STS Response: " + createHTTPTransport.responseDump);
            throw SecurityException.createSAMLBearerTokenNotObtainedFromSTS(e2, enforcerContext);
        }
    }

    private Element parseSamlAssertion(String str, EnforcerContext enforcerContext, SAMLTokenType sAMLTokenType) throws SecurityException {
        try {
            KXmlParser kXmlParser = new KXmlParser();
            kXmlParser.setFeature(XmlPullParser.FEATURE_PROCESS_NAMESPACES, true);
            kXmlParser.setInput(new InputStreamReader(new ByteArrayInputStream(str.getBytes())));
            kXmlParser.nextTag();
            boolean z = true;
            String namespace = sAMLTokenType.getNamespace();
            while (true) {
                if (kXmlParser.getEventType() == 2 && ((kXmlParser.getNamespace().equals(namespace) && (kXmlParser.getName().equals(ASSERTION_ELEMENT_PATTERN) || kXmlParser.getName().equals(ENCRYPTED_ASSERTION_ELEMENT_PATTERN))) || (kXmlParser.getNamespace().equals("http://www.w3.org/2001/04/xmlenc#") && kXmlParser.getName().equals("EncryptedData")))) {
                    break;
                }
                if (kXmlParser.getEventType() == 1) {
                    z = false;
                    break;
                }
                kXmlParser.next();
            }
            if (!z) {
                throw new IllegalStateException("SAML Assertion is not present in the response from STS");
            }
            Node node = new Node();
            node.parse(kXmlParser);
            return node.getElement(0);
        } catch (IOException e) {
            throw SecurityException.createSAMLAssertionParsingFailure(e, enforcerContext);
        } catch (XmlPullParserException e2) {
            throw SecurityException.createSAMLAssertionParsingFailure(e2, enforcerContext);
        }
    }
}
