package oracle.wsm.enforcer.security;

import com.sun.org.apache.xml.internal.serializer.SerializerConstants;
import java.io.IOException;
import java.util.Iterator;
import java.util.Map;
import oracle.wsm.pep.ClientEnforcementContext;
import oracle.wsm.pep.EnforcementContext;
import oracle.wsm.pep.EnforcerContext;
import oracle.wsm.pep.ISOAPClientRequestContext;
import oracle.wsm.resource.MessageProtocol;
import oracle.wsm.wspolicy.PolicyAssertionChildParameters;
import oracle.wsm.xml.namespace.QualifiedName;

/* loaded from: input_file:jvmlibs.zip:user/wsm-agent-common.jar:oracle/wsm/enforcer/security/WSSSAMLTokenBearerOverSSLEnforcer.class */
public class WSSSAMLTokenBearerOverSSLEnforcer extends SAMLEnforcer {
    public static final String WSP_TOKEN_TYPE_VALUE = "SAML11";
    public static final String LOCAL_PART = "wss-saml-token-bearer-over-ssl";
    public static final QualifiedName QNAME = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, LOCAL_PART, SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName SAML_TOKEN = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "saml-token", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName CONFIRMATION_TYPE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "confirmation-type", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName NAMEID_FORMAT = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "nameid-format", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName VERSION = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "version", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName REQUIRE_APPLIES_TO = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "require-applies-to", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName ISSUED_TOKEN = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "issued-token", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName REQUIRE_EXTERNAL_REFERENCE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "require-external-reference", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName REQUIRE_INTERNAL_REFERENCE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "require-internal-reference", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName USE_DERIVED_KEYS = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "use-derived-keys", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName REQUEST_SECURITY_TOKEN_TEMPLATE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "request-security-token-template", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName WSP_TOKEN_TYPE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "token-type", SecurityAssertionEnforcer.PREFIX);
    public static final QualifiedName KEY_TYPE = new QualifiedName(SecurityAssertionEnforcer.NAMESPACE, "key-type", SecurityAssertionEnforcer.PREFIX);

    /* loaded from: input_file:jvmlibs.zip:user/wsm-agent-common.jar:oracle/wsm/enforcer/security/WSSSAMLTokenBearerOverSSLEnforcer$Version.class */
    public enum Version {
        VERSION_11(SerializerConstants.XMLVERSION11),
        VERSION_20("2.0");

        private String version;

        Version(String str) {
            this.version = str;
        }

        public String getVersion() {
            return this.version;
        }
    }

    @Override // oracle.wsm.pep.Enforcer
    public QualifiedName getQualifiedName() {
        return QNAME;
    }

    @Override // oracle.wsm.pep.Enforcer
    public void enforceMessage(EnforcerContext enforcerContext, boolean z) throws IOException {
        if (!z || null == enforcerContext.assertion.parameters) {
            return;
        }
        Map<String, Object> credentialMap = getCredentialMap(enforcerContext, SecurityAssertionEnforcer.CREDENTIALS);
        enforcerContext.customHeaders = getCustomHeaderMap(credentialMap);
        try {
            for (PolicyAssertionChildParameters policyAssertionChildParameters : enforcerContext.assertion.parameters.children) {
                if (REQUIRE_TLS.equals(policyAssertionChildParameters.qName)) {
                    if (null != policyAssertionChildParameters.attributes) {
                        if (Boolean.TRUE.equals(Boolean.valueOf(Boolean.parseBoolean(policyAssertionChildParameters.attributes.get(INCLUDE_TIMESTAMP))))) {
                            ((ISOAPClientRequestContext) enforcerContext.enforcementContext).addMessageHeader(createTimeStamp(enforcerContext));
                        }
                    }
                } else if (SAML_TOKEN.equals(policyAssertionChildParameters.qName) && (enforcerContext.enforcementContext instanceof ISOAPClientRequestContext)) {
                    if (null != policyAssertionChildParameters.attributes) {
                        ((ISOAPClientRequestContext) enforcerContext.enforcementContext).addMessageHeader((policyAssertionChildParameters.attributes.get(VERSION).equals(Version.VERSION_11.getVersion()) ? getSAMLBearerToken(enforcerContext, SAMLTokenType.SAMLV11, credentialMap) : getSAMLBearerToken(enforcerContext, SAMLTokenType.SAMLV20, credentialMap)).getSamlAssertionSOAP());
                    }
                } else if (ISSUED_TOKEN.equals(policyAssertionChildParameters.qName) && (enforcerContext.enforcementContext instanceof ISOAPClientRequestContext) && policyAssertionChildParameters.children.get(0).attributes.get(WSP_TOKEN_TYPE).equals(WSP_TOKEN_TYPE_VALUE)) {
                    ((ISOAPClientRequestContext) enforcerContext.enforcementContext).addMessageHeader(getSAMLBearerToken(enforcerContext, SAMLTokenType.SAMLV11, credentialMap).getSamlAssertionSOAP());
                }
            }
        } catch (IllegalArgumentException e) {
            throw new IOException(e.getMessage(), e.getCause());
        } catch (IllegalStateException e2) {
            throw new IOException(e2.getMessage(), e2.getCause());
        }
    }

    @Override // oracle.wsm.enforcer.security.SecurityAssertionEnforcer, oracle.wsm.pep.Enforcer
    public void enforceTransport(EnforcerContext enforcerContext, boolean z) throws IOException {
        if (z && null != enforcerContext.assertion.parameters) {
            Iterator<PolicyAssertionChildParameters> it = enforcerContext.assertion.parameters.children.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (REQUIRE_TLS.equals(it.next().qName) && (enforcerContext.enforcementContext instanceof ClientEnforcementContext)) {
                    validateTLSClientRequirement(enforcerContext, (ClientEnforcementContext) enforcerContext.enforcementContext);
                    break;
                }
            }
        }
        super.enforceTransport(enforcerContext, z);
    }

    @Override // oracle.wsm.pep.Enforcer
    public boolean isCompatible(EnforcementContext enforcementContext) {
        return MessageProtocol.SOAP == enforcementContext.identifier.type.protocol;
    }
}
