package com.sun.identity.federation.services;

import com.iplanet.am.util.Debug;
import com.iplanet.am.util.XMLUtils;
import com.iplanet.sso.SSOToken;
import com.sun.identity.federation.common.FSException;
import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.message.FSSubject;
import com.sun.identity.federation.message.common.AuthnContext;
import com.sun.identity.federation.services.util.FSServiceUtils;
import com.sun.identity.liberty.ws.disco.Description;
import com.sun.identity.liberty.ws.disco.EncryptedResourceID;
import com.sun.identity.liberty.ws.disco.ResourceOffering;
import com.sun.identity.liberty.ws.disco.ServiceInstance;
import com.sun.identity.liberty.ws.disco.common.DiscoConstants;
import com.sun.identity.liberty.ws.disco.common.DiscoServiceManager;
import com.sun.identity.liberty.ws.disco.common.DiscoUtils;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateSessionContextElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthorizeRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.DescriptionType;
import com.sun.identity.liberty.ws.disco.jaxb.DirectiveType;
import com.sun.identity.liberty.ws.disco.jaxb.EncryptResourceIDElement;
import com.sun.identity.liberty.ws.disco.jaxb.ObjectFactory;
import com.sun.identity.liberty.ws.disco.jaxb.ResourceIDType;
import com.sun.identity.liberty.ws.disco.jaxb.ResourceOfferingType;
import com.sun.identity.liberty.ws.disco.plugins.jaxb.DiscoEntryElement;
import com.sun.identity.liberty.ws.interfaces.ResourceIDMapper;
import com.sun.identity.liberty.ws.security.SecurityAssertion;
import com.sun.identity.liberty.ws.security.SecurityTokenManager;
import com.sun.identity.liberty.ws.security.SessionContext;
import com.sun.identity.liberty.ws.security.SessionSubject;
import com.sun.identity.saml.assertion.Advice;
import com.sun.identity.saml.assertion.Attribute;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.NameIdentifier;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:120091-08/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/FSDiscoveryBootStrap.class */
public class FSDiscoveryBootStrap {
    private AttributeStatement _bootStrapStatement;
    private SSOToken _ssoToken;
    private SecurityAssertion _assertion = null;
    private boolean _hasCredentials = false;

    public FSDiscoveryBootStrap(SSOToken sSOToken, AuthnContext authnContext, FSSubject fSSubject, String str) throws FSException {
        this._bootStrapStatement = null;
        this._ssoToken = null;
        if (fSSubject == null || str == null) {
            FSUtils.debug.error("FSDiscoBootStrap: null values.");
            throw new FSException(FSUtils.bundle.getString("nullInputParams"));
        }
        this._ssoToken = sSOToken;
        try {
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(getResourceOffering(fSSubject, authnContext, str).getDocumentElement());
            arrayList.add(new Attribute("DiscoveryResourceOffering", "urn:liberty:disco:2003-08", arrayList2));
            this._bootStrapStatement = new AttributeStatement(fSSubject, arrayList);
        } catch (Exception e) {
            FSUtils.debug.error("FSDiscoBootStrap: Constructorwhile creating discovery bootstrap statement", e);
            throw new FSException(e);
        }
    }

    private Document getResourceOffering(FSSubject fSSubject, AuthnContext authnContext, String str) throws FSException {
        FSUtils.debug.message("FSDiscoveryBootStrap.getResourceOffering:Init");
        StringBuffer stringBuffer = new StringBuffer(300);
        stringBuffer.append("<").append("saml:").append("AttributeValue").append(" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"").append(">").append("\n");
        DiscoEntryElement bootstrappingDiscoEntry = DiscoServiceManager.getBootstrappingDiscoEntry();
        if (bootstrappingDiscoEntry == null) {
            throw new FSException(FSUtils.bundle.getString("nullDiscoveryOffering"));
        }
        try {
            ResourceOfferingType resourceOffering = bootstrappingDiscoEntry.getResourceOffering();
            String providerID = resourceOffering.getServiceInstance().getProviderID();
            ResourceIDMapper resourceIDMapper = DiscoServiceManager.getResourceIDMapper(providerID);
            if (resourceIDMapper == null) {
                resourceIDMapper = DiscoServiceManager.getDefaultResourceIDMapper();
            }
            ResourceIDType createResourceIDType = new ObjectFactory().createResourceIDType();
            String resourceID = resourceIDMapper.getResourceID(providerID, str);
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSDiscoveryBootStrap.getResourceOffering: ResourceID Value:").append(resourceID).toString());
            }
            createResourceIDType.setValue(resourceID);
            resourceOffering.setResourceID(createResourceIDType);
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            Document newDocument = newInstance.newDocumentBuilder().newDocument();
            DiscoUtils.getDiscoMarshaller().marshal(resourceOffering, newDocument);
            ResourceOffering resourceOffering2 = new ResourceOffering(newDocument.getDocumentElement());
            List any = bootstrappingDiscoEntry.getAny();
            boolean z = false;
            HashSet hashSet = new HashSet();
            if (any != null && !any.isEmpty()) {
                Iterator it = any.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Object next = it.next();
                    if (!(next instanceof EncryptResourceIDElement)) {
                        if ((next instanceof AuthenticateRequesterElement) || (next instanceof AuthorizeRequesterElement)) {
                            this._hasCredentials = true;
                            z = true;
                            Iterator it2 = ((DirectiveType) next).getDescriptionIDRefs().iterator();
                            if (it2.hasNext()) {
                                while (it2.hasNext()) {
                                    String id = ((DescriptionType) it2.next()).getId();
                                    if (id != null) {
                                        hashSet.add(id);
                                    }
                                }
                            }
                        } else {
                            if (!(next instanceof AuthenticateSessionContextElement)) {
                                FSUtils.debug.error("FSDiscoveryBootStrap.getResourceOffering: Unknow directive");
                                break;
                            }
                            this._hasCredentials = true;
                            Iterator it3 = ((DirectiveType) next).getDescriptionIDRefs().iterator();
                            if (it3.hasNext()) {
                                while (it3.hasNext()) {
                                    String id2 = ((DescriptionType) it3.next()).getId();
                                    if (id2 != null) {
                                        hashSet.add(id2);
                                    }
                                }
                            }
                        }
                    }
                }
            }
            if (!this._hasCredentials) {
                this._hasCredentials = DiscoServiceManager.needSessionContextStatement();
            }
            if (this._hasCredentials) {
                this._assertion = generateCredentials(providerID, authnContext, fSSubject, z, resourceID);
            }
            ServiceInstance serviceInstance = resourceOffering2.getServiceInstance();
            if (hashSet != null && !hashSet.isEmpty()) {
                for (Description description : serviceInstance.getDescription()) {
                    String id3 = description.getId();
                    if (id3 != null && hashSet.contains(id3)) {
                        description.getCredentialRef().add(this._assertion.getAssertionID());
                    }
                }
            }
            stringBuffer.append(resourceOffering2.toString());
            stringBuffer.append("</").append("saml:").append("AttributeValue>");
            if (FSUtils.debug.messageEnabled()) {
                FSUtils.debug.message(new StringBuffer().append("FSDiscoveryBootStap.getResourceOffering:Resource Offering:").append(stringBuffer.toString()).toString());
            }
            return XMLUtils.toDOMDocument(stringBuffer.toString(), (Debug) null);
        } catch (Exception e) {
            FSUtils.debug.error("FSDiscoveryBootStrap.getResourceOffering:Exception while creating resource offering.", e);
            throw new FSException(e);
        }
    }

    private SecurityAssertion generateCredentials(String str, AuthnContext authnContext, FSSubject fSSubject, boolean z, Object obj) throws FSException {
        if (str == null || obj == null) {
            FSUtils.debug.error("FSDiscoveryBootStrap.generateCredentials:NullInput Params");
            throw new FSException(FSUtils.bundle.getString("nullInputParams"));
        }
        try {
            NameIdentifier nameIdentifier = new NameIdentifier(str, null, DiscoConstants.PROVIDER_ID_FORMAT);
            SessionContext sessionContext = new SessionContext(new SessionSubject(fSSubject.getNameIdentifier(), fSSubject.getSubjectConfirmation(), fSSubject.getIDPProvidedNameIdentifier()), authnContext, str);
            SecurityTokenManager securityTokenManager = new SecurityTokenManager(this._ssoToken);
            securityTokenManager.setCertAlias(getProviderCertAlias(str));
            if (obj instanceof String) {
                this._assertion = securityTokenManager.getSAMLAuthorizationToken(nameIdentifier, sessionContext, (String) obj, true, z);
            } else {
                this._assertion = securityTokenManager.getSAMLAuthorizationToken(nameIdentifier, sessionContext, (EncryptedResourceID) obj, true, z);
            }
            return this._assertion;
        } catch (Exception e) {
            FSUtils.debug.error("FSDiscoveryBootStrap.generateCredentials:Exception while generating credentials", e);
            throw new FSException(e);
        }
    }

    private String getProviderCertAlias(String str) throws FSException {
        try {
            return FSServiceUtils.getAllianceInstance().getProvider(str).getKeyInfo();
        } catch (Exception e) {
            FSUtils.debug.error("FSDiscoveryBootStrap.getProviderCertAlias:Exception while trying to get the certificate alias", e);
            throw new FSException(e);
        }
    }

    public boolean hasCredentials() {
        return this._hasCredentials;
    }

    public Advice getCredentials() {
        if (this._assertion == null) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(this._assertion);
        return new Advice(null, arrayList, null);
    }

    public AttributeStatement getBootStrapStatement() {
        return this._bootStrapStatement;
    }
}
