package com.sun.identity.wss.sts.config;

import com.sun.identity.plugin.configuration.ConfigurationActionEvent;
import com.sun.identity.plugin.configuration.ConfigurationException;
import com.sun.identity.plugin.configuration.ConfigurationInstance;
import com.sun.identity.plugin.configuration.ConfigurationListener;
import com.sun.identity.plugin.configuration.ConfigurationManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.wss.security.PasswordCredential;
import com.sun.identity.wss.sts.STSUtils;
import com.sun.xml.ws.api.security.trust.config.STSConfiguration;
import com.sun.xml.ws.api.security.trust.config.TrustSPMetadata;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.security.auth.callback.CallbackHandler;

/* loaded from: input_file:com/sun/identity/wss/sts/config/FAMSTSConfiguration.class */
public class FAMSTSConfiguration implements STSConfiguration, ConfigurationListener {
    private static String type;
    private static String issuer;
    private static long issuedTokenTimeout;
    private static String stsEndpoint;
    private static String certAlias;
    private static String clientUserToken;
    private static String privateKeyType;
    private static String privateKeyAlias;
    private static String publicKeyAlias;
    private static String kerberosDomainServer;
    private static String kerberosDomain;
    private static String kerberosServicePrincipal;
    private static String kerberosKeyTabFile;
    private CallbackHandler callbackHandler;
    private Map<String, Object> otherOptions = new HashMap();
    static final String CONFIG_NAME = "STS_CONFIG";
    static final String SERVICE_NAME = "sunFAMSTSService";
    static final String ISSUER = "stsIssuer";
    static final String END_POINT = "stsEndPoint";
    static final String ENCRYPT_ISSUED_KEY = "stsEncryptIssuedKey";
    static final String ENCRYPT_ISSUED_TOKEN = "stsEncryptIssuedToken";
    static final String LIFE_TIME = "stsLifetime";
    static final String TOKEN_IMPL_CLASS = "stsTokenImplClass";
    static final String CERT_ALIAS = "stsCertAlias";
    private static final String TRUSTED_ISSUERS = "trustedIssuers";
    private static final String TRUSTED_IP_ADDRESSES = "trustedIPAddresses";
    static final String CLIENT_USER_TOKEN = "com.sun.identity.wss.sts.clientusertoken";
    static final String SEC_MECH = "SecurityMech";
    static final String RESPONSE_SIGN = "isResponseSign";
    static final String RESPONSE_ENCRYPT = "isResponseEncrypt";
    static final String REQUEST_SIGN = "isRequestSign";
    static final String REQUEST_ENCRYPT = "isRequestEncrypt";
    static final String REQUEST_HEADER_ENCRYPT = "isRequestHeaderEncrypt";
    static final String PRIVATE_KEY_TYPE = "privateKeyType";
    static final String PRIVATE_KEY_ALIAS = "privateKeyAlias";
    static final String PUBLIC_KEY_ALIAS = "publicKeyAlias";
    static final String USER_NAME = "UserName";
    static final String USER_PASSWORD = "UserPassword";
    static final String USER_CREDENTIAL = "UserCredential";
    static final String KERBEROS_DOMAIN_SERVER = "KerberosDomainServer";
    static final String KERBEROS_DOMAIN = "KerberosDomain";
    static final String KERBEROS_SERVICE_PRINCIPAL = "KerberosServicePrincipal";
    static final String KERBEROS_KEYTAB_FILE = "KerberosKeyTabFile";
    static final String KERBEROS_VERIFY_SIGNATURE = "isVerifyKrbSignature";
    static final String SAML_ATTRIBUTE_MAPPING = "SAMLAttributeMapping";
    static final String INCLUDE_MEMBERSHIPS = "includeMemberships";
    static final String SAML_ATTRIBUTE_NS = "AttributeNamespace";
    static final String NAMEID_MAPPER = "NameIDMapper";
    static final String ENCRYPTION_ALGORITHM = "EncryptionAlgorithm";
    static final String ENCRYPTION_STRENGTH = "EncryptionStrength";
    static final String SIGNING_REF_TYPE = "SigningRefType";
    static final String AUTHENTICATION_CHAIN = "AuthenticationChain";
    static final String USER_TOKEN_DETECT_REPLAY = "DetectUserTokenReplay";
    static final String MESSAGE_REPLAY_DETECTION = "DetectMessageReplay";
    static final String SIGNED_ELEMENTS = "SignedElements";
    static ConfigurationInstance ci;
    private static Map<String, TrustSPMetadata> spMap = new HashMap();
    private static boolean encryptIssuedToken = false;
    private static boolean encryptIssuedKey = true;
    private static List secMech = null;
    private static boolean isResponseSign = false;
    private static boolean isResponseEncrypt = false;
    private static boolean isRequestSign = false;
    private static boolean isRequestEncrypt = false;
    private static boolean isRequestHeaderEncrypt = false;
    private static boolean isVerifyKrbSignature = false;
    private static Set samlAttributes = null;
    private static boolean includeMemberships = false;
    private static String nameIDMapper = null;
    private static String attributeNS = null;
    private static List usercredentials = null;
    private static String encryptionAlgorithm = null;
    private static int encryptionStrength = 0;
    private static String signingRefType = null;
    private static String authChain = null;
    private static boolean detectUserTokenReplay = true;
    private static boolean detectMessageReplay = true;
    private static List signedElements = null;
    private static Set trustedIssuers = null;
    private static Set trustedIPAddresses = null;
    private static Debug debug = STSUtils.debug;

    public void configChanged(ConfigurationActionEvent configurationActionEvent) {
        if (debug.messageEnabled()) {
            debug.message("FAMSTSConfiguration: configChanged");
        }
        setValues();
    }

    private static void setValues() {
        try {
            Map configuration = ci.getConfiguration((String) null, (String) null);
            Set set = (Set) configuration.get(ISSUER);
            if (set != null && !set.isEmpty()) {
                issuer = (String) set.iterator().next();
            }
            Set set2 = (Set) configuration.get(END_POINT);
            if (set2 != null && !set2.isEmpty()) {
                stsEndpoint = (String) set2.iterator().next();
            }
            Set set3 = (Set) configuration.get(ENCRYPT_ISSUED_KEY);
            if (set3 != null && !set3.isEmpty()) {
                encryptIssuedKey = Boolean.valueOf((String) set3.iterator().next()).booleanValue();
            }
            Set set4 = (Set) configuration.get(ENCRYPT_ISSUED_TOKEN);
            if (set4 != null && !set4.isEmpty()) {
                encryptIssuedToken = Boolean.valueOf((String) set4.iterator().next()).booleanValue();
            }
            Set set5 = (Set) configuration.get(LIFE_TIME);
            if (set5 != null && !set5.isEmpty()) {
                issuedTokenTimeout = Long.valueOf((String) set5.iterator().next()).longValue();
            }
            Set set6 = (Set) configuration.get(TOKEN_IMPL_CLASS);
            if (set6 != null && !set6.isEmpty()) {
                type = (String) set6.iterator().next();
            }
            Set set7 = (Set) configuration.get(CERT_ALIAS);
            if (set7 != null && !set7.isEmpty()) {
                certAlias = (String) set7.iterator().next();
            }
            trustedIssuers = (Set) configuration.get("trustedIssuers");
            trustedIPAddresses = (Set) configuration.get("trustedIPAddresses");
            Set set8 = (Set) configuration.get("com.sun.identity.wss.sts.clientusertoken");
            if (set8 != null && !set8.isEmpty()) {
                clientUserToken = (String) set8.iterator().next();
            }
            Set set9 = (Set) configuration.get(SEC_MECH);
            if (set9 != null && !set9.isEmpty()) {
                if (secMech == null) {
                    secMech = new ArrayList();
                    secMech.addAll(set9);
                } else {
                    secMech.clear();
                    secMech.addAll(set9);
                }
            }
            Set set10 = (Set) configuration.get(RESPONSE_SIGN);
            if (set10 != null && !set10.isEmpty()) {
                isResponseSign = Boolean.valueOf((String) set10.iterator().next()).booleanValue();
            }
            Set set11 = (Set) configuration.get(RESPONSE_ENCRYPT);
            if (set11 != null && !set11.isEmpty()) {
                isResponseEncrypt = Boolean.valueOf((String) set11.iterator().next()).booleanValue();
            }
            Set set12 = (Set) configuration.get(REQUEST_SIGN);
            if (set12 != null && !set12.isEmpty()) {
                isRequestSign = Boolean.valueOf((String) set12.iterator().next()).booleanValue();
            }
            Set set13 = (Set) configuration.get(REQUEST_ENCRYPT);
            if (set13 != null && !set13.isEmpty()) {
                isRequestEncrypt = Boolean.valueOf((String) set13.iterator().next()).booleanValue();
            }
            Set set14 = (Set) configuration.get(REQUEST_HEADER_ENCRYPT);
            if (set14 != null && !set14.isEmpty()) {
                isRequestHeaderEncrypt = Boolean.valueOf((String) set14.iterator().next()).booleanValue();
            }
            Set set15 = (Set) configuration.get(PRIVATE_KEY_TYPE);
            if (set15 != null && !set15.isEmpty()) {
                privateKeyType = (String) set15.iterator().next();
            }
            Set set16 = (Set) configuration.get(PRIVATE_KEY_ALIAS);
            if (set16 != null && !set16.isEmpty()) {
                privateKeyAlias = (String) set16.iterator().next();
            }
            Set set17 = (Set) configuration.get(PUBLIC_KEY_ALIAS);
            if (set17 != null && !set17.isEmpty()) {
                publicKeyAlias = (String) set17.iterator().next();
            }
            String str = null;
            Set set18 = (Set) configuration.get(USER_CREDENTIAL);
            if (set18 != null && !set18.isEmpty()) {
                str = (String) set18.iterator().next();
            }
            if (str != null && str.length() != 0) {
                if (usercredentials == null) {
                    usercredentials = new ArrayList();
                }
                StringTokenizer stringTokenizer = new StringTokenizer(str, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    int indexOf = nextToken.indexOf("|");
                    if (indexOf == -1) {
                        return;
                    }
                    String substring = nextToken.substring(0, indexOf);
                    String substring2 = nextToken.substring(indexOf + 1, nextToken.length());
                    String str2 = null;
                    String str3 = null;
                    StringTokenizer stringTokenizer2 = new StringTokenizer(substring, ":");
                    if (USER_NAME.equals(stringTokenizer2.nextToken()) && stringTokenizer2.hasMoreTokens()) {
                        str2 = stringTokenizer2.nextToken();
                    }
                    StringTokenizer stringTokenizer3 = new StringTokenizer(substring2, ":");
                    if (USER_PASSWORD.equals(stringTokenizer3.nextToken()) && stringTokenizer3.hasMoreTokens()) {
                        str3 = stringTokenizer3.nextToken();
                    }
                    if (str2 != null && str3 != null) {
                        usercredentials.add(new PasswordCredential(str2, str3));
                    }
                }
            }
            Set set19 = (Set) configuration.get(KERBEROS_DOMAIN_SERVER);
            if (set19 != null && !set19.isEmpty()) {
                kerberosDomainServer = (String) set19.iterator().next();
            }
            Set set20 = (Set) configuration.get(KERBEROS_DOMAIN);
            if (set20 != null && !set20.isEmpty()) {
                kerberosDomain = (String) set20.iterator().next();
            }
            Set set21 = (Set) configuration.get(KERBEROS_SERVICE_PRINCIPAL);
            if (set21 != null && !set21.isEmpty()) {
                kerberosServicePrincipal = (String) set21.iterator().next();
            }
            Set set22 = (Set) configuration.get(KERBEROS_KEYTAB_FILE);
            if (set22 != null && !set22.isEmpty()) {
                kerberosKeyTabFile = (String) set22.iterator().next();
            }
            Set set23 = (Set) configuration.get(KERBEROS_VERIFY_SIGNATURE);
            if (set23 != null && !set23.isEmpty()) {
                isVerifyKrbSignature = Boolean.valueOf((String) set23.iterator().next()).booleanValue();
            }
            samlAttributes = (Set) configuration.get(SAML_ATTRIBUTE_MAPPING);
            Set set24 = (Set) configuration.get(SAML_ATTRIBUTE_NS);
            if (set24 != null && !set24.isEmpty()) {
                attributeNS = (String) set24.iterator().next();
            }
            Set set25 = (Set) configuration.get(NAMEID_MAPPER);
            if (set25 != null && !set25.isEmpty()) {
                nameIDMapper = (String) set25.iterator().next();
            }
            Set set26 = (Set) configuration.get(INCLUDE_MEMBERSHIPS);
            if (set26 != null && !set26.isEmpty()) {
                includeMemberships = Boolean.valueOf((String) set26.iterator().next()).booleanValue();
            }
            Set set27 = (Set) configuration.get(ENCRYPTION_ALGORITHM);
            if (set27 != null && !set27.isEmpty()) {
                encryptionAlgorithm = (String) set27.iterator().next();
            }
            Set set28 = (Set) configuration.get(ENCRYPTION_STRENGTH);
            if (set28 != null && !set28.isEmpty()) {
                encryptionStrength = Integer.parseInt((String) set28.iterator().next());
            }
            Set set29 = (Set) configuration.get(SIGNING_REF_TYPE);
            if (set29 != null && !set29.isEmpty()) {
                signingRefType = (String) set29.iterator().next();
            }
            Set set30 = (Set) configuration.get(AUTHENTICATION_CHAIN);
            if (set30 != null && !set30.isEmpty() && !((String) set30.iterator().next()).equals("[Empty]")) {
                authChain = (String) set30.iterator().next();
            }
            Set set31 = (Set) configuration.get(USER_TOKEN_DETECT_REPLAY);
            if (set31 != null && !set31.isEmpty()) {
                detectUserTokenReplay = Boolean.valueOf((String) set31.iterator().next()).booleanValue();
            }
            Set set32 = (Set) configuration.get(MESSAGE_REPLAY_DETECTION);
            if (set32 != null && !set32.isEmpty()) {
                detectMessageReplay = Boolean.valueOf((String) set32.iterator().next()).booleanValue();
            }
            Set set33 = (Set) configuration.get(SIGNED_ELEMENTS);
            if (set33 == null || set33.isEmpty()) {
                return;
            }
            if (signedElements == null) {
                signedElements = new ArrayList();
                signedElements.addAll(set33);
            } else {
                signedElements.clear();
                signedElements.addAll(set33);
            }
        } catch (ConfigurationException e) {
            debug.error("FAMSTSConfiguration.setValues:", e);
        }
    }

    public void addTrustSPMetadata(TrustSPMetadata trustSPMetadata, String str) {
        spMap.put(str, trustSPMetadata);
    }

    public TrustSPMetadata getTrustSPMetadata(String str) {
        spMap.put(str, new FAMTrustSPMetadata(str));
        return spMap.get(str);
    }

    public Set getTrustedIssuers() {
        return trustedIssuers;
    }

    public Set getTrustedIPAddresses() {
        return trustedIPAddresses;
    }

    public void setType(String str) {
        type = str;
    }

    public String getType() {
        return type;
    }

    public void setIssuer(String str) {
        issuer = str;
    }

    public String getIssuer() {
        return issuer;
    }

    public void setEncryptIssuedToken(boolean z) {
        encryptIssuedToken = z;
    }

    public boolean getEncryptIssuedToken() {
        return encryptIssuedToken;
    }

    public void setEncryptIssuedKey(boolean z) {
        encryptIssuedKey = z;
    }

    public boolean getEncryptIssuedKey() {
        return encryptIssuedKey;
    }

    public void setIssuedTokenTimeout(long j) {
        issuedTokenTimeout = j;
    }

    public long getIssuedTokenTimeout() {
        return issuedTokenTimeout;
    }

    public void setCallbackHandler(CallbackHandler callbackHandler) {
        this.callbackHandler = callbackHandler;
    }

    public CallbackHandler getCallbackHandler() {
        return new FAMCallbackHandler(certAlias);
    }

    public void setClientUserTokenClass(String str) {
        clientUserToken = str;
    }

    public String getClientUserTokenClass() {
        return clientUserToken;
    }

    public List getSecurityMechanisms() {
        return secMech;
    }

    public void setSecurityMechanisms(List list) {
        secMech = list;
    }

    public boolean isResponseSignEnabled() {
        return isResponseSign;
    }

    public void setResponseSignEnabled(boolean z) {
        isResponseSign = z;
    }

    public boolean isResponseEncryptEnabled() {
        return isResponseEncrypt;
    }

    public void setResponseEncryptEnabled(boolean z) {
        isResponseEncrypt = z;
    }

    public boolean isRequestSignEnabled() {
        return isRequestSign;
    }

    public void setRequestSignEnabled(boolean z) {
        isRequestSign = z;
    }

    public boolean isRequestEncryptEnabled() {
        return isRequestEncrypt;
    }

    public void setRequestEncryptEnabled(boolean z) {
        isRequestEncrypt = z;
    }

    public boolean isRequestHeaderEncryptEnabled() {
        return isRequestHeaderEncrypt;
    }

    public void setRequestHeaderEncryptEnabled(boolean z) {
        isRequestHeaderEncrypt = z;
    }

    public String getPrivateKeyType() {
        return privateKeyType;
    }

    public void setPrivateKeyType(String str) {
        privateKeyType = str;
    }

    public String getPrivateKeyAlias() {
        return privateKeyAlias;
    }

    public void setPrivateKeyAlias(String str) {
        privateKeyAlias = str;
    }

    public String getPublicKeyAlias() {
        return publicKeyAlias;
    }

    public void setPublicKeyAlias(String str) {
        publicKeyAlias = str;
    }

    public Map<String, Object> getOtherOptions() {
        return this.otherOptions;
    }

    public String getSTSEndpoint() {
        return stsEndpoint;
    }

    public String getKDCDomain() {
        return kerberosDomain;
    }

    public void setKDCDomain(String str) {
        kerberosDomain = str;
    }

    public String getKDCServer() {
        return kerberosDomainServer;
    }

    public void setKDCServer(String str) {
        kerberosDomainServer = str;
    }

    public String getKeyTabFile() {
        return kerberosKeyTabFile;
    }

    public void setKeyTabFile(String str) {
        kerberosKeyTabFile = str;
    }

    public String getKerberosServicePrincipal() {
        return kerberosServicePrincipal;
    }

    public void setKerberosServicePrincipal(String str) {
        kerberosServicePrincipal = str;
    }

    public boolean isValidateKerberosSignature() {
        return isVerifyKrbSignature;
    }

    public void setValidateKerberosSignature(boolean z) {
        isVerifyKrbSignature = z;
    }

    public Set getSAMLAttributeMapping() {
        return samlAttributes;
    }

    public void setSAMLAttributeMapping(Set set) {
        samlAttributes = set;
    }

    public boolean shouldIncludeMemberships() {
        return includeMemberships;
    }

    public void setIncludeMemberships(boolean z) {
        includeMemberships = z;
    }

    public String getNameIDMapper() {
        return nameIDMapper;
    }

    public void setNameIDMapper(String str) {
        nameIDMapper = str;
    }

    public String getSAMLAttributeNamespace() {
        return attributeNS;
    }

    public void setSAMLAttributeNamespace(String str) {
        attributeNS = str;
    }

    public void setUsers(List list) {
        usercredentials = list;
    }

    public List getUsers() {
        return usercredentials;
    }

    public String getEncryptionAlgorithm() {
        return encryptionAlgorithm;
    }

    public void setEncryptionAlgorithm(String str) {
        encryptionAlgorithm = str;
    }

    public int getEncryptionStrength() {
        return encryptionStrength;
    }

    public void setEncryptionStrength(int i) {
        encryptionStrength = i;
    }

    public String getSigningRefType() {
        return signingRefType;
    }

    public void setSigningRefType(String str) {
        signingRefType = str;
    }

    public String getAuthenticationChain() {
        return authChain;
    }

    public void setAuthenticationChain(String str) {
        authChain = str;
    }

    public boolean isUserTokenDetectReplayEnabled() {
        return detectUserTokenReplay;
    }

    public void setDetectUserTokenReplay(boolean z) {
        detectUserTokenReplay = z;
    }

    public boolean isMessageReplayDetectionEnabled() {
        return detectMessageReplay;
    }

    public void setMessageReplayDetection(boolean z) {
        detectMessageReplay = z;
    }

    public List getSignedElements() {
        return signedElements;
    }

    public void setSignedElements(List list) {
        signedElements = list;
    }

    static {
        ci = null;
        try {
            ci = ConfigurationManager.getConfigurationInstance(CONFIG_NAME);
            ci.addListener(new FAMSTSConfiguration());
            setValues();
        } catch (ConfigurationException e) {
            debug.error("FAMSTSConfiguration.static:", e);
        }
    }
}
