package com.sun.identity.wss.provider.plugins;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdType;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.wss.provider.ProviderException;
import com.sun.identity.wss.provider.ProviderUtils;
import com.sun.identity.wss.provider.STSConfig;
import com.sun.identity.wss.security.PasswordCredential;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;

/* loaded from: input_file:com/sun/identity/wss/provider/plugins/STSAgent.class */
public class STSAgent extends STSConfig {
    private static final String AGENT_PASSWORD_ATTR = "userpassword";
    private static final String AGENT_DEVICE_STATUS_ATTR = "sunIdentityServerDeviceStatus";
    private static final String AGENT_TYPE_ATTR = "AgentType";
    private static final String ENDPOINT = "STSEndpoint";
    private static final String MEX_ENDPOINT = "STSMexEndpoint";
    private static final String SEC_MECH = "SecurityMech";
    private static final String RESPONSE_SIGN = "isResponseSign";
    private static final String RESPONSE_ENCRYPT = "isResponseEncrypt";
    private static final String REQUEST_SIGN = "isRequestSign";
    private static final String REQUEST_ENCRYPT = "isRequestEncrypt";
    private static final String REQUEST_HEADER_ENCRYPT = "isRequestHeaderEncrypt";
    private static final String USER_NAME = "UserName";
    private static final String USER_PASSWORD = "UserPassword";
    private static final String USER_CREDENTIAL = "UserCredential";
    private static final String STS_CONFIG = "STS";
    private static final String PRIVATE_KEY_ALIAS = "privateKeyAlias";
    private static final String PUBLIC_KEY_ALIAS = "publicKeyAlias";
    private static final String KDC_SERVER = "KerberosDomainServer";
    private static final String KDC_DOMAIN = "KerberosDomain";
    private static final String KRB_SERVICE_PRINCIPAL = "KerberosServicePrincipal";
    private static final String KRB_TICKET_CACHE_DIR = "KerberosTicketCacheDir";
    private static final String ENCRYPTION_ALG = "EncryptionAlgorithm";
    private static final String ENCRYPTION_STRENGTH = "EncryptionStrength";
    private static final String SIGNING_REF_TYPE = "SigningRefType";
    private static final String PROTOCOL_VERSION = "WSTrustVersion";
    private static final String SAML_ATTRIBUTE_MAPPING = "SAMLAttributeMapping";
    private static final String INCLUDE_MEMBERSHIPS = "includeMemberships";
    private static final String SAML_ATTRIBUTE_NS = "AttributeNamespace";
    private static final String NAMEID_MAPPER = "NameIDMapper";
    private static final String KEYTYPE = "KeyType";
    private static final String REQUESTED_CLAIMS = "RequestedClaims";
    private static final String DNS_CLAIM = "DnsClaim";
    private static final String SIGNED_ELEMENTS = "SignedElements";
    private AMIdentityRepository idRepo;
    private boolean profilePresent = false;
    private SSOToken token = null;
    private static Set attrNames = new HashSet();
    private static Debug debug = ProviderUtils.debug;

    public STSAgent() {
    }

    public STSAgent(AMIdentity aMIdentity) throws ProviderException {
        try {
            this.name = aMIdentity.getName();
            this.type = aMIdentity.getType().getName();
            if (debug.messageEnabled()) {
                debug.message("STSAgent: name = " + this.name + "type = " + this.type);
            }
            parseAgentKeyValues(aMIdentity.getAttributes(attrNames));
        } catch (SSOException e) {
            debug.error("STSAgent.constructor: SSO exception", e);
            throw new ProviderException(e.getMessage());
        } catch (IdRepoException e2) {
            debug.error("STSAgent.constructor: Idrepo exception", e2);
            throw new ProviderException(e2.getMessage());
        }
    }

    @Override // com.sun.identity.wss.provider.TrustAuthorityConfig
    public void init(String str, String str2, SSOToken sSOToken) throws ProviderException {
        this.name = str;
        this.type = str2;
        this.token = sSOToken;
        if (debug.messageEnabled()) {
            debug.message("STSAgent: name = " + str + "type = " + str2);
        }
        try {
            AMIdentity aMIdentity = new AMIdentity(sSOToken, str, IdType.AGENT, "/", (String) null);
            if (aMIdentity.isExists()) {
                Map attributes = aMIdentity.getAttributes(attrNames);
                this.profilePresent = true;
                parseAgentKeyValues(attributes);
            } else if (debug.messageEnabled()) {
                debug.message("STSAgent.init: provider " + str + "does not exist");
            }
        } catch (IdRepoException e) {
            if (e.getErrorCode().equals("402")) {
                this.profilePresent = false;
            } else {
                debug.error("STSAgent.init: Unable to get idRepo", e);
                throw new ProviderException("idRepo exception: " + e.getMessage());
            }
        } catch (Exception e2) {
            debug.error("STSAgent.init: Unable to get idRepo", e2);
            throw new ProviderException("idRepo exception: " + e2.getMessage());
        }
    }

    private void parseAgentKeyValues(Map map) throws ProviderException {
        if (map == null || map.isEmpty()) {
            return;
        }
        if (debug.messageEnabled()) {
            debug.message("STSAgent.parseAgentKeyValues::" + map);
        }
        for (String str : map.keySet()) {
            Set set = (Set) map.get(str);
            String str2 = null;
            if (set != null && set.size() > 0) {
                Iterator it = set.iterator();
                StringBuffer stringBuffer = new StringBuffer(100);
                while (it.hasNext()) {
                    stringBuffer.append((String) it.next()).append(",");
                }
                str2 = stringBuffer.deleteCharAt(stringBuffer.length() - 1).toString();
            }
            setConfig(str, str2);
        }
    }

    private void setConfig(String str, String str2) {
        String nextToken;
        int indexOf;
        if (str.equals(ENDPOINT)) {
            this.endpoint = str2;
            return;
        }
        if (str.equals(MEX_ENDPOINT)) {
            this.mexEndpoint = str2;
            return;
        }
        if (str.equals(SEC_MECH)) {
            if (this.secMech == null) {
                this.secMech = new ArrayList();
            }
            StringTokenizer stringTokenizer = new StringTokenizer(str2, ",");
            while (stringTokenizer.hasMoreTokens()) {
                this.secMech.add(stringTokenizer.nextToken());
            }
            return;
        }
        if (str.equals(RESPONSE_SIGN)) {
            this.isResponseSigned = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(RESPONSE_ENCRYPT)) {
            this.isResponseEncrypted = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(REQUEST_SIGN)) {
            this.isRequestSigned = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(REQUEST_ENCRYPT)) {
            this.isRequestEncrypted = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(REQUEST_HEADER_ENCRYPT)) {
            this.isRequestHeaderEncrypted = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(PRIVATE_KEY_ALIAS)) {
            this.privateKeyAlias = str2;
            return;
        }
        if (str.equals(STS_CONFIG)) {
            this.stsConfigName = str2;
            return;
        }
        if (str.equals(PUBLIC_KEY_ALIAS)) {
            this.publicKeyAlias = str2;
            return;
        }
        if (str.equals(USER_CREDENTIAL)) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            if (this.usercredentials == null) {
                this.usercredentials = new ArrayList();
            }
            StringTokenizer stringTokenizer2 = new StringTokenizer(str2, ",");
            while (stringTokenizer2.hasMoreTokens() && (indexOf = (nextToken = stringTokenizer2.nextToken()).indexOf("|")) != -1) {
                String substring = nextToken.substring(0, indexOf);
                String substring2 = nextToken.substring(indexOf + 1, nextToken.length());
                String str3 = null;
                String str4 = null;
                StringTokenizer stringTokenizer3 = new StringTokenizer(substring, ":");
                if (USER_NAME.equals(stringTokenizer3.nextToken()) && stringTokenizer3.hasMoreTokens()) {
                    str3 = stringTokenizer3.nextToken();
                }
                StringTokenizer stringTokenizer4 = new StringTokenizer(substring2, ":");
                if (USER_PASSWORD.equals(stringTokenizer4.nextToken()) && stringTokenizer4.hasMoreTokens()) {
                    str4 = stringTokenizer4.nextToken();
                }
                if (str3 != null && str4 != null) {
                    this.usercredentials.add(new PasswordCredential(str3, str4));
                }
            }
            return;
        }
        if (str.equals(KDC_DOMAIN)) {
            this.kdcDomain = str2;
            return;
        }
        if (str.equals(KRB_SERVICE_PRINCIPAL)) {
            this.servicePrincipal = str2;
            return;
        }
        if (str.equals(KRB_TICKET_CACHE_DIR)) {
            this.ticketCacheDir = str2;
            return;
        }
        if (str.equals(KDC_SERVER)) {
            this.kdcServer = str2;
            return;
        }
        if (str.equals(SIGNING_REF_TYPE)) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.signingRefType = str2;
            return;
        }
        if (str.equals(ENCRYPTION_ALG)) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.encryptionAlgorithm = str2;
            return;
        }
        if (str.equals(ENCRYPTION_STRENGTH)) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.encryptionStrength = Integer.parseInt(str2);
            return;
        }
        if (str.equals("WSTrustVersion")) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.protocolVersion = str2;
            return;
        }
        if (str.equals(SAML_ATTRIBUTE_MAPPING)) {
            if (this.samlAttributes == null) {
                this.samlAttributes = new HashSet();
            }
            if (str2 == null) {
                return;
            }
            StringTokenizer stringTokenizer5 = new StringTokenizer(str2, ",");
            while (stringTokenizer5.hasMoreTokens()) {
                this.samlAttributes.add(stringTokenizer5.nextToken());
            }
            return;
        }
        if (str.equals(INCLUDE_MEMBERSHIPS)) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.includeMemberships = Boolean.valueOf(str2).booleanValue();
            return;
        }
        if (str.equals(SAML_ATTRIBUTE_NS)) {
            this.attributeNS = str2;
            return;
        }
        if (str.equals(NAMEID_MAPPER)) {
            this.nameIDMapper = str2;
            return;
        }
        if (str.equals(KEYTYPE)) {
            if (str2 != null) {
                this.keyType = str2;
                return;
            }
            return;
        }
        if (str.equals(REQUESTED_CLAIMS)) {
            if (this.requestedClaims == null) {
                this.requestedClaims = new ArrayList();
            }
            if (str2 == null) {
                return;
            }
            StringTokenizer stringTokenizer6 = new StringTokenizer(str2, ",");
            while (stringTokenizer6.hasMoreTokens()) {
                this.requestedClaims.add(stringTokenizer6.nextToken());
            }
            return;
        }
        if (str.equals("DnsClaim")) {
            if (str2 == null || str2.length() == 0) {
                return;
            }
            this.dnsClaim = str2;
            return;
        }
        if (str.equals(SIGNED_ELEMENTS)) {
            if (this.signedElements == null) {
                this.signedElements = new ArrayList();
            }
            if (str2 == null) {
                return;
            }
            StringTokenizer stringTokenizer7 = new StringTokenizer(str2, ",");
            while (stringTokenizer7.hasMoreTokens()) {
                this.signedElements.add(stringTokenizer7.nextToken());
            }
        }
    }

    @Override // com.sun.identity.wss.provider.TrustAuthorityConfig
    public void delete() throws ProviderException {
        if (this.profilePresent) {
            try {
                if (this.idRepo == null) {
                    this.idRepo = new AMIdentityRepository(this.token, "/");
                }
                AMIdentity aMIdentity = new AMIdentity(this.token, this.name, IdType.AGENT, "/", (String) null);
                HashSet hashSet = new HashSet();
                hashSet.add(aMIdentity);
                this.idRepo.deleteIdentities(hashSet);
            } catch (Exception e) {
                debug.error("STSAgent.delete: Unable to get idRepo", e);
                throw new ProviderException("idRepo exception: " + e.getMessage());
            }
        }
    }

    @Override // com.sun.identity.wss.provider.TrustAuthorityConfig
    public void store() throws ProviderException {
        HashMap hashMap = new HashMap();
        hashMap.put(AGENT_TYPE_ATTR, this.type);
        hashMap.put(AGENT_PASSWORD_ATTR, this.name);
        hashMap.put(AGENT_DEVICE_STATUS_ATTR, "Active");
        if (this.endpoint != null) {
            hashMap.put(ENDPOINT, this.endpoint);
        }
        if (this.mexEndpoint != null) {
            hashMap.put(MEX_ENDPOINT, this.mexEndpoint);
        }
        if (this.privateKeyAlias != null) {
            hashMap.put(PRIVATE_KEY_ALIAS, this.privateKeyAlias);
        }
        if (this.publicKeyAlias != null) {
            hashMap.put(PUBLIC_KEY_ALIAS, this.publicKeyAlias);
        }
        if (this.stsConfigName != null) {
            hashMap.put(STS_CONFIG, this.stsConfigName);
        }
        if (this.kdcServer != null) {
            hashMap.put(KDC_SERVER, this.kdcServer);
        }
        if (this.kdcDomain != null) {
            hashMap.put(KDC_DOMAIN, this.kdcDomain);
        }
        if (this.servicePrincipal != null) {
            hashMap.put(KRB_SERVICE_PRINCIPAL, this.servicePrincipal);
        }
        if (this.ticketCacheDir != null) {
            hashMap.put(KRB_TICKET_CACHE_DIR, this.ticketCacheDir);
        }
        HashSet hashSet = new HashSet();
        if (this.secMech != null) {
            Iterator it = this.secMech.iterator();
            while (it.hasNext()) {
                hashSet.add((String) it.next());
            }
        }
        hashMap.put(RESPONSE_SIGN, Boolean.toString(this.isResponseSigned));
        hashMap.put(RESPONSE_ENCRYPT, Boolean.toString(this.isResponseEncrypted));
        hashMap.put(REQUEST_SIGN, Boolean.toString(this.isRequestSigned));
        hashMap.put(REQUEST_ENCRYPT, Boolean.toString(this.isRequestEncrypted));
        hashMap.put(REQUEST_HEADER_ENCRYPT, Boolean.toString(this.isRequestHeaderEncrypted));
        if (this.usercredentials != null) {
            StringBuffer stringBuffer = new StringBuffer(100);
            for (PasswordCredential passwordCredential : this.usercredentials) {
                String userName = passwordCredential.getUserName();
                String password = passwordCredential.getPassword();
                if (userName != null && password != null) {
                    stringBuffer.append(USER_NAME).append(":").append(userName).append("|").append(USER_PASSWORD).append(":").append(password).append(",");
                }
            }
            hashMap.put(USER_CREDENTIAL, stringBuffer.deleteCharAt(stringBuffer.length() - 1).toString());
        }
        if (this.signingRefType != null) {
            hashMap.put(SIGNING_REF_TYPE, this.signingRefType);
        }
        if (this.encryptionAlgorithm != null) {
            hashMap.put(ENCRYPTION_ALG, this.encryptionAlgorithm);
        }
        hashMap.put(ENCRYPTION_STRENGTH, new Integer(this.encryptionStrength).toString());
        if (this.protocolVersion != null) {
            hashMap.put("WSTrustVersion", this.protocolVersion);
        }
        if (this.attributeNS != null) {
            hashMap.put(SAML_ATTRIBUTE_NS, this.attributeNS);
        }
        if (this.nameIDMapper != null) {
            hashMap.put(NAMEID_MAPPER, this.nameIDMapper);
        }
        if (this.includeMemberships) {
            hashMap.put(INCLUDE_MEMBERSHIPS, Boolean.toString(this.includeMemberships));
        }
        if (this.keyType != null) {
            hashMap.put(KEYTYPE, this.keyType);
        }
        if (this.dnsClaim != null) {
            hashMap.put("DnsClaim", this.dnsClaim);
        }
        HashSet hashSet2 = new HashSet();
        if (this.signedElements != null) {
            Iterator it2 = this.signedElements.iterator();
            while (it2.hasNext()) {
                hashSet2.add((String) it2.next());
            }
        }
        try {
            HashMap hashMap2 = new HashMap();
            for (String str : hashMap.keySet()) {
                String str2 = (String) hashMap.get(str);
                HashSet hashSet3 = new HashSet();
                hashSet3.add(str2);
                hashMap2.put(str, hashSet3);
            }
            if (hashSet != null) {
                hashMap2.put(SEC_MECH, hashSet);
            }
            if (this.samlAttributes != null && !this.samlAttributes.isEmpty()) {
                hashMap2.put(SAML_ATTRIBUTE_MAPPING, this.samlAttributes);
            }
            if (this.requestedClaims != null && !this.requestedClaims.isEmpty()) {
                HashSet hashSet4 = new HashSet();
                hashSet4.addAll(this.requestedClaims);
                hashMap2.put(REQUESTED_CLAIMS, hashSet4);
            }
            if (hashSet2 != null && !hashSet2.isEmpty()) {
                hashMap2.put(SIGNED_ELEMENTS, hashSet2);
            }
            if (this.profilePresent) {
                hashMap2.remove(AGENT_TYPE_ATTR);
                AMIdentity aMIdentity = new AMIdentity(this.token, this.name, IdType.AGENT, "/", (String) null);
                if (debug.messageEnabled()) {
                    debug.message("Attributes to be stored: " + hashMap2);
                }
                aMIdentity.setAttributes(hashMap2);
                aMIdentity.store();
            } else {
                if (this.idRepo == null) {
                    this.idRepo = new AMIdentityRepository(this.token, "/");
                }
                this.idRepo.createIdentity(IdType.AGENT, this.name, hashMap2);
            }
        } catch (Exception e) {
            debug.error("STSAgent.store: Unable to get idRepo", e);
            throw new ProviderException("idRepo exception: " + e.getMessage());
        }
    }

    private String getKeyValue(String str, String str2) {
        return str + "=" + str2;
    }

    static {
        attrNames.add(ENDPOINT);
        attrNames.add(MEX_ENDPOINT);
        attrNames.add(SEC_MECH);
        attrNames.add(RESPONSE_SIGN);
        attrNames.add(RESPONSE_ENCRYPT);
        attrNames.add(REQUEST_SIGN);
        attrNames.add(REQUEST_ENCRYPT);
        attrNames.add(REQUEST_HEADER_ENCRYPT);
        attrNames.add(USER_CREDENTIAL);
        attrNames.add(STS_CONFIG);
        attrNames.add(PRIVATE_KEY_ALIAS);
        attrNames.add(PUBLIC_KEY_ALIAS);
        attrNames.add(KDC_SERVER);
        attrNames.add(KDC_DOMAIN);
        attrNames.add(KRB_SERVICE_PRINCIPAL);
        attrNames.add(KRB_TICKET_CACHE_DIR);
        attrNames.add(ENCRYPTION_ALG);
        attrNames.add(ENCRYPTION_STRENGTH);
        attrNames.add(SIGNING_REF_TYPE);
        attrNames.add("WSTrustVersion");
        attrNames.add(INCLUDE_MEMBERSHIPS);
        attrNames.add(SAML_ATTRIBUTE_MAPPING);
        attrNames.add(SAML_ATTRIBUTE_NS);
        attrNames.add(NAMEID_MAPPER);
        attrNames.add(KEYTYPE);
        attrNames.add(REQUESTED_CLAIMS);
        attrNames.add("DnsClaim");
        attrNames.add(SIGNED_ELEMENTS);
    }
}
