package com.sun.identity.liberty.ws.disco.common;

import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.federation.message.common.EncryptedNameIdentifier;
import com.sun.identity.federation.message.common.IDPProvidedNameIdentifier;
import com.sun.identity.liberty.ws.disco.Description;
import com.sun.identity.liberty.ws.disco.EncryptedResourceID;
import com.sun.identity.liberty.ws.disco.ResourceID;
import com.sun.identity.liberty.ws.disco.ResourceOffering;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthenticateSessionContextElement;
import com.sun.identity.liberty.ws.disco.jaxb.AuthorizeRequesterElement;
import com.sun.identity.liberty.ws.disco.jaxb.DescriptionType;
import com.sun.identity.liberty.ws.disco.jaxb.DirectiveType;
import com.sun.identity.liberty.ws.disco.jaxb.EncryptResourceIDElement;
import com.sun.identity.liberty.ws.disco.jaxb11.GenerateBearerTokenElement;
import com.sun.identity.liberty.ws.disco.plugins.NameIdentifierMapper;
import com.sun.identity.liberty.ws.security.ResourceAccessStatement;
import com.sun.identity.liberty.ws.security.SecurityAssertion;
import com.sun.identity.liberty.ws.security.SecurityTokenManager;
import com.sun.identity.liberty.ws.security.SessionContext;
import com.sun.identity.liberty.ws.security.SessionContextStatement;
import com.sun.identity.liberty.ws.security.SessionSubject;
import com.sun.identity.liberty.ws.soapbinding.Message;
import com.sun.identity.liberty.ws.soapbinding.ProviderHeader;
import com.sun.identity.liberty.ws.util.ProviderManager;
import com.sun.identity.liberty.ws.util.ProviderUtil;
import com.sun.identity.saml.assertion.NameIdentifier;
import com.sun.identity.saml.assertion.Statement;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.BitSet;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:com/sun/identity/liberty/ws/disco/common/DiscoUtils.class */
public class DiscoUtils extends DiscoSDKUtils {
    private static String ALL = "all";
    private static int AUTHN = 0;
    private static int AUTHO = 1;
    private static int SESSION = 2;
    private static int BEARER = 3;
    private static int LOGOUT = 4;
    private static int SIZE = 5;
    private static BitSet EMPTY_BITSET = new BitSet(SIZE);

    private DiscoUtils() {
    }

    /* JADX WARN: Can't wrap try/catch for region: R(10:4|(1:35)(4:6|(1:8)|9|(4:32|33|34|24)(1:11))|12|13|14|16|17|(2:22|23)(3:25|26|27)|24|2) */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x00ae, code lost:
    
        r23 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:30:0x00b0, code lost:
    
        com.sun.identity.liberty.ws.disco.common.DiscoUtils.debug.error("DiscoveryService.checkPolicyAndHandleDirectives:exception when constructing ResourceOffering:", r23);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static java.util.Map checkPolicyAndHandleDirectives(java.lang.String r10, com.sun.identity.liberty.ws.soapbinding.Message r11, java.util.Collection r12, com.sun.identity.liberty.ws.interfaces.Authorizer r13, com.sun.identity.liberty.ws.security.SessionContext r14, java.lang.String r15, java.lang.Object r16) {
        /*
            Method dump skipped, instructions count: 300
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.sun.identity.liberty.ws.disco.common.DiscoUtils.checkPolicyAndHandleDirectives(java.lang.String, com.sun.identity.liberty.ws.soapbinding.Message, java.util.Collection, com.sun.identity.liberty.ws.interfaces.Authorizer, com.sun.identity.liberty.ws.security.SessionContext, java.lang.String, java.lang.Object):java.util.Map");
    }

    private static void handleDirectives(ResourceOffering resourceOffering, List list, String str, Message message, SessionContext sessionContext, String str2, Object obj, List list2, List list3) {
        String generateCredential;
        HashMap hashMap = new HashMap();
        BitSet bitSet = new BitSet(SIZE);
        if (sessionContext != null && DiscoServiceManager.needSessionContextStatement()) {
            bitSet.set(SESSION);
        }
        for (Object obj2 : list) {
            List descriptionIDRefs = ((DirectiveType) obj2).getDescriptionIDRefs();
            if (obj2 instanceof EncryptResourceIDElement) {
                debug.message("DiscoService: has encrypt D");
                resourceOffering = doEncryption(resourceOffering);
            } else if (obj2 instanceof AuthenticateRequesterElement) {
                setMap(descriptionIDRefs, AUTHN, hashMap, bitSet);
            } else if (obj2 instanceof AuthorizeRequesterElement) {
                setMap(descriptionIDRefs, AUTHO, hashMap, bitSet);
            } else if (obj2 instanceof AuthenticateSessionContextElement) {
                setMap(descriptionIDRefs, SESSION, hashMap, bitSet);
            } else if (obj2 instanceof GenerateBearerTokenElement) {
                setMap(descriptionIDRefs, BEARER, hashMap, bitSet);
            } else if (debug.messageEnabled()) {
                debug.message("DiscoUtils.handleDirective: directive not supported.");
            }
        }
        HashMap hashMap2 = new HashMap();
        HashMap hashMap3 = new HashMap();
        for (String str3 : hashMap.keySet()) {
            BitSet bitSet2 = (BitSet) hashMap.get(str3);
            bitSet2.or(bitSet);
            if (hashMap2.containsKey(bitSet2)) {
                hashMap3.put(str3, (String) hashMap2.get(bitSet2));
            } else {
                String generateCredential2 = generateCredential(bitSet2, resourceOffering, message, str, list3, sessionContext, str2, obj);
                if (generateCredential2 != null) {
                    hashMap2.put(bitSet2, generateCredential2);
                    hashMap3.put(str3, generateCredential2);
                }
            }
        }
        for (Description description : resourceOffering.getServiceInstance().getDescription()) {
            ArrayList arrayList = new ArrayList();
            String id = description.getId();
            if (id == null || id.length() == 0 || !hashMap3.containsKey(id)) {
                debug.message("DiscoUtils.handleDirective:  not containsKey");
                String str4 = (String) hashMap3.get("all");
                if (str4 != null) {
                    arrayList.add(str4);
                } else if (hashMap2.containsKey(bitSet)) {
                    String str5 = (String) hashMap2.get(bitSet);
                    hashMap3.put("all", str5);
                    arrayList.add(str5);
                } else if (!bitSet.equals(EMPTY_BITSET) && (generateCredential = generateCredential(bitSet, resourceOffering, message, str, list3, sessionContext, str2, obj)) != null) {
                    hashMap3.put("all", generateCredential);
                    arrayList.add(generateCredential);
                }
            } else {
                if (debug.messageEnabled()) {
                    debug.message("DiscoUtils.handleDirective: containsKey:" + id);
                }
                arrayList.add((String) hashMap3.get(id));
            }
            if (!arrayList.isEmpty()) {
                description.setCredentialRef(arrayList);
            }
        }
        list2.add(resourceOffering);
    }

    private static ResourceOffering doEncryption(ResourceOffering resourceOffering) {
        ResourceID resourceID = resourceOffering.getResourceID();
        if (resourceID == null) {
            return resourceOffering;
        }
        try {
            EncryptedResourceID encryptedResourceID = EncryptedResourceID.getEncryptedResourceID(resourceID, resourceOffering.getServiceInstance().getProviderID());
            resourceOffering.setResourceID(null);
            resourceOffering.setEncryptedResourceID(encryptedResourceID);
        } catch (Exception e) {
            debug.error("DiscoUtils.doEncryption: exception:", e);
        }
        return resourceOffering;
    }

    private static void setMap(List list, int i, Map map, BitSet bitSet) {
        if (list == null || list.size() == 0) {
            bitSet.set(i);
            return;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String id = ((DescriptionType) it.next()).getId();
            BitSet bitSet2 = (BitSet) map.get(id);
            if (bitSet2 == null) {
                bitSet2 = new BitSet(SIZE);
            }
            bitSet2.set(i);
            map.put(id, bitSet2);
        }
    }

    private static SessionContext getSessionContext(SecurityAssertion securityAssertion) {
        SessionContext sessionContext;
        if (securityAssertion == null) {
            return null;
        }
        for (Statement statement : securityAssertion.getStatement()) {
            int statementType = statement.getStatementType();
            if (statementType == 4) {
                SessionContext sessionContext2 = ((ResourceAccessStatement) statement).getSessionContext();
                if (sessionContext2 != null) {
                    return sessionContext2;
                }
            } else if (statementType == 5 && (sessionContext = ((SessionContextStatement) statement).getSessionContext()) != null) {
                return sessionContext;
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r22v3 */
    /* JADX WARN: Type inference failed for: r22v5 */
    /* JADX WARN: Type inference failed for: r22v6 */
    /* JADX WARN: Type inference failed for: r22v7 */
    private static String generateCredential(BitSet bitSet, ResourceOffering resourceOffering, Message message, String str, List list, SessionContext sessionContext, String str2, Object obj) {
        ProviderHeader providerHeader;
        SecurityAssertion securityAssertion = null;
        try {
            SecurityTokenManager securityTokenManager = new SecurityTokenManager(obj);
            String str3 = str2;
            if ((str3 == null || str3.length() == 0) && (providerHeader = message.getProviderHeader()) != null) {
                str3 = providerHeader.getProviderID();
            }
            SessionContext sessionContext2 = sessionContext;
            if (sessionContext2 == null) {
                sessionContext2 = getSessionContext(message.getAssertion());
            }
            String providerID = resourceOffering.getServiceInstance().getProviderID();
            if (sessionContext2 != null) {
                try {
                    ProviderManager providerManager = ProviderUtil.getProviderManager();
                    SessionSubject sessionSubject = sessionContext2.getSessionSubject();
                    NameIdentifier nameIdentifier = sessionSubject.getNameIdentifier();
                    if (nameIdentifier.getFormat() != null && nameIdentifier.getFormat().equals(IFSConstants.NI_ENCRYPTED_FORMAT_URI)) {
                        nameIdentifier = EncryptedNameIdentifier.getDecryptedNameIdentifier(nameIdentifier, providerManager.getDecryptionKey(DiscoServiceManager.getDiscoProviderID()));
                    }
                    NameIdentifier nameIdentifier2 = null;
                    NameIdentifierMapper nameIdentifierMapper = DiscoServiceManager.getNameIdentifierMapper();
                    if (nameIdentifierMapper != null) {
                        nameIdentifier2 = nameIdentifierMapper.getNameIdentifier(providerID, DiscoServiceManager.getDiscoProviderID(), nameIdentifier, str);
                    }
                    if (nameIdentifier2 != null && !nameIdentifier2.equals(nameIdentifier)) {
                        sessionSubject.setNameIdentifier(nameIdentifier2);
                        if (sessionSubject.getIDPProvidedNameIdentifier() != null) {
                            sessionSubject.setIDPProvidedNameIdentifier(new IDPProvidedNameIdentifier(nameIdentifier2.getName(), nameIdentifier2.getNameQualifier(), nameIdentifier2.getFormat()));
                        }
                    } else if (providerManager.isNameIDEncryptionEnabled(providerID)) {
                        sessionSubject.setNameIdentifier(EncryptedNameIdentifier.getEncryptedNameIdentifier(nameIdentifier, providerID, providerManager.getEncryptionKey(providerID), providerManager.getEncryptionKeyAlgorithm(providerID), providerManager.getEncryptionKeyStrength(providerID)));
                    } else {
                        sessionSubject.setNameIdentifier(nameIdentifier);
                    }
                    sessionContext2.setSessionSubject(sessionSubject);
                } catch (Exception e) {
                    debug.error("DiscoUtils.handleDirective: En/Decryption Exception:", e);
                    return null;
                }
            }
            EncryptedResourceID encryptedResourceID = resourceOffering.getEncryptedResourceID();
            Object obj2 = encryptedResourceID;
            if (encryptedResourceID == null) {
                ResourceID resourceID = resourceOffering.getResourceID();
                obj2 = resourceID == null ? DiscoConstants.IMPLIED_RESOURCE : resourceID.getResourceID();
            }
            if (!bitSet.get(BEARER)) {
                NameIdentifier nameIdentifier3 = (str3 == null || str3.length() == 0) ? new NameIdentifier(str) : new NameIdentifier(str3, null, DiscoConstants.PROVIDER_ID_FORMAT);
                if (str3 != null) {
                    securityTokenManager.setCertAlias(ProviderUtil.getProviderManager().getSigningKeyAlias(str3));
                } else {
                    X509Certificate peerCertificate = message.getPeerCertificate();
                    if (peerCertificate == null) {
                        peerCertificate = message.getMessageCertificate();
                        if (peerCertificate == null) {
                            if (!debug.messageEnabled()) {
                                return null;
                            }
                            debug.message("DiscoUtils.generateCredential:client cert is null. Cannot generate credential.");
                            return null;
                        }
                    }
                    securityTokenManager.setCertificate(peerCertificate);
                }
                securityAssertion = obj2 instanceof String ? securityTokenManager.getSAMLAuthorizationToken(nameIdentifier3, sessionContext2, (String) obj2, bitSet.get(AUTHN), bitSet.get(AUTHO), providerID) : securityTokenManager.getSAMLAuthorizationToken(nameIdentifier3, sessionContext2, (EncryptedResourceID) obj2, bitSet.get(AUTHN), bitSet.get(AUTHO), providerID);
            } else if (bitSet.get(AUTHN) || bitSet.get(AUTHO) || bitSet.get(SESSION)) {
                NameIdentifier nameIdentifier4 = (str3 == null || str3.length() == 0) ? new NameIdentifier(str) : new NameIdentifier(str3, null, DiscoConstants.PROVIDER_ID_FORMAT);
                securityAssertion = obj2 instanceof String ? securityTokenManager.getSAMLBearerToken(nameIdentifier4, sessionContext2, (String) obj2, bitSet.get(AUTHN), bitSet.get(AUTHO), providerID) : securityTokenManager.getSAMLBearerToken(nameIdentifier4, sessionContext2, (EncryptedResourceID) obj2, bitSet.get(AUTHN), bitSet.get(AUTHO), providerID);
            }
        } catch (Exception e2) {
            debug.error("DiscoUtils.generateCredential:cannot generate credential: ", e2);
        }
        if (securityAssertion == null) {
            debug.error("DiscoUtils.generateCredential: cannot generate credential.");
            return null;
        }
        list.add(securityAssertion);
        return securityAssertion.getAssertionID();
    }
}
