package org.apache.rahas.impl;

import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMNode;
import org.apache.axiom.om.impl.dom.jaxp.DocumentBuilderFactoryImpl;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.description.Parameter;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.RahasData;
import org.apache.rahas.TokenRenewer;
import org.apache.rahas.TokenStorage;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLException;
import org.w3c.dom.Element;

/* loaded from: input_file:runtime/apache-tuscany-sca-1.6.2/tuscany-sca-1.6.2/lib/rampart-trust-1.4.jar:org/apache/rahas/impl/SAMLTokenRenewer.class */
public class SAMLTokenRenewer implements TokenRenewer {
    private String configParamName;
    private OMElement configElement;
    private String configFile;

    /* JADX WARN: Finally extract failed */
    @Override // org.apache.rahas.TokenRenewer
    public SOAPEnvelope renew(RahasData rahasData) throws TrustException {
        MessageContext inMessageContext = rahasData.getInMessageContext();
        SAMLTokenIssuerConfig sAMLTokenIssuerConfig = null;
        if (this.configElement != null) {
            sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(this.configElement.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
        }
        if (sAMLTokenIssuerConfig == null && this.configFile != null) {
            sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(this.configFile);
        }
        if (sAMLTokenIssuerConfig == null && this.configParamName != null) {
            Parameter parameter = inMessageContext.getParameter(this.configParamName);
            if (parameter == null || parameter.getParameterElement() == null) {
                throw new TrustException("expectedParameterMissing", new String[]{this.configParamName});
            }
            sAMLTokenIssuerConfig = new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
        }
        if (sAMLTokenIssuerConfig == null) {
            throw new TrustException("configurationIsNull");
        }
        TokenStorage tokenStore = TrustUtil.getTokenStore(inMessageContext);
        try {
            DocumentBuilderFactoryImpl.setDOOMRequired(true);
            SOAPEnvelope createSOAPEnvelope = TrustUtil.createSOAPEnvelope(inMessageContext.getEnvelope().getNamespace().getNamespaceURI());
            int version = rahasData.getVersion();
            OMElement createRequestSecurityTokenResponseElement = 1 == version ? TrustUtil.createRequestSecurityTokenResponseElement(version, createSOAPEnvelope.getBody()) : TrustUtil.createRequestSecurityTokenResponseElement(version, TrustUtil.createRequestSecurityTokenResponseCollectionElement(version, createSOAPEnvelope.getBody()));
            Crypto cryptoFactory = sAMLTokenIssuerConfig.cryptoElement != null ? CryptoFactory.getInstance(TrustUtil.toProperties(sAMLTokenIssuerConfig.cryptoElement), inMessageContext.getAxisService().getClassLoader()) : CryptoFactory.getInstance(sAMLTokenIssuerConfig.cryptoPropertiesFile, inMessageContext.getAxisService().getClassLoader());
            TrustUtil.createTokenTypeElement(version, createRequestSecurityTokenResponseElement).setText(RahasConstants.TOK_TYPE_SAML_10);
            Date date = new Date();
            Date date2 = new Date();
            date2.setTime(date.getTime() + sAMLTokenIssuerConfig.ttl);
            XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
            TrustUtil.createLifetimeElement(version, createRequestSecurityTokenResponseElement, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
            try {
                try {
                    SAMLAssertion sAMLAssertion = new SAMLAssertion((Element) tokenStore.getToken(rahasData.getTokenId()).getToken());
                    sAMLAssertion.unsign();
                    sAMLAssertion.setNotBefore(date);
                    sAMLAssertion.setNotOnOrAfter(date2);
                    X509Certificate[] certificates = cryptoFactory.getCertificates(sAMLTokenIssuerConfig.issuerKeyAlias);
                    sAMLAssertion.sign(certificates[0].getPublicKey().getAlgorithm().equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1", cryptoFactory.getPrivateKey(sAMLTokenIssuerConfig.issuerKeyAlias, sAMLTokenIssuerConfig.issuerKeyPassword), Arrays.asList(certificates));
                    TrustUtil.createRequestedSecurityTokenElement(version, createRequestSecurityTokenResponseElement).addChild((OMNode) ((Element) createRequestSecurityTokenResponseElement).getOwnerDocument().importNode(sAMLAssertion.toDOM(), true));
                    DocumentBuilderFactoryImpl.setDOOMRequired(false);
                    return createSOAPEnvelope;
                } catch (Exception e) {
                    throw new TrustException("Cannot create SAML Assertion", e);
                }
            } catch (WSSecurityException e2) {
                throw new TrustException("Cannot create SAML Assertion", (Throwable) e2);
            } catch (SAMLException e3) {
                throw new TrustException("Cannot create SAML Assertion", e3);
            }
        } catch (Throwable th) {
            DocumentBuilderFactoryImpl.setDOOMRequired(false);
            throw th;
        }
    }

    @Override // org.apache.rahas.TokenRenewer
    public void setConfigurationFile(String str) {
        this.configFile = str;
    }

    @Override // org.apache.rahas.TokenRenewer
    public void setConfigurationElement(OMElement oMElement) {
        this.configElement = oMElement;
    }

    @Override // org.apache.rahas.TokenRenewer
    public void setConfigurationParamName(String str) {
        this.configParamName = str;
    }
}
