package com.sun.xml.ws.security.secconv.impl.client;

import com.sun.xml.ws.api.security.secconv.client.SCTokenConfiguration;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.IssuedTokenProvider;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextToken;
import com.sun.xml.ws.security.SecurityContextTokenInfo;
import com.sun.xml.ws.security.impl.policyconv.IntegrityAssertionProcessor;
import com.sun.xml.ws.security.impl.policyconv.SecurityPolicyUtil;
import com.sun.xml.ws.security.secconv.WSSCFactory;
import com.sun.xml.ws.security.secconv.WSSCPlugin;
import com.sun.xml.ws.security.secconv.WSSecureConversationException;
import com.sun.xml.ws.security.trust.Configuration;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.policy.PolicyGenerationException;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SignatureTarget;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Hashtable;
import java.util.Iterator;

/* loaded from: input_file:spg-ui-war-2.1.0.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/secconv/impl/client/SCTokenProviderImpl.class */
public class SCTokenProviderImpl implements IssuedTokenProvider {
    private static final WSSCPlugin scp = WSSCFactory.newSCPlugin((Configuration) null);
    private Hashtable<String, IssuedTokenContext> issuedTokenContextMap = new Hashtable<>();
    private Hashtable<String, SecurityContextTokenInfo> securityContextTokenMap = new Hashtable<>();

    @Override // com.sun.xml.ws.api.security.trust.client.IssuedTokenProvider
    public void issue(IssuedTokenContext issuedTokenContext) throws WSTrustException {
        SCTokenConfiguration sCTokenConfiguration = (SCTokenConfiguration) issuedTokenContext.getSecurityPolicy().get(0);
        if (this.issuedTokenContextMap.get(sCTokenConfiguration.getTokenId()) != null) {
            if (sCTokenConfiguration.isExpired()) {
                renew(this.issuedTokenContextMap.get(sCTokenConfiguration.getTokenId()));
                return;
            } else {
                getSecurityContextToken(sCTokenConfiguration.getTokenId(), sCTokenConfiguration.checkTokenExpiry());
                return;
            }
        }
        if (sCTokenConfiguration.getMessagePolicy() == null) {
            scp.process(issuedTokenContext);
            addSecurityContextToken(sCTokenConfiguration.getTokenId(), issuedTokenContext);
            addSecurityContextToken(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getIdentifier().toString(), issuedTokenContext);
        } else {
            try {
                if (sCTokenConfiguration.addRenewPolicy()) {
                    appendEndorsingSCTRenewPolicy(sCTokenConfiguration.getMessagePolicy());
                } else {
                    deleteRenewPolicy(sCTokenConfiguration.getMessagePolicy());
                }
            } catch (PolicyGenerationException e) {
                throw new WSTrustException(e.getMessage());
            }
        }
    }

    @Override // com.sun.xml.ws.api.security.trust.client.IssuedTokenProvider
    public void cancel(IssuedTokenContext issuedTokenContext) throws WSTrustException {
        scp.processCancellation(issuedTokenContext);
    }

    @Override // com.sun.xml.ws.api.security.trust.client.IssuedTokenProvider
    public void renew(IssuedTokenContext issuedTokenContext) throws WSTrustException {
        scp.processRenew(issuedTokenContext);
        addSecurityContextTokenInfo(((SecurityContextToken) issuedTokenContext.getSecurityToken()).getInstance(), issuedTokenContext.getSecurityContextTokenInfo());
    }

    @Override // com.sun.xml.ws.api.security.trust.client.IssuedTokenProvider
    public void validate(IssuedTokenContext issuedTokenContext) throws WSTrustException {
    }

    private void addSecurityContextToken(String str, IssuedTokenContext issuedTokenContext) {
        this.issuedTokenContextMap.put(str, issuedTokenContext);
    }

    private void addSecurityContextTokenInfo(String str, SecurityContextTokenInfo securityContextTokenInfo) {
        this.securityContextTokenMap.put(str, securityContextTokenInfo);
    }

    private IssuedTokenContext getSecurityContextToken(String str, boolean z) throws WSSecureConversationException {
        IssuedTokenContext issuedTokenContext = this.issuedTokenContextMap.get(str);
        if (issuedTokenContext != null && z) {
            GregorianCalendar gregorianCalendar = new GregorianCalendar();
            long j = gregorianCalendar.get(15);
            if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
                j += gregorianCalendar.getTimeZone().getDSTSavings();
            }
            gregorianCalendar.setTimeInMillis(gregorianCalendar.getTimeInMillis() - j);
            Date time = gregorianCalendar.getTime();
            if (!time.after(issuedTokenContext.getCreationTime()) || !time.before(issuedTokenContext.getExpirationTime())) {
                throw new WSSecureConversationException("SecureConversation session for session Id:" + str + "has expired.");
            }
        }
        return issuedTokenContext;
    }

    public SecurityContextTokenInfo getSecurityContextTokenInfo(String str) {
        return this.securityContextTokenMap.get(str);
    }

    private void appendEndorsingSCTRenewPolicy(MessagePolicy messagePolicy) throws PolicyGenerationException {
        SignaturePolicy renewSignaturePolicy = scp.getRenewSignaturePolicy();
        SignaturePolicy.FeatureBinding featureBinding = (SignaturePolicy.FeatureBinding) renewSignaturePolicy.getFeatureBinding();
        Iterator it = messagePolicy.getPrimaryPolicies().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityPolicy securityPolicy = (SecurityPolicy) it.next();
            if (PolicyTypeUtil.signaturePolicy(securityPolicy)) {
                SignaturePolicy signaturePolicy = (SignaturePolicy) securityPolicy;
                SignatureTarget newURISignatureTarget = new IntegrityAssertionProcessor(scp.getAlgorithmSuite(), true).getTargetCreator().newURISignatureTarget(signaturePolicy.getUUID());
                SecurityPolicyUtil.setName(newURISignatureTarget, signaturePolicy);
                featureBinding.addTargetBinding(newURISignatureTarget);
                featureBinding.isEndorsingSignature(true);
                break;
            }
        }
        messagePolicy.append(renewSignaturePolicy);
    }

    private void deleteRenewPolicy(MessagePolicy messagePolicy) {
        Iterator it = messagePolicy.getPrimaryPolicies().iterator();
        while (it.hasNext()) {
            SecurityPolicy securityPolicy = (SecurityPolicy) it.next();
            if (PolicyTypeUtil.signaturePolicy(securityPolicy)) {
                SignaturePolicy signaturePolicy = (SignaturePolicy) securityPolicy;
                if (signaturePolicy.getUUID().equals("_99")) {
                    messagePolicy.remove(signaturePolicy);
                    return;
                }
            }
        }
    }
}
