package com.ibm.websphere.wssecurity.callbackhandler;

import com.ibm.wsspi.wssecurity.core.config.CallbackHandlerConfig;
import com.ibm.wsspi.wssecurity.core.config.KeyInformationConfig;
import com.ibm.wsspi.wssecurity.core.config.KeyStoreConfig;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.SamlConstants;
import java.io.IOException;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:wasJars/was-wssecurity-wsspi.jar:com/ibm/websphere/wssecurity/callbackhandler/SAMLConsumerCallbackHandler.class */
public class SAMLConsumerCallbackHandler implements CallbackHandler, Serializable {
    private static final long serialVersionUID = -2223655857588374454L;
    private static final String ISSUER = "trustedIssuer";
    private static final String SUBJECTDN = "trustedSubjectDN";
    private String keyStoreRef;
    private String keyStorePath;
    private String keyStoreType;
    private char[] keyStorePassword;
    private String alias;
    private char[] keyPassword;
    private String keyName;
    private String trustStoreRef;
    private String trustStorePath;
    private String trustStoreType;
    private char[] trustStorePassword;
    private String trustedAlias;
    private boolean trustAnySigner;
    private boolean signatureRequired;
    private long clockSkew;
    private boolean oneTimeUseValidation;
    private boolean audienceValidation;
    private ArrayList<String[]> trustedIssuers;
    private String confirmationMethod;
    private List<String> X509Paths = new ArrayList();
    private List<String> CRLPaths = new ArrayList();
    private int dktKeylength;
    private int nonceLength;
    private boolean requiredDKT;
    private boolean useImpliedDkt;
    private String clientLabel;
    private String serviceLabel;
    private boolean isWSSAPI;

    public SAMLConsumerCallbackHandler(Map<Object, Object> map) {
        this.trustAnySigner = false;
        this.signatureRequired = true;
        this.clockSkew = ConsumerConfig.DEFAULT_CLOCKSKEW;
        this.oneTimeUseValidation = true;
        this.audienceValidation = false;
        this.trustedIssuers = new ArrayList<>();
        this.confirmationMethod = "Bearer";
        this.dktKeylength = 0;
        this.nonceLength = 0;
        this.requiredDKT = false;
        this.useImpliedDkt = false;
        this.clientLabel = null;
        this.serviceLabel = null;
        this.isWSSAPI = false;
        CallbackHandlerConfig callbackHandlerConfig = (CallbackHandlerConfig) map.get(CallbackHandlerConfig.CONFIG_KEY);
        if (callbackHandlerConfig != null) {
            KeyStoreConfig resolvingKeyStore = callbackHandlerConfig.getResolvingKeyStore();
            if (resolvingKeyStore != null) {
                this.keyStoreRef = resolvingKeyStore.getKsRef();
                this.keyStorePath = resolvingKeyStore.getPath();
                this.keyStoreType = resolvingKeyStore.getType();
                String password = resolvingKeyStore.getPassword();
                this.keyStorePassword = password == null ? null : password.toCharArray();
            }
            KeyInformationConfig keyInformation = callbackHandlerConfig.getKeyInformation();
            if (keyInformation != null) {
                this.alias = keyInformation.getAlias();
                this.keyName = keyInformation.getName();
                String keyPass = keyInformation.getKeyPass();
                this.keyPassword = keyPass == null ? null : keyPass.toCharArray();
            }
        }
        Map<Object, Object> map2 = map;
        if (callbackHandlerConfig != null) {
            map2 = callbackHandlerConfig.getProperties();
        } else {
            this.isWSSAPI = true;
        }
        if (map2 != null) {
            if (map2.get(SamlConstants.KEY_STORE_REF) != null || map2.get("keyStorePath") != null) {
                this.keyStoreRef = (String) map2.get(SamlConstants.KEY_STORE_REF);
                this.keyStorePath = (String) map2.get("keyStorePath");
                this.keyStoreType = (String) map2.get("keyStoreType");
                Object obj = map2.get("keyStorePassword");
                if (obj != null) {
                    this.keyStorePassword = ((String) obj).toCharArray();
                }
            }
            if (map2.get("keyName") != null) {
                this.alias = (String) map2.get("keyAlias");
                this.keyName = (String) map2.get("keyName");
                Object obj2 = map2.get("keyPassword");
                if (obj2 != null) {
                    this.keyPassword = ((String) obj2).toCharArray();
                }
            }
            this.trustStoreRef = (String) map2.get(SamlConstants.TRUST_STORE_REF);
            this.trustStorePath = (String) map2.get(SamlConstants.TRUST_STORE_PATH);
            this.trustStoreType = (String) map2.get(SamlConstants.TRUST_STORE_TYPE);
            Object obj3 = map2.get(SamlConstants.TRUST_STORE_PASSWORD);
            if (obj3 != null) {
                this.trustStorePassword = ((String) obj3).toCharArray();
            }
            this.trustedAlias = (String) map2.get(SamlConstants.TRUSTED_STS_ALIAS);
            Object obj4 = map2.get(SamlConstants.TRUST_ANY_STS_SIGNER);
            if (obj4 != null) {
                String str = (String) obj4;
                if (str.equalsIgnoreCase("true") || str.equalsIgnoreCase("yes")) {
                    this.trustAnySigner = true;
                }
            }
            Object obj5 = map2.get(SamlConstants.VALIDATE_AUDIENCE);
            if (obj5 != null) {
                String str2 = (String) obj5;
                if (str2.equalsIgnoreCase("true") || str2.equalsIgnoreCase("yes")) {
                    this.audienceValidation = true;
                }
            }
            Object obj6 = map2.get(SamlConstants.VALIDATE_ONETIMEUSE);
            if (obj6 != null) {
                String str3 = (String) obj6;
                if (str3.equalsIgnoreCase("false") || str3.equalsIgnoreCase("no")) {
                    this.oneTimeUseValidation = false;
                }
            }
            String str4 = (String) map2.get(SamlConstants.CLOCK_SKEW);
            if (str4 != null && !str4.trim().isEmpty()) {
                this.clockSkew = Long.parseLong(str4) * 60 * 1000;
            }
            Object obj7 = map2.get(SamlConstants.SIGNATURE_REQUIRED);
            if (obj7 != null) {
                String str5 = (String) obj7;
                if (str5.equalsIgnoreCase("false") || str5.equalsIgnoreCase("no") || str5.equalsIgnoreCase("optional")) {
                    this.signatureRequired = false;
                }
            }
            this.confirmationMethod = (String) map2.get("confirmationMethod");
            this.trustedIssuers = createTrustedIssuers(map2);
            sortX509orCRL(map2);
            if (map2.get(SamlConstants.DKT_KEY_LENGTH) != null) {
                this.dktKeylength = Integer.parseInt((String) map2.get(SamlConstants.DKT_KEY_LENGTH));
            }
            if (map2.get(SamlConstants.DKT_NONCE_LENGTH) != null) {
                this.nonceLength = Integer.parseInt((String) map2.get(SamlConstants.DKT_NONCE_LENGTH));
            }
            if (map2.get(SamlConstants.REQUIRE_DKT) != null && "true".equalsIgnoreCase((String) map2.get(SamlConstants.REQUIRE_DKT))) {
                this.requiredDKT = true;
            }
            if (map2.get(SamlConstants.CLIENT_LABEL) != null) {
                this.clientLabel = (String) map2.get(SamlConstants.CLIENT_LABEL);
            }
            if (map2.get(SamlConstants.SERVICE_LABEL) != null) {
                this.serviceLabel = (String) map2.get(SamlConstants.SERVICE_LABEL);
            }
            if (map2.get(SamlConstants.USE_IMPLIED_DKT) == null || !"true".equalsIgnoreCase((String) map2.get(SamlConstants.USE_IMPLIED_DKT))) {
                return;
            }
            this.useImpliedDkt = true;
        }
    }

    public static ArrayList createTrustedIssuers(Map map) {
        int size = map.size() + 1;
        String[] strArr = new String[size];
        String[] strArr2 = new String[size];
        ArrayList arrayList = new ArrayList();
        for (Object obj : map.keySet()) {
            if ((obj instanceof String) && ((String) obj).startsWith(ISSUER)) {
                addToSortedArray((String) obj, (String) map.get(obj), strArr);
            } else if ((obj instanceof String) && ((String) obj).startsWith(SUBJECTDN)) {
                addToSortedArray((String) obj, (String) map.get(obj), strArr2);
            }
        }
        for (int i = 0; i < size; i++) {
            if (strArr[i] != null || strArr2[i] != null) {
                arrayList.add(new String[]{strArr[i], strArr2[i]});
            }
        }
        return arrayList;
    }

    private static void addToSortedArray(String str, String str2, String[] strArr) {
        int lastIndexOf = str.lastIndexOf("_");
        if (lastIndexOf >= 0) {
            strArr[Integer.parseInt(str.substring(lastIndexOf + 1))] = str2;
        } else {
            strArr[0] = str2;
        }
    }

    private void sortX509orCRL(Map map) {
        int length = SamlConstants.X509PATH.length();
        int length2 = SamlConstants.CRLPATH.length();
        for (Object obj : map.keySet()) {
            if ((obj instanceof String) && obj != null) {
                String str = (String) obj;
                if (str.equalsIgnoreCase(SamlConstants.X509PATH)) {
                    this.X509Paths.add((String) map.get(obj));
                }
                if (str.equalsIgnoreCase(SamlConstants.CRLPATH)) {
                    this.CRLPaths.add((String) map.get(obj));
                }
                if (str.length() > length + 1 && str.substring(0, length + 1).equalsIgnoreCase(SamlConstants.X509PATH_PREFIX)) {
                    this.X509Paths.add((String) map.get(obj));
                }
                if (str.length() > length2 + 1 && str.substring(0, length2 + 1).equalsIgnoreCase(SamlConstants.CRLPATH_PREFIX)) {
                    this.CRLPaths.add((String) map.get(obj));
                }
            }
        }
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        if (callbackArr == null || callbackArr.length == 0) {
            throw new UnsupportedCallbackException(null, "There is no callback.");
        }
        for (Callback callback : callbackArr) {
            if (callback instanceof SAMLConsumeCallback) {
                SAMLConsumeCallback sAMLConsumeCallback = (SAMLConsumeCallback) callback;
                sAMLConsumeCallback.setKeyStoreReference(this.keyStoreRef);
                sAMLConsumeCallback.setKeyStorePath(this.keyStorePath);
                sAMLConsumeCallback.setKeyStoreType(this.keyStoreType);
                sAMLConsumeCallback.setKeyStorePassword(this.keyStorePassword);
                sAMLConsumeCallback.setAlias(this.alias);
                sAMLConsumeCallback.setKeyPassword(this.keyPassword);
                sAMLConsumeCallback.setKeyName(this.keyName);
                sAMLConsumeCallback.setTrustStorePath(this.trustStorePath);
                sAMLConsumeCallback.setTrustStoreRef(this.trustStoreRef);
                sAMLConsumeCallback.setTrustStorePassword(this.trustStorePassword);
                sAMLConsumeCallback.setTrustStoreType(this.trustStoreType);
                sAMLConsumeCallback.setTrustedSTSAlias(this.trustedAlias);
                sAMLConsumeCallback.setIsSignatureRequired(this.signatureRequired);
                sAMLConsumeCallback.setTrustAnySigner(this.trustAnySigner);
                sAMLConsumeCallback.setClockSkew(this.clockSkew);
                sAMLConsumeCallback.setEnforceAudienceRestriction(this.audienceValidation);
                sAMLConsumeCallback.setEnforceOneTimeUse(this.oneTimeUseValidation);
                sAMLConsumeCallback.setTrustedIssuers(this.trustedIssuers);
                sAMLConsumeCallback.setConfirmationMethod(this.confirmationMethod);
                sAMLConsumeCallback.setX509Path(this.X509Paths);
                sAMLConsumeCallback.setCRLPath(this.CRLPaths);
            } else if (this.isWSSAPI && (callback instanceof DerivedKeyInfoCallback)) {
                ((DerivedKeyInfoCallback) callback).setRequiredDKT(this.requiredDKT);
                ((DerivedKeyInfoCallback) callback).setClientLabel(this.clientLabel);
                ((DerivedKeyInfoCallback) callback).setServerLabel(this.serviceLabel);
                ((DerivedKeyInfoCallback) callback).setKeyBytesLength(this.dktKeylength);
                ((DerivedKeyInfoCallback) callback).setNonceBytesLength(this.nonceLength);
            }
        }
    }
}
