package com.ibm.ws.wssecurity.saml.saml20.assertion.impl;

import com.ibm.ws.wssecurity.saml.common.SAMLCommonConstants;
import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.common.util.OMUtil;
import com.ibm.ws.wssecurity.saml.saml20.assertion.AudienceRestriction;
import com.ibm.ws.wssecurity.saml.saml20.assertion.ConditionAbstract;
import com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions;
import com.ibm.ws.wssecurity.saml.saml20.assertion.OneTimeUse;
import com.ibm.ws.wssecurity.saml.saml20.assertion.ProxyRestriction;
import com.ibm.ws.wssecurity.token.UTC;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.util.ArrayList;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/saml/saml20/assertion/impl/ConditionsImpl.class */
public class ConditionsImpl implements Conditions {
    private static final String comp = "security.wssecurity";
    private ArrayList<ConditionAbstract> conditionOrAudienceRestrictionOrOneTimeUse;
    private Date notBefore;
    private Date notOnOrAfter;
    private ProviderConfig issueCfg;
    private RequesterConfig requesterData;
    private CredentialConfig cred;
    private OMElement xml;
    private ConsumerConfig assertionConsumingCfg;
    private static final TraceComponent tc = Tr.register(ConditionsImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.samlmessages");
    private static final OMFactory omFactory = OMAbstractFactory.getOMFactory();

    public ConditionsImpl(ConsumerConfig consumerConfig) {
        this.conditionOrAudienceRestrictionOrOneTimeUse = new ArrayList<>();
        this.notBefore = null;
        this.notOnOrAfter = null;
        this.issueCfg = null;
        this.requesterData = null;
        this.cred = null;
        this.xml = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConditionsImpl()");
        }
        this.assertionConsumingCfg = consumerConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConditionsImpl()");
        }
    }

    public ConditionsImpl() {
        this.conditionOrAudienceRestrictionOrOneTimeUse = new ArrayList<>();
        this.notBefore = null;
        this.notOnOrAfter = null;
        this.issueCfg = null;
        this.requesterData = null;
        this.cred = null;
        this.xml = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConditionsImpl()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConditionsImpl()");
        }
    }

    public ConditionsImpl(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        this.conditionOrAudienceRestrictionOrOneTimeUse = new ArrayList<>();
        this.notBefore = null;
        this.notOnOrAfter = null;
        this.issueCfg = null;
        this.requesterData = null;
        this.cred = null;
        this.xml = null;
        this.assertionConsumingCfg = null;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "ConditionsImpl(ProviderConfig, RequesterConfig , CredentialConfig)");
        }
        this.issueCfg = providerConfig;
        this.requesterData = requesterConfig;
        this.cred = credentialConfig;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "ConditionsImpl(ProviderConfig, RequesterConfig , CredentialConfig)");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions
    public List<ConditionAbstract> getConditionOrAudienceRestrictionOrOneTimeUse() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getConditionOrAudienceRestrictionOrOneTimeUse()");
        }
        if (this.conditionOrAudienceRestrictionOrOneTimeUse == null) {
            this.conditionOrAudienceRestrictionOrOneTimeUse = new ArrayList<>();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getConditionOrAudienceRestrictionOrOneTimeUse()");
        }
        return this.conditionOrAudienceRestrictionOrOneTimeUse;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions
    public Date getNotBefore() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNotBefore()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNotBefore(): " + (this.notBefore == null ? null : this.notBefore.toString()));
        }
        return this.notBefore;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions
    public void setNotBefore(Date date) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNotBefore(Date value): " + (date == null ? null : date.toString()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setNotBefore(Date value)");
        }
        this.notBefore = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions
    public Date getNotOnOrAfter() {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getNotOnOrAfter()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getNotOnOrAfter: " + (this.notOnOrAfter == null ? null : this.notOnOrAfter.toString()));
        }
        return this.notOnOrAfter;
    }

    @Override // com.ibm.ws.wssecurity.saml.saml20.assertion.Conditions
    public void setNotOnOrAfter(Date date) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "setNotOnOrAfter(Date value): " + (date == null ? null : date.toString()));
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "setNotBefore(Date value)");
        }
        this.notOnOrAfter = date;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getXML()");
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getXML(): " + (this.xml == null ? null : this.xml.toString()));
        }
        return this.xml;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) throws SoapSecurityException {
        OMElement createOMElement;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "marshal(OMElement parent): " + (oMElement == null ? null : oMElement.toString()));
        }
        if (oMElement == null) {
            createOMElement = omFactory.createOMElement("Conditions", SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
            createOMElement.declareNamespace(SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
        } else {
            createOMElement = oMElement.getOMFactory().createOMElement("Conditions", SAMLCommonConstants._saml2_ns, SAMLCommonConstants._saml2_prefix);
        }
        if (this.notBefore != null) {
            createOMElement.addAttribute("NotBefore", UTC.format(this.notBefore), (OMNamespace) null);
        }
        if (this.notOnOrAfter != null) {
            createOMElement.addAttribute("NotOnOrAfter", UTC.format(this.notOnOrAfter), (OMNamespace) null);
        }
        if (!getConditionOrAudienceRestrictionOrOneTimeUse().isEmpty()) {
            Iterator<ConditionAbstract> it = getConditionOrAudienceRestrictionOrOneTimeUse().iterator();
            while (it.hasNext()) {
                createOMElement.addChild(it.next().marshal(createOMElement));
            }
        }
        this.xml = createOMElement;
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "marshal(OMElement parent): " + (createOMElement == null ? null : createOMElement.toString()));
        }
        return createOMElement;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "unMarshal (OMElement om): " + (oMElement == null ? null : oMElement.toString()));
        }
        this.xml = oMElement;
        String attributeValue = oMElement.getAttributeValue(new QName(null, "NotBefore"));
        if (attributeValue != null) {
            try {
                this.notBefore = UTC.parse(attributeValue);
            } catch (Exception e) {
                throw new SoapSecurityException(e.getMessage(), e.getCause());
            }
        }
        String attributeValue2 = oMElement.getAttributeValue(new QName(null, "NotOnOrAfter"));
        if (attributeValue2 != null) {
            try {
                this.notOnOrAfter = UTC.parse(attributeValue2);
            } catch (Exception e2) {
                throw new SoapSecurityException(e2.getMessage(), e2.getCause());
            }
        }
        OMElement firstElement = OMUtil.getFirstElement(oMElement);
        while (true) {
            OMElement oMElement2 = firstElement;
            if (oMElement2 == null) {
                break;
            }
            String localName = oMElement2.getLocalName();
            if (AudienceRestriction.localName.equals(localName)) {
                AudienceRestrictionImpl audienceRestrictionImpl = new AudienceRestrictionImpl();
                audienceRestrictionImpl.unMarshal(oMElement2);
                getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestrictionImpl);
            } else if (OneTimeUse.localName.equals(localName)) {
                OneTimeUseImpl oneTimeUseImpl = new OneTimeUseImpl();
                oneTimeUseImpl.unMarshal(oMElement2);
                getConditionOrAudienceRestrictionOrOneTimeUse().add(oneTimeUseImpl);
            } else if (ProxyRestriction.localName.equals(localName)) {
                ProxyRestrictionImpl proxyRestrictionImpl = new ProxyRestrictionImpl();
                proxyRestrictionImpl.unMarshal(oMElement2);
                getConditionOrAudienceRestrictionOrOneTimeUse().add(proxyRestrictionImpl);
            }
            firstElement = OMUtil.getNextElement(oMElement2);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "unMarshal (OMElement om)");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "create()");
        }
        this.notBefore = new Date();
        this.notOnOrAfter = new Date(this.notBefore.getTime() + this.issueCfg.getTimeToLive());
        if (this.requesterData != null) {
            this.notBefore.setTime(this.notBefore.getTime() - this.requesterData.getClockSkew());
            this.notOnOrAfter.setTime(this.notOnOrAfter.getTime() + this.requesterData.getClockSkew());
        }
        String str = this.requesterData.getRSTTProperties().get(RequesterConfiguration.RSTT.APPLIESTO_ADDRESS);
        if (str != null && !str.isEmpty()) {
            AudienceRestrictionImpl audienceRestrictionImpl = new AudienceRestrictionImpl(this.issueCfg, this.requesterData, this.cred);
            audienceRestrictionImpl.create();
            getConditionOrAudienceRestrictionOrOneTimeUse().add(audienceRestrictionImpl);
        }
        if (this.requesterData.isOneTimeUse()) {
            OneTimeUseImpl oneTimeUseImpl = new OneTimeUseImpl(this.issueCfg, this.requesterData, this.cred);
            oneTimeUseImpl.create();
            getConditionOrAudienceRestrictionOrOneTimeUse().add(oneTimeUseImpl);
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "create()");
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "validate()");
        }
        if (this.notBefore != null || this.notOnOrAfter != null) {
            Date date = new Date();
            if ((this.notBefore != null && date.before(this.notBefore)) || (this.notOnOrAfter != null && !date.before(this.notOnOrAfter))) {
                long j = 180000;
                if (this.assertionConsumingCfg != null) {
                    j = this.assertionConsumingCfg.getClockSkew();
                }
                long time = date.getTime() + j;
                long time2 = date.getTime() - j;
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "current time: [" + UTC.format(date) + "], [" + date.getTime() + "]");
                    Tr.debug(tc, "clockskew: [" + ((j / 60) / 1000) + " minutes], [" + j + " millis]");
                    if (this.notBefore != null) {
                        Tr.debug(tc, "notBefore: [" + UTC.format(this.notBefore) + "], [" + this.notBefore.getTime() + "]");
                    }
                    if (this.notBefore == null) {
                        Tr.debug(tc, "notBefore: [null]");
                    }
                    if (this.notOnOrAfter != null) {
                        Tr.debug(tc, "notOnOrAfter: [" + UTC.format(this.notOnOrAfter) + "], [" + this.notOnOrAfter.getTime() + "]");
                    }
                    if (this.notOnOrAfter == null) {
                        Tr.debug(tc, "notOnOrAfter: [null]");
                    }
                    Tr.debug(tc, "time adjusted forward for clockskew=" + time);
                    Tr.debug(tc, "time adjusted backward for clockskew=" + time2);
                }
                if (this.notBefore != null && time < this.notBefore.getTime()) {
                    Tr.debug(tc, "timeForward < notBefore. notBefore test failed.");
                    throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7000E", new String[]{UTC.format(this.notBefore), UTC.format(date), String.valueOf((j / 60) / 1000)}));
                }
                if (this.notOnOrAfter != null && time2 > this.notOnOrAfter.getTime()) {
                    Tr.debug(tc, "timeBackward > notOnOrAfter. notOnOrAfter test failed.");
                    throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.CWSML7001E", new String[]{UTC.format(this.notOnOrAfter), UTC.format(date), String.valueOf((j / 60) / 1000)}));
                }
            }
        }
        if (!tc.isEntryEnabled()) {
            return true;
        }
        Tr.exit(tc, "validate() returns: true");
        return true;
    }
}
