package com.tivoli.am.fim.demo.X509CertificateExtensionsMap;

import com.tivoli.am.fim.logging.FIMLevel;
import com.tivoli.am.fim.trustserver.sts.STSMode;
import com.tivoli.am.fim.trustserver.sts.STSModule;
import com.tivoli.am.fim.trustserver.sts.STSModuleException;
import com.tivoli.am.fim.trustserver.sts.STSRequest;
import com.tivoli.am.fim.trustserver.sts.STSResponse;
import com.tivoli.am.fim.trustserver.sts.STSUniversalUser;
import com.tivoli.am.fim.trustserver.sts.uuser.Attribute;
import java.io.ByteArrayInputStream;
import java.security.Principal;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Element;

/* loaded from: input_file:com/tivoli/am/fim/demo/X509CertificateExtensionsMap/ExtensionsMapModule.class */
public class ExtensionsMapModule implements STSModule {
    static final String CLASS;
    static final String NSURI_SCHEMA_WSS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    static final String WSSE_BINARY_SECURITY_TOKEN = "BinarySecurityToken";
    static final String WSSE_VALUE_TYPE = "ValueType";
    static final String VT_PROFILE_X509 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509";
    static final String VT_PROFILE_X509V3 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    static final String VT_PROFILE_X509PKIPathV1 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
    static final String NEWLINE;
    static final String ATTRTYPE = "urn:extensionsmap";
    static final String ATTR_SUBJECT_DN = "SubjectDN";
    static final String ATTR_ISSUER_DN = "IssuerDN";
    static final String ATTR_NOT_BEFORE = "NotBefore";
    static final String ATTR_NOT_AFTER = "NotAfter";
    static final String ATTR_SERIAL_NUMBER = "SerialNumber";
    static final String ATTR_TYPE = "Type";
    static final String ATTR_VERSION = "Version";
    static final String ATTR_BASIC_CONSTRAINTS = "BasicConstraints";
    private static final String CERTIFICATE_PREFIX = "-----BEGIN CERTIFICATE-----";
    private static final String CERTIFICATE_SUFFIX = "-----END CERTIFICATE-----";
    Logger _log = Logger.getLogger(CLASS);
    static Class class$0;

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r1v2, types: [java.lang.Throwable] */
    static {
        Class<?> cls = class$0;
        if (cls == null) {
            try {
                cls = Class.forName("com.tivoli.am.fim.demo.X509CertificateExtensionsMap.ExtensionsMapModule");
                class$0 = cls;
            } catch (ClassNotFoundException unused) {
                throw new NoClassDefFoundError(cls.getMessage());
            }
        }
        CLASS = cls.getName();
        NEWLINE = System.getProperty("line.separator");
    }

    public void destroy() throws STSModuleException {
    }

    public void init(Map map) throws STSModuleException {
    }

    public boolean invoke(STSMode sTSMode, STSRequest sTSRequest, STSResponse sTSResponse) throws STSModuleException {
        this._log.entering(CLASS, "invoke");
        try {
            if (STSMode.MAP == sTSMode) {
                doMap(sTSRequest, sTSResponse);
            }
            return true;
        } finally {
            this._log.exiting(CLASS, "invoke");
        }
    }

    void doMap(STSRequest sTSRequest, STSResponse sTSResponse) throws STSModuleException {
        this._log.entering(CLASS, "doMap");
        try {
            try {
                STSUniversalUser sTSUniversalUser = sTSResponse.getSTSUniversalUser();
                ExtensionsMapModuleConfiguration extensionsMapModuleConfiguration = new ExtensionsMapModuleConfiguration(sTSRequest.getRequestGroupMembership(), sTSUniversalUser);
                boolean isLoggable = this._log.isLoggable(FIMLevel.FINEST);
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "doMap", new StringBuffer("Starting user: ").append(sTSUniversalUser.toString()).toString());
                }
                X509Certificate certificateData = getCertificateData(sTSRequest);
                populateStandardAttributes(extensionsMapModuleConfiguration, certificateData, sTSUniversalUser);
                populateCustomExtensions(extensionsMapModuleConfiguration, certificateData, sTSUniversalUser);
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "doMap", new StringBuffer("Final user: ").append(sTSUniversalUser.toString()).toString());
                }
            } catch (Exception e) {
                throw new STSModuleException("Exception in doMap", e);
            }
        } finally {
            this._log.exiting(CLASS, "doMap");
        }
    }

    void populateStandardAttributes(ExtensionsMapModuleConfiguration extensionsMapModuleConfiguration, X509Certificate x509Certificate, STSUniversalUser sTSUniversalUser) {
        String type;
        String bigInteger;
        Date notAfter;
        String formatDate;
        Date notBefore;
        String formatDate2;
        Principal issuerDN;
        String name;
        Principal subjectDN;
        String name2;
        try {
            boolean isLoggable = this._log.isLoggable(FIMLevel.FINEST);
            if (extensionsMapModuleConfiguration.includeSubjectDN() && (subjectDN = x509Certificate.getSubjectDN()) != null && (name2 = subjectDN.getName()) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_SUBJECT_DN, ATTRTYPE, new String[]{name2}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding SubjectDN: ").append(name2).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeIssuerDN() && (issuerDN = x509Certificate.getIssuerDN()) != null && (name = issuerDN.getName()) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_ISSUER_DN, ATTRTYPE, new String[]{name}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding IssuerDN: ").append(name).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeNotBefore() && (notBefore = x509Certificate.getNotBefore()) != null && (formatDate2 = formatDate(notBefore)) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_NOT_BEFORE, ATTRTYPE, new String[]{formatDate2}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding NotBefore: ").append(formatDate2).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeNotAfter() && (notAfter = x509Certificate.getNotAfter()) != null && (formatDate = formatDate(notAfter)) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_NOT_AFTER, ATTRTYPE, new String[]{formatDate}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding NotAfter: ").append(formatDate).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeSerialNumber() && (bigInteger = x509Certificate.getSerialNumber().toString()) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_SERIAL_NUMBER, ATTRTYPE, new String[]{bigInteger}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding SerialNumber: ").append(bigInteger).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeType() && (type = x509Certificate.getType()) != null) {
                sTSUniversalUser.addAttribute(new Attribute(ATTR_TYPE, ATTRTYPE, new String[]{type}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding Type: ").append(type).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeVersion()) {
                int version = x509Certificate.getVersion();
                sTSUniversalUser.addAttribute(new Attribute(ATTR_VERSION, ATTRTYPE, new String[]{new StringBuffer().append(version).toString()}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding Version: ").append(version).toString());
                }
            }
            if (extensionsMapModuleConfiguration.includeBasicConstraints()) {
                int basicConstraints = x509Certificate.getBasicConstraints();
                sTSUniversalUser.addAttribute(new Attribute(ATTR_BASIC_CONSTRAINTS, ATTRTYPE, new String[]{new StringBuffer().append(basicConstraints).toString()}));
                if (isLoggable) {
                    this._log.logp(Level.FINEST, CLASS, "populateStandardAttributes", new StringBuffer("Adding BasicConstraints: ").append(basicConstraints).toString());
                }
            }
        } finally {
            this._log.exiting(CLASS, "populateStandardAttributes");
        }
    }

    void populateCustomExtensions(ExtensionsMapModuleConfiguration extensionsMapModuleConfiguration, X509Certificate x509Certificate, STSUniversalUser sTSUniversalUser) {
        try {
            boolean isLoggable = this._log.isLoggable(FIMLevel.FINEST);
            String[] oIDList = extensionsMapModuleConfiguration.getOIDList();
            for (int i = 0; i < oIDList.length; i++) {
                byte[] extensionValue = x509Certificate.getExtensionValue(oIDList[i]);
                if (extensionValue != null) {
                    sTSUniversalUser.addAttribute(new Attribute(oIDList[i], ATTRTYPE, new String[]{extensionBytesArrayToString(extensionValue)}));
                }
                if (isLoggable) {
                    StringBuffer stringBuffer = new StringBuffer();
                    stringBuffer.append(oIDList[i]);
                    stringBuffer.append(NEWLINE);
                    stringBuffer.append(TraceUtil.hextrace(extensionValue));
                    this._log.logp(Level.FINEST, CLASS, "populateCustomExtensions", new StringBuffer("Adding Attribute: ").append(stringBuffer.toString()).toString());
                }
            }
        } finally {
            this._log.exiting(CLASS, "populateCustomExtensions");
        }
    }

    X509Certificate getCertificateData(STSRequest sTSRequest) throws STSModuleException, CertificateException {
        try {
            this._log.entering(CLASS, "getCertificateData");
            Element base = sTSRequest.getRequestSecurityToken().getBase();
            if (base == null) {
                throw new STSModuleException("No base security token element found in RST");
            }
            if (!XMLUtil.isElement(base, NSURI_SCHEMA_WSS, WSSE_BINARY_SECURITY_TOKEN)) {
                throw new STSModuleException("Expected a BinarySecurityToken");
            }
            String attribute = base.getAttribute(WSSE_VALUE_TYPE);
            if (attribute == null || !isSupportedValueType(attribute)) {
                throw new STSModuleException("Missing or unsupported valueType");
            }
            String text = XMLUtil.getText(base);
            if (this._log.isLoggable(Level.FINE)) {
                this._log.logp(Level.FINE, CLASS, "getCertificateData", new StringBuffer("Security token value: ").append(text).toString());
            }
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append(CERTIFICATE_PREFIX);
            stringBuffer.append(NEWLINE);
            stringBuffer.append(text);
            stringBuffer.append(NEWLINE);
            stringBuffer.append(CERTIFICATE_SUFFIX);
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(stringBuffer.toString().getBytes()));
            this._log.exiting(CLASS, "getCertificateData", x509Certificate);
            return x509Certificate;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "getCertificateData", null);
            throw th;
        }
    }

    boolean isSupportedValueType(String str) {
        boolean z = false;
        if (str != null && (str.equals(VT_PROFILE_X509) || str.equals(VT_PROFILE_X509V3))) {
            z = true;
        }
        return z;
    }

    String extensionBytesArrayToString(byte[] bArr) {
        String str = "";
        this._log.entering(CLASS, "extensionBytesToStringArray");
        try {
            str = bytesToStringAttr(bArr, " ");
            this._log.exiting(CLASS, "extensionBytesToStringArray", str);
            return str;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "extensionBytesToStringArray", str);
            throw th;
        }
    }

    String bytesToStringAttr(byte[] bArr, String str) {
        String str2 = "";
        this._log.entering(CLASS, "bytesToStringAttr");
        if (bArr != null) {
            try {
                if (bArr.length > 0) {
                    StringBuffer stringBuffer = new StringBuffer();
                    for (int i = 0; i < bArr.length; i++) {
                        stringBuffer.append(TraceUtil.byteToHexAscii(bArr[i]));
                        if (i < bArr.length - 1) {
                            stringBuffer.append(str);
                        }
                    }
                    str2 = stringBuffer.toString();
                }
            } finally {
                this._log.exiting(CLASS, "bytesToStringAttr", str2);
            }
        }
        return str2;
    }

    String formatDate(Date date) {
        String str = null;
        this._log.entering(CLASS, "bytesToStringAttr");
        try {
            str = new SimpleDateFormat("yyyy-MM-dd'T'HH':'mm':'ss'Z'").format(date);
            this._log.exiting(CLASS, "bytesToStringAttr", str);
            return str;
        } catch (Throwable th) {
            this._log.exiting(CLASS, "bytesToStringAttr", str);
            throw th;
        }
    }
}
