package com.ibm.ws.wssecurity.trust.server.sts.ext.sct;

import com.ibm.ws.wssecurity.trust.server.sts.ext.InvalidRequestException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler;
import com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandlerException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.UnableToRenewException;
import com.ibm.ws.wssecurity.trust.server.sts.ext.UninitializedHandlerException;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.SCT;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Date;
import java.util.Properties;
import org.eclipse.higgins.sts.IConstants;
import org.eclipse.higgins.sts.IElement;
import org.eclipse.higgins.sts.ILifetime;
import org.eclipse.higgins.sts.IRequestSecurityToken;
import org.eclipse.higgins.sts.IRequestSecurityTokenResponse;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/trust/server/sts/ext/sct/SCTRenew.class */
public class SCTRenew extends SCTIssue implements RequestHandler {
    private int lifetimeMSec;
    private boolean initialized = false;
    private static final String CLASS_NAME = SCTRenew.class.getName();
    private static final TraceComponent tc = Tr.register(SCTRenew.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.sct.SCTIssue, com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public IRequestSecurityTokenResponse handleRequest(IRequestSecurityToken iRequestSecurityToken, String str, IConstants iConstants) throws RequestHandlerException {
        byte[] generateSecret;
        trEntry("handleRequest()");
        if (!this.initialized) {
            String str2 = CLASS_NAME + " has not been initialized. Initialize the handler before handling requests.";
            trDebug(str2);
            Tr.error(tc, SCTHelper.getMessage(Constants.ERROR_CODE_RENEW_HANDLER_UNINITIALIZED, null));
            trExit("handleRequest()");
            throw ((UninitializedHandlerException) SCTHelper.populateIFault(new UninitializedHandlerException(str2), "wst", iConstants.getWSTrustNamespace(), "RequestFailed", Constants.FAULT_STRING_KEY_REQUEST_FAILED));
        }
        IElement renewTarget = iRequestSecurityToken.getRenewTarget();
        if (renewTarget == null) {
            trDebug("Missing RenewTarget element.");
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_RENEW_TARGET_MISSING, null));
            trExit("handleRequest()");
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("Missing RenewTarget element."), "wst", iConstants.getWSTrustNamespace(), "InvalidRequest", Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        String extractUUIDFromRenewTarget = extractUUIDFromRenewTarget(renewTarget);
        if (extractUUIDFromRenewTarget == null) {
            trDebug("UUID was not successfully extracted from renew request. Renew failed.");
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_EXTRACTION_FROM_RENEW_TARGET_FAILED, null));
            trExit("handleRequest()");
            throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("UUID was not successfully extracted from renew request. Renew failed."), "wst", iConstants.getWSTrustNamespace(), "InvalidRequest", Constants.FAULT_STRING_KEY_INVALID_REQUEST));
        }
        SCT sct = (SCT) SCTHelper.getCache().getToken(extractUUIDFromRenewTarget);
        if (sct == null) {
            String str3 = "SCT with the UUID " + extractUUIDFromRenewTarget + " does not exist. Renew failed.";
            trDebug(str3);
            trExit("handleRequest()");
            throw ((UnableToRenewException) SCTHelper.populateIFault(new UnableToRenewException(str3), "wst", iConstants.getWSTrustNamespace(), "UnableToRenew", Constants.FAULT_STRING_KEY_UNABLE_TO_RENEW));
        }
        String localPart = sct.getValueType().getLocalPart();
        trDebug("=============> ValueType from sct: " + localPart);
        String namespaceURI = sct.getTokenQname().getNamespaceURI();
        trDebug("=============> wsc from sct: " + namespaceURI);
        URI uri = null;
        try {
            uri = new URI(namespaceURI);
        } catch (URISyntaxException e) {
            Tr.warning(tc, SCTHelper.getMessage(Constants.WARNING_CODE_WSC_URI_MALFORMED, new String[]{e.toString()}));
        }
        if (!sct.isRenewable() || sct.isCancelled()) {
            String str4 = "SCT with the UUID " + extractUUIDFromRenewTarget + " is not renewable. Renew failed.";
            trDebug(str4);
            trExit("handleRequest()");
            throw ((UnableToRenewException) SCTHelper.populateIFault(new UnableToRenewException(str4), "wst", iConstants.getWSTrustNamespace(), "UnableToRenew", Constants.FAULT_STRING_KEY_UNABLE_TO_RENEW));
        }
        String[] instances = sct.getInstances();
        Date date = new Date();
        Date date2 = new Date(0L);
        String str5 = null;
        for (String str6 : instances) {
            Date expiration = sct.getExpiration(str6);
            if (expiration.after(date2)) {
                date2 = expiration;
                str5 = str6;
            }
        }
        if (date2.before(date) && !sct.isRenewableAfterExpiration()) {
            String str7 = "SCT with UUID " + extractUUIDFromRenewTarget + " has expired, and is not renewable after expiration. Renew failed.";
            trDebug(str7);
            trExit("handleRequest()");
            throw ((UnableToRenewException) SCTHelper.populateIFault(new UnableToRenewException(str7), "wst", iConstants.getWSTrustNamespace(), "UnableToRenew", Constants.FAULT_STRING_KEY_UNABLE_TO_RENEW));
        }
        IElement entropy = iRequestSecurityToken.getEntropy();
        byte[] extractBinarySecret = extractBinarySecret(entropy);
        String extractAttributeFrom = SCTHelper.extractAttributeFrom(entropy, new String[]{"BinarySecret"}, "Type");
        ILifetime lifetime = iRequestSecurityToken.getLifetime();
        Date date3 = null;
        Date date4 = null;
        if (lifetime != null) {
            date3 = lifetime.getCreated();
            date4 = lifetime.getExpires();
        }
        if (date3 == null) {
            date3 = new Date();
        }
        Date date5 = new Date(date3.getTime() + this.lifetimeMSec);
        if (date4 == null) {
            date4 = date5;
        }
        if (date4.getTime() - date3.getTime() > this.lifetimeMSec) {
            trDebug("Requested lifetime is greater than the configured maximum lifetime. Using the configured maximum lifetime.");
            date4 = date5;
        }
        if (extractBinarySecret == null) {
            trDebug("RequestSecurityToken is missing Entropy/BinarySecret. Using old keys.");
            generateSecret = sct.getServerSecret(str5);
            extractBinarySecret = sct.getClientSecret(str5);
        } else {
            String algorithm = sct.getAlgorithm();
            String provider = sct.getProvider();
            int keySize = sct.getKeySize();
            if (algorithm == null || provider == null) {
                trDebug("Either algorithm or provider in the cached SCT is null. Both must be non-null. Renew failed.");
                Tr.error(tc, SCTHelper.getMessage(Constants.ERROR_CODE_SCT_ALGORITHM_PROVIDER_UNKNOWN, null));
                trExit("handleRequest()");
                throw ((InvalidRequestException) SCTHelper.populateIFault(new InvalidRequestException("Either algorithm or provider in the cached SCT is null. Both must be non-null. Renew failed."), "wst", iConstants.getWSTrustNamespace(), "RequestFailed", Constants.FAULT_STRING_KEY_REQUEST_FAILED));
            }
            generateSecret = SCTHelper.generateSecret(algorithm, provider, keySize);
        }
        String generateUUID = SCTHelper.generateUUID();
        sct.setKeyHistoryEntry(new SCT.KeyHistoryEntry(generateUUID, extractBinarySecret, generateSecret, date3, date4, SCT.SCTState.RENEWED));
        String generateUUID2 = SCTHelper.generateUUID();
        SCTHelper.getCache().updateToken(extractUUIDFromRenewTarget, sct, date4 == null ? -1L : (date4.getTime() - date.getTime()) + this.renewalWindowMSec);
        IElement generateRequestedSecurityToken = generateRequestedSecurityToken(sct, uri, generateUUID2, generateUUID, iConstants);
        IElement generateRequestedAttachedReference = generateRequestedAttachedReference(generateUUID2, localPart, iConstants);
        IElement generateEntropy = generateEntropy(generateSecret, extractAttributeFrom, iConstants);
        ILifetime generateLifetime = generateLifetime(date3, date4);
        IElement generateRenewing = generateRenewing(sct.isRenewable(), sct.isRenewableAfterExpiration(), iConstants);
        IRequestSecurityTokenResponse createRSTR = SCTHelper.createRSTR(iRequestSecurityToken.getContext());
        createRSTR.setRequestedSecurityToken(generateRequestedSecurityToken);
        createRSTR.setRequestedAttachedReference(generateRequestedAttachedReference);
        createRSTR.setEntropy(generateEntropy);
        createRSTR.setLifetime(generateLifetime);
        createRSTR.setRenewing(generateRenewing);
        trExit("handleRequest()");
        return createRSTR;
    }

    @Override // com.ibm.ws.wssecurity.trust.server.sts.ext.sct.SCTIssue, com.ibm.ws.wssecurity.trust.server.sts.ext.RequestHandler
    public void initialize(Properties properties) {
        trEntry("initialize()");
        trDebug("Calling super.initialize()...");
        super.initialize(properties);
        this.lifetimeMSec = Integer.valueOf(properties.getProperty("lifetimeMinutes")).intValue() * 60000;
        this.initialized = true;
        trExit("initialize()");
    }

    private static String extractUUIDFromRenewTarget(IElement iElement) {
        return SCTHelper.extractTextFrom(iElement, new String[]{"SecurityContextToken", "Identifier"});
    }

    private static void trEntry(String str) {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, str);
        }
    }

    private static void trExit(String str) {
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, str);
        }
    }

    private static void trDebug(String str) {
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, str);
        }
    }
}
