package org.forgerock.openam.authentication.modules.persistentcookie;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.datastruct.CollectionHelper;
import com.sun.identity.sm.SMSException;
import com.sun.identity.sm.ServiceConfigManager;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.security.auth.message.MessageInfo;
import org.forgerock.jaspi.modules.session.jwt.ServletJwtSessionModule;
import org.forgerock.json.jose.jwt.Jwt;
import org.forgerock.openam.authentication.modules.common.JaspiAuthModuleWrapper;
import org.forgerock.openam.utils.AMKeyProvider;
import org.forgerock.util.annotations.VisibleForTesting;

/* loaded from: input_file:org/forgerock/openam/authentication/modules/persistentcookie/PersistentCookieModuleWrapper.class */
public class PersistentCookieModuleWrapper extends JaspiAuthModuleWrapper<ServletJwtSessionModule> {
    private final AMKeyProvider amKeyProvider;
    public static final String AUTH_RESOURCE_BUNDLE_NAME = "amAuthPersistentCookie";
    public static final String SSO_TOKEN_ORGANIZATION_PROPERTY_KEY = "Organization";
    public static final String ENFORCE_CLIENT_IP_SETTING_KEY = "openam-auth-persistent-cookie-enforce-ip";
    public static final String SECURE_COOKIE_KEY = "openam-auth-persistent-cookie-secure-cookie";
    public static final String HTTP_ONLY_COOKIE_KEY = "openam-auth-persistent-cookie-http-only-cookie";
    public static final String COOKIE_NAME_KEY = "openam-auth-persistent-cookie-name";
    public static final String COOKIE_DOMAINS_KEY = "openam-auth-persistent-cookie-domains";
    private static final String AUTH_SERVICE_NAME = "iPlanetAMAuthService";
    public static final String HMAC_KEY = "openam-auth-persistent-cookie-hmac-key";
    private static final String AUTH_KEY_ALIAS = "iplanet-am-auth-key-alias";
    public static final String OPENAM_USER_CLAIM_KEY = "openam.usr";
    public static final String OPENAM_AUTH_TYPE_CLAIM_KEY = "openam.aty";
    public static final String OPENAM_SESSION_ID_CLAIM_KEY = "openam.sid";
    public static final String OPENAM_REALM_CLAIM_KEY = "openam.rlm";
    public static final String OPENAM_CLIENT_IP_CLAIM_KEY = "openam.clientip";

    public PersistentCookieModuleWrapper() {
        this(new ServletJwtSessionModule(), new AMKeyProvider());
    }

    @VisibleForTesting
    protected PersistentCookieModuleWrapper(ServletJwtSessionModule servletJwtSessionModule, AMKeyProvider aMKeyProvider) {
        super(servletJwtSessionModule);
        this.amKeyProvider = aMKeyProvider;
    }

    public Map<String, Object> generateConfig(String str, String str2, boolean z, String str3, boolean z2, boolean z3, String str4, Collection<String> collection, String str5) throws SMSException, SSOException {
        HashMap hashMap = new HashMap();
        hashMap.put("keyAlias", getKeyAlias(str3));
        hashMap.put("privateKeyPassword", this.amKeyProvider.getPrivateKeyPass());
        hashMap.put("keystoreType", this.amKeyProvider.getKeystoreType());
        hashMap.put("keystoreFile", this.amKeyProvider.getKeystoreFilePath());
        hashMap.put("keystorePassword", new String(this.amKeyProvider.getKeystorePass()));
        hashMap.put("tokenIdleTimeMinutes", str);
        hashMap.put("maxTokenLifeMinutes", str2);
        hashMap.put("isSecure", Boolean.valueOf(z2));
        hashMap.put("isHttpOnly", Boolean.valueOf(z3));
        hashMap.put(ENFORCE_CLIENT_IP_SETTING_KEY, Boolean.valueOf(z));
        hashMap.put("sessionCookieName", str4);
        hashMap.put("cookieDomains", collection);
        hashMap.put("hmacKey", str5);
        return hashMap;
    }

    private String getKeyAlias(String str) throws SSOException, SMSException {
        return CollectionHelper.getMapAttr(getServiceConfigManager().getOrganizationConfig(str, (String) null).getAttributes(), AUTH_KEY_ALIAS);
    }

    @VisibleForTesting
    protected ServiceConfigManager getServiceConfigManager() throws SSOException, SMSException {
        return new ServiceConfigManager(AUTH_SERVICE_NAME, (SSOToken) AccessController.doPrivileged((PrivilegedAction) AdminTokenAction.getInstance()));
    }

    public Jwt validateJwtSessionCookie(MessageInfo messageInfo) {
        return getServerAuthModule().validateJwtSessionCookie(messageInfo);
    }

    public Map<String, Object> getContextMap(MessageInfo messageInfo) {
        return getServerAuthModule().getContextMap(messageInfo);
    }

    public void deleteSessionJwtCookie(MessageInfo messageInfo) {
        getServerAuthModule().deleteSessionJwtCookie(messageInfo);
    }
}
