package oracle.cloud.paas.internal;

import java.security.AccessController;
import java.security.PrivilegedAction;
import oracle.cloud.paas.exception.ManagerException;
import oracle.security.jps.service.JpsServiceLocator;
import oracle.security.jps.service.trust.TrustService;
import oracle.security.jps.service.trust.token.TokenContext;
import oracle.security.jps.service.trust.token.TokenException;
import oracle.security.jps.service.trust.token.TokenManager;
import oracle.security.jps.service.trust.token.TokenUtil;
import oracle.security.xml.GenericToken;
import oracle.security.xmlsec.wss.util.WSSTokenUtils;

/* loaded from: input_file:oracle.cloud.paas.api.jar:oracle/cloud/paas/internal/TrustTokenProviderImpl.class */
public final class TrustTokenProviderImpl implements TrustTokenProvider {
    @Override // oracle.cloud.paas.internal.TrustTokenProvider
    public String generateToken(String str) {
        try {
            final TokenManager tokenManager = JpsServiceLocator.getServiceLocator().lookup(TrustService.class).getTokenManager();
            final TokenContext createTokenContext = tokenManager.createTokenContext("urn:oracle:security:jps:trustservice:embedded");
            createTokenContext.setSecurityToken(new GenericToken(WSSTokenUtils.createUsernameToken("wsuid", str)));
            createTokenContext.setTokenType("urn:oasis:names:tc:SAML:2.0:assertion");
            createTokenContext.getOtherProperties().put("trust.confirmationMethod", "urn:oasis:names:tc:SAML:2.0:cm:bearer");
            AccessController.doPrivileged(new PrivilegedAction<String>() { // from class: oracle.cloud.paas.internal.TrustTokenProviderImpl.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedAction
                public String run() {
                    try {
                        tokenManager.issueToken(createTokenContext);
                        return null;
                    } catch (TokenException e) {
                        throw new ManagerException(e.getMessage(), (Throwable) e);
                    }
                }
            });
            return TokenUtil.encodeToken(createTokenContext.getSecurityToken());
        } catch (Throwable th) {
            throw new ManagerException("Error creating SAML token for identity propagation: " + Helper.getCauseInfo(th), th);
        }
    }
}
