package org.apache.tsik.wss.elements;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.apache.tsik.common.Logger;
import org.apache.tsik.common.LoggerFactory;
import org.apache.tsik.common.SchemaMapper;
import org.apache.tsik.datatypes.Base64;
import org.apache.tsik.domutil.DOMCursor;
import org.apache.tsik.domutil.DOMWriteCursor;
import org.apache.tsik.domutil.elements.ElementImpl;
import org.apache.tsik.plugins.SoapMessage;
import org.apache.tsik.util.Namespaces;
import org.apache.tsik.wss.Id;
import org.apache.tsik.wss.TokenResolver;
import org.apache.tsik.xmlenc.AlgorithmType;
import org.apache.tsik.xmlenc.Encryptor;
import org.apache.tsik.xmlenc.tools.ConversionException;
import org.apache.tsik.xmlsig.Verifier;
import org.apache.tsik.xpath.XPath;
import org.apache.tsik.xpath.XPathException;

/* loaded from: input_file:org/apache/tsik/wss/elements/Security.class */
public class Security extends ElementImpl {
    private Element[] elements;
    private static Class c;
    private static Logger log;
    public static String elementName;
    public static String prefix;
    public static String uri;
    private static String[] ns;
    private boolean mustUnderstand;
    private XPath[] refs;
    static Class class$org$apache$tsik$wss$elements$Security;
    static Class class$org$apache$tsik$wss$elements$SecurityToken;
    static Class class$org$apache$tsik$wss$elements$EncryptedData;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/tsik/wss/elements/Security$Element.class */
    public static class Element {
        private String id;
        private ElementImpl element;
        private DOMCursor cursor;
        private boolean hasBeenProcessed = false;
        private boolean isVisible = true;

        Element(String str, ElementImpl elementImpl, DOMCursor dOMCursor) {
            this.id = str;
            this.element = elementImpl;
            if (dOMCursor != null) {
                this.cursor = dOMCursor.cloneCursor();
            }
        }

        void setHasBeenProcessed() {
            this.hasBeenProcessed = true;
        }

        boolean hasBeenProcessed() {
            return this.hasBeenProcessed;
        }

        String getId() {
            return this.id;
        }

        ElementImpl getElementImpl() {
            return this.element;
        }

        DOMCursor getDOMCursor() {
            return this.cursor;
        }

        void setVisible(boolean z) {
            this.isVisible = z;
        }

        boolean isVisible() {
            return this.isVisible;
        }

        public String toString() {
            String stringBuffer = new StringBuffer().append(new StringBuffer().append(new StringBuffer().append(new StringBuffer().append("[Element ").append(" visible=").append(this.isVisible).toString()).append(" processed=").append(this.hasBeenProcessed).toString()).append(" id=").append(this.id).toString()).append(" element=").append(this.element).toString();
            return new StringBuffer().append(this.cursor != null ? new StringBuffer().append(stringBuffer).append(" cursor=").append(this.cursor.createXPath().toString()).toString() : new StringBuffer().append(stringBuffer).append(" cursor=[result of WSS processing]").toString()).append("]").toString();
        }
    }

    @Override // org.apache.tsik.domutil.elements.ElementImpl, org.apache.tsik.domutil.elements.Element
    public void toXml(DOMWriteCursor dOMWriteCursor) {
        DOMWriteCursor addUnder = dOMWriteCursor.addUnder(uri, prefix, elementName);
        for (int i = 0; i < this.elements.length; i++) {
            if (this.elements[i].isVisible()) {
                ElementImpl elementImpl = this.elements[i].getElementImpl();
                DOMWriteCursor dOMWriteCursor2 = new DOMWriteCursor();
                elementImpl.toXml(dOMWriteCursor2);
                String id = this.elements[i].getId();
                if (id != null) {
                    Id.insertInto(dOMWriteCursor2, id);
                }
                addUnder.copyUnder(dOMWriteCursor2);
            }
        }
    }

    public SecurityToken[] getSecurityTokens() {
        Class cls;
        if (class$org$apache$tsik$wss$elements$SecurityToken == null) {
            cls = class$("org.apache.tsik.wss.elements.SecurityToken");
            class$org$apache$tsik$wss$elements$SecurityToken = cls;
        } else {
            cls = class$org$apache$tsik$wss$elements$SecurityToken;
        }
        List elementsOfType = getElementsOfType(cls);
        SecurityToken[] securityTokenArr = new SecurityToken[elementsOfType.size()];
        elementsOfType.toArray(securityTokenArr);
        return securityTokenArr;
    }

    public EncryptedData[] getEncryptedDatas() {
        Class cls;
        if (class$org$apache$tsik$wss$elements$EncryptedData == null) {
            cls = class$("org.apache.tsik.wss.elements.EncryptedData");
            class$org$apache$tsik$wss$elements$EncryptedData = cls;
        } else {
            cls = class$org$apache$tsik$wss$elements$EncryptedData;
        }
        List elementsOfType = getElementsOfType(cls);
        EncryptedData[] encryptedDataArr = new EncryptedData[elementsOfType.size()];
        elementsOfType.toArray(encryptedDataArr);
        return encryptedDataArr;
    }

    private List getElementsOfType(Class cls) {
        ArrayList arrayList = new ArrayList();
        for (int i = 0; i < this.elements.length; i++) {
            ElementImpl elementImpl = this.elements[i].getElementImpl();
            if (cls.isInstance(elementImpl)) {
                arrayList.add(elementImpl);
            }
        }
        return arrayList;
    }

    public ElementImpl getElement(String str) {
        for (int i = 0; i < this.elements.length; i++) {
            String id = this.elements[i].getId();
            if (id != null && id.equals(str)) {
                return this.elements[i].getElementImpl();
            }
        }
        return null;
    }

    public Security() {
        this(null);
    }

    public Security(ArrayList arrayList) {
        if (arrayList != null) {
            this.elements = (Element[]) arrayList.toArray(new Element[0]);
        } else {
            this.elements = new Element[0];
        }
    }

    private void addElem(Element element) {
        ArrayList arrayList = new ArrayList(Arrays.asList(this.elements));
        arrayList.add(element);
        this.elements = (Element[]) arrayList.toArray(new Element[0]);
    }

    public void addElement(String str, ElementImpl elementImpl, DOMCursor dOMCursor) {
        addElem(new Element(str, elementImpl, dOMCursor));
    }

    public void addHiddenElement(String str, ElementImpl elementImpl, DOMCursor dOMCursor) {
        Element element = new Element(str, elementImpl, dOMCursor);
        element.setVisible(false);
        addElem(element);
    }

    public void setMustUnderstand(boolean z) {
        this.mustUnderstand = z;
    }

    public boolean getMustUnderstand() {
        return this.mustUnderstand;
    }

    public static Security fromXml(DOMCursor dOMCursor) {
        return fromXmlMustUnderstand(false, dOMCursor);
    }

    public static Security fromXmlMustUnderstand(boolean z, DOMCursor dOMCursor) {
        DOMCursor placeCursor = placeCursor(dOMCursor, elementName, prefix, uri, ns);
        ArrayList arrayList = new ArrayList();
        for (boolean moveToChild = placeCursor.moveToChild(1); moveToChild; moveToChild = placeCursor.moveToSibling(1)) {
            String id = Id.getId(placeCursor);
            ElementImpl elementImpl = null;
            if (placeCursor.atElement(UsernameToken.uri, UsernameToken.elementName)) {
                elementImpl = UsernameToken.fromXml(placeCursor);
            } else if (placeCursor.atElement(BinarySecurityToken.uri, BinarySecurityToken.elementName)) {
                try {
                    elementImpl = BinarySecurityToken.fromXml(placeCursor);
                } catch (CertificateException e) {
                    e.printStackTrace();
                }
            } else if (placeCursor.atElement(Timestamp.uri, Timestamp.elementName)) {
                elementImpl = Timestamp.fromXml(placeCursor);
            } else if (placeCursor.atElement(Namespaces.XMLENC.getUri(), "EncryptedKey")) {
                elementImpl = EncryptedKey.fromXml(placeCursor);
            } else if (placeCursor.atElement(Namespaces.XMLSIG.getUri(), org.apache.tsik.xmlsig.elements.KeyInfo.name)) {
                elementImpl = KeyInfo.fromXml(placeCursor);
            } else if (placeCursor.atElement(Namespaces.XMLENC.getUri(), "ReferenceList")) {
                elementImpl = ReferenceList.fromXml(placeCursor);
            } else if (placeCursor.atElement(Namespaces.XMLENC.getUri(), "EncryptedData")) {
                elementImpl = EncryptedData.fromXml(placeCursor);
            } else if (placeCursor.atElement(Namespaces.XMLSIG.getUri(), org.apache.tsik.xmlsig.elements.Signature.name)) {
                elementImpl = Signature.fromXml(placeCursor);
            } else {
                String stringBuffer = new StringBuffer().append("Security header cannot process ").append(placeCursor.getLocalName()).toString();
                if (z) {
                    throw new IllegalArgumentException(stringBuffer);
                }
                log.warn(stringBuffer);
            }
            arrayList.add(new Element(id, elementImpl, placeCursor));
        }
        Security security = new Security(arrayList);
        security.setMustUnderstand(z);
        return security;
    }

    @Override // org.apache.tsik.domutil.elements.Element
    public String toString() {
        String stringBuffer = new StringBuffer().append("[Security ").append("mustUnderstand=").append(this.mustUnderstand).append(" ").toString();
        for (int i = 0; i < this.elements.length; i++) {
            stringBuffer = new StringBuffer().append(stringBuffer).append("element=").append(this.elements[i]).toString();
        }
        return new StringBuffer().append(stringBuffer).append("]").toString();
    }

    public EncryptedData encryptData(EncryptedKey encryptedKey, String str, DOMCursor dOMCursor, boolean z) throws NoSuchAlgorithmException {
        log.debug("About to encrypt");
        String dataReference = encryptedKey.getReferenceList().getDataReference();
        if (!dataReference.startsWith("#")) {
            throw new IllegalArgumentException(new StringBuffer().append("external references not supported: ").append(dataReference).toString());
        }
        if (!new StringBuffer().append("#").append(str).toString().equals(dataReference)) {
            throw new IllegalArgumentException(new StringBuffer().append(dataReference).append(" not used by ").append(encryptedKey).toString());
        }
        Encryptor encryptor = new Encryptor(dOMCursor.getDocument(), encryptedKey.getDekKey(), AlgorithmType.TRIPLEDES);
        if (z) {
            encryptor.setContentEncryption(true);
        }
        EncryptedData fromXml = EncryptedData.fromXml(new DOMWriteCursor(encryptor.encrypt()));
        fromXml.setId(str);
        return fromXml;
    }

    public void process(SoapMessage soapMessage, TokenResolver tokenResolver) throws NoSuchAlgorithmException, XPathException, InvalidKeyException, SignatureException, ConversionException {
        log.debug(new StringBuffer().append("This Security header has ").append(this.elements.length).append(" sub elements").toString());
        log.debug(new StringBuffer().append("Mustunderstand=").append(this.mustUnderstand).toString());
        log.debug("Processing security header");
        process(tokenResolver, soapMessage);
        for (int i = 0; i < this.elements.length; i++) {
            if (!this.elements[i].hasBeenProcessed()) {
                log.debug(new StringBuffer().append("Missed processing sub element ").append(i).toString());
            }
        }
        log.debug("Done Processing security header");
    }

    private DOMWriteCursor getInSoapBody(String str, SoapMessage soapMessage) {
        DOMWriteCursor dOMWriteCursor = new DOMWriteCursor(soapMessage.getBody());
        if (dOMWriteCursor.moveToXPath(XPath.fromXPointer(str))) {
            return dOMWriteCursor;
        }
        return null;
    }

    public void setRequiredSignatureReferences(XPath[] xPathArr) {
        if (xPathArr == null) {
            xPathArr = new XPath[0];
        }
        this.refs = xPathArr;
    }

    private void process(TokenResolver tokenResolver, SoapMessage soapMessage) throws NoSuchAlgorithmException, XPathException, InvalidKeyException, SignatureException, ConversionException {
        for (int i = 0; i < this.elements.length; i++) {
            if (this.elements[i].hasBeenProcessed()) {
                log.warn(new StringBuffer().append("Sub element ").append(i).append(" has already been processed").toString());
            } else {
                ElementImpl elementImpl = this.elements[i].getElementImpl();
                String id = this.elements[i].getId();
                log.debug(new StringBuffer().append("Sub element ").append(i).append(" has id=").append(id).toString());
                if (elementImpl instanceof EncryptedKey) {
                    log.debug(new StringBuffer().append("Sub element ").append(i).append("=EncryptedKey").toString());
                    EncryptedKey encryptedKey = (EncryptedKey) elementImpl;
                    log.debug(new StringBuffer().append("ek=").append(encryptedKey).toString());
                    encryptedKey.decrypt(tokenResolver);
                    String dataReference = encryptedKey.getReferenceList().getDataReference();
                    log.debug(new StringBuffer().append("Decrypted key decrypts id ").append(dataReference).toString());
                    if (dataReference == null) {
                        throw new IllegalArgumentException("No reference ID in EncryptedKey");
                    }
                    if (dataReference != null) {
                        tokenResolver.map(dataReference, encryptedKey.getDekKey());
                    }
                    DOMWriteCursor inSoapBody = getInSoapBody(dataReference, soapMessage);
                    if (inSoapBody != null) {
                        log.debug("Id found in SOAP body");
                        EncryptedData.fromXml(inSoapBody).decryptInPlace(inSoapBody, tokenResolver);
                    } else {
                        log.debug("Id not found in SOAP body. Hold process.");
                    }
                    this.elements[i].setHasBeenProcessed();
                } else if (elementImpl instanceof EncryptedData) {
                    log.debug(new StringBuffer().append("Sub element ").append(i).append("=EncryptedData").toString());
                    EncryptedData encryptedData = (EncryptedData) elementImpl;
                    encryptedData.decrypt(tokenResolver);
                    SecurityToken convertToSecurityToken = convertToSecurityToken(encryptedData.getDecryptedData());
                    if (convertToSecurityToken != null) {
                        log.debug(new StringBuffer().append("Decrypted a security token=").append(convertToSecurityToken).toString());
                        this.elements[i] = new Element(null, convertToSecurityToken, null);
                    }
                    this.elements[i].setHasBeenProcessed();
                } else if (elementImpl instanceof BinarySecurityToken) {
                    log.debug(new StringBuffer().append("Sub element ").append(i).append("=BinarySecurityToken").toString());
                    BinarySecurityToken binarySecurityToken = (BinarySecurityToken) elementImpl;
                    if (binarySecurityToken.hasCertificate()) {
                        X509Certificate certificate = binarySecurityToken.getCertificate();
                        log.debug(new StringBuffer().append("Mapping ").append(id).append(" to ").append(certificate.getSubjectDN()).toString());
                        tokenResolver.map(id, certificate);
                    } else if (binarySecurityToken.hasSki()) {
                        byte[] ski = binarySecurityToken.getSki();
                        log.debug(new StringBuffer().append("Mapping ").append(id).append(" to SKI of ").append(Base64.encode(ski)).toString());
                        tokenResolver.map(id, ski);
                    }
                    this.elements[i].setHasBeenProcessed();
                } else if (elementImpl instanceof Signature) {
                    log.debug(new StringBuffer().append("Sub element ").append(i).append("=Signature").toString());
                    Signature signature = (Signature) elementImpl;
                    log.debug(new StringBuffer().append("This signature is ").append(signature).toString());
                    SecurityTokenReference securityTokenReference = signature.getKeyInfo().getSecurityTokenReference();
                    X509Certificate resolveCert = tokenResolver.resolveCert(securityTokenReference);
                    if (resolveCert == null) {
                        throw new SignatureException(new StringBuffer().append(new StringBuffer().append("Cannot find certificate for ").append(securityTokenReference).toString()).append("map is ").append(tokenResolver).toString());
                    }
                    PublicKey publicKey = resolveCert.getPublicKey();
                    Verifier verifier = new Verifier(soapMessage.getDocument(), this.elements[i].getDOMCursor().createXPath());
                    boolean verify = verifier.verify(publicKey);
                    log.debug(new StringBuffer().append("Signature is ").append(verify).toString());
                    if (!verify) {
                        throw new SignatureException(new StringBuffer().append("Signature ").append(signature).append(" does not verify").toString());
                    }
                    for (int i2 = 0; i2 < this.refs.length; i2++) {
                        if (!verifier.isReferenced(this.refs[i2])) {
                            throw new SignatureException(new StringBuffer().append("Required reference ").append(this.refs[i2]).append(" not ").append("referenced in ignature ").append(signature).toString());
                        }
                    }
                    this.elements[i].setHasBeenProcessed();
                } else if (elementImpl instanceof Timestamp) {
                    log.debug(new StringBuffer().append("Sub element ").append(i).append("=Timestamp").toString());
                    this.elements[i].setHasBeenProcessed();
                } else {
                    String stringBuffer = new StringBuffer().append("Security content not handled: ").append(elementImpl).toString();
                    if (this.mustUnderstand) {
                        throw new IllegalArgumentException(stringBuffer);
                    }
                    log.warn(stringBuffer);
                }
            }
        }
    }

    private SecurityToken convertToSecurityToken(DOMCursor dOMCursor) {
        if (dOMCursor.atElement(UsernameToken.uri, UsernameToken.elementName)) {
            return UsernameToken.fromXml(dOMCursor);
        }
        if (!dOMCursor.atElement(BinarySecurityToken.uri, BinarySecurityToken.elementName)) {
            return null;
        }
        try {
            return BinarySecurityToken.fromXml(dOMCursor);
        } catch (CertificateException e) {
            e.printStackTrace();
            return null;
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$tsik$wss$elements$Security == null) {
            cls = class$("org.apache.tsik.wss.elements.Security");
            class$org$apache$tsik$wss$elements$Security = cls;
        } else {
            cls = class$org$apache$tsik$wss$elements$Security;
        }
        c = cls;
        log = LoggerFactory.getLogger(c);
        elementName = SchemaMapper.getName(c);
        prefix = SchemaMapper.getPrefix(c);
        uri = SchemaMapper.getUri(c);
        ns = new String[]{prefix, uri};
    }
}
