package com.sun.xml.ws.security.opt.impl.incoming.processor;

import com.sun.xml.stream.buffer.XMLStreamBufferException;
import com.sun.xml.stream.buffer.stax.StreamReaderBufferCreator;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.incoming.DerivedKeyToken;
import com.sun.xml.ws.security.opt.impl.incoming.EncryptedData;
import com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey;
import com.sun.xml.ws.security.opt.impl.incoming.GenericSecuredHeader;
import com.sun.xml.ws.security.opt.impl.incoming.KerberosBinarySecurityToken;
import com.sun.xml.ws.security.opt.impl.incoming.SAMLAssertion;
import com.sun.xml.ws.security.opt.impl.incoming.SecurityContextToken;
import com.sun.xml.ws.security.opt.impl.incoming.Signature;
import com.sun.xml.ws.security.opt.impl.incoming.SignatureConfirmation;
import com.sun.xml.ws.security.opt.impl.incoming.TimestampHeader;
import com.sun.xml.ws.security.opt.impl.incoming.UsernameTokenHeader;
import com.sun.xml.ws.security.opt.impl.incoming.X509BinarySecurityToken;
import com.sun.xml.wss.BasicSecurityProfile;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.impl.opt.LogStringsMessages;
import java.util.HashMap;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.stream.XMLInputFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;

/* loaded from: input_file:spg-ui-war-2.1.14.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/opt/impl/incoming/processor/SecurityHeaderProcessor.class */
public class SecurityHeaderProcessor {
    private static final Logger logger = Logger.getLogger(LogDomainConstants.IMPL_OPT_DOMAIN, LogDomainConstants.IMPL_OPT_DOMAIN_BUNDLE);
    private static final int TIMESTAMP_ELEMENT = 1;
    private static final int USERNAMETOKEN_ELEMENT = 2;
    private static final int BINARYSECURITY_TOKEN_ELEMENT = 3;
    private static final int ENCRYPTED_DATA_ELEMENT = 4;
    private static final int ENCRYPTED_KEY_ELEMENT = 5;
    private static final int SIGNATURE_ELEMENT = 6;
    private static final int REFERENCE_LIST_ELEMENT = 7;
    private static final int DERIVED_KEY_ELEMENT = 8;
    private static final int SIGNATURE_CONFIRMATION_ELEMENT = 9;
    private static final int SECURITY_CONTEXT_TOKEN = 10;
    private static final int SAML_ASSERTION_ELEMEMENT = 11;
    private Map<String, String> currentParentNS;
    private JAXBFilterProcessingContext context;
    private XMLInputFactory staxIF;
    private StreamReaderBufferCreator creator;
    private BasicSecurityProfile bspContext;

    public SecurityHeaderProcessor(JAXBFilterProcessingContext jAXBFilterProcessingContext, Map<String, String> map, XMLInputFactory xMLInputFactory, StreamReaderBufferCreator streamReaderBufferCreator) {
        this.currentParentNS = new HashMap();
        this.staxIF = null;
        this.creator = null;
        this.bspContext = null;
        this.context = jAXBFilterProcessingContext;
        this.currentParentNS = map;
        this.staxIF = xMLInputFactory;
        this.context = jAXBFilterProcessingContext;
        this.creator = streamReaderBufferCreator;
        this.bspContext = jAXBFilterProcessingContext.getBSPContext();
    }

    public SecurityHeaderElement createHeader(XMLStreamReader xMLStreamReader) throws XWSSecurityException {
        int securityElementType = getSecurityElementType(xMLStreamReader);
        while (securityElementType != -1) {
            try {
                switch (securityElementType) {
                    case 1:
                        if (this.context.isBSP() && this.bspContext.isTimeStampFound()) {
                            BasicSecurityProfile.log_bsp_3203();
                        }
                        this.bspContext.setTimeStampFound(true);
                        TimestampHeader timestampHeader = new TimestampHeader(xMLStreamReader, this.creator, (HashMap) this.currentParentNS, this.context);
                        timestampHeader.validate(this.context);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(timestampHeader);
                        this.context.getInferredSecurityPolicy().append(timestampHeader.getPolicy());
                        return timestampHeader;
                    case 2:
                        UsernameTokenHeader usernameTokenHeader = new UsernameTokenHeader(xMLStreamReader, this.creator, (HashMap) this.currentParentNS, this.staxIF);
                        usernameTokenHeader.validate(this.context);
                        if (this.context.isTrustMessage() && !this.context.isClient()) {
                            if (this.context.getTrustContext() == null) {
                                IssuedTokenContextImpl issuedTokenContextImpl = new IssuedTokenContextImpl();
                                if (this.context.isSecure()) {
                                    issuedTokenContextImpl.setAuthnContextClass(MessageConstants.PASSWORD_PROTECTED_TRANSPORT_AUTHTYPE);
                                } else {
                                    issuedTokenContextImpl.setAuthnContextClass(MessageConstants.PASSWORD_AUTH_TYPE);
                                }
                                this.context.setTrustContext(issuedTokenContextImpl);
                            } else {
                                IssuedTokenContext trustContext = this.context.getTrustContext();
                                if (trustContext.getAuthnContextClass() != null) {
                                    if (this.context.isSecure()) {
                                        trustContext.setAuthnContextClass(MessageConstants.PASSWORD_PROTECTED_TRANSPORT_AUTHTYPE);
                                    } else {
                                        trustContext.setAuthnContextClass(MessageConstants.PASSWORD_AUTH_TYPE);
                                    }
                                    this.context.setTrustContext(trustContext);
                                }
                            }
                        }
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(usernameTokenHeader);
                        this.context.getInferredSecurityPolicy().append(usernameTokenHeader.getPolicy());
                        return usernameTokenHeader;
                    case 3:
                        if (xMLStreamReader.getAttributeValue("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "ValueType") == MessageConstants.KERBEROS_V5_GSS_APREQ_1510) {
                            KerberosBinarySecurityToken kerberosBinarySecurityToken = new KerberosBinarySecurityToken(xMLStreamReader, this.creator, (HashMap) this.currentParentNS, this.staxIF);
                            kerberosBinarySecurityToken.validate(this.context);
                            this.context.getSecurityContext().getProcessedSecurityHeaders().add(kerberosBinarySecurityToken);
                            this.context.getInferredSecurityPolicy().append(kerberosBinarySecurityToken.getPolicy());
                            if (this.context.isTrustMessage() && !this.context.isClient()) {
                                if (this.context.getTrustContext() == null) {
                                    IssuedTokenContextImpl issuedTokenContextImpl2 = new IssuedTokenContextImpl();
                                    issuedTokenContextImpl2.setAuthnContextClass(MessageConstants.KERBEROS_AUTH_TYPE);
                                    this.context.setTrustContext(issuedTokenContextImpl2);
                                } else {
                                    IssuedTokenContext trustContext2 = this.context.getTrustContext();
                                    if (trustContext2.getAuthnContextClass() != null) {
                                        trustContext2.setAuthnContextClass(MessageConstants.KERBEROS_AUTH_TYPE);
                                        this.context.setTrustContext(trustContext2);
                                    }
                                }
                            }
                            return kerberosBinarySecurityToken;
                        }
                        X509BinarySecurityToken x509BinarySecurityToken = new X509BinarySecurityToken(xMLStreamReader, this.creator, (HashMap) this.currentParentNS, this.staxIF);
                        x509BinarySecurityToken.validate(this.context);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(x509BinarySecurityToken);
                        this.context.getInferredSecurityPolicy().append(x509BinarySecurityToken.getPolicy());
                        if (this.context.isTrustMessage() && !this.context.isClient()) {
                            if (this.context.getTrustContext() == null) {
                                IssuedTokenContextImpl issuedTokenContextImpl3 = new IssuedTokenContextImpl();
                                issuedTokenContextImpl3.setAuthnContextClass(MessageConstants.X509_AUTH_TYPE);
                                this.context.setTrustContext(issuedTokenContextImpl3);
                            } else {
                                IssuedTokenContext trustContext3 = this.context.getTrustContext();
                                if (trustContext3.getAuthnContextClass() != null) {
                                    trustContext3.setAuthnContextClass(MessageConstants.X509_AUTH_TYPE);
                                    this.context.setTrustContext(trustContext3);
                                }
                            }
                        }
                        return x509BinarySecurityToken;
                    case 4:
                        EncryptedData encryptedData = new EncryptedData(xMLStreamReader, this.context, (HashMap) this.currentParentNS);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(encryptedData);
                        return encryptedData;
                    case 5:
                        EncryptedKey encryptedKey = new EncryptedKey(xMLStreamReader, this.context, (HashMap) this.currentParentNS);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(encryptedKey);
                        return encryptedKey;
                    case 6:
                        Signature signature = new Signature(this.context, this.currentParentNS, this.creator, true);
                        signature.process(xMLStreamReader);
                        if (signature.getReferences().size() == 0) {
                            this.context.getSecurityContext().getProcessedSecurityHeaders().add(signature);
                        }
                        this.context.getInferredSecurityPolicy().append(signature.getPolicy());
                        return signature;
                    case 7:
                    default:
                        new GenericSecuredHeader(xMLStreamReader, null, this.creator, (HashMap) this.currentParentNS, this.staxIF, this.context.getEncHeaderContent());
                        securityElementType = getSecurityElementType(xMLStreamReader);
                    case 8:
                        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(xMLStreamReader, this.context, (HashMap) this.currentParentNS);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(derivedKeyToken);
                        return derivedKeyToken;
                    case 9:
                        SignatureConfirmation signatureConfirmation = new SignatureConfirmation(xMLStreamReader, this.creator, (HashMap) this.currentParentNS, this.staxIF);
                        signatureConfirmation.validate(this.context);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(signatureConfirmation);
                        return signatureConfirmation;
                    case 10:
                        SecurityContextToken securityContextToken = new SecurityContextToken(xMLStreamReader, this.context, (HashMap) this.currentParentNS);
                        this.context.getSecurityContext().getProcessedSecurityHeaders().add(securityContextToken);
                        return securityContextToken;
                    case 11:
                        return new SAMLAssertion(xMLStreamReader, this.context, null, (HashMap) this.currentParentNS);
                }
            } catch (XMLStreamBufferException e) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1608_ERROR_SECURITY_HEADER());
                throw new XWSSecurityException(LogStringsMessages.WSS_1608_ERROR_SECURITY_HEADER(), e);
            } catch (XMLStreamException e2) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1608_ERROR_SECURITY_HEADER());
                throw new XWSSecurityException(LogStringsMessages.WSS_1608_ERROR_SECURITY_HEADER(), e2);
            }
        }
        return null;
    }

    private boolean isTimeStamp(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == "Timestamp" && xMLStreamReader.getNamespaceURI() == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
    }

    private boolean isBST(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME && xMLStreamReader.getNamespaceURI() == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    }

    private boolean isSignature(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == "Signature" && xMLStreamReader.getNamespaceURI() == "http://www.w3.org/2000/09/xmldsig#";
    }

    private boolean isEncryptedKey(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == "EncryptedKey" && xMLStreamReader.getNamespaceURI() == MessageConstants.XENC_NS;
    }

    private boolean isEncryptedData(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == MessageConstants.ENCRYPTED_DATA_LNAME && xMLStreamReader.getNamespaceURI() == MessageConstants.XENC_NS;
    }

    private boolean isUsernameToken(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == "UsernameToken" && xMLStreamReader.getNamespaceURI() == "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    }

    private boolean isDerivedKey(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == MessageConstants.DERIVEDKEY_TOKEN_LNAME && xMLStreamReader.getNamespaceURI() == "http://schemas.xmlsoap.org/ws/2005/02/sc";
    }

    private boolean isSignatureConfirmation(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == MessageConstants.SIGNATURE_CONFIRMATION_LNAME && xMLStreamReader.getNamespaceURI() == MessageConstants.WSSE11_NS;
    }

    private boolean isSCT(XMLStreamReader xMLStreamReader) {
        return xMLStreamReader.getLocalName() == MessageConstants.SECURITY_CONTEXT_TOKEN_LNAME && xMLStreamReader.getNamespaceURI() == "http://schemas.xmlsoap.org/ws/2005/02/sc";
    }

    private boolean isSAML(XMLStreamReader xMLStreamReader) {
        if (xMLStreamReader.getLocalName() != MessageConstants.SAML_ASSERTION_LNAME) {
            return false;
        }
        String namespaceURI = xMLStreamReader.getNamespaceURI();
        return namespaceURI == "urn:oasis:names:tc:SAML:2.0:assertion" || namespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion" || namespaceURI == "urn:oasis:names:tc:SAML:1.0:assertion";
    }

    private void moveToNextElement(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        xMLStreamReader.next();
        while (xMLStreamReader.getEventType() != 1) {
            xMLStreamReader.next();
        }
    }

    public int getSecurityElementType(XMLStreamReader xMLStreamReader) {
        if (isTimeStamp(xMLStreamReader)) {
            return 1;
        }
        if (isBST(xMLStreamReader)) {
            return 3;
        }
        if (isSignature(xMLStreamReader)) {
            return 6;
        }
        if (isEncryptedKey(xMLStreamReader)) {
            return 5;
        }
        if (isEncryptedData(xMLStreamReader)) {
            return 4;
        }
        if (isUsernameToken(xMLStreamReader)) {
            return 2;
        }
        if (isSignatureConfirmation(xMLStreamReader)) {
            return 9;
        }
        if (isDerivedKey(xMLStreamReader)) {
            return 8;
        }
        if (isSCT(xMLStreamReader)) {
            return 10;
        }
        return isSAML(xMLStreamReader) ? 11 : -1;
    }
}
