package com.sun.xml.wss.impl.misc;

import com.sun.org.apache.xml.internal.security.algorithms.JCEMapper;
import com.sun.xml.ws.api.SOAPVersion;
import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.IssuedTokenManager;
import com.sun.xml.ws.runtime.util.SessionManager;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityTokenReference;
import com.sun.xml.ws.security.Token;
import com.sun.xml.ws.security.impl.IssuedTokenContextImpl;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.incoming.SecurityContextToken;
import com.sun.xml.ws.security.opt.impl.keyinfo.SecurityContextToken13;
import com.sun.xml.ws.security.secconv.impl.client.DefaultSCTokenConfiguration;
import com.sun.xml.ws.security.secconv.impl.wssx.bindings.SecurityContextTokenType;
import com.sun.xml.ws.security.secext10.KeyIdentifierType;
import com.sun.xml.ws.security.secext10.SecurityTokenReferenceType;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.ReferenceElement;
import com.sun.xml.wss.core.SecurityContextTokenImpl;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.KeyIdentifier;
import com.sun.xml.wss.core.reference.SamlKeyIdentifier;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WSSAssertion;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.net.URL;
import java.security.AccessController;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.xml.bind.JAXBElement;
import javax.xml.soap.SOAPElement;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;

/* loaded from: input_file:spg-ui-war-2.1.2.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/misc/SecurityUtil.class */
public class SecurityUtil {
    protected static final Logger log = Logger.getLogger(LogDomainConstants.IMPL_CRYPTO_DOMAIN, LogDomainConstants.IMPL_CRYPTO_DOMAIN_BUNDLE);

    public static SecretKey generateSymmetricKey(String str) throws XWSSecurityException {
        try {
            String jCEKeyAlgorithmFromURI = JCEMapper.getJCEKeyAlgorithmFromURI(str);
            KeyGenerator keyGenerator = KeyGenerator.getInstance(jCEKeyAlgorithmFromURI);
            keyGenerator.init(jCEKeyAlgorithmFromURI.startsWith("DES") ? 168 : JCEMapper.getKeyLengthFromURI(str));
            return keyGenerator.generateKey();
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS1208.failedto.generate.random.symmetrickey", new Object[]{e.getMessage()});
            throw new XWSSecurityException("Unable to Generate Symmetric Key", e);
        }
    }

    public static int getLengthFromAlgorithm(String str) throws XWSSecurityException {
        if (str.equals(MessageConstants.AES_BLOCK_ENCRYPTION_192)) {
            return 24;
        }
        if (str.equals(MessageConstants.AES_BLOCK_ENCRYPTION_256)) {
            return 32;
        }
        if (str.equals(MessageConstants.AES_BLOCK_ENCRYPTION_128)) {
            return 16;
        }
        if (str.equals("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
            return 24;
        }
        throw new UnsupportedOperationException("TODO: not yet implemented keyLength for" + str);
    }

    public static String generateUUID() {
        return "XWSSGID-" + String.valueOf(System.currentTimeMillis()) + String.valueOf(new Random().nextInt());
    }

    public static byte[] P_SHA1(byte[] bArr, byte[] bArr2) throws Exception {
        Mac mac = Mac.getInstance("HMACSHA1");
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HMACSHA1");
        mac.init(secretKeySpec);
        mac.update(bArr2);
        byte[] doFinal = mac.doFinal();
        mac.reset();
        mac.init(secretKeySpec);
        mac.update(doFinal);
        mac.update(bArr2);
        return mac.doFinal();
    }

    public static byte[] P_SHA1(byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        Mac mac = Mac.getInstance("HMACSHA1");
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HMACSHA1");
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        mac.init(secretKeySpec);
        mac.update(bArr2);
        byte[] doFinal = mac.doFinal();
        int length = i / doFinal.length;
        if (i % doFinal.length != 0) {
            length++;
        }
        int i3 = 0;
        while (i3 < length) {
            mac.reset();
            mac.init(secretKeySpec);
            mac.update(doFinal);
            mac.update(bArr2);
            byte[] doFinal2 = mac.doFinal();
            int length2 = i3 != length - 1 ? doFinal2.length : i - (doFinal2.length * i3);
            System.arraycopy(doFinal2, 0, bArr3, i2, length2);
            i2 += length2;
            mac.init(secretKeySpec);
            mac.update(doFinal);
            doFinal = mac.doFinal();
            i3++;
        }
        return bArr3;
    }

    public static String getSecretKeyAlgorithm(String str) {
        String translateURItoJCEID = JCEMapper.translateURItoJCEID(str);
        return translateURItoJCEID.startsWith("AES") ? "AES" : translateURItoJCEID.startsWith("DESede") ? "DESede" : translateURItoJCEID.startsWith("DES") ? "DES" : translateURItoJCEID;
    }

    public static void checkIncludeTokenPolicy(FilterProcessingContext filterProcessingContext, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, String str) throws XWSSecurityException {
        if (((X509SecurityToken) filterProcessingContext.getInsertedX509Cache().get(str)) == null) {
            try {
                if (!x509CertificateBinding.policyTokenWasSet()) {
                    return;
                }
                if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(x509CertificateBinding.getIncludeToken()) || AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ALWAYS.equals(x509CertificateBinding.getIncludeToken())) {
                    insertCertificate(filterProcessingContext, x509CertificateBinding, str);
                } else if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_NEVER.equals(x509CertificateBinding.getIncludeToken())) {
                    WSSAssertion wSSAssertion = filterProcessingContext.getWSSAssertion();
                    if ("Direct".equals(x509CertificateBinding.getReferenceType())) {
                        if (wSSAssertion == null) {
                            x509CertificateBinding.setReferenceType("Identifier");
                        } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUST_SUPPORT_REF_KEYIDENTIFIER)) {
                            x509CertificateBinding.setReferenceType("Identifier");
                        } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUSTSUPPORT_REF_THUMBPRINT)) {
                            x509CertificateBinding.setReferenceType(MessageConstants.THUMB_PRINT_TYPE);
                        }
                    }
                } else if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ONCE.equals(x509CertificateBinding.getIncludeToken())) {
                    throw new UnsupportedOperationException(AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ONCE + " not supported yet as IncludeToken policy");
                }
            } catch (Exception e) {
                throw new XWSSecurityException(e);
            }
        }
    }

    public static void checkIncludeTokenPolicyOpt(JAXBFilterProcessingContext jAXBFilterProcessingContext, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, String str) throws XWSSecurityException {
        try {
            if (x509CertificateBinding.policyTokenWasSet()) {
                if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(x509CertificateBinding.getIncludeToken()) || AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ALWAYS.equals(x509CertificateBinding.getIncludeToken())) {
                    x509CertificateBinding.setReferenceType("Direct");
                } else if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_NEVER.equals(x509CertificateBinding.getIncludeToken())) {
                    WSSAssertion wSSAssertion = jAXBFilterProcessingContext.getWSSAssertion();
                    if ("Direct".equals(x509CertificateBinding.getReferenceType())) {
                        if (wSSAssertion == null) {
                            x509CertificateBinding.setReferenceType("Identifier");
                        } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUST_SUPPORT_REF_KEYIDENTIFIER)) {
                            x509CertificateBinding.setReferenceType("Identifier");
                        } else if (wSSAssertion.getRequiredProperties().contains(WSSAssertion.MUSTSUPPORT_REF_THUMBPRINT)) {
                            x509CertificateBinding.setReferenceType(MessageConstants.THUMB_PRINT_TYPE);
                        }
                    }
                } else if (AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ONCE.equals(x509CertificateBinding.getIncludeToken())) {
                    throw new UnsupportedOperationException(AuthenticationTokenPolicy.X509CertificateBinding.INCLUDE_ONCE + " not supported yet as IncludeToken policy");
                }
            }
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    public static String getWsuIdOrId(Element element) throws XWSSecurityException {
        NamedNodeMap attributes = element.getAttributes();
        Node namedItem = attributes.getNamedItem("Id");
        if (namedItem == null) {
            namedItem = attributes.getNamedItem(MessageConstants.SAML_ASSERTIONID_LNAME);
            if (namedItem == null) {
                namedItem = attributes.getNamedItem(MessageConstants.SAML_ID_LNAME);
            }
            if (namedItem == null) {
                throw new XWSSecurityException("Issued Token Element does not have a Id or AssertionId attribute");
            }
        }
        return namedItem.getNodeValue();
    }

    public static void resolveSCT(FilterProcessingContext filterProcessingContext, SecureConversationTokenKeyBinding secureConversationTokenKeyBinding) throws XWSSecurityException {
        String uuid = secureConversationTokenKeyBinding.getUUID();
        IssuedTokenContext issuedTokenContext = null;
        if (filterProcessingContext.isClient()) {
            issuedTokenContext = IssuedTokenManager.getInstance().createIssuedTokenContext(new DefaultSCTokenConfiguration(filterProcessingContext.getWSSCVersion(filterProcessingContext.getSecurityPolicyVersion()), uuid, !filterProcessingContext.isExpired(), !filterProcessingContext.isInboundMessage()), null);
            try {
                IssuedTokenManager.getInstance().getIssuedToken(issuedTokenContext);
            } catch (WSTrustException e) {
                throw new XWSSecurityException(e);
            }
        }
        if (issuedTokenContext == null) {
            String str = "";
            if (filterProcessingContext instanceof JAXBFilterProcessingContext) {
                Object extraneousProperty = filterProcessingContext.getExtraneousProperty(MessageConstants.INCOMING_SCT);
                if (extraneousProperty == null) {
                    throw new XWSSecurityException("SecureConversation Session Context not Found");
                }
                if (extraneousProperty instanceof SecurityContextToken) {
                    str = ((SecurityContextToken) extraneousProperty).getSCId();
                } else if (extraneousProperty instanceof com.sun.xml.ws.security.SecurityContextToken) {
                    str = ((com.sun.xml.ws.security.SecurityContextToken) extraneousProperty).getIdentifier().toString();
                }
            } else {
                com.sun.xml.ws.security.SecurityContextToken securityContextToken = (com.sun.xml.ws.security.SecurityContextToken) filterProcessingContext.getExtraneousProperty(MessageConstants.INCOMING_SCT);
                if (securityContextToken == null) {
                    throw new XWSSecurityException("SecureConversation Session Context not Found");
                }
                str = securityContextToken.getIdentifier().toString();
            }
            issuedTokenContext = SessionManager.getSessionManager().getSecurityContext(str, !filterProcessingContext.isExpired());
        }
        if (issuedTokenContext == null) {
            throw new XWSSecurityException("SecureConversation Session Context not Found");
        }
        filterProcessingContext.setSecureConversationContext(issuedTokenContext);
    }

    public static void resolveIssuedToken(FilterProcessingContext filterProcessingContext, IssuedTokenKeyBinding issuedTokenKeyBinding) throws XWSSecurityException {
        IssuedTokenContext issuedTokenContext = filterProcessingContext.getIssuedTokenContext(issuedTokenKeyBinding.getUUID());
        boolean z = true;
        if (issuedTokenContext == null) {
            issuedTokenContext = filterProcessingContext.getTrustCredentialHolder();
            z = false;
        }
        if (issuedTokenContext == null) {
            throw new XWSSecurityException("Trust IssuedToken not Found");
        }
        filterProcessingContext.setTrustContext(issuedTokenContext);
        if (issuedTokenContext.getProofKey() == null && z) {
            issuedTokenContext.setRequestorCertificate(filterProcessingContext.getSecurityEnvironment().getDefaultCertificate(filterProcessingContext.getExtraneousProperties()));
        }
    }

    public static void initInferredIssuedTokenContext(FilterProcessingContext filterProcessingContext, Token token, Key key) throws XWSSecurityException {
        IssuedTokenContextImpl issuedTokenContextImpl = (IssuedTokenContextImpl) filterProcessingContext.getTrustCredentialHolder();
        if (issuedTokenContextImpl == null) {
            issuedTokenContextImpl = new IssuedTokenContextImpl();
        }
        issuedTokenContextImpl.setProofKey(key.getEncoded());
        issuedTokenContextImpl.setUnAttachedSecurityTokenReference(token);
        filterProcessingContext.setTrustCredentialHolder(issuedTokenContextImpl);
    }

    public static boolean isEncryptedKey(SOAPElement sOAPElement) {
        return "EncryptedKey".equals(sOAPElement.getLocalName()) && MessageConstants.XENC_NS.equals(sOAPElement.getNamespaceURI());
    }

    public static boolean isBinarySecret(SOAPElement sOAPElement) {
        return "BinarySecret".equals(sOAPElement.getLocalName()) && "http://schemas.xmlsoap.org/ws/2005/02/trust".equals(sOAPElement.getNamespaceURI());
    }

    public static SecurityContextTokenImpl locateBySCTId(FilterProcessingContext filterProcessingContext, String str) throws XWSSecurityException {
        Hashtable issuedTokenContextMap = filterProcessingContext.getIssuedTokenContextMap();
        if (issuedTokenContextMap == null) {
            return null;
        }
        for (Map.Entry entry : issuedTokenContextMap.entrySet()) {
            Object value = entry.getValue();
            if (value instanceof IssuedTokenContext) {
                Token securityToken = ((IssuedTokenContext) value).getSecurityToken();
                if (securityToken instanceof com.sun.xml.ws.security.SecurityContextToken) {
                    com.sun.xml.ws.security.SecurityContextToken securityContextToken = (com.sun.xml.ws.security.SecurityContextToken) securityToken;
                    if (str.equals(securityContextToken.getIdentifier().toString())) {
                        return new SecurityContextTokenImpl(filterProcessingContext.getSOAPMessage().getSOAPPart(), securityContextToken.getIdentifier().toString(), securityContextToken.getInstance(), securityContextToken.getWsuId(), securityContextToken.getExtElements());
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }

    public static void updateSamlVsKeyCache(SecurityTokenReference securityTokenReference, FilterProcessingContext filterProcessingContext, Key key) {
        ReferenceElement reference = ((com.sun.xml.wss.core.SecurityTokenReference) securityTokenReference).getReference();
        if (reference instanceof KeyIdentifier) {
            String referenceValue = ((KeyIdentifier) reference).getReferenceValue();
            if (filterProcessingContext.getSamlIdVSKeyCache().get(referenceValue) == null) {
                filterProcessingContext.getSamlIdVSKeyCache().put(referenceValue, key);
            }
        }
    }

    public static void updateSamlVsKeyCache(SecurityTokenReferenceType securityTokenReferenceType, FilterProcessingContext filterProcessingContext, Key key) {
        List<Object> any = securityTokenReferenceType.getAny();
        for (int i = 0; i < any.size(); i++) {
            Object obj = any.get(i);
            if (obj instanceof JAXBElement) {
                obj = ((JAXBElement) obj).getValue();
            }
            if (obj instanceof KeyIdentifierType) {
                String value = ((KeyIdentifierType) obj).getValue();
                if (filterProcessingContext.getSamlIdVSKeyCache().get(value) == null) {
                    filterProcessingContext.getSamlIdVSKeyCache().put(value, key);
                }
                HashMap hashMap = (HashMap) filterProcessingContext.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
                if (hashMap != null && hashMap.get(value) == null) {
                    hashMap.put(value, key);
                }
            }
        }
    }

    public static void insertCertificate(FilterProcessingContext filterProcessingContext, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding, String str) throws XWSSecurityException {
        HashMap insertedX509Cache = filterProcessingContext.getInsertedX509Cache();
        try {
            String valueType = x509CertificateBinding.getValueType();
            if (valueType == null || valueType.equals("")) {
                valueType = MessageConstants.X509v3_NS;
            }
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            X509SecurityToken x509SecurityToken = new X509SecurityToken(securableSoapMessage.getSOAPPart(), x509CertificateBinding.getX509Certificate(), str, valueType);
            securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlock(x509SecurityToken);
            insertedX509Cache.put(str, x509SecurityToken);
            x509CertificateBinding.setReferenceType("Direct");
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    public static String getDataEncryptionAlgo(JAXBFilterProcessingContext jAXBFilterProcessingContext) {
        WSSPolicy wSSPolicy = (WSSPolicy) jAXBFilterProcessingContext.getSecurityPolicy();
        String dataEncryptionAlgorithm = PolicyTypeUtil.encryptionPolicy(wSSPolicy) ? ((EncryptionPolicy.FeatureBinding) wSSPolicy.getFeatureBinding()).getDataEncryptionAlgorithm() : "";
        if ((dataEncryptionAlgorithm == null || "".equals(dataEncryptionAlgorithm)) && jAXBFilterProcessingContext.getAlgorithmSuite() != null) {
            dataEncryptionAlgorithm = jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm();
        }
        return dataEncryptionAlgorithm;
    }

    public static URL loadFromContext(String str, Object obj) {
        return (URL) ReflectionUtil.invoke(obj, "getResource", URL.class, str);
    }

    public static URL loadFromClasspath(String str) {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        return contextClassLoader == null ? ClassLoader.getSystemResource(str) : contextClassLoader.getResource(str);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static Element convertSTRToElement(Object obj, Document document) throws XWSSecurityException {
        if (obj == null || (obj instanceof Element)) {
            return (Element) obj;
        }
        Element element = null;
        if (obj instanceof com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier) {
            com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier keyIdentifier = (com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier) obj;
            if (!MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE.equals(keyIdentifier.getValueType())) {
                throw new XWSSecurityException("Unsupported reference type encountered");
            }
            com.sun.xml.wss.core.SecurityTokenReference securityTokenReference = new com.sun.xml.wss.core.SecurityTokenReference(document);
            SamlKeyIdentifier samlKeyIdentifier = new SamlKeyIdentifier(document);
            samlKeyIdentifier.setReferenceValue(keyIdentifier.getReferenceValue());
            samlKeyIdentifier.setValueType(keyIdentifier.getValueType());
            securityTokenReference.setReference(samlKeyIdentifier);
            element = securityTokenReference;
        }
        return element;
    }

    public static void copySubject(final Subject subject, final Subject subject2) {
        AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.xml.wss.impl.misc.SecurityUtil.1
            @Override // java.security.PrivilegedAction
            public Object run() {
                subject.getPrincipals().addAll(subject2.getPrincipals());
                subject.getPublicCredentials().addAll(subject2.getPublicCredentials());
                subject.getPrivateCredentials().addAll(subject2.getPrivateCredentials());
                return null;
            }
        });
    }

    public static Subject getSubject(final Map map) {
        Subject subject = (Subject) map.get(MessageConstants.AUTH_SUBJECT);
        return subject != null ? subject : (Subject) AccessController.doPrivileged(new PrivilegedAction() { // from class: com.sun.xml.wss.impl.misc.SecurityUtil.2
            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject2 = new Subject();
                map.put(MessageConstants.AUTH_SUBJECT, subject2);
                return subject2;
            }
        });
    }

    /* JADX WARN: Multi-variable type inference failed */
    public static com.sun.xml.ws.security.SecurityContextToken getSCT(com.sun.xml.ws.security.SecurityContextToken securityContextToken, SOAPVersion sOAPVersion) {
        return securityContextToken instanceof SecurityContextTokenType ? new SecurityContextToken13((SecurityContextTokenType) securityContextToken, sOAPVersion) : new com.sun.xml.ws.security.opt.impl.keyinfo.SecurityContextToken((com.sun.xml.ws.security.secconv.impl.bindings.SecurityContextTokenType) securityContextToken, sOAPVersion);
    }

    public static void copy(Map map, Map map2) {
        if (map2 == null || map == null) {
            return;
        }
        map.putAll(map2);
    }
}
