package com.sun.xml.wss.impl.filter;

import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.keyinfo.X509TokenBuilder;
import com.sun.xml.ws.security.opt.impl.message.GSHeaderElement;
import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.SecurityHeader;
import com.sun.xml.wss.core.UsernameToken;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.HarnessUtil;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.configuration.StaticApplicationContext;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.misc.NonceContainer;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.StaticPolicyContext;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.TimestampPolicy;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPPart;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:spg-ui-war-3.0.15.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/filter/AuthenticationTokenFilter.class */
public class AuthenticationTokenFilter {
    private static final Logger log = Logger.getLogger(LogDomainConstants.IMPL_FILTER_DOMAIN, LogDomainConstants.IMPL_FILTER_DOMAIN_BUNDLE);

    public static void processUserNameToken(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            getUserNameTokenFromMessage(filterProcessingContext);
        } else {
            addUserNameTokenToMessage(filterProcessingContext);
        }
    }

    public static void processSamlToken(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            ImportSamlAssertionFilter.process(filterProcessingContext);
        } else {
            ExportSamlAssertionFilter.process(filterProcessingContext);
        }
    }

    public static void processIssuedToken(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            return;
        }
        addIssuedTokenToMessage(filterProcessingContext);
    }

    private static void getUserNameTokenFromMessage(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        UsernameToken usernameToken;
        SecurityHeader findSecurityHeader = filterProcessingContext.getSecurableSoapMessage().findSecurityHeader();
        if (filterProcessingContext.getMode() == 0) {
            if (filterProcessingContext.makeDynamicPolicyCallback()) {
                try {
                    AuthenticationTokenPolicy authenticationTokenPolicy = (AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy();
                    AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy.getFeatureBinding();
                    usernameTokenBinding.isReadOnly(true);
                    DynamicApplicationContext dynamicApplicationContext = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                    dynamicApplicationContext.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                    dynamicApplicationContext.inBoundMessage(true);
                    DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(usernameTokenBinding, dynamicApplicationContext);
                    ProcessingContext.copy(dynamicApplicationContext.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                    authenticationTokenPolicy.setFeatureBinding((AuthenticationTokenPolicy.UsernameTokenBinding) dynamicPolicyCallback.getSecurityPolicy());
                } catch (Exception e) {
                    throw new XWSSecurityException(e);
                }
            }
            AuthenticationTokenPolicy authenticationTokenPolicy2 = (AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy();
            NodeList elementsByTagNameNS = findSecurityHeader.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
            if (elementsByTagNameNS.getLength() <= 0) {
                log.log(Level.SEVERE, "WSS1400.nousername.found");
                throw new XWSSecurityException("No Username token found ,Receiver requirement not met");
            }
            if (elementsByTagNameNS.getLength() > 1) {
                log.log(Level.SEVERE, "WSS1401.morethanone.username.found");
                throw new XWSSecurityException("More than one Username token found, Receiver requirement not met");
            }
            usernameToken = new UsernameToken(elementsByTagNameNS.item(0), authenticationTokenPolicy2.isBSP());
            usernameToken.isBSP(authenticationTokenPolicy2.isBSP());
        } else {
            if (filterProcessingContext.getMode() == 1) {
                log.log(Level.SEVERE, "WSS1402.error.posthoc");
                throw new XWSSecurityException("Internal Error: Called UsernameTokenFilter in POSTHOC Mode");
            }
            try {
                usernameToken = new UsernameToken(findSecurityHeader.getCurrentHeaderElement());
            } catch (XWSSecurityException e2) {
                log.log(Level.SEVERE, "WSS1403.import.username.token");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Exception while importing Username Password Token", e2);
            }
        }
        String username = usernameToken.getUsername();
        String password = usernameToken.getPassword();
        String passwordDigest = usernameToken.getPasswordDigest();
        String passwordType = usernameToken.getPasswordType();
        String nonce = usernameToken.getNonce();
        String created = usernameToken.getCreated();
        if (filterProcessingContext.getMode() == 0) {
            AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding2 = (AuthenticationTokenPolicy.UsernameTokenBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
            if (usernameTokenBinding2.getDigestOn() && passwordDigest == null) {
                log.log(Level.SEVERE, "WSS1404.notmet.digested");
                throw new XWSSecurityException("Receiver Requirement for Digested Password has not been met");
            }
            if (!usernameTokenBinding2.getDigestOn() && passwordDigest != null) {
                log.log(Level.SEVERE, "WSS1405.notmet.plaintext");
                throw new XWSSecurityException("Receiver Requirement for Plain-Text Password has not been met, Received token has Password-Digest");
            }
            if (usernameTokenBinding2.getUseNonce() && nonce == null) {
                log.log(Level.SEVERE, "WSS1406.notmet.nonce");
                throw new XWSSecurityException("Receiver Requirement for nonce has not been met");
            }
            if (!usernameTokenBinding2.getUseNonce() && nonce != null) {
                log.log(Level.SEVERE, "WSS1407.notmet.nononce");
                throw new XWSSecurityException("Receiver Requirement for no nonce has not been met, Received token has a nonce specified");
            }
        } else if (filterProcessingContext.getMode() == 3) {
            AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding3 = new AuthenticationTokenPolicy.UsernameTokenBinding();
            if (passwordDigest != null) {
                usernameTokenBinding3.setDigestOn(true);
            }
            if (nonce != null) {
                usernameTokenBinding3.setUseNonce(true);
            }
            filterProcessingContext.getInferredSecurityPolicy().append(usernameTokenBinding3);
        }
        try {
            if (!(MessageConstants.PASSWORD_TEXT_NS == passwordType ? filterProcessingContext.getSecurityEnvironment().authenticateUser(filterProcessingContext.getExtraneousProperties(), username, password) : filterProcessingContext.getSecurityEnvironment().authenticateUser(filterProcessingContext.getExtraneousProperties(), username, passwordDigest, nonce, created))) {
                log.log(Level.SEVERE, "WSS1408.failed.sender.authentication");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Authentication of Username Password Token Failed", new XWSSecurityException("Invalid Username Password Pair"));
            }
            long j = 300000;
            long j2 = 300000;
            long j3 = 900000;
            if (filterProcessingContext.getMode() == 0) {
                AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding4 = (AuthenticationTokenPolicy.UsernameTokenBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
                if (created != null) {
                    TimestampPolicy timestampPolicy = (TimestampPolicy) usernameTokenBinding4.getFeatureBinding();
                    j = timestampPolicy.getMaxClockSkew();
                    j2 = timestampPolicy.getTimestampFreshness();
                }
                j3 = usernameTokenBinding4.getMaxNonceAge();
            }
            if (created != null) {
                filterProcessingContext.getSecurityEnvironment().validateCreationTime(filterProcessingContext.getExtraneousProperties(), created, j, j2);
            }
            if (nonce != null) {
                if (filterProcessingContext.getHandler() != null) {
                    StaticPolicyContext policyContext = filterProcessingContext.getPolicyContext();
                    String str = null;
                    if (policyContext != null && (policyContext instanceof StaticApplicationContext)) {
                        str = ((StaticApplicationContext) policyContext).getApplicationContextRoot();
                    }
                    if (str != null && !validateAndCacheNonce(str, nonce, created, j3)) {
                        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Invalid/Repeated Nonce value for Username Token", new XWSSecurityException("Invalid/Repeated Nonce value for Username Token"));
                    }
                } else if (!filterProcessingContext.getSecurityEnvironment().validateAndCacheNonce(nonce, created, j3)) {
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, "Invalid/Repeated Nonce value for Username Token", new XWSSecurityException("Invalid/Repeated Nonce value for Username Token"));
                }
            }
            filterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(filterProcessingContext), username, password);
        } catch (XWSSecurityException e3) {
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, e3.getMessage(), e3);
        }
    }

    public static AuthenticationTokenPolicy.UsernameTokenBinding resolveUserNameTokenData(FilterProcessingContext filterProcessingContext, UsernameToken usernameToken, com.sun.xml.ws.security.opt.impl.tokens.UsernameToken usernameToken2, AuthenticationTokenPolicy authenticationTokenPolicy) throws XWSSecurityException {
        if (filterProcessingContext.makeDynamicPolicyCallback()) {
            try {
                AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy.getFeatureBinding();
                usernameTokenBinding.isReadOnly(true);
                DynamicApplicationContext dynamicApplicationContext = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                dynamicApplicationContext.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                dynamicApplicationContext.inBoundMessage(false);
                DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(usernameTokenBinding, dynamicApplicationContext);
                ProcessingContext.copy(dynamicApplicationContext.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding2 = (AuthenticationTokenPolicy.UsernameTokenBinding) dynamicPolicyCallback.getSecurityPolicy();
                if (usernameToken != null) {
                    usernameToken.setUsername(usernameTokenBinding2.getUsername());
                    usernameToken.setPassword(usernameTokenBinding2.getPassword());
                } else {
                    usernameToken2.setUsernameValue(usernameTokenBinding2.getUsername());
                    usernameToken2.setPasswordValue(usernameTokenBinding2.getPassword());
                }
                return usernameTokenBinding2;
            } catch (Exception e) {
                throw new XWSSecurityException(e);
            }
        }
        AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding3 = (AuthenticationTokenPolicy.UsernameTokenBinding) authenticationTokenPolicy.getFeatureBinding();
        String username = usernameTokenBinding3.getUsername();
        String password = usernameTokenBinding3.getPassword();
        if (username == null || "".equals(username)) {
            username = filterProcessingContext.getSecurityEnvironment().getUsername(filterProcessingContext.getExtraneousProperties());
        }
        if (username == null || "".equals(username)) {
            log.log(Level.SEVERE, "WSS1409.error.creating.usernametoken");
            throw new XWSSecurityException("Username has not been set");
        }
        if (usernameToken != null) {
            usernameToken.setUsername(username);
        } else {
            usernameToken2.setUsernameValue(username);
        }
        if (!usernameTokenBinding3.hasNoPassword() && (password == null || "".equals(password))) {
            password = filterProcessingContext.getSecurityEnvironment().getPassword(filterProcessingContext.getExtraneousProperties());
        }
        if (!usernameTokenBinding3.hasNoPassword()) {
            if (password == null) {
                log.log(Level.SEVERE, "WSS1424.invalid.username.token");
                throw new XWSSecurityException("Password for the username has not been set");
            }
            if (usernameToken != null) {
                usernameToken.setPassword(password);
            } else {
                usernameToken2.setPasswordValue(password);
            }
        }
        return usernameTokenBinding3;
    }

    public static void addUserNameTokenToMessage(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext instanceof JAXBFilterProcessingContext) {
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) filterProcessingContext;
            com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader securityHeader = jAXBFilterProcessingContext.getSecurityHeader();
            AuthenticationTokenPolicy authenticationTokenPolicy = (AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy();
            com.sun.xml.ws.security.opt.impl.tokens.UsernameToken usernameToken = new com.sun.xml.ws.security.opt.impl.tokens.UsernameToken(jAXBFilterProcessingContext.getSOAPVersion());
            AuthenticationTokenPolicy.UsernameTokenBinding resolveUserNameTokenData = resolveUserNameTokenData(jAXBFilterProcessingContext, null, usernameToken, authenticationTokenPolicy);
            if (resolveUserNameTokenData.getUseNonce()) {
                usernameToken.setNonce(resolveUserNameTokenData.getNonce());
            }
            if (resolveUserNameTokenData.getDigestOn()) {
                usernameToken.setDigestOn();
            }
            if (resolveUserNameTokenData.getUseNonce() || resolveUserNameTokenData.getDigestOn()) {
                usernameToken.setCreationTime(((TimestampPolicy) resolveUserNameTokenData.getFeatureBinding()).getCreationTime());
            }
            if (resolveUserNameTokenData.hasNoPassword()) {
                usernameToken.setCreationTime(((TimestampPolicy) resolveUserNameTokenData.getFeatureBinding()).getCreationTime());
            }
            String uuid = resolveUserNameTokenData.getUUID();
            if (uuid != null && !uuid.equals("")) {
                usernameToken.setId(uuid);
            }
            securityHeader.add(usernameToken);
            return;
        }
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
        AuthenticationTokenPolicy authenticationTokenPolicy2 = (AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy();
        UsernameToken usernameToken2 = new UsernameToken((Document) sOAPPart, "");
        AuthenticationTokenPolicy.UsernameTokenBinding resolveUserNameTokenData2 = resolveUserNameTokenData(filterProcessingContext, usernameToken2, null, authenticationTokenPolicy2);
        if (resolveUserNameTokenData2.getUseNonce()) {
            usernameToken2.setNonce(resolveUserNameTokenData2.getNonce());
        }
        if (resolveUserNameTokenData2.getDigestOn()) {
            usernameToken2.setDigestOn();
        }
        if (resolveUserNameTokenData2.getUseNonce() || resolveUserNameTokenData2.getDigestOn()) {
            usernameToken2.setCreationTime(((TimestampPolicy) resolveUserNameTokenData2.getFeatureBinding()).getCreationTime());
        }
        if (resolveUserNameTokenData2.hasNoPassword()) {
            usernameToken2.setCreationTime(((TimestampPolicy) resolveUserNameTokenData2.getFeatureBinding()).getCreationTime());
        }
        SecurityHeader findOrCreateSecurityHeader = securableSoapMessage.findOrCreateSecurityHeader();
        String uuid2 = resolveUserNameTokenData2.getUUID();
        if (uuid2 != null && !uuid2.equals("")) {
            XMLUtil.setWsuIdAttr(usernameToken2.getAsSoapElement(), uuid2);
        }
        findOrCreateSecurityHeader.insertHeaderBlock(usernameToken2);
    }

    public static void addIssuedTokenToMessage(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        IssuedTokenContext issuedTokenContext;
        IssuedTokenContext issuedTokenContext2;
        IssuedTokenKeyBinding issuedTokenKeyBinding = (IssuedTokenKeyBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
        boolean z = IssuedTokenKeyBinding.INCLUDE_ALWAYS.equals(issuedTokenKeyBinding.getIncludeToken()) || IssuedTokenKeyBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(issuedTokenKeyBinding.getIncludeToken());
        if (!(filterProcessingContext instanceof JAXBFilterProcessingContext)) {
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            SOAPPart sOAPPart = securableSoapMessage.getSOAPPart();
            GenericToken genericToken = null;
            if (filterProcessingContext.getTrustContext() == null && (issuedTokenContext = filterProcessingContext.getIssuedTokenContext(issuedTokenKeyBinding.getUUID())) != null) {
                filterProcessingContext.setTrustContext(issuedTokenContext);
                genericToken = (GenericToken) issuedTokenContext.getSecurityToken();
            }
            SOAPElement convertToSoapElement = XMLUtil.convertToSoapElement(sOAPPart, (Element) genericToken.getTokenValue());
            if (convertToSoapElement != null && z) {
                securableSoapMessage.findOrCreateSecurityHeader().insertHeaderBlockElement(convertToSoapElement);
            }
            filterProcessingContext.setIssuedSAMLToken(convertToSoapElement);
            return;
        }
        JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) filterProcessingContext;
        com.sun.xml.ws.security.opt.impl.outgoing.SecurityHeader securityHeader = jAXBFilterProcessingContext.getSecurityHeader();
        SecurityHeaderElement securityHeaderElement = null;
        GenericToken genericToken2 = null;
        if (jAXBFilterProcessingContext.getTrustContext() == null && (issuedTokenContext2 = jAXBFilterProcessingContext.getIssuedTokenContext(issuedTokenKeyBinding.getUUID())) != null) {
            jAXBFilterProcessingContext.setTrustContext(issuedTokenContext2);
            genericToken2 = (GenericToken) issuedTokenContext2.getSecurityToken();
        }
        if (genericToken2 != null) {
            securityHeaderElement = genericToken2.getElement();
            if (securityHeaderElement == null) {
                securityHeaderElement = new GSHeaderElement((Element) genericToken2.getTokenValue());
                securityHeaderElement.setId(genericToken2.getId());
            }
        }
        if (genericToken2 != null && z && jAXBFilterProcessingContext.getSecurityHeader().getChildElement(securityHeaderElement.getId()) == null) {
            securityHeader.add(securityHeaderElement);
        }
    }

    public static boolean validateAndCacheNonce(String str, String str2, String str3, long j) {
        return NonceContainer.validateAndCacheNonce(str, str2, str3, j);
    }

    public static void processX509Token(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            return;
        }
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) ((AuthenticationTokenPolicy) filterProcessingContext.getSecurityPolicy()).getFeatureBinding();
        X509Certificate defaultCertificate = filterProcessingContext.getSecurityEnvironment().getDefaultCertificate(filterProcessingContext.getExtraneousProperties());
        if (defaultCertificate == null) {
            throw new XWSSecurityException("No default X509 certificate was provided");
        }
        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = (AuthenticationTokenPolicy.X509CertificateBinding) x509CertificateBinding.clone();
        x509CertificateBinding2.setX509Certificate(defaultCertificate);
        if (filterProcessingContext instanceof JAXBFilterProcessingContext) {
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) filterProcessingContext;
            ((NamespaceContextEx) jAXBFilterProcessingContext.getNamespaceContext()).addWSSNS();
            new X509TokenBuilder(jAXBFilterProcessingContext, x509CertificateBinding2).process();
        } else {
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            String uuid = x509CertificateBinding.getUUID();
            if (uuid == null) {
                uuid = securableSoapMessage.generateId();
            }
            SecurityUtil.checkIncludeTokenPolicy(filterProcessingContext, x509CertificateBinding2, uuid);
        }
    }
}
