package com.sun.xml.wss.impl.filter;

import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.HarnessUtil;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.dsig.SignatureProcessor;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.PrivateKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SignaturePolicy;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;

/* loaded from: input_file:spg-ui-war-2.1.30rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/filter/SignatureFilter.class */
public class SignatureFilter {
    private static Logger log = Logger.getLogger(LogDomainConstants.IMPL_FILTER_DOMAIN, LogDomainConstants.IMPL_FILTER_DOMAIN_BUNDLE);

    public static void process(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            if (filterProcessingContext.makeDynamicPolicyCallback()) {
                WSSPolicy wSSPolicy = (WSSPolicy) filterProcessingContext.getSecurityPolicy();
                ((SignaturePolicy) wSSPolicy).isReadOnly(true);
                try {
                    DynamicApplicationContext dynamicApplicationContext = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                    dynamicApplicationContext.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                    dynamicApplicationContext.inBoundMessage(true);
                    DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(wSSPolicy, dynamicApplicationContext);
                    ProcessingContext.copy(dynamicApplicationContext.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                    filterProcessingContext.setSecurityPolicy((SignaturePolicy) dynamicPolicyCallback.getSecurityPolicy());
                } catch (Exception e) {
                    log.log(Level.SEVERE, "WSS1420.dynamic.policy.signature", new Object[]{e.getMessage()});
                    throw new XWSSecurityException(e);
                }
            }
            SignatureProcessor.verify(filterProcessingContext);
            return;
        }
        WSSPolicy wSSPolicy2 = (WSSPolicy) filterProcessingContext.getSecurityPolicy();
        SignaturePolicy signaturePolicy = (SignaturePolicy) wSSPolicy2;
        if (filterProcessingContext.makeDynamicPolicyCallback()) {
            ((SignaturePolicy) wSSPolicy2).isReadOnly(true);
            try {
                DynamicApplicationContext dynamicApplicationContext2 = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                dynamicApplicationContext2.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                dynamicApplicationContext2.inBoundMessage(false);
                DynamicPolicyCallback dynamicPolicyCallback2 = new DynamicPolicyCallback(wSSPolicy2, dynamicApplicationContext2);
                ProcessingContext.copy(dynamicApplicationContext2.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback2, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                signaturePolicy = (SignaturePolicy) dynamicPolicyCallback2.getSecurityPolicy();
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS1420.dynamic.policy.signature", new Object[]{e2.getMessage()});
                throw new XWSSecurityException(e2);
            }
        } else {
            WSSPolicy wSSPolicy3 = (WSSPolicy) ((SignaturePolicy) wSSPolicy2).getKeyBinding();
            if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy3)) {
                try {
                    AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy3.clone();
                    String certificateIdentifier = x509CertificateBinding.getCertificateIdentifier();
                    if (MessageConstants.HMAC_SHA1_SIGMETHOD.equals(x509CertificateBinding.getKeyAlgorithm())) {
                        x509CertificateBinding.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), certificateIdentifier, false));
                    } else if (certificateIdentifier == null || "".equals(certificateIdentifier)) {
                        WSSPolicy wSSPolicy4 = (WSSPolicy) x509CertificateBinding.getKeyBinding();
                        if (wSSPolicy4 == null) {
                            wSSPolicy4 = (WSSPolicy) x509CertificateBinding.newPrivateKeyBinding();
                        }
                        if (filterProcessingContext.getSecurityEnvironment().getClass().getName().equals("com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl")) {
                            SignatureKeyCallback.PrivKeyCertRequest defaultPrivKeyCertRequest = ((DefaultSecurityEnvironmentImpl) filterProcessingContext.getSecurityEnvironment()).getDefaultPrivKeyCertRequest(filterProcessingContext.getExtraneousProperties());
                            x509CertificateBinding.setX509Certificate(defaultPrivKeyCertRequest.getX509Certificate());
                            if (defaultPrivKeyCertRequest.getX509Certificate() == null) {
                                log.log(Level.SEVERE, "WSS1421.no.default.x509certificate.provided");
                                throw new XWSSecurityException("No default X509Certificate was provided");
                            }
                            ((PrivateKeyBinding) wSSPolicy4).setPrivateKey(defaultPrivKeyCertRequest.getPrivateKey());
                        } else {
                            X509Certificate defaultCertificate = filterProcessingContext.getSecurityEnvironment().getDefaultCertificate(filterProcessingContext.getExtraneousProperties());
                            if (defaultCertificate == null) {
                                log.log(Level.SEVERE, "WSS1421.no.default.x509certificate.provided");
                                throw new XWSSecurityException("No default X509Certificate was provided");
                            }
                            x509CertificateBinding.setX509Certificate(defaultCertificate);
                            ((PrivateKeyBinding) wSSPolicy4).setPrivateKey(filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), defaultCertificate));
                        }
                    } else if (filterProcessingContext.getSecurityEnvironment().getClass().getName().equals("com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl")) {
                        SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = ((DefaultSecurityEnvironmentImpl) filterProcessingContext.getSecurityEnvironment()).getAliasPrivKeyCertRequest(certificateIdentifier);
                        x509CertificateBinding.setX509Certificate(aliasPrivKeyCertRequest.getX509Certificate());
                        if (aliasPrivKeyCertRequest.getX509Certificate() == null) {
                            log.log(Level.SEVERE, "WSS1421.no.default.x509certificate.provided");
                            throw new XWSSecurityException("No X509Certificate was provided");
                        }
                        WSSPolicy wSSPolicy5 = (WSSPolicy) x509CertificateBinding.getKeyBinding();
                        if (PolicyTypeUtil.privateKeyBinding(wSSPolicy5)) {
                            ((PrivateKeyBinding) wSSPolicy5).setPrivateKey(aliasPrivKeyCertRequest.getPrivateKey());
                        } else {
                            if (wSSPolicy5 != null) {
                                log.log(Level.SEVERE, "WSS1416.unsupported.keybinding");
                                throw new XWSSecurityException("Unsupported KeyBinding for X509CertificateBinding");
                            }
                            ((PrivateKeyBinding) x509CertificateBinding.newPrivateKeyBinding()).setPrivateKey(aliasPrivKeyCertRequest.getPrivateKey());
                        }
                    } else {
                        x509CertificateBinding.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), certificateIdentifier, true));
                        WSSPolicy wSSPolicy6 = (WSSPolicy) x509CertificateBinding.getKeyBinding();
                        PrivateKey privateKey = filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), certificateIdentifier);
                        if (PolicyTypeUtil.privateKeyBinding(wSSPolicy6)) {
                            ((PrivateKeyBinding) wSSPolicy6).setPrivateKey(privateKey);
                        } else {
                            if (wSSPolicy6 != null) {
                                log.log(Level.SEVERE, "WSS1416.unsupported.keybinding");
                                throw new XWSSecurityException("Unsupported KeyBinding for X509CertificateBinding");
                            }
                            ((PrivateKeyBinding) x509CertificateBinding.newPrivateKeyBinding()).setPrivateKey(privateKey);
                        }
                    }
                    filterProcessingContext.setX509CertificateBinding(x509CertificateBinding);
                } catch (Exception e3) {
                    log.log(Level.SEVERE, "WSS1417.exception.processing.signature", new Object[]{e3.getMessage()});
                    throw new XWSSecurityException(e3);
                }
            } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy3)) {
                AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy3.clone();
                kerberosTokenBinding.getKeyAlgorithm();
                KerberosContext kerberosContext = null;
                if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                    kerberosContext = filterProcessingContext.getKerberosContext();
                }
                String encryptionAlgorithm = filterProcessingContext.getAlgorithmSuite() != null ? filterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm() : "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
                if (kerberosContext == null) {
                    log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                    throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                }
                kerberosTokenBinding.setTokenValue(kerberosContext.getKerberosToken());
                kerberosTokenBinding.setSecretKey(kerberosContext.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(encryptionAlgorithm)));
                filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding);
            } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy3)) {
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) ((WSSPolicy) ((SignaturePolicy) wSSPolicy2).getKeyBinding());
                sAMLAssertionBinding.isReadOnly(true);
                DynamicApplicationContext dynamicApplicationContext3 = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                dynamicApplicationContext3.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                dynamicApplicationContext3.inBoundMessage(false);
                filterProcessingContext.getExtraneousProperties().get(MessageConstants.SAML_ASSERTION_CLIENT_CACHE);
                AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy = filterProcessingContext.getSecurityEnvironment().populateSAMLPolicy(filterProcessingContext.getExtraneousProperties(), sAMLAssertionBinding, dynamicApplicationContext3);
                if (populateSAMLPolicy.getAssertion() == null && populateSAMLPolicy.getAuthorityBinding() == null) {
                    log.log(Level.SEVERE, "WSS1418.saml.info.notset");
                    throw new XWSSecurityException("None of SAML Assertion, SAML AuthorityBinding information was set into  the Policy by the CallbackHandler");
                }
                wSSPolicy2.setKeyBinding(populateSAMLPolicy);
                signaturePolicy = (SignaturePolicy) wSSPolicy2;
                filterProcessingContext.getExtraneousProperties().put(MessageConstants.SAML_ASSERTION_CLIENT_CACHE, populateSAMLPolicy.getAssertion());
            } else if (PolicyTypeUtil.symmetricKeyBinding(wSSPolicy3)) {
                try {
                    String encryptionAlgorithm2 = filterProcessingContext.getAlgorithmSuite() != null ? filterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm() : "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
                    SymmetricKeyBinding symmetricKeyBinding = (SymmetricKeyBinding) wSSPolicy3.clone();
                    String keyIdentifier = symmetricKeyBinding.getKeyIdentifier();
                    SecretKey secretKey = null;
                    WSSPolicy wSSPolicy7 = (WSSPolicy) symmetricKeyBinding.getKeyBinding();
                    boolean equals = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
                    boolean equals2 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
                    boolean z = !equals2;
                    boolean z2 = equals && equals2 && getReceivedSecret(filterProcessingContext) != null;
                    if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy7)) {
                        if (!z2) {
                            try {
                                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy7.clone();
                                x509CertificateBinding2.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding2.getCertificateIdentifier(), false));
                                filterProcessingContext.setX509CertificateBinding(x509CertificateBinding2);
                            } catch (Exception e4) {
                                log.log(Level.SEVERE, "WSS1413.error.extracting.certificate", (Throwable) e4);
                                throw new XWSSecurityException(e4);
                            }
                        }
                    } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy7)) {
                        AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding2 = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy7;
                        KerberosContext kerberosContext2 = null;
                        if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                            kerberosContext2 = filterProcessingContext.getKerberosContext();
                        }
                        if (kerberosContext2 == null) {
                            log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                            throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                        }
                        kerberosTokenBinding2.setTokenValue(kerberosContext2.getKerberosToken());
                        secretKey = kerberosContext2.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(encryptionAlgorithm2));
                        kerberosTokenBinding2.setSecretKey(secretKey);
                        filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding2);
                    }
                    if (!PolicyTypeUtil.kerberosTokenBinding(wSSPolicy7)) {
                        if (!symmetricKeyBinding.getKeyIdentifier().equals(MessageConstants._EMPTY)) {
                            secretKey = filterProcessingContext.getSecurityEnvironment().getSecretKey(filterProcessingContext.getExtraneousProperties(), keyIdentifier, true);
                        } else if (z2) {
                            secretKey = getReceivedSecret(filterProcessingContext);
                        } else if (equals2 || z) {
                            secretKey = SecurityUtil.generateSymmetricKey(encryptionAlgorithm2);
                        }
                    }
                    symmetricKeyBinding.setSecretKey(secretKey);
                    filterProcessingContext.setSymmetricKeyBinding(symmetricKeyBinding);
                } catch (Exception e5) {
                    log.log(Level.SEVERE, "WSS1414.error.extracting.symmetrickey", new Object[]{e5.getMessage()});
                    throw new XWSSecurityException(e5);
                }
            } else if (PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy3)) {
                SecurityUtil.resolveIssuedToken(filterProcessingContext, (IssuedTokenKeyBinding) wSSPolicy3);
            } else if (PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy3)) {
                WSSPolicy originalKeyBinding = ((DerivedTokenKeyBinding) wSSPolicy3.clone()).getOriginalKeyBinding();
                if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding)) {
                    String encryptionAlgorithm3 = filterProcessingContext.getAlgorithmSuite() != null ? filterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm() : "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
                    SymmetricKeyBinding symmetricKeyBinding2 = (SymmetricKeyBinding) originalKeyBinding.clone();
                    SecretKey secretKey2 = null;
                    boolean equals3 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
                    boolean equals4 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
                    boolean z3 = !equals4;
                    boolean z4 = equals3 && equals4 && getReceivedSecret(filterProcessingContext) != null;
                    WSSPolicy wSSPolicy8 = (WSSPolicy) originalKeyBinding.getKeyBinding();
                    if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy8)) {
                        if (!z4) {
                            try {
                                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding3 = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy8.clone();
                                x509CertificateBinding3.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding3.getCertificateIdentifier(), false));
                                filterProcessingContext.setX509CertificateBinding(x509CertificateBinding3);
                            } catch (Exception e6) {
                                log.log(Level.SEVERE, "WSS1413.error.extracting.certificate", (Throwable) e6);
                                throw new XWSSecurityException(e6);
                            }
                        }
                    } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy8)) {
                        AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding3 = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy8;
                        KerberosContext kerberosContext3 = null;
                        if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                            kerberosContext3 = filterProcessingContext.getKerberosContext();
                        }
                        if (kerberosContext3 == null) {
                            log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                            throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                        }
                        kerberosTokenBinding3.setTokenValue(kerberosContext3.getKerberosToken());
                        secretKey2 = kerberosContext3.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(encryptionAlgorithm3));
                        kerberosTokenBinding3.setSecretKey(secretKey2);
                        filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding3);
                    }
                    if (!PolicyTypeUtil.kerberosTokenBinding(wSSPolicy8)) {
                        if (z4) {
                            secretKey2 = getReceivedSecret(filterProcessingContext);
                        } else if (equals4 || z3) {
                            secretKey2 = SecurityUtil.generateSymmetricKey(encryptionAlgorithm3);
                        }
                    }
                    symmetricKeyBinding2.setSecretKey(secretKey2);
                    filterProcessingContext.setSymmetricKeyBinding(symmetricKeyBinding2);
                } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding)) {
                    SecurityUtil.resolveSCT(filterProcessingContext, (SecureConversationTokenKeyBinding) originalKeyBinding);
                } else if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding)) {
                    SecurityUtil.resolveIssuedToken(filterProcessingContext, (IssuedTokenKeyBinding) originalKeyBinding);
                }
            } else {
                if (!PolicyTypeUtil.secureConversationTokenKeyBinding(wSSPolicy3)) {
                    log.log(Level.SEVERE, "WSS1419.unsupported.keybinding.signature");
                    throw new XWSSecurityException("Unsupported KeyBinding for SignaturePolicy");
                }
                SecurityUtil.resolveSCT(filterProcessingContext, (SecureConversationTokenKeyBinding) wSSPolicy3);
            }
        }
        filterProcessingContext.setSecurityPolicy(signaturePolicy);
        sign(filterProcessingContext);
    }

    private static void sign(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext instanceof JAXBFilterProcessingContext) {
            com.sun.xml.ws.security.opt.impl.dsig.SignatureProcessor.sign((JAXBFilterProcessingContext) filterProcessingContext);
        } else {
            SignatureProcessor.sign(filterProcessingContext);
        }
    }

    private static SecretKey getReceivedSecret(FilterProcessingContext filterProcessingContext) {
        return (SecretKey) filterProcessingContext.getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE);
    }
}
