package com.sun.xml.wss.impl.filter;

import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.enc.EncryptionProcessor;
import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.HarnessUtil;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.logging.LogDomainConstants;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import org.w3c.dom.Element;

/* loaded from: input_file:spg-ui-war-2.1.37rel-2.1.24.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/filter/EncryptionFilter.class */
public class EncryptionFilter {
    protected static final Logger log = Logger.getLogger(LogDomainConstants.IMPL_FILTER_DOMAIN, LogDomainConstants.IMPL_FILTER_DOMAIN_BUNDLE);

    public static void process(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext.isInboundMessage()) {
            if (filterProcessingContext.makeDynamicPolicyCallback()) {
                WSSPolicy wSSPolicy = (WSSPolicy) filterProcessingContext.getSecurityPolicy();
                try {
                    ((EncryptionPolicy) wSSPolicy).isReadOnly(true);
                    DynamicApplicationContext dynamicApplicationContext = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                    dynamicApplicationContext.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                    dynamicApplicationContext.inBoundMessage(true);
                    DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(wSSPolicy, dynamicApplicationContext);
                    ProcessingContext.copy(dynamicApplicationContext.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                    HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                    filterProcessingContext.setSecurityPolicy((EncryptionPolicy) dynamicPolicyCallback.getSecurityPolicy());
                } catch (Exception e) {
                    log.log(Level.SEVERE, "WSS1420.dynamic.policy.signature", new Object[]{e.getMessage()});
                    throw new XWSSecurityException(e);
                }
            }
            DecryptionProcessor.decrypt(filterProcessingContext);
            return;
        }
        EncryptionPolicy encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getSecurityPolicy();
        EncryptionPolicy encryptionPolicy2 = encryptionPolicy;
        boolean equals = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicyReceiver"));
        boolean equals2 = "true".equals(filterProcessingContext.getExtraneousProperty("EnableWSS11PolicySender"));
        boolean z = equals && equals2 && getReceivedSecret(filterProcessingContext) != null;
        boolean z2 = !equals2;
        if (filterProcessingContext.makeDynamicPolicyCallback()) {
            try {
                encryptionPolicy.isReadOnly(true);
                DynamicApplicationContext dynamicApplicationContext2 = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                dynamicApplicationContext2.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                dynamicApplicationContext2.inBoundMessage(false);
                DynamicPolicyCallback dynamicPolicyCallback2 = new DynamicPolicyCallback(encryptionPolicy, dynamicApplicationContext2);
                ProcessingContext.copy(dynamicApplicationContext2.getRuntimeProperties(), filterProcessingContext.getExtraneousProperties());
                HarnessUtil.makeDynamicPolicyCallback(dynamicPolicyCallback2, filterProcessingContext.getSecurityEnvironment().getCallbackHandler());
                encryptionPolicy2 = (EncryptionPolicy) dynamicPolicyCallback2.getSecurityPolicy();
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS1412.error.processing.dynamicpolicy", new Object[]{e2.getMessage()});
                throw new XWSSecurityException(e2);
            }
        } else {
            WSSPolicy wSSPolicy2 = (WSSPolicy) encryptionPolicy.getKeyBinding();
            String str = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
            String dataEncryptionAlgorithm = ((EncryptionPolicy.FeatureBinding) encryptionPolicy.getFeatureBinding()).getDataEncryptionAlgorithm();
            if ((dataEncryptionAlgorithm == null || "".equals(dataEncryptionAlgorithm)) && filterProcessingContext.getAlgorithmSuite() != null) {
                dataEncryptionAlgorithm = filterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm();
            }
            if (dataEncryptionAlgorithm != null && !"".equals(dataEncryptionAlgorithm)) {
                str = dataEncryptionAlgorithm;
            }
            if (PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy2)) {
                DerivedTokenKeyBinding derivedTokenKeyBinding = (DerivedTokenKeyBinding) wSSPolicy2.clone();
                WSSPolicy originalKeyBinding = derivedTokenKeyBinding.getOriginalKeyBinding();
                if (PolicyTypeUtil.x509CertificateBinding(originalKeyBinding)) {
                    AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) originalKeyBinding.clone();
                    SymmetricKeyBinding symmetricKeyBinding = new SymmetricKeyBinding();
                    symmetricKeyBinding.setKeyBinding(x509CertificateBinding);
                    derivedTokenKeyBinding.setOriginalKeyBinding(symmetricKeyBinding);
                    wSSPolicy2 = derivedTokenKeyBinding;
                }
            }
            if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy2)) {
                try {
                    AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy2.clone();
                    x509CertificateBinding2.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding2.getCertificateIdentifier(), false));
                    filterProcessingContext.setX509CertificateBinding(x509CertificateBinding2);
                } catch (Exception e3) {
                    log.log(Level.SEVERE, "WSS1413.error.extracting.certificate", (Throwable) e3);
                    throw new XWSSecurityException(e3);
                }
            } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy2)) {
                AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy2.clone();
                KerberosContext kerberosContext = null;
                if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                    kerberosContext = filterProcessingContext.getKerberosContext();
                }
                if (kerberosContext == null) {
                    log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                    throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                }
                kerberosTokenBinding.setTokenValue(kerberosContext.getKerberosToken());
                kerberosTokenBinding.setSecretKey(kerberosContext.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(str)));
                filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding);
            } else if (PolicyTypeUtil.symmetricKeyBinding(wSSPolicy2)) {
                try {
                    SymmetricKeyBinding symmetricKeyBinding2 = (SymmetricKeyBinding) wSSPolicy2.clone();
                    String keyIdentifier = symmetricKeyBinding2.getKeyIdentifier();
                    SecretKey secretKey = null;
                    WSSPolicy wSSPolicy3 = (WSSPolicy) symmetricKeyBinding2.getKeyBinding();
                    if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy3)) {
                        if (!z) {
                            try {
                                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding3 = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy3.clone();
                                x509CertificateBinding3.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding3.getCertificateIdentifier(), false));
                                filterProcessingContext.setX509CertificateBinding(x509CertificateBinding3);
                            } catch (Exception e4) {
                                log.log(Level.SEVERE, "WSS1413.error.extracting.certificate", (Throwable) e4);
                                throw new XWSSecurityException(e4);
                            }
                        }
                    } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy3)) {
                        AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding2 = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy3;
                        KerberosContext kerberosContext2 = null;
                        if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                            kerberosContext2 = filterProcessingContext.getKerberosContext();
                        }
                        if (kerberosContext2 == null) {
                            log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                            throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                        }
                        kerberosTokenBinding2.setTokenValue(kerberosContext2.getKerberosToken());
                        secretKey = kerberosContext2.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(str));
                        kerberosTokenBinding2.setSecretKey(secretKey);
                        filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding2);
                    }
                    if (!PolicyTypeUtil.kerberosTokenBinding(wSSPolicy3)) {
                        if (!keyIdentifier.equals(MessageConstants._EMPTY)) {
                            secretKey = filterProcessingContext.getSecurityEnvironment().getSecretKey(filterProcessingContext.getExtraneousProperties(), keyIdentifier, true);
                        } else if (z) {
                            secretKey = getReceivedSecret(filterProcessingContext);
                        } else if (equals2 || z2) {
                            secretKey = SecurityUtil.generateSymmetricKey(str);
                        }
                    }
                    symmetricKeyBinding2.setSecretKey(secretKey);
                    filterProcessingContext.setSymmetricKeyBinding(symmetricKeyBinding2);
                } catch (Exception e5) {
                    log.log(Level.SEVERE, "WSS1414.error.extracting.symmetrickey", new Object[]{e5.getMessage()});
                    throw new XWSSecurityException(e5);
                }
            } else if (PolicyTypeUtil.samlTokenPolicy(wSSPolicy2)) {
                WSSPolicy wSSPolicy4 = (WSSPolicy) encryptionPolicy.getKeyBinding();
                DynamicApplicationContext dynamicApplicationContext3 = new DynamicApplicationContext(filterProcessingContext.getPolicyContext());
                dynamicApplicationContext3.setMessageIdentifier(filterProcessingContext.getMessageIdentifier());
                dynamicApplicationContext3.inBoundMessage(false);
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) wSSPolicy4;
                sAMLAssertionBinding.isReadOnly(true);
                AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding2 = new AuthenticationTokenPolicy.SAMLAssertionBinding();
                if (filterProcessingContext.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION) == null) {
                    sAMLAssertionBinding2 = filterProcessingContext.getSecurityEnvironment().populateSAMLPolicy(filterProcessingContext.getExtraneousProperties(), sAMLAssertionBinding, dynamicApplicationContext3);
                } else {
                    Object extraneousProperty = filterProcessingContext.getExtraneousProperty(MessageConstants.INCOMING_SAML_ASSERTION);
                    if (extraneousProperty instanceof Element) {
                        sAMLAssertionBinding2.setAssertion((Element) extraneousProperty);
                        if (sAMLAssertionBinding2.getAssertion() == null) {
                            log.log(Level.SEVERE, "WSS1415.saml.assertion.notset");
                            throw new XWSSecurityException("SAML Assertion not set by CallbackHandler  for Encryption Processing");
                        }
                    }
                }
                encryptionPolicy.setKeyBinding(sAMLAssertionBinding2);
                encryptionPolicy2 = encryptionPolicy;
            } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(wSSPolicy2)) {
                SecurityUtil.resolveSCT(filterProcessingContext, (SecureConversationTokenKeyBinding) wSSPolicy2);
            } else if (PolicyTypeUtil.issuedTokenKeyBinding(wSSPolicy2)) {
                SecurityUtil.resolveIssuedToken(filterProcessingContext, (IssuedTokenKeyBinding) wSSPolicy2);
            } else {
                if (!PolicyTypeUtil.derivedTokenKeyBinding(wSSPolicy2)) {
                    log.log(Level.SEVERE, "WSS1422.unsupported.keybinding.EncryptionPolicy");
                    throw new XWSSecurityException("Unsupported KeyBinding for EncryptionPolicy");
                }
                WSSPolicy originalKeyBinding2 = ((DerivedTokenKeyBinding) wSSPolicy2.clone()).getOriginalKeyBinding();
                if (PolicyTypeUtil.symmetricKeyBinding(originalKeyBinding2)) {
                    SymmetricKeyBinding symmetricKeyBinding3 = (SymmetricKeyBinding) originalKeyBinding2.clone();
                    SecretKey secretKey2 = null;
                    WSSPolicy wSSPolicy5 = (WSSPolicy) originalKeyBinding2.getKeyBinding();
                    if (PolicyTypeUtil.x509CertificateBinding(wSSPolicy5)) {
                        if (!z) {
                            try {
                                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding4 = (AuthenticationTokenPolicy.X509CertificateBinding) wSSPolicy5.clone();
                                x509CertificateBinding4.setX509Certificate(filterProcessingContext.getSecurityEnvironment().getCertificate(filterProcessingContext.getExtraneousProperties(), x509CertificateBinding4.getCertificateIdentifier(), false));
                                filterProcessingContext.setX509CertificateBinding(x509CertificateBinding4);
                            } catch (Exception e6) {
                                log.log(Level.SEVERE, "WSS1413.error.extracting.certificate", (Throwable) e6);
                                throw new XWSSecurityException(e6);
                            }
                        }
                    } else if (PolicyTypeUtil.kerberosTokenBinding(wSSPolicy5)) {
                        AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding3 = (AuthenticationTokenPolicy.KerberosTokenBinding) wSSPolicy5;
                        KerberosContext kerberosContext3 = null;
                        if (((String) filterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE)) != null) {
                            kerberosContext3 = filterProcessingContext.getKerberosContext();
                        }
                        if (kerberosContext3 == null) {
                            log.log(Level.SEVERE, "WSS1423.kerberos.context.notset");
                            throw new XWSSecurityException("WSS1423.kerberos.context.notset");
                        }
                        kerberosTokenBinding3.setTokenValue(kerberosContext3.getKerberosToken());
                        secretKey2 = kerberosContext3.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(str));
                        kerberosTokenBinding3.setSecretKey(secretKey2);
                        filterProcessingContext.setKerberosTokenBinding(kerberosTokenBinding3);
                    }
                    if (!PolicyTypeUtil.kerberosTokenBinding(wSSPolicy5)) {
                        if (z) {
                            secretKey2 = getReceivedSecret(filterProcessingContext);
                        } else if (equals2 || z2) {
                            secretKey2 = SecurityUtil.generateSymmetricKey(str);
                        }
                    }
                    symmetricKeyBinding3.setSecretKey(secretKey2);
                    filterProcessingContext.setSymmetricKeyBinding(symmetricKeyBinding3);
                } else if (PolicyTypeUtil.secureConversationTokenKeyBinding(originalKeyBinding2)) {
                    SecurityUtil.resolveSCT(filterProcessingContext, (SecureConversationTokenKeyBinding) originalKeyBinding2);
                } else if (PolicyTypeUtil.issuedTokenKeyBinding(originalKeyBinding2)) {
                    SecurityUtil.resolveIssuedToken(filterProcessingContext, (IssuedTokenKeyBinding) originalKeyBinding2);
                }
            }
        }
        filterProcessingContext.setSecurityPolicy(encryptionPolicy2);
        encrypt(filterProcessingContext);
    }

    private static void encrypt(FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (filterProcessingContext instanceof JAXBFilterProcessingContext) {
            new EncryptionProcessor().process((JAXBFilterProcessingContext) filterProcessingContext);
        } else {
            com.sun.xml.wss.impl.apachecrypto.EncryptionProcessor.encrypt(filterProcessingContext);
        }
    }

    private static SecretKey getReceivedSecret(FilterProcessingContext filterProcessingContext) {
        return (SecretKey) filterProcessingContext.getExtraneousProperty(MessageConstants.SECRET_KEY_VALUE);
    }
}
