package com.sun.xml.wss.impl.misc;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.keys.KeyInfo;
import com.sun.org.apache.xml.internal.security.keys.content.KeyValue;
import com.sun.org.apache.xml.internal.security.keys.content.X509Data;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.EncryptedKeyToken;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.ReferenceElement;
import com.sun.xml.wss.core.SecurityToken;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.X509SecurityToken;
import com.sun.xml.wss.core.reference.DirectReference;
import com.sun.xml.wss.core.reference.KeyIdentifier;
import com.sun.xml.wss.core.reference.X509IssuerSerial;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.EncryptionPolicy;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.saml.Assertion;
import com.sun.xml.wss.saml.AssertionUtil;
import com.sun.xml.wss.saml.util.SAMLUtil;
import java.math.BigInteger;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.xml.soap.SOAPElement;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/xws-security-2.0-FCS.jar:com/sun/xml/wss/impl/misc/KeyResolver.class */
public class KeyResolver {
    private static Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v20, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v22, types: [java.security.Key] */
    public static Key getKey(KeyInfoHeaderBlock keyInfoHeaderBlock, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        SecretKey resolveX509Data;
        filterProcessingContext.getTokenCache();
        try {
            SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
            if (keyInfoHeaderBlock.containsSecurityTokenReference()) {
                return processSecurityTokenReference(keyInfoHeaderBlock, z, filterProcessingContext);
            }
            if (keyInfoHeaderBlock.containsKeyName()) {
                EncryptionPolicy encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getInferredPolicy();
                String keyNameString = keyInfoHeaderBlock.getKeyNameString(0);
                if (encryptionPolicy != null) {
                    ((SymmetricKeyBinding) encryptionPolicy.newSymmetricKeyBinding()).setKeyIdentifier(keyNameString);
                }
                resolveX509Data = filterProcessingContext.getSecurityEnvironment().getSecretKey(filterProcessingContext.getExtraneousProperties(), keyNameString, false);
            } else if (keyInfoHeaderBlock.containsKeyValue()) {
                resolveX509Data = resolveKeyValue(securableSoapMessage, keyInfoHeaderBlock.getKeyValue(0), z, filterProcessingContext);
            } else {
                if (!keyInfoHeaderBlock.containsX509Data()) {
                    log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
                    XWSSecurityException xWSSecurityException = new XWSSecurityException("Support for processing information in the given ds:KeyInfo is not present");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, xWSSecurityException.getMessage(), xWSSecurityException);
                }
                resolveX509Data = resolveX509Data(securableSoapMessage, keyInfoHeaderBlock.getX509Data(0), z, filterProcessingContext);
            }
            if (resolveX509Data != null) {
                return resolveX509Data;
            }
            log.log(Level.SEVERE, "WSS0600.illegal.token.reference");
            XWSSecurityException xWSSecurityException2 = new XWSSecurityException("Referenced security token could not be retrieved");
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, xWSSecurityException2.getMessage(), xWSSecurityException2);
        } catch (XWSSecurityException e) {
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, e.getMessage(), e);
        } catch (WssSoapFaultException e2) {
            throw e2;
        }
    }

    public static Key resolveSamlAssertion(SecurableSoapMessage securableSoapMessage, Assertion assertion, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        try {
            KeyInfo keyInfo = new KeyInfo(AssertionUtil.getSubjectConfirmationKeyInfo(assertion.toElement(null)), (String) null);
            if (keyInfo.containsKeyValue()) {
                return resolveKeyValue(securableSoapMessage, keyInfo.itemKeyValue(0), z, filterProcessingContext);
            }
            if (keyInfo.containsX509Data()) {
                return resolveX509Data(securableSoapMessage, keyInfo.itemX509Data(0), z, filterProcessingContext);
            }
            log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
            throw new XWSSecurityException("Unsupported Key Information");
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v126, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v139, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v75, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v77, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v85, types: [java.security.Key] */
    public static Key processSecurityTokenReference(KeyInfoHeaderBlock keyInfoHeaderBlock, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        PublicKey publicKey;
        HashMap tokenCache = filterProcessingContext.getTokenCache();
        SecurableSoapMessage securableSoapMessage = filterProcessingContext.getSecurableSoapMessage();
        SecurityTokenReference securityTokenReference = keyInfoHeaderBlock.getSecurityTokenReference(0);
        ReferenceElement reference = securityTokenReference.getReference();
        EncryptionPolicy encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getInferredPolicy();
        if (reference instanceof KeyIdentifier) {
            KeyIdentifier keyIdentifier = (KeyIdentifier) reference;
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier".equals(keyIdentifier.getValueType()) || MessageConstants.X509v3SubjectKeyIdentifier_NS.equals(keyIdentifier.getValueType())) {
                if (encryptionPolicy != null) {
                    ((AuthenticationTokenPolicy.X509CertificateBinding) encryptionPolicy.newX509CertificateKeyBinding()).setReferenceType("Identifier");
                }
                publicKey = z ? filterProcessingContext.getSecurityEnvironment().getPublicKey(filterProcessingContext.getExtraneousProperties(), getDecodedBase64EncodedData(keyIdentifier.getReferenceValue())) : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), getDecodedBase64EncodedData(keyIdentifier.getReferenceValue()));
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(keyIdentifier.getValueType())) {
                if (encryptionPolicy != null) {
                    ((AuthenticationTokenPolicy.SAMLAssertionBinding) encryptionPolicy.newSAMLAssertionKeyBinding()).setReferenceType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                }
                publicKey = resolveSamlAssertion(securableSoapMessage, resolveSAMLToken(securityTokenReference, keyIdentifier.getDecodedReferenceValue(), filterProcessingContext), z, filterProcessingContext);
            } else {
                if (encryptionPolicy != null) {
                }
                Assertion assertion = null;
                try {
                    assertion = resolveSAMLToken(securityTokenReference, keyIdentifier.getDecodedReferenceValue(), filterProcessingContext);
                } catch (Exception e) {
                }
                publicKey = assertion != null ? resolveSamlAssertion(securableSoapMessage, assertion, z, filterProcessingContext) : z ? filterProcessingContext.getSecurityEnvironment().getPublicKey(filterProcessingContext.getExtraneousProperties(), getDecodedBase64EncodedData(keyIdentifier.getReferenceValue())) : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), getDecodedBase64EncodedData(keyIdentifier.getReferenceValue()));
            }
        } else if (reference instanceof DirectReference) {
            String uri = ((DirectReference) reference).getURI();
            String valueType = ((DirectReference) reference).getValueType();
            if (encryptionPolicy != null) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = (AuthenticationTokenPolicy.X509CertificateBinding) encryptionPolicy.newX509CertificateKeyBinding();
                x509CertificateBinding.setReferenceType("Direct");
                x509CertificateBinding.setValueType(valueType);
            }
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(valueType)) {
                publicKey = resolveX509Token(securableSoapMessage, (X509SecurityToken) resolveToken(SecurableSoapMessage.getIdFromFragmentRef(uri), tokenCache, securableSoapMessage), z, filterProcessingContext);
            } else {
                if (null != valueType) {
                    log.log(Level.SEVERE, "WSS0337.unsupported.directref.mechanism", new Object[]{((DirectReference) reference).getValueType()});
                    XWSSecurityException xWSSecurityException = new XWSSecurityException(new StringBuffer().append("unsupported directreference ValueType ").append(((DirectReference) reference).getValueType()).toString());
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, xWSSecurityException.getMessage(), xWSSecurityException);
                }
                SecurityToken resolveToken = resolveToken(SecurableSoapMessage.getIdFromFragmentRef(uri), tokenCache, securableSoapMessage);
                if (resolveToken instanceof X509SecurityToken) {
                    publicKey = resolveX509Token(securableSoapMessage, (X509SecurityToken) resolveToken, z, filterProcessingContext);
                } else {
                    if (!(resolveToken instanceof EncryptedKeyToken)) {
                        String stringBuffer = new StringBuffer().append(" Cannot Resolve URI ").append(uri).toString();
                        log.log(Level.SEVERE, "WSS0337.unsupported.directref.mechanism", new Object[]{stringBuffer});
                        XWSSecurityException xWSSecurityException2 = new XWSSecurityException(stringBuffer);
                        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, xWSSecurityException2.getMessage(), xWSSecurityException2);
                    }
                    KeyInfoHeaderBlock keyInfo = ((EncryptedKeyToken) resolveToken).getKeyInfo();
                    keyInfo.getSecurityTokenReference(0).getReference();
                    publicKey = ((EncryptedKeyToken) resolveToken).getSecretKey(getKey(keyInfo, true, filterProcessingContext));
                }
            }
        } else {
            if (!(reference instanceof X509IssuerSerial)) {
                log.log(Level.SEVERE, "WSS0338.unsupported.reference.mechanism");
                XWSSecurityException xWSSecurityException3 = new XWSSecurityException("Key reference mechanism not supported");
                throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, xWSSecurityException3.getMessage(), xWSSecurityException3);
            }
            BigInteger serialNumber = ((X509IssuerSerial) reference).getSerialNumber();
            String issuerName = ((X509IssuerSerial) reference).getIssuerName();
            publicKey = z ? filterProcessingContext.getSecurityEnvironment().getPublicKey(filterProcessingContext.getExtraneousProperties(), serialNumber, issuerName) : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), serialNumber, issuerName);
        }
        return publicKey;
    }

    public static Key resolveX509Token(SecurableSoapMessage securableSoapMessage, X509SecurityToken x509SecurityToken, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        if (!z) {
            return filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), x509SecurityToken.getCertificate());
        }
        X509Certificate certificate = x509SecurityToken.getCertificate();
        filterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(filterProcessingContext), certificate);
        return certificate.getPublicKey();
    }

    public static Key resolveKeyValue(SecurableSoapMessage securableSoapMessage, KeyValue keyValue, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        keyValue.getElement().normalize();
        try {
            return z ? keyValue.getPublicKey() : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), keyValue.getPublicKey(), false);
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0601.illegal.key.value", e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    public static Key resolveX509Data(SecurableSoapMessage securableSoapMessage, X509Data x509Data, boolean z, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        x509Data.getElement().normalize();
        try {
            if (x509Data.containsCertificate()) {
                X509Certificate x509Certificate = x509Data.itemCertificate(0).getX509Certificate();
                return z ? x509Certificate.getPublicKey() : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), x509Certificate);
            }
            if (x509Data.containsSKI()) {
                return z ? filterProcessingContext.getSecurityEnvironment().getPublicKey(filterProcessingContext.getExtraneousProperties(), x509Data.itemSKI(0).getSKIBytes()) : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), x509Data.itemSKI(0).getSKIBytes());
            }
            if (x509Data.containsSubjectName()) {
                log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
                throw new XWSSecurityException("X509SubjectName child element of X509Data is not yet supported by our implementation");
            }
            if (x509Data.containsIssuerSerial()) {
                return z ? filterProcessingContext.getSecurityEnvironment().getPublicKey(filterProcessingContext.getExtraneousProperties(), x509Data.itemIssuerSerial(0).getSerialNumber(), x509Data.itemIssuerSerial(0).getIssuerName()) : filterProcessingContext.getSecurityEnvironment().getPrivateKey(filterProcessingContext.getExtraneousProperties(), x509Data.itemIssuerSerial(0).getSerialNumber(), x509Data.itemIssuerSerial(0).getIssuerName());
            }
            log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
            throw new XWSSecurityException("Unsupported child element of X509Data encountered");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0602.illegal.x509.data", e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    private static byte[] getDecodedBase64EncodedData(String str) throws XWSSecurityException {
        try {
            return com.sun.org.apache.xml.internal.security.utils.Base64.decode(str);
        } catch (Base64DecodingException e) {
            throw new XWSSecurityException("Unable to decode Base64 encoded data", e);
        }
    }

    private static SecurityToken resolveToken(String str, HashMap hashMap, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        try {
            SecurityToken securityToken = (SecurityToken) hashMap.get(str);
            if (securityToken != null) {
                return securityToken;
            }
            Element elementById = securableSoapMessage.getElementById(str);
            elementById.normalize();
            if (elementById == null) {
                throw new XWSSecurityException("Token not found");
            }
            if ("BinarySecurityToken".equals(elementById.getLocalName())) {
                securityToken = new X509SecurityToken((SOAPElement) elementById);
            } else if ("EncryptedKey".equals(elementById.getLocalName())) {
                securityToken = new EncryptedKeyToken((SOAPElement) elementById);
            }
            hashMap.put(str, securityToken);
            return securityToken;
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    private static Assertion resolveSAMLToken(SecurityTokenReference securityTokenReference, String str, FilterProcessingContext filterProcessingContext) throws XWSSecurityException {
        Assertion assertion = (Assertion) filterProcessingContext.getTokenCache().get(str);
        if (assertion != null) {
            return assertion;
        }
        Element locateSAMLAssertion = securityTokenReference.getSamlAuthorityBinding() != null ? filterProcessingContext.getSecurityEnvironment().locateSAMLAssertion(filterProcessingContext.getExtraneousProperties(), securityTokenReference.getSamlAuthorityBinding(), str, filterProcessingContext.getSOAPMessage().getSOAPPart()) : SAMLUtil.locateSamlAssertion(str, filterProcessingContext.getSOAPMessage().getSOAPPart());
        addAuthorityId(locateSAMLAssertion, filterProcessingContext);
        try {
            Assertion fromElement = AssertionUtil.fromElement(locateSAMLAssertion);
            filterProcessingContext.getTokenCache().put(str, fromElement);
            return fromElement;
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    private static void addAuthorityId(Element element, FilterProcessingContext filterProcessingContext) {
        EncryptionPolicy encryptionPolicy = (EncryptionPolicy) filterProcessingContext.getInferredPolicy();
        if (encryptionPolicy != null) {
            ((AuthenticationTokenPolicy.SAMLAssertionBinding) encryptionPolicy.getKeyBinding()).setAuthorityIdentifier(element.getAttribute("Issuer"));
        }
    }
}
