package org.apache.cxf.ws.security.trust;

import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.net.URL;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ModCountCopyOnWriteArrayList;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.Configurable;
import org.apache.cxf.configuration.Configurer;
import org.apache.cxf.databinding.source.SourceDataBinding;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.endpoint.ClientImpl;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.endpoint.EndpointImpl;
import org.apache.cxf.feature.AbstractFeature;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.interceptor.InterceptorProvider;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.message.Message;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.addressing.VersionTransformer;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.mex.MetadataExchange;
import org.apache.cxf.ws.mex.model._2004_09.MetadataSection;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyConstants;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.ProtectionToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
import org.apache.cxf.wsdl.EndpointReferenceUtils;
import org.apache.cxf.wsdl.WSDLManager;
import org.apache.cxf.wsdl11.WSDLServiceFactory;
import org.apache.neethi.All;
import org.apache.neethi.Assertion;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyComponent;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.processor.X509Util;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.opensaml.ws.wssecurity.KeyIdentifier;
import org.opensaml.ws.wstrust.BinaryExchange;
import org.opensaml.ws.wstrust.BinarySecret;
import org.opensaml.ws.wstrust.CancelTarget;
import org.opensaml.ws.wstrust.ComputedKey;
import org.opensaml.ws.wstrust.ComputedKeyAlgorithm;
import org.opensaml.ws.wstrust.Entropy;
import org.opensaml.ws.wstrust.Lifetime;
import org.opensaml.ws.wstrust.OnBehalfOf;
import org.opensaml.ws.wstrust.RenewTarget;
import org.opensaml.ws.wstrust.RequestSecurityToken;
import org.opensaml.ws.wstrust.RequestSecurityTokenResponseCollection;
import org.opensaml.ws.wstrust.RequestedAttachedReference;
import org.opensaml.ws.wstrust.RequestedProofToken;
import org.opensaml.ws.wstrust.RequestedUnattachedReference;
import org.opensaml.ws.wstrust.UseKey;
import org.opensaml.ws.wstrust.ValidateTarget;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:fuse-esb-7.0.1.fuse-SNAPSHOT/system/org/apache/cxf/cxf-bundle/2.5.0.fuse-70-079/cxf-bundle-2.5.0.fuse-70-079.jar:org/apache/cxf/ws/security/trust/STSClient.class */
public class STSClient implements Configurable, InterceptorProvider {
    private static final Logger LOG = LogUtils.getL7dLogger(STSClient.class);
    protected Bus bus;
    protected Client client;
    protected String location;
    protected String wsdlLocation;
    protected QName serviceName;
    protected QName endpointName;
    protected Policy policy;
    protected Element template;
    protected Element claims;
    protected AlgorithmSuite algorithmSuite;
    protected String addressingNamespace;
    protected Object onBehalfOf;
    protected boolean useCertificateForConfirmationKeyInfo;
    protected boolean isSecureConv;
    protected boolean isSpnego;
    protected boolean enableLifetime;
    protected Object actAs;
    protected String tokenType;
    protected String keyType;
    protected Message message;
    protected String context;
    protected List<AbstractFeature> features;
    protected String name = "default.sts-client";
    protected String soapVersion = "http://schemas.xmlsoap.org/soap/";
    protected int keySize = 256;
    protected boolean requiresEntropy = true;
    protected String namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    protected boolean enableAppliesTo = true;
    protected int ttl = 300;
    protected boolean sendKeyType = true;
    protected Map<String, Object> ctx = new HashMap();
    protected List<Interceptor<? extends Message>> in = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> out = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> outFault = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> inFault = new ModCountCopyOnWriteArrayList();

    public STSClient(Bus bus) {
        this.bus = bus;
    }

    @Override // org.apache.cxf.configuration.Configurable
    public String getBeanName() {
        return this.name;
    }

    public void setBeanName(String str) {
        this.name = str;
    }

    public void setLocation(String str) {
        this.location = str;
    }

    public void setMessage(Message message) {
        this.message = message;
    }

    public void setTtl(int i) {
        this.ttl = i;
    }

    public void setEnableLifetime(boolean z) {
        this.enableLifetime = z;
    }

    public void setPolicy(Object obj) {
        if (obj instanceof Policy) {
            setPolicyInternal((Policy) obj);
        } else {
            if (!(obj instanceof Element)) {
                throw new IllegalArgumentException("Unsupported policy object.  Type must be org.apache.neethi.Policy or org.w3c.dom.Element.");
            }
            setPolicyInternal((Element) obj);
        }
    }

    public void setSoap12() {
        this.soapVersion = "http://schemas.xmlsoap.org/wsdl/soap12/";
    }

    public void setSoap11() {
        this.soapVersion = "http://schemas.xmlsoap.org/soap/";
    }

    public void setSoap11(boolean z) {
        if (z) {
            setSoap11();
        } else {
            setSoap12();
        }
    }

    public void setAddressingNamespace(String str) {
        this.addressingNamespace = str;
    }

    public void setTrust(Trust10 trust10) {
        if (trust10 != null) {
            this.namespace = "http://schemas.xmlsoap.org/ws/2005/02/trust";
            this.requiresEntropy = trust10.isRequireClientEntropy();
        }
    }

    public void setTrust(Trust13 trust13) {
        if (trust13 != null) {
            this.namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            this.requiresEntropy = trust13.isRequireClientEntropy();
        }
    }

    public boolean isRequiresEntropy() {
        return this.requiresEntropy;
    }

    public void setRequiresEntropy(boolean z) {
        this.requiresEntropy = z;
    }

    public boolean isSecureConv() {
        return this.isSecureConv;
    }

    public void setSecureConv(boolean z) {
        this.isSecureConv = z;
    }

    public boolean isSpnego() {
        return this.isSpnego;
    }

    public void setSpnego(boolean z) {
        this.isSpnego = z;
    }

    public boolean isEnableAppliesTo() {
        return this.enableAppliesTo;
    }

    public void setEnableAppliesTo(boolean z) {
        this.enableAppliesTo = z;
    }

    public String getContext() {
        return this.context;
    }

    public void setContext(String str) {
        this.context = str;
    }

    public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
        this.algorithmSuite = algorithmSuite;
    }

    public Map<String, Object> getRequestContext() {
        return this.ctx;
    }

    public void setProperties(Map<String, Object> map) {
        this.ctx.putAll(map);
    }

    public Map<String, Object> getProperties() {
        return this.ctx;
    }

    public void setWsdlLocation(String str) {
        this.wsdlLocation = str;
    }

    public String getWsdlLocation() {
        return this.wsdlLocation;
    }

    public void setServiceName(String str) {
        this.serviceName = QName.valueOf(str);
    }

    public void setEndpointName(String str) {
        this.endpointName = QName.valueOf(str);
    }

    public void setServiceQName(QName qName) {
        this.serviceName = qName;
    }

    public QName getServiceQName() {
        return this.serviceName;
    }

    public void setEndpointQName(QName qName) {
        this.endpointName = qName;
    }

    public QName getEndpointQName() {
        return this.endpointName;
    }

    public void setActAs(Object obj) {
        this.actAs = obj;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public void setTokenType(String str) {
        this.tokenType = str;
    }

    public String getTokenType() {
        return this.tokenType;
    }

    public void setSendKeyType(boolean z) {
        this.sendKeyType = z;
    }

    public void setKeyType(String str) {
        this.keyType = str;
    }

    @Deprecated
    public void setOnBehalfOfElement(Element element) {
        this.onBehalfOf = element;
    }

    public void setOnBehalfOf(Object obj) {
        this.onBehalfOf = obj;
    }

    public void setUseCertificateForConfirmationKeyInfo(boolean z) {
        this.useCertificateForConfirmationKeyInfo = z;
    }

    public boolean isUseCertificateForConfirmationKeyInfo() {
        return this.useCertificateForConfirmationKeyInfo;
    }

    protected void setPolicyInternal(Policy policy) {
        this.policy = policy;
        if (this.algorithmSuite == null) {
            Iterator<List<Assertion>> alternatives = this.policy.getAlternatives();
            while (alternatives.hasNext() && this.algorithmSuite == null) {
                for (PolicyComponent policyComponent : CastUtils.cast((List<?>) alternatives.next())) {
                    if (policyComponent instanceof Binding) {
                        this.algorithmSuite = ((Binding) policyComponent).getAlgorithmSuite();
                    }
                }
            }
        }
    }

    protected void setPolicyInternal(Element element) {
        setPolicyInternal(((PolicyBuilder) this.bus.getExtension(PolicyBuilder.class)).getPolicy(element));
    }

    public Client getClient() throws BusException, EndpointException {
        if (this.client == null) {
            createClient();
        }
        return this.client;
    }

    public void configureViaEPR(EndpointReferenceType endpointReferenceType, boolean z) {
        if (this.client != null) {
            return;
        }
        this.location = EndpointReferenceUtils.getAddress(endpointReferenceType);
        QName serviceName = EndpointReferenceUtils.getServiceName(endpointReferenceType, this.bus);
        if (serviceName != null) {
            this.serviceName = serviceName;
            QName portQName = EndpointReferenceUtils.getPortQName(endpointReferenceType, this.bus);
            if (portQName != null) {
                this.endpointName = portQName;
            }
        }
        String wSDLLocation = EndpointReferenceUtils.getWSDLLocation(endpointReferenceType);
        if (wSDLLocation != null) {
            this.wsdlLocation = wSDLLocation;
        }
        String findMEXLocation = findMEXLocation(endpointReferenceType, z);
        if (findMEXLocation != null) {
            try {
                JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
                jaxWsProxyFactoryBean.setAddress(findMEXLocation);
                for (MetadataSection metadataSection : ((MetadataExchange) jaxWsProxyFactoryBean.create(MetadataExchange.class)).get2004().getMetadataSection()) {
                    if ("http://schemas.xmlsoap.org/wsdl/".equals(metadataSection.getDialect())) {
                        WSDLServiceFactory wSDLServiceFactory = new WSDLServiceFactory(this.bus, ((WSDLManager) this.bus.getExtension(WSDLManager.class)).getDefinition((Element) metadataSection.getAny()));
                        SourceDataBinding sourceDataBinding = new SourceDataBinding();
                        wSDLServiceFactory.setDataBinding(sourceDataBinding);
                        Service create = wSDLServiceFactory.create();
                        create.setDataBinding(sourceDataBinding);
                        for (ServiceInfo serviceInfo : create.getServiceInfos()) {
                            for (EndpointInfo endpointInfo : serviceInfo.getEndpoints()) {
                                if (endpointInfo.getAddress().equals(this.location)) {
                                    this.endpointName = endpointInfo.getName();
                                    this.serviceName = serviceInfo.getName();
                                }
                            }
                        }
                        this.client = new ClientImpl(this.bus, new EndpointImpl(this.bus, create, create.getEndpointInfo(this.endpointName)));
                    }
                }
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
    }

    protected String findMEXLocation(EndpointReferenceType endpointReferenceType, boolean z) {
        String findMEXLocation;
        if (endpointReferenceType.getMetadata() != null && endpointReferenceType.getMetadata().getAny() != null) {
            for (Object obj : endpointReferenceType.getMetadata().getAny()) {
                if ((obj instanceof Element) && (findMEXLocation = findMEXLocation((Element) obj)) != null) {
                    return findMEXLocation;
                }
            }
        }
        if (z) {
            return EndpointReferenceUtils.getAddress(endpointReferenceType);
        }
        return null;
    }

    protected String findMEXLocation(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            if (element2.getLocalName().equals("Address") && VersionTransformer.isSupported(element2.getNamespaceURI()) && "MetadataReference".equals(element.getLocalName())) {
                return DOMUtils.getContent(element2);
            }
            String findMEXLocation = findMEXLocation(element2);
            if (findMEXLocation != null) {
                return findMEXLocation;
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    protected void createClient() throws BusException, EndpointException {
        if (this.client != null) {
            return;
        }
        ((Configurer) this.bus.getExtension(Configurer.class)).configureBean(this.name, this);
        if (this.wsdlLocation != null) {
            WSDLServiceFactory wSDLServiceFactory = new WSDLServiceFactory(this.bus, this.wsdlLocation, this.serviceName);
            SourceDataBinding sourceDataBinding = new SourceDataBinding();
            wSDLServiceFactory.setDataBinding(sourceDataBinding);
            Service create = wSDLServiceFactory.create();
            create.setDataBinding(sourceDataBinding);
            this.client = new ClientImpl(this.bus, new EndpointImpl(this.bus, create, create.getEndpointInfo(this.endpointName)));
        } else {
            this.client = new ClientImpl(this.bus, STSUtils.createSTSEndpoint(this.bus, this.namespace, null, this.location, this.soapVersion, this.policy, this.endpointName));
        }
        this.client.getInFaultInterceptors().addAll(this.inFault);
        this.client.getInInterceptors().addAll(this.in);
        this.client.getOutInterceptors().addAll(this.out);
        this.client.getOutFaultInterceptors().addAll(this.outFault);
        this.in = null;
        this.out = null;
        this.inFault = null;
        this.outFault = null;
        if (this.features != null) {
            Iterator<AbstractFeature> it = this.features.iterator();
            while (it.hasNext()) {
                it.next().initialize(this.client, this.bus);
            }
        }
    }

    protected BindingOperationInfo findOperation(String str) {
        BindingInfo bindingInfo = this.client.getEndpoint().getBinding().getBindingInfo();
        for (BindingOperationInfo bindingOperationInfo : bindingInfo.getOperations()) {
            SoapOperationInfo soapOperationInfo = (SoapOperationInfo) bindingOperationInfo.getExtensor(SoapOperationInfo.class);
            if (soapOperationInfo != null && soapOperationInfo.getAction() != null && soapOperationInfo.getAction().endsWith(str)) {
                setPolicyInternal(((PolicyEngine) this.bus.getExtension(PolicyEngine.class)).getEffectiveClientRequestPolicy(this.client.getEndpoint().getEndpointInfo(), bindingOperationInfo, this.client.getConduit()).getPolicy());
                return bindingOperationInfo;
            }
        }
        for (BindingOperationInfo bindingOperationInfo2 : bindingInfo.getOperations()) {
            if (bindingOperationInfo2.getInput().getMessageInfo().getMessageParts().size() > 0 && RequestSecurityToken.ELEMENT_LOCAL_NAME.equals(bindingOperationInfo2.getInput().getMessageInfo().getMessagePart(0).getConcreteName().getLocalPart())) {
                return bindingOperationInfo2;
            }
        }
        return null;
    }

    public SecurityToken requestSecurityToken() throws Exception {
        return requestSecurityToken(null);
    }

    public SecurityToken requestSecurityToken(String str) throws Exception {
        return requestSecurityToken(str, null);
    }

    public SecurityToken requestSecurityToken(String str, String str2) throws Exception {
        String str3 = null;
        if (this.isSecureConv) {
            str3 = this.namespace + "/RST/SCT";
        }
        return requestSecurityToken(str, str3, "/Issue", null, str2);
    }

    public SecurityToken requestSecurityToken(String str, String str2, String str3, SecurityToken securityToken) throws Exception {
        return requestSecurityToken(str, str2, str3, securityToken, null);
    }

    public SecurityToken requestSecurityToken(String str, String str2, String str3, SecurityToken securityToken, String str4) throws Exception {
        createClient();
        BindingOperationInfo findOperation = findOperation("/RST/Issue");
        this.client.getRequestContext().putAll(this.ctx);
        if (str2 != null) {
            this.client.getRequestContext().put("SOAPAction", str2);
        } else {
            this.client.getRequestContext().put("SOAPAction", this.namespace + "/RST/Issue");
        }
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", RequestSecurityToken.ELEMENT_LOCAL_NAME, this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        if (this.context != null) {
            w3CDOMStreamWriter.writeAttribute(null, "Context", this.context);
        }
        boolean z = false;
        String str5 = null;
        String str6 = null;
        if (this.template != null && DOMUtils.getFirstElement(this.template) != null) {
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeStartElement("wst", "SecondaryParameters", this.namespace);
            }
            Element firstElement = DOMUtils.getFirstElement(this.template);
            while (true) {
                Element element = firstElement;
                if (element == null) {
                    break;
                }
                StaxUtils.copy(element, w3CDOMStreamWriter);
                if ("KeyType".equals(element.getLocalName())) {
                    str5 = DOMUtils.getContent(element);
                } else if ("KeySize".equals(element.getLocalName())) {
                    z = true;
                    this.keySize = Integer.parseInt(DOMUtils.getContent(element));
                } else if ("TokenType".equals(element.getLocalName())) {
                    str6 = DOMUtils.getContent(element);
                }
                firstElement = DOMUtils.getNextElement(element);
            }
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeEndElement();
            }
        }
        if (this.isSpnego) {
            this.tokenType = STSUtils.getTokenTypeSCT(this.namespace);
            this.sendKeyType = false;
        }
        addRequestType(str3, w3CDOMStreamWriter);
        if (this.enableAppliesTo) {
            addAppliesTo(w3CDOMStreamWriter, str);
        }
        addClaims(w3CDOMStreamWriter);
        Element onBehalfOfToken = getOnBehalfOfToken();
        if (onBehalfOfToken != null) {
            w3CDOMStreamWriter.writeStartElement("wst", OnBehalfOf.ELEMENT_LOCAL_NAME, this.namespace);
            StaxUtils.copy(onBehalfOfToken, w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeEndElement();
        }
        if (str6 == null) {
            addTokenType(w3CDOMStreamWriter);
        }
        if (this.isSecureConv || this.enableLifetime) {
            addLifetime(w3CDOMStreamWriter);
        }
        if (str5 == null) {
            str5 = writeKeyType(w3CDOMStreamWriter, this.keyType);
        }
        byte[] bArr = null;
        X509Certificate x509Certificate = null;
        Crypto crypto = null;
        if (this.keySize <= 0) {
            this.keySize = 256;
        }
        if (str5 != null && str5.endsWith("SymmetricKey")) {
            bArr = writeElementsForRSTSymmetricKey(w3CDOMStreamWriter, z);
        } else if (str5 != null && str5.endsWith("PublicKey")) {
            crypto = createCrypto(false);
            x509Certificate = getCert(crypto);
            writeElementsForRSTPublicKey(w3CDOMStreamWriter, x509Certificate);
        } else if (this.isSpnego) {
            addKeySize(this.keySize, w3CDOMStreamWriter);
        }
        if (securityToken != null) {
            w3CDOMStreamWriter.writeStartElement("wst", RenewTarget.ELEMENT_LOCAL_NAME, this.namespace);
            Element unattachedReference = securityToken.getUnattachedReference();
            if (unattachedReference == null) {
                unattachedReference = securityToken.getAttachedReference();
            }
            StaxUtils.copy(unattachedReference, w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeEndElement();
        }
        if (str4 != null) {
            addBinaryExchange(str4, w3CDOMStreamWriter);
        }
        Element actAsToken = getActAsToken();
        if (actAsToken != null) {
            w3CDOMStreamWriter.writeStartElement("http://docs.oasis-open.org/ws-sx/ws-trust/200802", "ActAs");
            StaxUtils.copy(actAsToken, w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeEndElement();
        }
        w3CDOMStreamWriter.writeEndElement();
        SecurityToken createSecurityToken = createSecurityToken(getDocumentElement((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0]), bArr);
        if (x509Certificate != null) {
            createSecurityToken.setX509Certificate(x509Certificate, crypto);
        }
        if (createSecurityToken.getTokenType() == null) {
            if (str6 != null) {
                createSecurityToken.setTokenType(str6);
            } else if (this.tokenType != null) {
                createSecurityToken.setTokenType(this.tokenType);
            }
        }
        return createSecurityToken;
    }

    public Element getOnBehalfOfToken() throws Exception {
        return getDelegationSecurityToken(this.onBehalfOf);
    }

    public Element getActAsToken() throws Exception {
        return getDelegationSecurityToken(this.actAs);
    }

    protected Element getDelegationSecurityToken(Object obj) throws Exception {
        if (obj == null) {
            return null;
        }
        boolean z = obj instanceof String;
        boolean z2 = obj instanceof Element;
        boolean z3 = obj instanceof CallbackHandler;
        if (!z && !z2 && !z3) {
            return null;
        }
        if (z) {
            return DOMUtils.readXml(new StringReader((String) obj)).getDocumentElement();
        }
        if (z2) {
            return (Element) obj;
        }
        DelegationCallback delegationCallback = new DelegationCallback(this.message);
        ((CallbackHandler) obj).handle(new Callback[]{delegationCallback});
        return delegationCallback.getToken();
    }

    protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter w3CDOMStreamWriter, boolean z) throws Exception {
        byte[] bArr = null;
        if (!z && (!this.isSecureConv || this.keySize != 256)) {
            addKeySize(this.keySize, w3CDOMStreamWriter);
        }
        if (this.requiresEntropy) {
            w3CDOMStreamWriter.writeStartElement("wst", Entropy.ELEMENT_LOCAL_NAME, this.namespace);
            w3CDOMStreamWriter.writeStartElement("wst", BinarySecret.ELEMENT_LOCAL_NAME, this.namespace);
            w3CDOMStreamWriter.writeAttribute("Type", this.namespace + "/Nonce");
            bArr = this.algorithmSuite == null ? WSSecurityUtil.generateNonce(this.keySize / 8) : WSSecurityUtil.generateNonce(this.algorithmSuite.getMaximumSymmetricKeyLength() / 8);
            w3CDOMStreamWriter.writeCharacters(Base64.encode(bArr));
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeStartElement("wst", ComputedKeyAlgorithm.ELEMENT_LOCAL_NAME, this.namespace);
            w3CDOMStreamWriter.writeCharacters(this.namespace + "/CK/PSHA1");
            w3CDOMStreamWriter.writeEndElement();
        }
        return bArr;
    }

    protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter w3CDOMStreamWriter, X509Certificate x509Certificate) throws Exception {
        w3CDOMStreamWriter.writeStartElement("wst", UseKey.ELEMENT_LOCAL_NAME, this.namespace);
        w3CDOMStreamWriter.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        w3CDOMStreamWriter.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
        boolean z = this.useCertificateForConfirmationKeyInfo;
        String str = (String) getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
        if (str != null) {
            z = Boolean.parseBoolean(str);
        }
        if (z) {
            X509Data x509Data = new X509Data(w3CDOMStreamWriter.getDocument());
            x509Data.addCertificate(x509Certificate);
            w3CDOMStreamWriter.getCurrentNode().appendChild(x509Data.getElement());
        } else {
            w3CDOMStreamWriter.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
            PublicKey publicKey = x509Certificate.getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            if ("DSA".equalsIgnoreCase(algorithm)) {
                w3CDOMStreamWriter.getCurrentNode().appendChild(new DSAKeyValue(w3CDOMStreamWriter.getDocument(), publicKey).getElement());
            } else if ("RSA".equalsIgnoreCase(algorithm)) {
                w3CDOMStreamWriter.getCurrentNode().appendChild(new RSAKeyValue(w3CDOMStreamWriter.getDocument(), publicKey).getElement());
            }
            w3CDOMStreamWriter.writeEndElement();
        }
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addBinaryExchange(String str, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", BinaryExchange.ELEMENT_LOCAL_NAME, this.namespace);
        w3CDOMStreamWriter.writeAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        w3CDOMStreamWriter.writeAttribute("ValueType", this.namespace + "/spnego");
        w3CDOMStreamWriter.writeCharacters(str);
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addKeySize(int i, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", "KeySize", this.namespace);
        w3CDOMStreamWriter.writeCharacters(Integer.toString(i));
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addRequestType(String str, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + str);
        w3CDOMStreamWriter.writeEndElement();
    }

    protected Element getDocumentElement(DOMSource dOMSource) {
        Node node = dOMSource.getNode();
        if (node instanceof Document) {
            node = ((Document) node).getDocumentElement();
        }
        return (Element) node;
    }

    public void renewSecurityToken(SecurityToken securityToken) throws Exception {
        String str = null;
        if (this.isSecureConv) {
            str = this.namespace + "/RST/SCT/Renew";
        }
        requestSecurityToken(securityToken.getIssuerAddress(), str, "/Renew", securityToken);
    }

    protected PrimitiveAssertion getAddressingAssertion() {
        String str = MetadataConstants.ADDR_POLICY_2004_NAMESPACE_URI;
        String str2 = "UsingAddressing";
        if ("http://www.w3.org/2005/08/addressing".equals(this.addressingNamespace)) {
            str = MetadataConstants.NAMESPACE_URI;
            str2 = MetadataConstants.ADDRESSING_ELEM_NAME;
        }
        return new PrimitiveAssertion(new QName(str, str2), true);
    }

    public List<SecurityToken> validateSecurityToken(SecurityToken securityToken) throws Exception {
        String str = this.tokenType;
        if (str == null) {
            str = this.namespace + "/RSTR/Status";
        }
        return validateSecurityToken(securityToken, str);
    }

    protected List<SecurityToken> validateSecurityToken(SecurityToken securityToken, String str) throws Exception {
        createClient();
        if (str == null) {
            str = this.tokenType;
        }
        if (str == null) {
            str = this.namespace + "/RSTR/Status";
        }
        if (this.addressingNamespace == null) {
            this.addressingNamespace = "http://www.w3.org/2005/08/addressing";
        }
        Policy policy = new Policy();
        ExactlyOne exactlyOne = new ExactlyOne();
        policy.addPolicyComponent(exactlyOne);
        All all = new All();
        exactlyOne.addPolicyComponent(all);
        all.addAssertion(getAddressingAssertion());
        this.client.getRequestContext().clear();
        this.client.getRequestContext().putAll(this.ctx);
        this.client.getRequestContext().put(SecurityConstants.TOKEN, securityToken);
        BindingOperationInfo findOperation = findOperation("/RST/Validate");
        if (findOperation == null) {
            findOperation = findOperation("/RST/Issue");
            this.client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, policy);
        }
        this.client.getRequestContext().put("SOAPAction", this.namespace + "/RST/Validate");
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", RequestSecurityToken.ELEMENT_LOCAL_NAME, this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + "/Validate");
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(str);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wst", ValidateTarget.ELEMENT_LOCAL_NAME, this.namespace);
        StaxUtils.copy(securityToken.getToken(), w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
        Element documentElement = getDocumentElement((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0]);
        if (RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME.equals(documentElement.getLocalName())) {
            documentElement = DOMUtils.getFirstElement(documentElement);
        }
        if (!"RequestSecurityTokenResponse".equals(documentElement.getLocalName())) {
            throw new Fault("Unexpected element " + documentElement.getLocalName(), LOG);
        }
        String str2 = null;
        boolean z = false;
        LinkedList linkedList = new LinkedList();
        for (Element firstElement = DOMUtils.getFirstElement(documentElement); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
            if ("Status".equals(firstElement.getLocalName())) {
                z = DOMUtils.getContent(DOMUtils.getFirstChildWithName(firstElement, firstElement.getNamespaceURI(), "Code")).endsWith("/status/valid");
                Element firstChildWithName = DOMUtils.getFirstChildWithName(firstElement, firstElement.getNamespaceURI(), "Reason");
                if (firstChildWithName != null) {
                    str2 = DOMUtils.getContent(firstChildWithName);
                }
            } else if ("RequestedSecurityToken".equals(firstElement.getLocalName())) {
                Element firstElement2 = DOMUtils.getFirstElement(firstElement);
                String findID = findID(null, null, firstElement2);
                if (StringUtils.isEmpty(findID)) {
                    throw new TrustException("NO_ID", LOG);
                }
                SecurityToken securityToken2 = new SecurityToken(findID);
                securityToken2.setToken(firstElement2);
                linkedList.add(securityToken2);
            } else {
                continue;
            }
        }
        if (!z) {
            throw new TrustException(LOG, "VALIDATION_FAILED", str2);
        }
        if (linkedList.isEmpty()) {
            linkedList.add(securityToken);
        }
        return linkedList;
    }

    public boolean cancelSecurityToken(SecurityToken securityToken) throws Exception {
        Element unattachedReference;
        createClient();
        if (this.addressingNamespace == null) {
            this.addressingNamespace = "http://www.w3.org/2005/08/addressing";
        }
        this.client.getRequestContext().clear();
        this.client.getRequestContext().putAll(this.ctx);
        this.client.getRequestContext().put(SecurityConstants.TOKEN, securityToken);
        BindingOperationInfo findOperation = findOperation("/RST/Cancel");
        boolean z = true;
        if (findOperation == null) {
            z = false;
            findOperation = findOperation("/RST/Issue");
            Policy policy = new Policy();
            ExactlyOne exactlyOne = new ExactlyOne();
            policy.addPolicyComponent(exactlyOne);
            All all = new All();
            exactlyOne.addPolicyComponent(all);
            all.addAssertion(getAddressingAssertion());
            PolicyBuilder policyBuilder = (PolicyBuilder) this.bus.getExtension(PolicyBuilder.class);
            SymmetricBinding symmetricBinding = new SymmetricBinding(policyBuilder);
            all.addAssertion(symmetricBinding);
            all.addAssertion(getAddressingAssertion());
            ProtectionToken protectionToken = new ProtectionToken(policyBuilder);
            symmetricBinding.setProtectionToken(protectionToken);
            symmetricBinding.setIncludeTimestamp(true);
            symmetricBinding.setEntireHeadersAndBodySignatures(true);
            symmetricBinding.setTokenProtection(false);
            symmetricBinding.setAlgorithmSuite(new AlgorithmSuite());
            SecureConversationToken secureConversationToken = new SecureConversationToken();
            secureConversationToken.setOptional(true);
            protectionToken.setToken(secureConversationToken);
            SignedEncryptedParts signedEncryptedParts = new SignedEncryptedParts(true);
            signedEncryptedParts.setOptional(true);
            signedEncryptedParts.setBody(true);
            signedEncryptedParts.addHeader(new Header("To", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("From", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("FaultTo", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("ReplyTo", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("Action", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("MessageID", this.addressingNamespace));
            signedEncryptedParts.addHeader(new Header("RelatesTo", this.addressingNamespace));
            all.addPolicyComponent(signedEncryptedParts);
            this.client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, policy);
        }
        if (this.isSecureConv) {
            this.client.getRequestContext().put("SOAPAction", this.namespace + "/RST/SCT/Cancel");
        } else {
            this.client.getRequestContext().put("SOAPAction", this.namespace + "/RST/Cancel");
        }
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", RequestSecurityToken.ELEMENT_LOCAL_NAME, this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + "/Cancel");
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wst", CancelTarget.ELEMENT_LOCAL_NAME, this.namespace);
        if (z) {
            unattachedReference = securityToken.getToken();
        } else {
            unattachedReference = securityToken.getUnattachedReference();
            if (unattachedReference == null) {
                unattachedReference = securityToken.getAttachedReference();
            }
        }
        StaxUtils.copy(unattachedReference, w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
        try {
            this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()));
            securityToken.setState(SecurityToken.State.CANCELLED);
            return true;
        } catch (Exception e) {
            LOG.log(Level.WARNING, "Problem cancelling token", (Throwable) e);
            return false;
        }
    }

    protected boolean useSecondaryParameters() {
        return !"http://schemas.xmlsoap.org/ws/2005/02/trust".equals(this.namespace);
    }

    protected String writeKeyType(W3CDOMStreamWriter w3CDOMStreamWriter, String str) throws XMLStreamException {
        if (this.isSecureConv) {
            if (str == null) {
                w3CDOMStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
                w3CDOMStreamWriter.writeCharacters(STSUtils.getTokenTypeSCT(this.namespace));
                w3CDOMStreamWriter.writeEndElement();
                str = this.namespace + "/SymmetricKey";
            }
        } else if (str == null && this.sendKeyType) {
            w3CDOMStreamWriter.writeStartElement("wst", "KeyType", this.namespace);
            w3CDOMStreamWriter.writeCharacters(this.namespace + "/SymmetricKey");
            w3CDOMStreamWriter.writeEndElement();
            str = this.namespace + "/SymmetricKey";
        } else if (str != null) {
            w3CDOMStreamWriter.writeStartElement("wst", "KeyType", this.namespace);
            w3CDOMStreamWriter.writeCharacters(str);
            w3CDOMStreamWriter.writeEndElement();
        }
        return str;
    }

    protected X509Certificate getCert(Crypto crypto) throws Exception {
        String str = (String) getProperty(SecurityConstants.STS_TOKEN_USERNAME);
        if (str == null) {
            str = crypto.getDefaultX509Identifier();
        }
        if (str == null) {
            throw new Fault("No alias specified for retrieving PublicKey", LOG);
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
        if (x509Certificates == null || x509Certificates.length == 0) {
            throw new Fault("Could not get X509Certificate for alias " + str, LOG);
        }
        return x509Certificates[0];
    }

    protected void addLifetime(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + (this.ttl * 1000));
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        xMLStreamWriter.writeStartElement("wst", Lifetime.ELEMENT_LOCAL_NAME, this.namespace);
        xMLStreamWriter.writeNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeStartElement("wsu", "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeCharacters(xmlSchemaDateFormat.format(date));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeStartElement("wsu", "Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeCharacters(xmlSchemaDateFormat.format(date2));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
    }

    protected void addAppliesTo(XMLStreamWriter xMLStreamWriter, String str) throws XMLStreamException {
        if (str == null || this.addressingNamespace == null) {
            return;
        }
        xMLStreamWriter.writeStartElement("wsp", "AppliesTo", "http://schemas.xmlsoap.org/ws/2004/09/policy");
        xMLStreamWriter.writeNamespace("wsp", "http://schemas.xmlsoap.org/ws/2004/09/policy");
        xMLStreamWriter.writeStartElement("wsa", "EndpointReference", this.addressingNamespace);
        xMLStreamWriter.writeNamespace("wsa", this.addressingNamespace);
        xMLStreamWriter.writeStartElement("wsa", "Address", this.addressingNamespace);
        xMLStreamWriter.writeCharacters(str);
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
    }

    protected void addTokenType(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        if (this.tokenType != null) {
            xMLStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
            xMLStreamWriter.writeCharacters(this.tokenType);
            xMLStreamWriter.writeEndElement();
        }
    }

    protected void addClaims(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        if (this.claims != null) {
            StaxUtils.copy(this.claims, xMLStreamWriter);
        }
    }

    protected SecurityToken createSecurityToken(Element element, byte[] bArr) throws WSSecurityException {
        if (RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME.equals(element.getLocalName())) {
            element = DOMUtils.getFirstElement(element);
        }
        if (!"RequestSecurityTokenResponse".equals(element.getLocalName())) {
            throw new Fault("Unexpected element " + element.getLocalName(), LOG);
        }
        Element element2 = null;
        Element element3 = null;
        Element element4 = null;
        Element element5 = null;
        Element element6 = null;
        Element element7 = null;
        String str = null;
        String str2 = null;
        for (Element firstElement = DOMUtils.getFirstElement(element); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
            String localName = firstElement.getLocalName();
            if (this.namespace.equals(firstElement.getNamespaceURI())) {
                if (Lifetime.ELEMENT_LOCAL_NAME.equals(localName)) {
                    element6 = firstElement;
                } else if ("RequestedSecurityToken".equals(localName)) {
                    element2 = DOMUtils.getFirstElement(firstElement);
                } else if (RequestedAttachedReference.ELEMENT_LOCAL_NAME.equals(localName)) {
                    element3 = DOMUtils.getFirstElement(firstElement);
                } else if (RequestedUnattachedReference.ELEMENT_LOCAL_NAME.equals(localName)) {
                    element4 = DOMUtils.getFirstElement(firstElement);
                } else if (RequestedProofToken.ELEMENT_LOCAL_NAME.equals(localName)) {
                    element5 = firstElement;
                } else if (Entropy.ELEMENT_LOCAL_NAME.equals(localName)) {
                    element7 = firstElement;
                } else if ("TokenType".equals(localName)) {
                    str = DOMUtils.getContent(firstElement);
                } else if ("KeySize".equals(localName)) {
                    str2 = DOMUtils.getContent(firstElement);
                }
            }
        }
        Element element8 = element2;
        String findID = findID(element3, element4, element8);
        if (StringUtils.isEmpty(findID)) {
            throw new TrustException("NO_ID", LOG);
        }
        SecurityToken securityToken = new SecurityToken(findID, element8, element6);
        securityToken.setAttachedReference(element3);
        securityToken.setUnattachedReference(element4);
        securityToken.setIssuerAddress(this.location);
        securityToken.setTokenType(str);
        byte[] bArr2 = null;
        if (element5 != null) {
            Element firstElement2 = DOMUtils.getFirstElement(element5);
            QName elementQName = DOMUtils.getElementQName(firstElement2);
            if (elementQName.equals(new QName(this.namespace, BinarySecret.ELEMENT_LOCAL_NAME))) {
                bArr2 = Base64.decode(DOMUtils.getContent(firstElement2));
            } else if (elementQName.equals(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"))) {
                bArr2 = decryptKey(firstElement2);
            } else if (elementQName.equals(new QName(this.namespace, ComputedKey.ELEMENT_LOCAL_NAME))) {
                Element firstElement3 = element7 == null ? null : DOMUtils.getFirstElement(element7);
                byte[] bArr3 = null;
                if (firstElement3 != null) {
                    QName elementQName2 = DOMUtils.getElementQName(firstElement3);
                    if (elementQName2.equals(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"))) {
                        bArr3 = decryptKey(firstElement3);
                    } else if (elementQName2.equals(new QName(this.namespace, BinarySecret.ELEMENT_LOCAL_NAME))) {
                        bArr3 = Base64.decode(DOMUtils.getContent(firstElement3));
                    }
                }
                if (bArr3 == null) {
                    throw new TrustException("NO_ENTROPY", LOG);
                }
                P_SHA1 p_sha1 = new P_SHA1();
                int i = 0;
                if (str2 != null) {
                    try {
                        i = Integer.parseInt(str2);
                    } catch (NumberFormatException e) {
                    }
                } else {
                    i = this.keySize;
                }
                if (i <= 0) {
                    i = 256;
                }
                try {
                    bArr2 = p_sha1.createKey(bArr, bArr3, 0, i / 8);
                } catch (ConversationException e2) {
                    throw new TrustException("DERIVED_KEY_ERROR", LOG, e2);
                }
            }
        } else if (bArr != null) {
            bArr2 = bArr;
        }
        securityToken.setSecret(bArr2);
        return securityToken;
    }

    protected byte[] decryptKey(Element element) throws TrustException, WSSecurityException {
        Element directChildElement;
        String encAlgo = X509Util.getEncAlgo(element);
        if (encAlgo != null && encAlgo.endsWith("spnego#GSS_Wrap")) {
            Element directChildElement2 = WSSecurityUtil.getDirectChildElement(element, "CipherData", "http://www.w3.org/2001/04/xmlenc#");
            byte[] bArr = null;
            if (directChildElement2 != null && (directChildElement = WSSecurityUtil.getDirectChildElement(directChildElement2, "CipherValue", "http://www.w3.org/2001/04/xmlenc#")) != null) {
                bArr = Base64.decode(DOMUtils.getContent(directChildElement));
            }
            if (bArr == null) {
                throw new WSSecurityException(3, "noCipher");
            }
            return bArr;
        }
        try {
            EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
            WSDocInfo wSDocInfo = new WSDocInfo(element.getOwnerDocument());
            RequestData requestData = new RequestData();
            requestData.setWssConfig(WSSConfig.getNewInstance());
            requestData.setDecCrypto(createCrypto(true));
            requestData.setCallbackHandler(createHandler());
            return (byte[]) encryptedKeyProcessor.handleToken(element, requestData, wSDocInfo).get(0).get(WSSecurityEngineResult.TAG_SECRET);
        } catch (IOException e) {
            throw new TrustException("ENCRYPTED_KEY_ERROR", LOG, e);
        }
    }

    protected CallbackHandler createHandler() {
        Object property = getProperty(SecurityConstants.CALLBACK_HANDLER);
        if (property instanceof String) {
            try {
                property = ClassLoaderUtils.loadClass((String) property, getClass()).newInstance();
            } catch (Exception e) {
                throw new Fault(e);
            }
        }
        return (CallbackHandler) property;
    }

    protected Object getProperty(String str) {
        Object obj = this.ctx.get(str);
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getProperty(str);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getBinding().getProperty(str);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getService().get(str);
        }
        return obj;
    }

    protected Crypto createCrypto(boolean z) throws IOException, WSSecurityException {
        Crypto crypto = (Crypto) getProperty(SecurityConstants.STS_TOKEN_CRYPTO + (z ? ".decrypt" : ""));
        if (crypto != null) {
            return crypto;
        }
        Object property = getProperty(SecurityConstants.STS_TOKEN_PROPERTIES + (z ? ".decrypt" : ""));
        Properties properties = null;
        if (property instanceof Properties) {
            properties = (Properties) property;
        } else if (property instanceof String) {
            URL url = (URL) ((ResourceManager) this.bus.getExtension(ResourceManager.class)).resolveResource((String) property, URL.class);
            if (url == null) {
                url = ClassLoaderUtils.getResource((String) property, getClass());
            }
            if (url == null) {
                throw new Fault("Could not find properties file " + ((String) property), LOG);
            }
            properties = new Properties();
            InputStream openStream = url.openStream();
            properties.load(openStream);
            openStream.close();
        } else if (property instanceof URL) {
            properties = new Properties();
            InputStream openStream2 = ((URL) property).openStream();
            properties.load(openStream2);
            openStream2.close();
        }
        if (properties != null) {
            return CryptoFactory.getInstance(properties);
        }
        if (z) {
            return createCrypto(false);
        }
        return null;
    }

    protected String findID(Element element, Element element2, Element element3) {
        String str = null;
        if (element3 != null) {
            QName elementQName = DOMUtils.getElementQName(element3);
            if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion")) && element3.hasAttributeNS(null, "AssertionID")) {
                str = element3.getAttributeNS(null, "AssertionID");
            } else if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion")) && element3.hasAttributeNS(null, "ID")) {
                str = element3.getAttributeNS(null, "ID");
            }
            if (str == null) {
                str = getIDFromSTR(element3);
            }
        }
        if (str == null && element != null) {
            str = getIDFromSTR(element);
        }
        if (str == null && element2 != null) {
            str = getIDFromSTR(element2);
        }
        if (str == null && element3 != null) {
            str = element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        }
        return str;
    }

    protected String getIDFromSTR(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            return null;
        }
        QName elementQName = DOMUtils.getElementQName(firstElement);
        if (elementQName.equals(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo")) || elementQName.equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", KeyIdentifier.ELEMENT_LOCAL_NAME))) {
            return DOMUtils.getContent(firstElement);
        }
        if (elementQName.equals(Reference.TOKEN)) {
            return firstElement.getAttribute("URI");
        }
        if (elementQName.equals(new QName("http://schemas.xmlsoap.org/ws/2005/02/sc", "Identifier")) || elementQName.equals(new QName("http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512", "Identifier"))) {
            return DOMUtils.getContent(firstElement);
        }
        return null;
    }

    public void setTemplate(Element element) {
        this.template = element;
    }

    public void setClaims(Element element) {
        this.claims = element;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getOutFaultInterceptors() {
        return this.client != null ? this.client.getOutFaultInterceptors() : this.outFault;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getInFaultInterceptors() {
        return this.client != null ? this.client.getInFaultInterceptors() : this.inFault;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getInInterceptors() {
        return this.client != null ? this.client.getInInterceptors() : this.in;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getOutInterceptors() {
        return this.client != null ? this.client.getOutInterceptors() : this.out;
    }

    public void setInInterceptors(List<Interceptor<? extends Message>> list) {
        getInInterceptors().addAll(list);
    }

    public void setInFaultInterceptors(List<Interceptor<? extends Message>> list) {
        getInFaultInterceptors().addAll(list);
    }

    public void setOutInterceptors(List<Interceptor<? extends Message>> list) {
        getOutInterceptors().addAll(list);
    }

    public void setOutFaultInterceptors(List<Interceptor<? extends Message>> list) {
        getOutFaultInterceptors().addAll(list);
    }

    public void setFeatures(List<AbstractFeature> list) {
        this.features = list;
    }

    public List<AbstractFeature> getFeatures() {
        return this.features;
    }
}
