package org.switchyard.security.credential.extractor;

import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import org.switchyard.common.codec.Base64;
import org.switchyard.common.xml.XMLHelper;
import org.switchyard.security.BaseSecurityMessages;
import org.switchyard.security.credential.AssertionCredential;
import org.switchyard.security.credential.CertificateCredential;
import org.switchyard.security.credential.Credential;
import org.switchyard.security.credential.NameCredential;
import org.switchyard.security.credential.PasswordCredential;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/switchyard-security-2.0.1.redhat-621013.jar:org/switchyard/security/credential/extractor/SOAPMessageCredentialExtractor.class */
public class SOAPMessageCredentialExtractor implements CredentialExtractor<SOAPMessage> {
    private static final String X509V3 = "X509v3";
    private static final String X509PKIPATHV1 = "X509PKIPathv1";
    private static final String PKCS7 = "PKCS7";
    private static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
    private static final String WSSE_LN = "Security";
    private static final QName WSSE_QNAME = new QName(WSSE_NS, WSSE_LN);
    private static final String WSSE_NS2 = "http://schemas.xmlsoap.org/ws/2002/04/secext";
    private static final QName WSSE_2_QNAME = new QName(WSSE_NS2, WSSE_LN);
    private static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
    private static final QName WSSE_11_QNAME = new QName(WSSE11_NS, WSSE_LN);

    @Override // org.switchyard.security.credential.extractor.CredentialExtractor
    public Set<Credential> extract(SOAPMessage sOAPMessage) {
        String valueOf;
        HashSet hashSet = new HashSet();
        if (sOAPMessage != null) {
            try {
                SOAPHeaderElement securityHeader = getSecurityHeader(sOAPMessage.getSOAPPart().getEnvelope());
                if (securityHeader != null) {
                    Iterator childElements = securityHeader.getChildElements();
                    while (childElements.hasNext()) {
                        Node node = (Node) childElements.next();
                        if (node.getNodeType() == 1) {
                            String nameOf = XMLHelper.nameOf(node);
                            if ("Assertion".equalsIgnoreCase(nameOf)) {
                                hashSet.add(new AssertionCredential((Element) node));
                            } else if ("UsernameToken".equalsIgnoreCase(nameOf)) {
                                NodeList childNodes = node.getChildNodes();
                                for (int i = 0; i < childNodes.getLength(); i++) {
                                    Node item = childNodes.item(i);
                                    String nameOf2 = XMLHelper.nameOf(item);
                                    if ("Username".equalsIgnoreCase(nameOf2)) {
                                        String valueOf2 = XMLHelper.valueOf(item.getFirstChild());
                                        if (valueOf2 != null) {
                                            hashSet.add(new NameCredential(valueOf2));
                                        }
                                    } else if ("Password".equalsIgnoreCase(nameOf2) && (valueOf = XMLHelper.valueOf(item.getFirstChild())) != null) {
                                        hashSet.add(new PasswordCredential(valueOf));
                                    }
                                }
                            } else if ("BinarySecurityToken".equalsIgnoreCase(nameOf)) {
                                NamedNodeMap attributes = node.getAttributes();
                                String stripNS = stripNS(XMLHelper.valueOf(attributes.getNamedItem("EncodingType")));
                                String stripNS2 = stripNS(XMLHelper.valueOf(attributes.getNamedItem("ValueType")));
                                String valueOf3 = XMLHelper.valueOf(node.getFirstChild());
                                byte[] decode = "Base64Binary".equalsIgnoreCase(stripNS) ? Base64.decode(valueOf3) : valueOf3.getBytes();
                                try {
                                    CertificateFactory certificateFactory = CertificateFactory.getInstance(certificateMatch(stripNS2));
                                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(decode);
                                    if (X509PKIPATHV1.equals(stripNS2)) {
                                        Iterator<? extends Certificate> it = certificateFactory.generateCertPath(byteArrayInputStream).getCertificates().iterator();
                                        while (it.hasNext()) {
                                            hashSet.add(new CertificateCredential(it.next()));
                                        }
                                    } else {
                                        if (!X509V3.equals(stripNS2)) {
                                            if (PKCS7.equals(stripNS2)) {
                                                throw BaseSecurityMessages.MESSAGES.valueTypeRecognizedNotImplemented(stripNS2);
                                            }
                                            throw BaseSecurityMessages.MESSAGES.valueTypeNotImplemented(stripNS2);
                                        }
                                        hashSet.add(new CertificateCredential(certificateFactory.generateCertificate(byteArrayInputStream)));
                                    }
                                } catch (CertificateException e) {
                                    throw BaseSecurityMessages.MESSAGES.couldNotCreateCert(e.getMessage(), e);
                                }
                            } else {
                                continue;
                            }
                        }
                    }
                }
            } catch (SOAPException e2) {
                throw new RuntimeException((Throwable) e2);
            }
        }
        return hashSet;
    }

    private SOAPHeaderElement getSecurityHeader(SOAPEnvelope sOAPEnvelope) throws SOAPException {
        SOAPHeader header;
        if (sOAPEnvelope == null || (header = sOAPEnvelope.getHeader()) == null) {
            return null;
        }
        Iterator childElements = header.getChildElements(WSSE_QNAME);
        if (childElements.hasNext()) {
            return (SOAPHeaderElement) childElements.next();
        }
        Iterator childElements2 = header.getChildElements(WSSE_2_QNAME);
        if (childElements2.hasNext()) {
            return (SOAPHeaderElement) childElements2.next();
        }
        Iterator childElements3 = header.getChildElements(WSSE_11_QNAME);
        if (childElements3.hasNext()) {
            return (SOAPHeaderElement) childElements3.next();
        }
        return null;
    }

    private String stripNS(String str) {
        if (str != null) {
            if (str.startsWith("http")) {
                int indexOf = str.indexOf(35);
                if (indexOf > 0) {
                    str = str.substring(indexOf + 1);
                }
            } else {
                int indexOf2 = str.indexOf(58);
                if (indexOf2 > 0) {
                    str = str.substring(indexOf2 + 1);
                }
            }
        }
        return str;
    }

    private String certificateMatch(String str) {
        return str.startsWith("X509") ? "X.509" : str;
    }
}
