package org.apache.cxf.ws.security.policy.interceptors;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.logging.Logger;
import javax.xml.stream.XMLStreamException;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.Soap11;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.Message;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.policy.AbstractPolicyInterceptorProvider;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyAssertion;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP11Constants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.Trust10;
import org.apache.cxf.ws.security.policy.model.Trust13;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSClient;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.neethi.All;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.conversation.dkalgo.P_SHA1;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/policy/interceptors/SecureConversationTokenInterceptorProvider.class */
public class SecureConversationTokenInterceptorProvider extends AbstractPolicyInterceptorProvider {
    static final Logger LOG = LogUtils.getL7dLogger(SecureConversationTokenInterceptorProvider.class);

    public SecureConversationTokenInterceptorProvider() {
        super(Arrays.asList(SP11Constants.SECURE_CONVERSATION_TOKEN, SP12Constants.SECURE_CONVERSATION_TOKEN));
        getOutInterceptors().add(new SecureConversationOutInterceptor());
        getOutFaultInterceptors().add(new SecureConversationOutInterceptor());
        getInInterceptors().add(new SecureConversationInInterceptor());
        getInFaultInterceptors().add(new SecureConversationInInterceptor());
    }

    static final Trust10 getTrust10(AssertionInfoMap assertionInfoMap) {
        Collection collection = (Collection) assertionInfoMap.get(SPConstants.TRUST_10);
        if (collection == null || collection.isEmpty()) {
            collection = (Collection) assertionInfoMap.get(SP11Constants.TRUST_10);
        }
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        return (Trust10) ((AssertionInfo) collection.iterator().next()).getAssertion();
    }

    static final Trust13 getTrust13(AssertionInfoMap assertionInfoMap) {
        Collection collection = (Collection) assertionInfoMap.get(SP12Constants.TRUST_13);
        if (collection == null || collection.isEmpty()) {
            return null;
        }
        return (Trust13) ((AssertionInfo) collection.iterator().next()).getAssertion();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static final TokenStore getTokenStore(Message message) {
        TokenStore tokenStore = (TokenStore) message.getContextualProperty(TokenStore.class.getName());
        if (tokenStore == null) {
            tokenStore = new MemoryTokenStore();
            ((Endpoint) message.getExchange().get(Endpoint.class)).getEndpointInfo().setProperty(TokenStore.class.getName(), tokenStore);
        }
        return tokenStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PolicyAssertion getAddressingPolicy(AssertionInfoMap assertionInfoMap, boolean z) {
        Collection collection;
        Collection collection2;
        Collection collection3 = (Collection) assertionInfoMap.get(MetadataConstants.USING_ADDRESSING_2004_QNAME);
        PolicyAssertion policyAssertion = null;
        if (null != collection3 && !collection3.isEmpty()) {
            policyAssertion = ((AssertionInfo) collection3.iterator().next()).getAssertion();
        }
        if (policyAssertion == null && null != (collection2 = (Collection) assertionInfoMap.get(MetadataConstants.USING_ADDRESSING_2005_QNAME)) && !collection2.isEmpty()) {
            policyAssertion = ((AssertionInfo) collection2.iterator().next()).getAssertion();
        }
        if (policyAssertion == null && null != (collection = (Collection) assertionInfoMap.get(MetadataConstants.USING_ADDRESSING_2006_QNAME)) && !collection.isEmpty()) {
            policyAssertion = ((AssertionInfo) collection.iterator().next()).getAssertion();
        }
        return policyAssertion == null ? new PrimitiveAssertion(MetadataConstants.USING_ADDRESSING_2006_QNAME, z) : z ? new PrimitiveAssertion(policyAssertion.getName(), z) : policyAssertion;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String setupClient(STSClient sTSClient, SoapMessage soapMessage, AssertionInfoMap assertionInfoMap, SecureConversationToken secureConversationToken, boolean z) {
        sTSClient.setTrust(getTrust10(assertionInfoMap));
        sTSClient.setTrust(getTrust13(assertionInfoMap));
        Policy bootstrapPolicy = secureConversationToken.getBootstrapPolicy();
        Policy policy = new Policy();
        ExactlyOne exactlyOne = new ExactlyOne();
        policy.addPolicyComponent(exactlyOne);
        All all = new All();
        all.addPolicyComponent(getAddressingPolicy(assertionInfoMap, false));
        exactlyOne.addPolicyComponent(all);
        if (z) {
            SupportingToken supportingToken = new SupportingToken(SPConstants.SupportTokenType.SUPPORTING_TOKEN_ENDORSING, SP12Constants.INSTANCE);
            supportingToken.addToken(secureConversationToken);
            all.addPolicyComponent(supportingToken);
        }
        sTSClient.setPolicy(policy.merge(bootstrapPolicy));
        sTSClient.setSoap11(soapMessage.getVersion() == Soap11.getInstance());
        sTSClient.setSecureConv(true);
        String obj = soapMessage.getContextualProperty(Message.ENDPOINT_ADDRESS).toString();
        sTSClient.setLocation(obj);
        mapSecurityProps(soapMessage, sTSClient.getRequestContext());
        return obj;
    }

    private static void mapSecurityProps(Message message, Map<String, Object> map) {
        for (String str : SecurityConstants.ALL_PROPERTIES) {
            Object contextualProperty = message.getContextualProperty(str + ".sct");
            if (contextualProperty != null) {
                map.put(str, contextualProperty);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static STSClient getClient(Message message) {
        STSClient sTSClient = (STSClient) message.getContextualProperty(SecurityConstants.STS_CLIENT);
        if (sTSClient == null) {
            sTSClient = new STSClient((Bus) message.getExchange().get(Bus.class));
            Endpoint endpoint = (Endpoint) message.getExchange().get(Endpoint.class);
            sTSClient.setEndpointName(endpoint.getEndpointInfo().getName().toString() + ".sct-client");
            sTSClient.setBeanName(endpoint.getEndpointInfo().getName().toString() + ".sct-client");
        }
        return sTSClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static byte[] writeProofToken(String str, String str2, W3CDOMStreamWriter w3CDOMStreamWriter, byte[] bArr, int i) throws NoSuchAlgorithmException, WSSecurityException, ConversationException, XMLStreamException {
        byte[] createKey;
        w3CDOMStreamWriter.writeStartElement(str, "RequestedProofToken", str2);
        if (bArr == null) {
            createKey = new byte[i / 8];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(createKey);
            w3CDOMStreamWriter.writeStartElement(str, "BinarySecret", str2);
            w3CDOMStreamWriter.writeAttribute("Type", str2 + "/Nonce");
            w3CDOMStreamWriter.writeCharacters(Base64.encode(createKey));
            w3CDOMStreamWriter.writeEndElement();
        } else {
            byte[] generateNonce = WSSecurityUtil.generateNonce(i / 8);
            createKey = new P_SHA1().createKey(bArr, generateNonce, 0, i / 8);
            w3CDOMStreamWriter.writeStartElement(str, "ComputedKey", str2);
            w3CDOMStreamWriter.writeCharacters(str2 + "/CK/PSHA1");
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeStartElement(str, "Entropy", str2);
            w3CDOMStreamWriter.writeStartElement(str, "BinarySecret", str2);
            w3CDOMStreamWriter.writeAttribute("Type", str2 + "/Nonce");
            w3CDOMStreamWriter.writeCharacters(Base64.encode(generateNonce));
            w3CDOMStreamWriter.writeEndElement();
        }
        w3CDOMStreamWriter.writeEndElement();
        return createKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Element writeSecurityTokenReference(W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) {
        Reference reference = new Reference(w3CDOMStreamWriter.getDocument());
        reference.setURI(str);
        if (str2 != null) {
            reference.setValueType(str2);
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(w3CDOMStreamWriter.getDocument());
        securityTokenReference.setReference(reference);
        w3CDOMStreamWriter.getCurrentNode().appendChild(securityTokenReference.getElement());
        return securityTokenReference.getElement();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static int getWSCVersion(String str) throws ConversationException {
        if (str == null) {
            return 1;
        }
        if (str.startsWith(STSUtils.SCT_NS_05_02)) {
            return ConversationConstants.getWSTVersion(STSUtils.SCT_NS_05_02);
        }
        if (str.startsWith(STSUtils.SCT_NS_05_12)) {
            return ConversationConstants.getWSTVersion(STSUtils.SCT_NS_05_12);
        }
        throw new ConversationException("unsupportedSecConvVersion");
    }
}
