package org.apache.wss4j.stax.impl.processor.input;

import java.util.Date;
import java.util.Deque;
import java.util.List;
import javax.xml.bind.JAXBElement;
import org.apache.wss4j.binding.wss10.EncodedString;
import org.apache.wss4j.binding.wss10.PasswordString;
import org.apache.wss4j.binding.wss10.UsernameTokenType;
import org.apache.wss4j.binding.wsu10.AttributedDateTime;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.validate.TokenContext;
import org.apache.wss4j.stax.validate.UsernameTokenValidator;
import org.apache.wss4j.stax.validate.UsernameTokenValidatorImpl;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-216-04.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-stax-2.0.3.jar:org/apache/wss4j/stax/impl/processor/input/UsernameTokenInputHandler.class */
public class UsernameTokenInputHandler extends AbstractInputSecurityHeaderHandler {
    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        final UsernameTokenType usernameTokenType = (UsernameTokenType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        List<XMLSecEvent> responsibleXMLSecEvents = getResponsibleXMLSecEvents(deque, num.intValue());
        checkBSPCompliance(inputProcessorChain, usernameTokenType, responsibleXMLSecEvents);
        if (usernameTokenType.getId() == null) {
            usernameTokenType.setId(IDGenerator.generateID(null));
        }
        WSSSecurityProperties wSSSecurityProperties = (WSSSecurityProperties) xMLSecurityProperties;
        Date verifyCreated = verifyCreated(wSSSecurityProperties, usernameTokenType);
        ReplayCache nonceReplayCache = wSSSecurityProperties.getNonceReplayCache();
        EncodedString encodedString = (EncodedString) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
        if (encodedString != null && nonceReplayCache != null) {
            String value = encodedString.getValue();
            if (nonceReplayCache.contains(value)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
            }
            int intValue = wSSSecurityProperties.getUtTTL().intValue();
            if (verifyCreated == null || intValue <= 0) {
                nonceReplayCache.add(value);
            } else {
                nonceReplayCache.add(value, intValue + 1);
            }
        }
        TokenContext tokenContext = new TokenContext(wSSSecurityProperties, (WSInboundSecurityContext) inputProcessorChain.getSecurityContext(), responsibleXMLSecEvents, getElementPath(deque));
        UsernameTokenValidator usernameTokenValidator = (UsernameTokenValidator) wSSSecurityProperties.getValidator(WSSConstants.TAG_wsse_UsernameToken);
        if (usernameTokenValidator == null) {
            usernameTokenValidator = new UsernameTokenValidatorImpl();
        }
        final UsernameSecurityToken validate = usernameTokenValidator.validate(usernameTokenType, tokenContext);
        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.wss4j.stax.impl.processor.input.UsernameTokenInputHandler.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return (InboundSecurityToken) validate;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return usernameTokenType.getId();
            }
        };
        inputProcessorChain.getSecurityContext().registerSecurityTokenProvider(usernameTokenType.getId(), securityTokenProvider);
        UsernameTokenSecurityEvent usernameTokenSecurityEvent = new UsernameTokenSecurityEvent();
        usernameTokenSecurityEvent.setSecurityToken((UsernameSecurityToken) securityTokenProvider.getSecurityToken());
        usernameTokenSecurityEvent.setCorrelationID(usernameTokenType.getId());
        inputProcessorChain.getSecurityContext().registerSecurityEvent(usernameTokenSecurityEvent);
    }

    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, UsernameTokenType usernameTokenType, List<XMLSecEvent> list) throws WSSecurityException {
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        if (usernameTokenType.getAny() == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3031);
        }
        int i = -1;
        int i2 = -1;
        int i3 = -1;
        for (int i4 = 0; i4 < list.size(); i4++) {
            XMLSecEvent xMLSecEvent = list.get(i4);
            if (xMLSecEvent.getEventType() == 1 && !xMLSecEvent.asStartElement().getName().equals(WSSConstants.TAG_wsse_UsernameToken)) {
                if (xMLSecEvent.asStartElement().getName().equals(WSSConstants.TAG_wsse_Password)) {
                    if (i != -1) {
                        wSInboundSecurityContext.handleBSPRule(BSPRule.R4222);
                    }
                    i = i4;
                } else if (xMLSecEvent.asStartElement().getName().equals(WSSConstants.TAG_wsu_Created)) {
                    if (i2 != -1) {
                        wSInboundSecurityContext.handleBSPRule(BSPRule.R4223);
                    }
                    i2 = i4;
                } else if (xMLSecEvent.asStartElement().getName().equals(WSSConstants.TAG_wsse_Nonce)) {
                    if (i3 != -1) {
                        wSInboundSecurityContext.handleBSPRule(BSPRule.R4225);
                    }
                    i3 = i4;
                }
            }
        }
        PasswordString passwordString = (PasswordString) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Password);
        if (passwordString != null && passwordString.getType() == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R4201);
        }
        EncodedString encodedString = (EncodedString) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsse_Nonce);
        if (encodedString != null) {
            if (encodedString.getEncodingType() == null) {
                wSInboundSecurityContext.handleBSPRule(BSPRule.R4220);
            } else {
                if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(encodedString.getEncodingType())) {
                    return;
                }
                wSInboundSecurityContext.handleBSPRule(BSPRule.R4221);
            }
        }
    }

    private Date verifyCreated(WSSSecurityProperties wSSSecurityProperties, UsernameTokenType usernameTokenType) throws WSSecurityException {
        int intValue = wSSSecurityProperties.getUtTTL().intValue();
        int intValue2 = wSSSecurityProperties.getUtFutureTTL().intValue();
        AttributedDateTime attributedDateTime = (AttributedDateTime) XMLSecurityUtils.getQNameType(usernameTokenType.getAny(), WSSConstants.TAG_wsu_Created);
        if (attributedDateTime == null) {
            return null;
        }
        try {
            Date time = WSSConstants.datatypeFactory.newXMLGregorianCalendar(attributedDateTime.getValue()).toGregorianCalendar().getTime();
            if (DateUtil.verifyCreated(time, intValue, intValue2)) {
                return time;
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.MESSAGE_EXPIRED);
        } catch (IllegalArgumentException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
        }
    }
}
