package org.apache.cxf.sts.token.provider;

import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.sts.STSConstants;
import org.apache.cxf.sts.STSPropertiesMBean;
import org.apache.cxf.sts.request.KeyRequirements;
import org.apache.cxf.sts.service.EncryptionProperties;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityEvent.AbstractSecuredElementSecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-309.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-services-sts-core-3.1.5.redhat-630309.jar:org/apache/cxf/sts/token/provider/TokenProviderUtils.class */
public final class TokenProviderUtils {
    private static final Logger LOG = LogUtils.getL7dLogger(TokenProviderUtils.class);

    private TokenProviderUtils() {
    }

    public static String extractAddressFromParticipantsEPR(Object obj) {
        if (!(obj instanceof Element)) {
            if (!(obj instanceof JAXBElement)) {
                return null;
            }
            JAXBElement jAXBElement = (JAXBElement) obj;
            QName name = jAXBElement.getName();
            if ("http://www.w3.org/2005/08/addressing".equals(name.getNamespaceURI()) && "EndpointReference".equals(name.getLocalPart())) {
                LOG.fine("Found EndpointReference element");
                EndpointReferenceType endpointReferenceType = (EndpointReferenceType) jAXBElement.getValue();
                if (endpointReferenceType.getAddress() != null) {
                    LOG.fine("Found address element");
                    return endpointReferenceType.getAddress().getValue();
                }
            }
            LOG.fine("Participants element does not exist or could not be parsed");
            return null;
        }
        String localName = ((Element) obj).getLocalName();
        String namespaceURI = ((Element) obj).getNamespaceURI();
        if ("http://www.w3.org/2005/08/addressing".equals(namespaceURI) && "EndpointReference".equals(localName)) {
            LOG.fine("Found EndpointReference element");
            Element firstChildWithName = DOMUtils.getFirstChildWithName((Element) obj, "http://www.w3.org/2005/08/addressing", "Address");
            if (firstChildWithName != null) {
                LOG.fine("Found address element");
                return firstChildWithName.getTextContent();
            }
        } else if ((STSConstants.WSP_NS.equals(namespaceURI) || "http://schemas.xmlsoap.org/ws/2004/09/policy".equals(namespaceURI)) && "URI".equals(localName)) {
            return ((Element) obj).getTextContent();
        }
        LOG.fine("Participants element does not exist or could not be parsed");
        return null;
    }

    public static Element encryptToken(Element element, String str, STSPropertiesMBean sTSPropertiesMBean, EncryptionProperties encryptionProperties, KeyRequirements keyRequirements, Map<String, Object> map) throws WSSecurityException {
        String encryptionName = encryptionProperties.getEncryptionName();
        if (encryptionName == null) {
            encryptionName = sTSPropertiesMBean.getEncryptionUsername();
        }
        if (encryptionName == null) {
            LOG.fine("No encryption alias is configured");
            return element;
        }
        String encryptionAlgorithm = keyRequirements.getEncryptionAlgorithm();
        if (encryptionAlgorithm == null) {
            encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
        } else if (!encryptionProperties.getAcceptedEncryptionAlgorithms().contains(encryptionAlgorithm)) {
            encryptionAlgorithm = encryptionProperties.getEncryptionAlgorithm();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("EncryptionAlgorithm not supported, defaulting to: " + encryptionAlgorithm);
            }
        }
        String keywrapAlgorithm = keyRequirements.getKeywrapAlgorithm();
        if (keywrapAlgorithm == null) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
        } else if (!encryptionProperties.getAcceptedKeyWrapAlgorithms().contains(keywrapAlgorithm)) {
            keywrapAlgorithm = encryptionProperties.getKeyWrapAlgorithm();
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("KeyWrapAlgorithm not supported, defaulting to: " + keywrapAlgorithm);
            }
        }
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        if (ConfigurationConstants.USE_REQ_SIG_CERT.equals(encryptionName)) {
            wSSecEncrypt.setUseThisCert(getReqSigCert(map));
        } else {
            wSSecEncrypt.setUserInfo(encryptionName);
        }
        wSSecEncrypt.setKeyIdentifierType(encryptionProperties.getKeyIdentifierType());
        wSSecEncrypt.setSymmetricEncAlgorithm(encryptionAlgorithm);
        wSSecEncrypt.setKeyEncAlgo(keywrapAlgorithm);
        wSSecEncrypt.setEmbedEncryptedKey(true);
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str, "Element");
        wSEncryptionPart.setElement(element);
        Document ownerDocument = element.getOwnerDocument();
        ownerDocument.appendChild(element);
        wSSecEncrypt.prepare(element.getOwnerDocument(), sTSPropertiesMBean.getEncryptionCrypto());
        wSSecEncrypt.encryptForRef(null, Collections.singletonList(wSEncryptionPart));
        return ownerDocument.getDocumentElement();
    }

    public static X509Certificate getReqSigCert(Map<String, Object> map) {
        X509Certificate reqSigCert = WSS4JUtils.getReqSigCert((List) map.get(WSHandlerConstants.RECV_RESULTS));
        if (reqSigCert != null) {
            return reqSigCert;
        }
        List<SecurityEvent> list = (List) map.get(SecurityEvent.class.getName() + ".in");
        if (list == null) {
            return null;
        }
        for (SecurityEvent securityEvent : list) {
            if (WSSecurityEventConstants.SIGNED_PART == securityEvent.getSecurityEventType() || WSSecurityEventConstants.SignedElement == securityEvent.getSecurityEventType()) {
                SecurityToken securityToken = ((AbstractSecuredElementSecurityEvent) securityEvent).getSecurityToken();
                if (securityToken != null) {
                    try {
                        if (securityToken.getX509Certificates() != null && securityToken.getX509Certificates().length > 0) {
                            return securityToken.getX509Certificates()[0];
                        }
                    } catch (XMLSecurityException e) {
                        LOG.log(Level.FINE, e.getMessage(), (Throwable) e);
                        return null;
                    }
                } else {
                    continue;
                }
            }
        }
        return null;
    }
}
