package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Key;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.cxf.binding.soap.SoapFault;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.SoapVersion;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache;
import org.apache.cxf.ws.security.tokenstore.TokenStoreUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityToken.SecurityToken;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-02.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630310-02.jar:org/apache/cxf/ws/security/wss4j/WSS4JUtils.class */
public final class WSS4JUtils {
    private static final Logger LOG = LogUtils.getL7dLogger(WSS4JUtils.class);

    private WSS4JUtils() {
    }

    public static ReplayCache getReplayCache(SoapMessage soapMessage, String str, String str2) {
        Endpoint endpoint;
        ReplayCache replayCache;
        boolean z = false;
        Object contextualProperty = soapMessage.getContextualProperty(str);
        if (contextualProperty != null) {
            if (!MessageUtils.isTrue(contextualProperty)) {
                return null;
            }
            z = true;
        }
        if ((!z && MessageUtils.isRequestor(soapMessage)) || (endpoint = soapMessage.getExchange().getEndpoint()) == null || endpoint.getEndpointInfo() == null) {
            return null;
        }
        EndpointInfo endpointInfo = endpoint.getEndpointInfo();
        synchronized (endpointInfo) {
            ReplayCache replayCache2 = (ReplayCache) soapMessage.getContextualProperty(str2);
            if (replayCache2 == null) {
                replayCache2 = (ReplayCache) endpointInfo.getProperty(str2);
            }
            if (replayCache2 == null) {
                String str3 = str2;
                if (endpointInfo.getName() != null) {
                    int hashCode = endpointInfo.getName().toString().hashCode();
                    str3 = hashCode < 0 ? str3 + hashCode : str3 + "-" + hashCode;
                }
                URL configFileURL = SecurityUtils.getConfigFileURL(soapMessage, SecurityConstants.CACHE_CONFIG_FILE, "cxf-ehcache.xml");
                replayCache2 = ReplayCacheFactory.isEhCacheInstalled() ? new CXFEHCacheReplayCache(str3, soapMessage.getExchange().getBus(), configFileURL) : ReplayCacheFactory.newInstance().newReplayCache(str3, configFileURL);
                endpointInfo.setProperty(str2, replayCache2);
            }
            replayCache = replayCache2;
        }
        return replayCache;
    }

    public static String parseAndStoreStreamingSecurityToken(SecurityToken securityToken, Message message) throws XMLSecurityException {
        if (securityToken == null) {
            return null;
        }
        org.apache.cxf.ws.security.tokenstore.SecurityToken token = TokenStoreUtils.getTokenStore(message).getToken(securityToken.getId());
        if (token != null && !token.isExpired()) {
            return token.getId();
        }
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + 300000);
        org.apache.cxf.ws.security.tokenstore.SecurityToken securityToken2 = new org.apache.cxf.ws.security.tokenstore.SecurityToken(securityToken.getId(), date, date2);
        securityToken2.setSHA1(securityToken.getSha1Identifier());
        if (securityToken.getTokenType() != null) {
            if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KERBEROS_TOKEN) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_11_TOKEN) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SAML_20_TOKEN) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SECURE_CONVERSATION_TOKEN || securityToken.getTokenType() == WSSecurityTokenConstants.SECURITY_CONTEXT_TOKEN) {
                securityToken2.setTokenType("http://schemas.xmlsoap.org/ws/2005/02/sc");
            }
        }
        Iterator<Map.Entry<String, Key>> it = securityToken.getSecretKey().entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, Key> next = it.next();
            if (next.getValue() != null) {
                securityToken2.setKey(next.getValue());
                if (next.getValue() instanceof SecretKey) {
                    securityToken2.setSecret(next.getValue().getEncoded());
                }
            }
        }
        TokenStoreUtils.getTokenStore(message).add(securityToken2);
        return securityToken2.getId();
    }

    public static SoapFault createSoapFault(SoapMessage soapMessage, SoapVersion soapVersion, WSSecurityException wSSecurityException) {
        String message;
        QName faultCode;
        SoapFault soapFault;
        if (MessageUtils.getContextualBoolean(soapMessage, SecurityConstants.RETURN_SECURITY_ERROR, false) || MessageUtils.isRequestor(soapMessage)) {
            message = wSSecurityException.getMessage();
            faultCode = wSSecurityException.getFaultCode();
        } else {
            message = wSSecurityException.getSafeExceptionMessage();
            faultCode = wSSecurityException.getSafeFaultCode();
        }
        if (soapVersion.getVersion() != 1.1d || faultCode == null) {
            soapFault = new SoapFault(message, wSSecurityException, soapVersion.getSender());
            if (soapVersion.getVersion() != 1.1d && faultCode != null) {
                soapFault.setSubCode(faultCode);
            }
        } else {
            soapFault = new SoapFault(message, wSSecurityException, faultCode);
        }
        return soapFault;
    }

    public static Properties getProps(Object obj, URL url) {
        Properties properties = null;
        if (obj instanceof Properties) {
            properties = (Properties) obj;
        } else if (url != null) {
            try {
                properties = new Properties();
                InputStream openStream = url.openStream();
                Throwable th = null;
                try {
                    try {
                        properties.load(openStream);
                        if (openStream != null) {
                            if (0 != 0) {
                                try {
                                    openStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                openStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } catch (IOException e) {
                properties = null;
            }
        }
        return properties;
    }

    public static PasswordEncryptor getPasswordEncryptor(Message message) {
        if (message == null) {
            return null;
        }
        PasswordEncryptor passwordEncryptor = (PasswordEncryptor) message.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
        if (passwordEncryptor != null) {
            return passwordEncryptor;
        }
        try {
            CallbackHandler callbackHandler = SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(org.apache.cxf.rt.security.SecurityConstants.CALLBACK_HANDLER, message));
            if (callbackHandler != null) {
                return new JasyptPasswordEncryptor(callbackHandler);
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    public static Crypto loadCryptoFromPropertiesFile(Message message, String str, ClassLoader classLoader, PasswordEncryptor passwordEncryptor) throws WSSecurityException {
        try {
            URL loadResource = SecurityUtils.loadResource(message, str);
            if (loadResource != null) {
                Properties properties = new Properties();
                InputStream openStream = loadResource.openStream();
                Throwable th = null;
                try {
                    try {
                        properties.load(openStream);
                        if (openStream != null) {
                            if (0 != 0) {
                                try {
                                    openStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                openStream.close();
                            }
                        }
                        return CryptoFactory.getInstance(properties, classLoader, passwordEncryptor);
                    } finally {
                    }
                } finally {
                }
            }
        } catch (Exception e) {
        }
        return CryptoFactory.getInstance(str, classLoader);
    }

    public static Crypto getEncryptionCrypto(Object obj, SoapMessage soapMessage, PasswordEncryptor passwordEncryptor) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, SecurityUtils.loadResource(soapMessage, obj));
            if (props == null) {
                LOG.fine("Cannot find Crypto Encryption properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Encryption properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), passwordEncryptor);
            EndpointInfo endpointInfo = soapMessage.getExchange().getEndpoint().getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(org.apache.cxf.rt.security.SecurityConstants.ENCRYPT_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    public static Crypto getSignatureCrypto(Object obj, SoapMessage soapMessage, PasswordEncryptor passwordEncryptor) throws WSSecurityException {
        Crypto crypto = null;
        if (obj instanceof Crypto) {
            crypto = (Crypto) obj;
        } else if (obj != null) {
            Properties props = getProps(obj, SecurityUtils.loadResource(soapMessage, obj));
            if (props == null) {
                LOG.fine("Cannot find Crypto Signature properties: " + obj);
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, new Exception("Cannot find Crypto Signature properties: " + obj));
            }
            crypto = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), passwordEncryptor);
            EndpointInfo endpointInfo = soapMessage.getExchange().getEndpoint().getEndpointInfo();
            synchronized (endpointInfo) {
                endpointInfo.setProperty(org.apache.cxf.rt.security.SecurityConstants.SIGNATURE_CRYPTO, crypto);
            }
        }
        return crypto;
    }

    public static X509Certificate getReqSigCert(List<WSHandlerResult> list) {
        if (list == null || list.isEmpty()) {
            return null;
        }
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            List<WSSecurityEngineResult> list2 = it.next().getActionResults().get(2);
            if (list2 != null && !list2.isEmpty()) {
                for (WSSecurityEngineResult wSSecurityEngineResult : list2) {
                    if (wSSecurityEngineResult.containsKey("x509-certificate")) {
                        return (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
                    }
                }
            }
        }
        return null;
    }
}
