package org.apache.wss4j.dom.message.token;

import com.braintreegateway.util.NodeWrapper;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.security.Principal;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.TimeZone;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.WSCurrentTimeSource;
import org.apache.wss4j.common.util.WSTimeSource;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-310-02.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/message/token/UsernameToken.class */
public class UsernameToken {
    public static final String BASE64_ENCODING = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    public static final String PASSWORD_TYPE = "passwordType";
    public static final int DEFAULT_ITERATION = 1000;
    public static final QName TOKEN = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
    private static final Logger LOG = LoggerFactory.getLogger(UsernameToken.class);
    private static final boolean DO_DEBUG = LOG.isDebugEnabled();
    private Element element;
    private Element elementUsername;
    private Element elementPassword;
    private Element elementNonce;
    private Element elementCreated;
    private Element elementSalt;
    private Element elementIteration;
    private String passwordType;
    private boolean hashed;
    private String rawPassword;
    private boolean passwordsAreEncoded;
    private Date createdDate;

    public UsernameToken(Element element, boolean z, BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String created;
        String elementText;
        int parseInt;
        this.hashed = true;
        this.element = element;
        QName qName = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
        if (!qName.equals(TOKEN)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badElement", new Object[]{TOKEN, qName});
        }
        this.elementUsername = XMLUtils.getDirectChildElement(this.element, "Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementPassword = XMLUtils.getDirectChildElement(this.element, "Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementNonce = XMLUtils.getDirectChildElement(this.element, "Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementCreated = XMLUtils.getDirectChildElement(this.element, "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        this.elementSalt = XMLUtils.getDirectChildElement(this.element, "Salt", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        this.elementIteration = XMLUtils.getDirectChildElement(this.element, "Iteration", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        if (this.elementUsername == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Username is missing"});
        }
        checkBSPCompliance(bSPEnforcer);
        this.hashed = false;
        if (this.elementSalt != null) {
            if (this.elementPassword != null || this.elementIteration == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Password is missing"});
            }
            return;
        }
        if (this.elementIteration != null && (elementText = XMLUtils.getElementText(this.elementIteration)) != null && ((parseInt = Integer.parseInt(elementText)) < 0 || parseInt > 10000)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Iteration is missing"});
        }
        if (this.elementPassword != null) {
            if (this.elementPassword.hasAttributeNS(null, "Type")) {
                this.passwordType = this.elementPassword.getAttributeNS(null, "Type");
            } else if (this.elementPassword.hasAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type")) {
                if (!z) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"The Password Type is not allowed to be namespace qualified"});
                }
                this.passwordType = this.elementPassword.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type");
            }
        }
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest".equals(this.passwordType)) {
            this.hashed = true;
            if (this.elementNonce == null || this.elementCreated == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Nonce or Created is missing"});
            }
        }
        if (this.elementCreated == null || (created = getCreated()) == null || "".equals(created)) {
            return;
        }
        try {
            this.createdDate = WSSConfig.DATATYPE_FACTORY.newXMLGregorianCalendar(created).toGregorianCalendar().getTime();
        } catch (IllegalArgumentException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e, "badUsernameToken", new Object[]{"Error parsing UsernameToken Created value"});
        }
    }

    public UsernameToken(boolean z, Document document) {
        this(z, document, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
    }

    public UsernameToken(boolean z, Document document, String str) {
        this(z, document, new WSCurrentTimeSource(), str);
    }

    public UsernameToken(boolean z, Document document, WSTimeSource wSTimeSource, String str) {
        this.hashed = true;
        this.element = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:UsernameToken");
        this.elementUsername = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Username");
        this.elementUsername.appendChild(document.createTextNode(""));
        this.element.appendChild(this.elementUsername);
        if (str != null) {
            this.elementPassword = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Password");
            this.elementPassword.appendChild(document.createTextNode(""));
            this.element.appendChild(this.elementPassword);
            this.passwordType = str;
            if (!this.passwordType.equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest")) {
                this.hashed = false;
            } else {
                addNonce(document);
                addCreated(z, wSTimeSource, document);
            }
        }
    }

    public void addWSSENamespace() {
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
    }

    public void addWSUNamespace() {
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
    }

    public void addNonce(Document document) {
        if (this.elementNonce != null) {
            return;
        }
        try {
            byte[] generateNonce = WSSecurityUtil.generateNonce(16);
            this.elementNonce = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Nonce");
            this.elementNonce.appendChild(document.createTextNode(Base64.encode(generateNonce)));
            this.elementNonce.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
            this.element.appendChild(this.elementNonce);
        } catch (WSSecurityException e) {
            LOG.debug(e.getMessage(), e);
        }
    }

    public void addCreated(boolean z, Document document) {
        addCreated(z, new WSCurrentTimeSource(), document);
    }

    public void addCreated(boolean z, WSTimeSource wSTimeSource, Document document) {
        DateFormat simpleDateFormat;
        if (this.elementCreated != null) {
            return;
        }
        if (z) {
            simpleDateFormat = new XmlSchemaDateFormat();
        } else {
            simpleDateFormat = new SimpleDateFormat(NodeWrapper.DATE_TIME_FORMAT);
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        }
        this.elementCreated = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
        this.elementCreated.appendChild(document.createTextNode(simpleDateFormat.format(wSTimeSource.now())));
        this.element.appendChild(this.elementCreated);
    }

    public byte[] addSalt(Document document, byte[] bArr, boolean z) {
        if (bArr == null) {
            bArr = UsernameTokenUtil.generateSalt(z);
        }
        this.elementSalt = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Salt");
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementSalt.appendChild(document.createTextNode(Base64.encode(bArr)));
        this.element.appendChild(this.elementSalt);
        return bArr;
    }

    public void addIteration(Document document, int i) {
        this.elementIteration = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Iteration");
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementIteration.appendChild(document.createTextNode("" + i));
        this.element.appendChild(this.elementIteration);
    }

    public String getName() {
        return XMLUtils.getElementText(this.elementUsername);
    }

    public void setName(String str) {
        getFirstNode(this.elementUsername).setData(str);
    }

    public String getNonce() {
        return XMLUtils.getElementText(this.elementNonce);
    }

    public String getCreated() {
        return XMLUtils.getElementText(this.elementCreated);
    }

    public Date getCreatedDate() {
        return this.createdDate;
    }

    public String getPassword() {
        String elementText = XMLUtils.getElementText(this.elementPassword);
        return (elementText != null || this.elementPassword == null) ? elementText : "";
    }

    public boolean containsPasswordElement() {
        return this.elementPassword != null;
    }

    public byte[] getSalt() throws WSSecurityException {
        String elementText = XMLUtils.getElementText(this.elementSalt);
        if (elementText == null) {
            return null;
        }
        try {
            return Base64.decode(elementText);
        } catch (Base64DecodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
        }
    }

    public int getIteration() {
        String elementText = XMLUtils.getElementText(this.elementIteration);
        if (elementText != null) {
            return Integer.parseInt(elementText);
        }
        return 1000;
    }

    public boolean isHashed() {
        return this.hashed;
    }

    public String getPasswordType() {
        return this.passwordType;
    }

    public void setPassword(String str) {
        if (str == null) {
            if (this.passwordType != null) {
                throw new IllegalArgumentException("pwd == null but a password is needed");
            }
            return;
        }
        this.rawPassword = str;
        Text firstNode = getFirstNode(this.elementPassword);
        try {
            if (!this.hashed) {
                firstNode.setData(str);
            } else if (this.passwordsAreEncoded) {
                firstNode.setData(doPasswordDigest(getNonce(), getCreated(), Base64.decode(str)));
            } else {
                firstNode.setData(doPasswordDigest(getNonce(), getCreated(), str));
            }
            if (this.passwordType != null) {
                this.elementPassword.setAttributeNS(null, "Type", this.passwordType);
            }
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
    }

    public void setRawPassword(CallbackHandler callbackHandler) throws WSSecurityException {
        if (callbackHandler == null) {
            LOG.debug("CallbackHandler is null");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(getName(), getPassword(), getPasswordType(), 2);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            this.rawPassword = wSPasswordCallback.getPassword();
        } catch (IOException | UnsupportedCallbackException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(e.getMessage(), e);
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, e);
        }
    }

    public void setPasswordsAreEncoded(boolean z) {
        this.passwordsAreEncoded = z;
    }

    public boolean getPasswordsAreEncoded() {
        return this.passwordsAreEncoded;
    }

    public static String doPasswordDigest(String str, String str2, byte[] bArr) {
        String str3 = null;
        try {
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            byte[] bytes = str2 != null ? str2.getBytes(StandardCharsets.UTF_8) : new byte[0];
            byte[] bArr2 = new byte[decode.length + bytes.length + bArr.length];
            System.arraycopy(decode, 0, bArr2, 0, decode.length);
            int length = 0 + decode.length;
            System.arraycopy(bytes, 0, bArr2, length, bytes.length);
            System.arraycopy(bArr, 0, bArr2, length + bytes.length, bArr.length);
            str3 = Base64.encode(KeyUtils.generateDigest(bArr2));
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return str3;
    }

    public static String doPasswordDigest(String str, String str2, String str3) {
        String str4 = null;
        try {
            str4 = doPasswordDigest(str, str2, str3.getBytes(StandardCharsets.UTF_8));
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return str4;
    }

    private Text getFirstNode(Element element) {
        Node firstChild = element.getFirstChild();
        if (firstChild == null || 3 != firstChild.getNodeType()) {
            return null;
        }
        return (Text) firstChild;
    }

    public Element getElement() {
        return this.element;
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    public String getID() {
        return this.element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
    }

    public void setID(String str) {
        this.element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", str);
    }

    public byte[] getDerivedKey(BSPEnforcer bSPEnforcer) throws WSSecurityException {
        if (this.rawPassword == null) {
            LOG.debug("The raw password was null");
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        if (this.elementSalt == null) {
            bSPEnforcer.handleBSPRule(BSPRule.R4217);
        }
        if (this.elementIteration == null) {
            bSPEnforcer.handleBSPRule(BSPRule.R4218);
        } else {
            String elementText = XMLUtils.getElementText(this.elementIteration);
            if (elementText == null || Integer.parseInt(elementText) < 1000) {
                bSPEnforcer.handleBSPRule(BSPRule.R4218);
            }
        }
        int iteration = getIteration();
        byte[] salt = getSalt();
        if (!this.passwordsAreEncoded) {
            return UsernameTokenUtil.generateDerivedKey(this.rawPassword, salt, iteration);
        }
        try {
            return UsernameTokenUtil.generateDerivedKey(Base64.decode(this.rawPassword), salt, iteration);
        } catch (Base64DecodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
        }
    }

    public boolean isDerivedKey() throws WSSecurityException {
        return (this.elementSalt == null || this.elementIteration == null) ? false : true;
    }

    public Principal createPrincipal() throws WSSecurityException {
        try {
            WSUsernameTokenPrincipalImpl wSUsernameTokenPrincipalImpl = new WSUsernameTokenPrincipalImpl(getName(), isHashed());
            wSUsernameTokenPrincipalImpl.setNonce(Base64.decode(getNonce()));
            wSUsernameTokenPrincipalImpl.setPassword(getPassword());
            wSUsernameTokenPrincipalImpl.setCreatedTime(getCreated());
            return wSUsernameTokenPrincipalImpl;
        } catch (Base64DecodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
        }
    }

    public boolean verifyCreated(int i, int i2) {
        return DateUtil.verifyCreated(this.createdDate, i, i2);
    }

    public int hashCode() {
        int i = 17;
        String name = getName();
        if (name != null) {
            i = (31 * 17) + name.hashCode();
        }
        String password = getPassword();
        if (password != null) {
            i = (31 * i) + password.hashCode();
        }
        String passwordType = getPasswordType();
        if (passwordType != null) {
            i = (31 * i) + passwordType.hashCode();
        }
        String nonce = getNonce();
        if (nonce != null) {
            i = (31 * i) + nonce.hashCode();
        }
        String created = getCreated();
        if (created != null) {
            i = (31 * i) + created.hashCode();
        }
        try {
            byte[] salt = getSalt();
            if (salt != null) {
                i = (31 * i) + Arrays.hashCode(salt);
            }
        } catch (WSSecurityException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return (31 * i) + Integer.valueOf(getIteration()).hashCode();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof UsernameToken)) {
            return false;
        }
        UsernameToken usernameToken = (UsernameToken) obj;
        if (!compare(usernameToken.getName(), getName()) || !compare(usernameToken.getPassword(), getPassword()) || !compare(usernameToken.getPasswordType(), getPasswordType()) || !compare(usernameToken.getNonce(), getNonce()) || !compare(usernameToken.getCreated(), getCreated())) {
            return false;
        }
        try {
            if (!Arrays.equals(usernameToken.getSalt(), getSalt())) {
                return false;
            }
        } catch (WSSecurityException e) {
            if (LOG.isDebugEnabled()) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return usernameToken.getIteration() == getIteration();
    }

    private boolean compare(String str, String str2) {
        if (str != null || str2 == null) {
            return str == null || str.equals(str2);
        }
        return false;
    }

    private void checkBSPCompliance(BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String attributeNS;
        List<Element> directChildElements = WSSecurityUtil.getDirectChildElements(this.element, "Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        if (directChildElements.size() > 1) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("The Username Token had more than one password element");
            }
            bSPEnforcer.handleBSPRule(BSPRule.R4222);
        }
        if (directChildElements.size() == 1 && ((attributeNS = directChildElements.get(0).getAttributeNS(null, "Type")) == null || "".equals(attributeNS))) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("The Username Token password does not have a Type attribute");
            }
            bSPEnforcer.handleBSPRule(BSPRule.R4201);
        }
        if (WSSecurityUtil.getDirectChildElements(this.element, "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd").size() > 1) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("The Username Token has more than one created element");
            }
            bSPEnforcer.handleBSPRule(BSPRule.R4223);
        }
        List<Element> directChildElements2 = WSSecurityUtil.getDirectChildElements(this.element, "Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        if (directChildElements2.size() > 1) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("The Username Token has more than one nonce element");
            }
            bSPEnforcer.handleBSPRule(BSPRule.R4225);
        }
        if (directChildElements2.size() == 1) {
            String attributeNS2 = directChildElements2.get(0).getAttributeNS(null, "EncodingType");
            if (attributeNS2 == null || "".equals(attributeNS2)) {
                bSPEnforcer.handleBSPRule(BSPRule.R4220);
            } else {
                if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(attributeNS2)) {
                    return;
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("The Username Token's nonce element has a bad encoding type");
                }
                bSPEnforcer.handleBSPRule(BSPRule.R4221);
            }
        }
    }
}
