package org.apache.cxf.ws.security.policy.interceptors;

import java.security.NoSuchAlgorithmException;
import java.util.Date;
import java.util.logging.Logger;
import javax.xml.stream.XMLStreamException;
import javax.xml.transform.dom.DOMSource;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Exchange;
import org.apache.cxf.message.MessageContentsList;
import org.apache.cxf.service.invoker.Invoker;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.ws.addressing.AddressingProperties;
import org.apache.cxf.ws.addressing.AttributedURIType;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.derivedKey.ConversationConstants;
import org.apache.wss4j.common.derivedKey.P_SHA1;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.SecurityContextToken;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.XmlSchemaDateFormat;
import org.apache.xml.security.utils.Base64;
import org.opensaml.soap.wstrust.BinaryExchange;
import org.opensaml.soap.wstrust.BinarySecret;
import org.opensaml.soap.wstrust.CancelTarget;
import org.opensaml.soap.wstrust.ComputedKey;
import org.opensaml.soap.wstrust.Entropy;
import org.opensaml.soap.wstrust.Lifetime;
import org.opensaml.soap.wstrust.RenewTarget;
import org.opensaml.soap.wstrust.RequestSecurityToken;
import org.opensaml.soap.wstrust.RequestSecurityTokenResponseCollection;
import org.opensaml.soap.wstrust.RequestedProofToken;
import org.opensaml.soap.wstrust.RequestedTokenCancelled;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-343-07.zip:modules/system/layers/fuse/org/apache/cxf/3.1/cxf-rt-ws-security-3.1.5.redhat-630343-07.jar:org/apache/cxf/ws/security/policy/interceptors/STSInvoker.class */
abstract class STSInvoker implements Invoker {
    private static final Logger LOG = LogUtils.getL7dLogger(STSInvoker.class);

    @Override // org.apache.cxf.service.invoker.Invoker
    public Object invoke(Exchange exchange, Object obj) {
        AddressingProperties addressingProperties = (AddressingProperties) exchange.getInMessage().getContextualProperty("javax.xml.ws.addressing.context.inbound");
        if (addressingProperties != null) {
            AddressingProperties createCompatibleResponseProperties = addressingProperties.createCompatibleResponseProperties();
            AttributedURIType attributedURIType = new AttributedURIType();
            attributedURIType.setValue(addressingProperties.getAction().getValue().replace("/RST/", "/RSTR/"));
            createCompatibleResponseProperties.setAction(attributedURIType);
            exchange.getOutMessage().put("javax.xml.ws.addressing.context.outbound", createCompatibleResponseProperties);
        }
        Node node = ((DOMSource) ((MessageContentsList) obj).get(0)).getNode();
        Element documentElement = node instanceof Document ? ((Document) node).getDocumentElement() : (Element) node;
        String namespaceURI = documentElement.getNamespaceURI();
        String prefix = documentElement.getPrefix();
        SecurityToken securityToken = null;
        if (!RequestSecurityToken.ELEMENT_LOCAL_NAME.equals(documentElement.getLocalName())) {
            throw new Fault("Unknown SecureConversation element: " + documentElement.getLocalName(), LOG);
        }
        try {
            String str = null;
            Element element = null;
            String str2 = null;
            for (Element firstElement = DOMUtils.getFirstElement(documentElement); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
                String localName = firstElement.getLocalName();
                if (namespaceURI.equals(firstElement.getNamespaceURI())) {
                    if ("RequestType".equals(localName)) {
                        str = firstElement.getTextContent();
                    } else if (CancelTarget.ELEMENT_LOCAL_NAME.equals(localName) || RenewTarget.ELEMENT_LOCAL_NAME.equals(localName)) {
                        securityToken = findCancelOrRenewToken(exchange, firstElement);
                    } else if (BinaryExchange.ELEMENT_LOCAL_NAME.equals(localName)) {
                        element = firstElement;
                    } else if ("TokenType".equals(localName)) {
                        str2 = DOMUtils.getContent(firstElement);
                    }
                }
            }
            if (str == null) {
                str = "/Issue";
            }
            if (str.endsWith("/Issue") && !STSUtils.getTokenTypeSCT(namespaceURI).equals(str2)) {
                throw new Exception("Unknown token type: " + str2);
            }
            W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
            w3CDOMStreamWriter.setNsRepairing(true);
            if (str.endsWith("/Issue")) {
                doIssue(documentElement, exchange, element, w3CDOMStreamWriter, prefix, namespaceURI);
            } else if (str.endsWith("/Cancel")) {
                doCancel(exchange, securityToken, w3CDOMStreamWriter, prefix, namespaceURI);
            } else if (str.endsWith("/Renew")) {
                doRenew(documentElement, exchange, securityToken, element, w3CDOMStreamWriter, prefix, namespaceURI);
            }
            return new MessageContentsList(new DOMSource(w3CDOMStreamWriter.getDocument()));
        } catch (RuntimeException e) {
            throw e;
        } catch (Exception e2) {
            throw new Fault(e2);
        }
    }

    abstract void doIssue(Element element, Exchange exchange, Element element2, W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) throws Exception;

    abstract void doRenew(Element element, Exchange exchange, SecurityToken securityToken, Element element2, W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) throws Exception;

    private void doCancel(Exchange exchange, SecurityToken securityToken, W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) throws Exception {
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(str2)) {
            w3CDOMStreamWriter.writeStartElement(str, RequestSecurityTokenResponseCollection.ELEMENT_LOCAL_NAME, str2);
        }
        w3CDOMStreamWriter.writeStartElement(str, "RequestSecurityTokenResponse", str2);
        ((TokenStore) exchange.getEndpoint().getEndpointInfo().getProperty(TokenStore.class.getName())).remove(securityToken.getId());
        exchange.put(SecurityConstants.TOKEN, securityToken);
        w3CDOMStreamWriter.writeEmptyElement(str, RequestedTokenCancelled.ELEMENT_LOCAL_NAME, str2);
        w3CDOMStreamWriter.writeEndElement();
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(str2)) {
            w3CDOMStreamWriter.writeEndElement();
        }
    }

    private SecurityToken findCancelOrRenewToken(Exchange exchange, Element element) throws WSSecurityException {
        Element firstElement = DOMUtils.getFirstElement(element);
        return ((TokenStore) exchange.getEndpoint().getEndpointInfo().getProperty(TokenStore.class.getName())).getToken("SecurityContextToken".equals(firstElement.getLocalName()) ? new SecurityContextToken(firstElement).getIdentifier() : new SecurityTokenReference(firstElement, new BSPEnforcer()).getReference().getURI());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public byte[] writeProofToken(String str, String str2, W3CDOMStreamWriter w3CDOMStreamWriter, byte[] bArr, int i) throws NoSuchAlgorithmException, WSSecurityException, XMLStreamException {
        byte[] createKey;
        w3CDOMStreamWriter.writeStartElement(str, RequestedProofToken.ELEMENT_LOCAL_NAME, str2);
        if (bArr == null) {
            createKey = WSSecurityUtil.generateNonce(i / 8);
            w3CDOMStreamWriter.writeStartElement(str, BinarySecret.ELEMENT_LOCAL_NAME, str2);
            w3CDOMStreamWriter.writeAttribute("Type", str2 + "/Nonce");
            w3CDOMStreamWriter.writeCharacters(Base64.encode(createKey));
            w3CDOMStreamWriter.writeEndElement();
        } else {
            byte[] generateNonce = WSSecurityUtil.generateNonce(i / 8);
            createKey = new P_SHA1().createKey(bArr, generateNonce, 0, i / 8);
            w3CDOMStreamWriter.writeStartElement(str, ComputedKey.ELEMENT_LOCAL_NAME, str2);
            w3CDOMStreamWriter.writeCharacters(str2 + "/CK/PSHA1");
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeStartElement(str, Entropy.ELEMENT_LOCAL_NAME, str2);
            w3CDOMStreamWriter.writeStartElement(str, BinarySecret.ELEMENT_LOCAL_NAME, str2);
            w3CDOMStreamWriter.writeAttribute("Type", str2 + "/Nonce");
            w3CDOMStreamWriter.writeCharacters(Base64.encode(generateNonce));
            w3CDOMStreamWriter.writeEndElement();
        }
        w3CDOMStreamWriter.writeEndElement();
        return createKey;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Element writeSecurityTokenReference(W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2) {
        Reference reference = new Reference(w3CDOMStreamWriter.getDocument());
        reference.setURI(str);
        if (str2 != null) {
            reference.setValueType(str2);
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(w3CDOMStreamWriter.getDocument());
        securityTokenReference.addWSSENamespace();
        securityTokenReference.setReference(reference);
        w3CDOMStreamWriter.getCurrentNode().appendChild(securityTokenReference.getElement());
        return securityTokenReference.getElement();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Element writeSecurityTokenReference(W3CDOMStreamWriter w3CDOMStreamWriter, String str, String str2, String str3) {
        Reference reference = new Reference(w3CDOMStreamWriter.getDocument());
        reference.setURI(str);
        if (str3 != null) {
            reference.setValueType(str3);
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(w3CDOMStreamWriter.getDocument());
        securityTokenReference.addWSSENamespace();
        securityTokenReference.setReference(reference);
        if (str2 != null) {
            try {
                Element firstElement = securityTokenReference.getFirstElement();
                if (firstElement != null) {
                    firstElement.setAttributeNS(ConversationConstants.getWSCNs(NegotiationUtils.getWSCVersion(str3)), "wsc:Instance", str2);
                }
            } catch (WSSecurityException e) {
            }
        }
        w3CDOMStreamWriter.getCurrentNode().appendChild(securityTokenReference.getElement());
        return securityTokenReference.getElement();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void writeLifetime(W3CDOMStreamWriter w3CDOMStreamWriter, Date date, Date date2, String str, String str2) throws Exception {
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        w3CDOMStreamWriter.writeStartElement(str, Lifetime.ELEMENT_LOCAL_NAME, str2);
        w3CDOMStreamWriter.writeNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        w3CDOMStreamWriter.writeStartElement("wsu", "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        w3CDOMStreamWriter.writeCharacters(xmlSchemaDateFormat.format(Long.valueOf(date.getTime())));
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wsu", "Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        w3CDOMStreamWriter.writeCharacters(xmlSchemaDateFormat.format(Long.valueOf(date2.getTime())));
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
    }
}
