package org.apache.wss4j.dom.handler;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.regex.Pattern;
import java.util.regex.PatternSyntaxException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.wss4j.common.ConfigurationConstants;
import org.apache.wss4j.common.EncryptionActionToken;
import org.apache.wss4j.common.SignatureActionToken;
import org.apache.wss4j.common.SignatureEncryptionActionToken;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.token.SignatureConfirmation;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-464.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/handler/WSHandler.class */
public abstract class WSHandler {
    private static final Logger LOG = LoggerFactory.getLogger(WSHandler.class);
    protected Map<String, Crypto> cryptos = new ConcurrentHashMap();
    private boolean doDebug = LOG.isDebugEnabled();

    /* JADX INFO: Access modifiers changed from: protected */
    public void doSenderAction(Document document, RequestData requestData, List<HandlerAction> list, boolean z) throws WSSecurityException {
        WSSConfig wssConfig = requestData.getWssConfig();
        if (wssConfig == null) {
            wssConfig = WSSConfig.getNewInstance();
            requestData.setWssConfig(wssConfig);
        }
        Object msgContext = requestData.getMsgContext();
        requestData.setEncodePasswords(decodeBooleanConfigValue(msgContext, WSHandlerConstants.USE_ENCODED_PASSWORDS, false));
        requestData.setPrecisionInMilliSeconds(decodeBooleanConfigValue(msgContext, ConfigurationConstants.TIMESTAMP_PRECISION, true));
        requestData.setAddInclusivePrefixes(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ADD_INCLUSIVE_PREFIXES, true));
        requestData.setEnableSignatureConfirmation(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, false));
        requestData.setTimeStampTTL(decodeTimeToLive(requestData, true));
        String string = getString("actor", msgContext);
        requestData.setActor(string);
        WSSecHeader wSSecHeader = new WSSecHeader(string, decodeBooleanConfigValue(msgContext, "mustUnderstand", true), document);
        wSSecHeader.insertSecurityHeader();
        requestData.setSecHeader(wSSecHeader);
        requestData.setSoapConstants(WSSecurityUtil.getSOAPConstants(document.getDocumentElement()));
        if (requestData.getCallbackHandler() == null) {
            requestData.setCallbackHandler(getPasswordCallbackHandler(requestData));
        }
        boolean decodeBooleanConfigValue = decodeBooleanConfigValue(msgContext, ConfigurationConstants.STORE_BYTES_IN_ATTACHMENT, false);
        requestData.setStoreBytesInAttachment(decodeBooleanConfigValue);
        boolean z2 = false;
        for (HandlerAction handlerAction : list) {
            if (handlerAction.getAction().intValue() == 128) {
                requestData.setEnableSignatureConfirmation(true);
            } else if (handlerAction.getAction().intValue() == 1 && handlerAction.getActionToken() == null) {
                decodeUTParameter(requestData);
            } else if (handlerAction.getAction().intValue() == 64 && handlerAction.getActionToken() == null) {
                decodeUTParameter(requestData);
                decodeSignatureParameter(requestData);
            } else if ((handlerAction.getAction().intValue() == 2 || handlerAction.getAction().intValue() == 32768) && handlerAction.getActionToken() == null) {
                SignatureActionToken signatureToken = requestData.getSignatureToken();
                if (signatureToken == null) {
                    signatureToken = new SignatureActionToken();
                    requestData.setSignatureToken(signatureToken);
                }
                if (signatureToken.getCrypto() == null) {
                    signatureToken.setCrypto(loadSignatureCrypto(requestData));
                }
                decodeSignatureParameter(requestData);
                if (z2 && decodeBooleanConfigValue) {
                    LOG.warn("Turning off storeBytesInAttachment as we have encryption before signature. The danger here is that the actual encryption bytes will not be signed");
                    requestData.setStoreBytesInAttachment(false);
                }
            } else if (handlerAction.getAction().intValue() == 16 && handlerAction.getActionToken() == null) {
                decodeSignatureParameter(requestData);
            } else if (handlerAction.getAction().intValue() == 4 || handlerAction.getAction().intValue() == 65536) {
                if (handlerAction.getActionToken() == null) {
                    z2 = true;
                    EncryptionActionToken encryptionToken = requestData.getEncryptionToken();
                    if (encryptionToken == null) {
                        encryptionToken = new EncryptionActionToken();
                        requestData.setEncryptionToken(encryptionToken);
                    }
                    if (encryptionToken.getCrypto() == null) {
                        encryptionToken.setCrypto(loadEncryptionCrypto(requestData));
                    }
                    decodeEncryptionParameter(requestData);
                }
            }
        }
        SignatureActionToken signatureToken2 = requestData.getSignatureToken();
        if (signatureToken2 == null) {
            signatureToken2 = new SignatureActionToken();
            requestData.setSignatureToken(signatureToken2);
        }
        if (signatureToken2.getParts().isEmpty()) {
            signatureToken2.getParts().add(WSSecurityUtil.getDefaultEncryptionPart(document));
        }
        if (requestData.isEnableSignatureConfirmation() && !z && ((String) getProperty(requestData.getMsgContext(), WSHandlerConstants.SIG_CONF_DONE)) == null) {
            wssConfig.getAction(128).execute(this, null, document, requestData);
        }
        List<HandlerAction> list2 = list;
        HandlerAction signatureActionThatSignsATimestamp = getSignatureActionThatSignsATimestamp(list, requestData);
        if (signatureActionThatSignsATimestamp != null) {
            list2 = new ArrayList(list);
            Collections.copy(list2, list);
            int indexOf = list.indexOf(signatureActionThatSignsATimestamp);
            list2.remove(signatureActionThatSignsATimestamp);
            list2.add(signatureActionThatSignsATimestamp);
            requestData.setAppendSignatureAfterTimestamp(true);
            requestData.setOriginalSignatureActionPosition(indexOf);
        }
        for (HandlerAction handlerAction2 : list2) {
            if (this.doDebug) {
                LOG.debug("Performing Action: " + handlerAction2.getAction());
            }
            if (0 != handlerAction2.getAction().intValue()) {
                wssConfig.getAction(handlerAction2.getAction().intValue()).execute(this, handlerAction2.getActionToken(), document, requestData);
            }
        }
        if (requestData.isEnableSignatureConfirmation() && z && requestData.getSignatureValues().size() > 0) {
            Set set = (Set) getProperty(requestData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
            if (set == null) {
                set = new HashSet();
                setProperty(requestData.getMsgContext(), WSHandlerConstants.SEND_SIGV, set);
            }
            Iterator<byte[]> it = requestData.getSignatureValues().iterator();
            while (it.hasNext()) {
                set.add(Integer.valueOf(Arrays.hashCode(it.next())));
            }
        }
    }

    private HandlerAction getSignatureActionThatSignsATimestamp(List<HandlerAction> list, RequestData requestData) {
        for (HandlerAction handlerAction : list) {
            if (handlerAction.getAction().intValue() == 32) {
                return null;
            }
            if (handlerAction.getAction().intValue() == 2) {
                if (handlerAction.getActionToken() == null || ((SignatureEncryptionActionToken) handlerAction.getActionToken()).getParts() == null) {
                    for (WSEncryptionPart wSEncryptionPart : requestData.getSignatureToken().getParts()) {
                        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(wSEncryptionPart.getNamespace()) && "Timestamp".equals(wSEncryptionPart.getName())) {
                            return handlerAction;
                        }
                    }
                } else {
                    for (WSEncryptionPart wSEncryptionPart2 : ((SignatureEncryptionActionToken) handlerAction.getActionToken()).getParts()) {
                        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(wSEncryptionPart2.getNamespace()) && "Timestamp".equals(wSEncryptionPart2.getName())) {
                            return handlerAction;
                        }
                    }
                }
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doReceiverAction(List<Integer> list, RequestData requestData) throws WSSecurityException {
        if (requestData.getWssConfig() == null) {
            requestData.setWssConfig(WSSConfig.getNewInstance());
        }
        Object msgContext = requestData.getMsgContext();
        requestData.setEnableSignatureConfirmation(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ENABLE_SIGNATURE_CONFIRMATION, false) || list.contains(128));
        requestData.setTimeStampStrict(decodeBooleanConfigValue(msgContext, ConfigurationConstants.TIMESTAMP_STRICT, true));
        requestData.setRequiredPasswordType(decodePasswordType(requestData));
        requestData.setTimeStampTTL(decodeTimeToLive(requestData, true));
        requestData.setTimeStampFutureTTL(decodeFutureTimeToLive(requestData, true));
        requestData.setUtTTL(decodeTimeToLive(requestData, false));
        requestData.setUtFutureTTL(decodeFutureTimeToLive(requestData, false));
        requestData.setHandleCustomPasswordTypes(decodeBooleanConfigValue(msgContext, ConfigurationConstants.HANDLE_CUSTOM_PASSWORD_TYPES, false));
        requestData.setEncodePasswords(decodeBooleanConfigValue(msgContext, WSHandlerConstants.USE_ENCODED_PASSWORDS, false));
        requestData.setAllowNamespaceQualifiedPasswordTypes(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ALLOW_NAMESPACE_QUALIFIED_PASSWORD_TYPES, false));
        requestData.setAllowUsernameTokenNoPassword(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ALLOW_USERNAMETOKEN_NOPASSWORD, false));
        requestData.setValidateSamlSubjectConfirmation(decodeBooleanConfigValue(msgContext, ConfigurationConstants.VALIDATE_SAML_SUBJECT_CONFIRMATION, true));
        if (!decodeBooleanConfigValue(msgContext, ConfigurationConstants.IS_BSP_COMPLIANT, true)) {
            requestData.setDisableBSPEnforcement(true);
        }
        if (requestData.getCallbackHandler() == null) {
            requestData.setCallbackHandler(getPasswordCallbackHandler(requestData));
        }
        if (list.contains(2) || list.contains(16) || list.contains(8)) {
            decodeSignatureParameter2(requestData);
        }
        if (list.contains(4)) {
            decodeDecryptionParameter(requestData);
        }
        requestData.setRequireSignedEncryptedDataElements(decodeBooleanConfigValue(msgContext, ConfigurationConstants.REQUIRE_SIGNED_ENCRYPTED_DATA_ELEMENTS, false));
        requestData.setRequireTimestampExpires(decodeBooleanConfigValue(msgContext, ConfigurationConstants.REQUIRE_TIMESTAMP_EXPIRES, false));
    }

    protected boolean checkReceiverResults(List<WSSecurityEngineResult> list, List<Integer> list2) {
        int intValue;
        int size = list2.size();
        int i = 0;
        Iterator<WSSecurityEngineResult> it = list.iterator();
        while (it.hasNext()) {
            Integer num = (Integer) it.next().get("action");
            if (num != null && (intValue = num.intValue()) != 128 && intValue != 4096) {
                if (i >= size) {
                    return false;
                }
                int i2 = i;
                i++;
                if (list2.get(i2).intValue() != intValue) {
                    return false;
                }
            }
        }
        return i == size;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean checkReceiverResultsAnyOrder(List<WSSecurityEngineResult> list, List<Integer> list2) {
        int intValue;
        ArrayList arrayList = new ArrayList(list2.size());
        Iterator<Integer> it = list2.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next());
        }
        for (WSSecurityEngineResult wSSecurityEngineResult : list) {
            Integer num = (Integer) wSSecurityEngineResult.get("action");
            if (num != null && (intValue = num.intValue()) != 128 && intValue != 4096 && (intValue != 4 || (wSSecurityEngineResult.get("data-ref-uris") != null && !((List) wSSecurityEngineResult.get("data-ref-uris")).isEmpty()))) {
                if (!arrayList.remove(num)) {
                    return false;
                }
            }
        }
        return arrayList.isEmpty();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkSignatureConfirmation(RequestData requestData, WSHandlerResult wSHandlerResult) throws WSSecurityException {
        if (this.doDebug) {
            LOG.debug("Check Signature confirmation");
        }
        Set set = (Set) getProperty(requestData.getMsgContext(), WSHandlerConstants.SEND_SIGV);
        List<WSSecurityEngineResult> list = wSHandlerResult.getActionResults().get(128);
        if (list != null) {
            Iterator<WSSecurityEngineResult> it = list.iterator();
            while (it.hasNext()) {
                SignatureConfirmation signatureConfirmation = (SignatureConfirmation) it.next().get("signature-confirmation");
                if (signatureConfirmation != null && signatureConfirmation.getSignatureValue() != null) {
                    if (set != null && set.size() != 0) {
                        Integer valueOf = Integer.valueOf(Arrays.hashCode(signatureConfirmation.getSignatureValue()));
                        if (!set.contains(valueOf)) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Received a SignatureConfirmation element, but there are no matching stored signature values"});
                        }
                        set.remove(valueOf);
                    } else if (signatureConfirmation.getSignatureValue().length != 0) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[]{"Received a SignatureConfirmation element, but there are no stored signature values"});
                    }
                }
            }
        }
        if (set != null && !set.isEmpty()) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Check Signature confirmation: the stored signature values list is not empty"});
        }
    }

    protected void decodeUTParameter(RequestData requestData) throws WSSecurityException {
        Object msgContext = requestData.getMsgContext();
        String string = getString("passwordType", msgContext);
        if (string != null) {
            if (WSS4JConstants.PW_TEXT.equals(string)) {
                requestData.setPwType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            } else if (WSS4JConstants.PW_DIGEST.equals(string)) {
                requestData.setPwType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
            } else {
                if (!WSS4JConstants.PW_NONE.equals(string)) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Unknown password type encoding: " + string});
                }
                requestData.setPwType(null);
            }
        }
        requestData.setAddUsernameTokenNonce(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ADD_USERNAMETOKEN_NONCE, false));
        requestData.setAddUsernameTokenCreated(decodeBooleanConfigValue(msgContext, ConfigurationConstants.ADD_USERNAMETOKEN_CREATED, false));
        boolean parseBoolean = Boolean.parseBoolean(getString(ConfigurationConstants.USE_DERIVED_KEY_FOR_MAC, msgContext));
        if (parseBoolean) {
            requestData.setUseDerivedKeyForMAC(parseBoolean);
        }
        String string2 = getString(ConfigurationConstants.DERIVED_KEY_ITERATIONS, msgContext);
        if (string2 != null) {
            requestData.setDerivedKeyIterations(Integer.parseInt(string2));
        }
    }

    protected void decodeSignatureParameter(RequestData requestData) throws WSSecurityException {
        Object msgContext = requestData.getMsgContext();
        String string = getString(ConfigurationConstants.SIGNATURE_USER, msgContext);
        SignatureActionToken signatureToken = requestData.getSignatureToken();
        if (signatureToken == null) {
            signatureToken = new SignatureActionToken();
            requestData.setSignatureToken(signatureToken);
        }
        if (string != null) {
            signatureToken.setUser(string);
        } else {
            signatureToken.setUser(requestData.getUsername());
        }
        String string2 = getString(ConfigurationConstants.SIG_KEY_ID, msgContext);
        if (string2 != null) {
            Integer keyIdentifier = WSHandlerConstants.getKeyIdentifier(string2);
            if (keyIdentifier == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: Signature: unknown key identification"});
            }
            int intValue = keyIdentifier.intValue();
            if (intValue != 2 && intValue != 1 && intValue != 3 && intValue != 4 && intValue != 8 && intValue != 10 && intValue != 13) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: Signature: illegal key identification"});
            }
            signatureToken.setKeyIdentifierId(intValue);
        }
        signatureToken.setSignatureAlgorithm(getString(ConfigurationConstants.SIG_ALGO, msgContext));
        signatureToken.setDerivedKeyTokenReference(getString(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, msgContext));
        String string3 = getString(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, msgContext);
        if (string3 != null) {
            signatureToken.setDerivedKeyIdentifier(WSHandlerConstants.getKeyIdentifier(string3).intValue());
        }
        String string4 = getString(ConfigurationConstants.DERIVED_SIGNATURE_KEY_LENGTH, msgContext);
        if (string4 != null) {
            try {
                int parseInt = Integer.parseInt(string4);
                if (parseInt > 0) {
                    signatureToken.setDerivedKeyLength(parseInt);
                }
            } catch (NumberFormatException e) {
                LOG.warn("Error in configuring a derived key length: " + e.getMessage());
            }
        }
        signatureToken.setDigestAlgorithm(getString(ConfigurationConstants.SIG_DIGEST_ALGO, msgContext));
        signatureToken.setC14nAlgorithm(getString(ConfigurationConstants.SIG_C14N_ALGO, msgContext));
        requestData.setUse200512Namespace(decodeBooleanConfigValue(msgContext, ConfigurationConstants.USE_2005_12_NAMESPACE, true));
        String string5 = getString("signatureParts", msgContext);
        if (string5 != null) {
            splitEncParts(true, string5, signatureToken.getParts(), requestData);
        }
        String string6 = getString(ConfigurationConstants.OPTIONAL_SIGNATURE_PARTS, msgContext);
        if (string6 != null) {
            splitEncParts(false, string6, signatureToken.getParts(), requestData);
        }
        signatureToken.setUseSingleCert(decodeBooleanConfigValue(msgContext, ConfigurationConstants.USE_SINGLE_CERTIFICATE, true));
        signatureToken.setIncludeToken(decodeBooleanConfigValue(msgContext, ConfigurationConstants.INCLUDE_SIGNATURE_TOKEN, false));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void decodeAlgorithmSuite(RequestData requestData) throws WSSecurityException {
        Object msgContext = requestData.getMsgContext();
        if (msgContext == null || requestData.getAlgorithmSuite() != null) {
            return;
        }
        AlgorithmSuite algorithmSuite = new AlgorithmSuite();
        String string = getString(ConfigurationConstants.SIG_ALGO, msgContext);
        if (string != null && !"".equals(string)) {
            algorithmSuite.addSignatureMethod(string);
        }
        String string2 = getString(ConfigurationConstants.SIG_DIGEST_ALGO, msgContext);
        if (string2 != null && !"".equals(string2)) {
            algorithmSuite.addDigestAlgorithm(string2);
        }
        String string3 = getString(ConfigurationConstants.ENC_SYM_ALGO, msgContext);
        if (string3 != null && !"".equals(string3)) {
            algorithmSuite.addEncryptionMethod(string3);
        }
        String string4 = getString(ConfigurationConstants.ENC_KEY_TRANSPORT, msgContext);
        if (string4 != null && !"".equals(string4)) {
            algorithmSuite.addKeyWrapAlgorithm(string4);
        }
        requestData.setAlgorithmSuite(algorithmSuite);
    }

    protected void decodeEncryptionParameter(RequestData requestData) throws WSSecurityException {
        Object msgContext = requestData.getMsgContext();
        EncryptionActionToken encryptionToken = requestData.getEncryptionToken();
        if (encryptionToken == null) {
            encryptionToken = new EncryptionActionToken();
            requestData.setEncryptionToken(encryptionToken);
        }
        String string = getString(ConfigurationConstants.ENC_KEY_ID, msgContext);
        if (string != null) {
            Integer keyIdentifier = WSHandlerConstants.getKeyIdentifier(string);
            if (keyIdentifier == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: Encryption: unknown key identification"});
            }
            int intValue = keyIdentifier.intValue();
            encryptionToken.setKeyIdentifierId(intValue);
            if (intValue != 2 && intValue != 3 && intValue != 4 && intValue != 1 && intValue != 8 && intValue != 10) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: Encryption: illegal key identification"});
            }
        }
        encryptionToken.setSymmetricAlgorithm(getString(ConfigurationConstants.ENC_SYM_ALGO, msgContext));
        encryptionToken.setKeyTransportAlgorithm(getString(ConfigurationConstants.ENC_KEY_TRANSPORT, msgContext));
        encryptionToken.setDerivedKeyTokenReference(getString(ConfigurationConstants.DERIVED_TOKEN_REFERENCE, msgContext));
        String string2 = getString(ConfigurationConstants.DERIVED_TOKEN_KEY_ID, msgContext);
        if (string2 != null) {
            encryptionToken.setDerivedKeyIdentifier(WSHandlerConstants.getKeyIdentifier(string2).intValue());
        }
        String string3 = getString(ConfigurationConstants.DERIVED_ENCRYPTION_KEY_LENGTH, msgContext);
        if (string3 != null) {
            try {
                int parseInt = Integer.parseInt(string3);
                if (parseInt > 0) {
                    encryptionToken.setDerivedKeyLength(parseInt);
                }
            } catch (NumberFormatException e) {
                LOG.warn("Error in configuring a derived key length: " + e.getMessage());
            }
        }
        requestData.setUse200512Namespace(decodeBooleanConfigValue(msgContext, ConfigurationConstants.USE_2005_12_NAMESPACE, true));
        encryptionToken.setGetSymmetricKeyFromCallbackHandler(decodeBooleanConfigValue(msgContext, ConfigurationConstants.GET_SECRET_KEY_FROM_CALLBACK_HANDLER, false));
        encryptionToken.setDigestAlgorithm(getString(ConfigurationConstants.ENC_DIGEST_ALGO, msgContext));
        encryptionToken.setMgfAlgorithm(getString(ConfigurationConstants.ENC_MGF_ALGO, msgContext));
        String string4 = getString(ConfigurationConstants.ENC_SYM_ENC_KEY, msgContext);
        if (string4 != null) {
            encryptionToken.setEncSymmetricEncryptionKey(Boolean.parseBoolean(string4));
        }
        String string5 = getString(ConfigurationConstants.ENCRYPTION_USER, msgContext);
        if (string5 != null) {
            encryptionToken.setUser(string5);
        } else {
            encryptionToken.setUser(requestData.getUsername());
        }
        if (encryptionToken.isEncSymmetricEncryptionKey() && encryptionToken.getUser() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: Encryption: no username"});
        }
        handleSpecialUser(requestData);
        String string6 = getString("encryptionParts", msgContext);
        if (string6 != null) {
            splitEncParts(true, string6, encryptionToken.getParts(), requestData);
        }
        String string7 = getString(ConfigurationConstants.OPTIONAL_ENCRYPTION_PARTS, msgContext);
        if (string7 != null) {
            splitEncParts(false, string7, encryptionToken.getParts(), requestData);
        }
        encryptionToken.setIncludeToken(decodeBooleanConfigValue(msgContext, ConfigurationConstants.INCLUDE_ENCRYPTION_TOKEN, false));
    }

    public int decodeTimeToLive(RequestData requestData, boolean z) {
        String string = getString(z ? "timeToLive" : ConfigurationConstants.TTL_USERNAMETOKEN, requestData.getMsgContext());
        if (string == null) {
            return 300;
        }
        try {
            int parseInt = Integer.parseInt(string);
            if (parseInt < 0) {
                return 300;
            }
            return parseInt;
        } catch (NumberFormatException e) {
            return 300;
        }
    }

    protected int decodeFutureTimeToLive(RequestData requestData, boolean z) {
        String str = ConfigurationConstants.TTL_FUTURE_TIMESTAMP;
        if (!z) {
            str = ConfigurationConstants.TTL_FUTURE_USERNAMETOKEN;
        }
        String string = getString(str, requestData.getMsgContext());
        if (string == null) {
            return 60;
        }
        try {
            int parseInt = Integer.parseInt(string);
            if (parseInt < 0) {
                return 60;
            }
            return parseInt;
        } catch (NumberFormatException e) {
            return 60;
        }
    }

    protected String decodePasswordType(RequestData requestData) throws WSSecurityException {
        String string = getString("passwordType", requestData.getMsgContext());
        if (string == null) {
            return null;
        }
        if (WSS4JConstants.PW_TEXT.equals(string)) {
            return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
        }
        if (WSS4JConstants.PW_DIGEST.equals(string)) {
            return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
        }
        return null;
    }

    protected boolean decodeBooleanConfigValue(Object obj, String str, boolean z) throws WSSecurityException {
        String string = getString(str, obj);
        if (string == null) {
            return z;
        }
        if ("0".equals(string) || "false".equals(string)) {
            return false;
        }
        if ("1".equals(string) || "true".equals(string)) {
            return true;
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: illegal " + str + " parameter"});
    }

    public Crypto loadSignatureCrypto(RequestData requestData) throws WSSecurityException {
        return loadCrypto(ConfigurationConstants.SIG_PROP_FILE, ConfigurationConstants.SIG_PROP_REF_ID, requestData);
    }

    public Crypto loadSignatureVerificationCrypto(RequestData requestData) throws WSSecurityException {
        return loadCrypto(ConfigurationConstants.SIG_VER_PROP_FILE, ConfigurationConstants.SIG_VER_PROP_REF_ID, requestData);
    }

    protected Crypto loadDecryptionCrypto(RequestData requestData) throws WSSecurityException {
        return loadCrypto(ConfigurationConstants.DEC_PROP_FILE, ConfigurationConstants.DEC_PROP_REF_ID, requestData);
    }

    protected Crypto loadEncryptionCrypto(RequestData requestData) throws WSSecurityException {
        return loadCrypto(ConfigurationConstants.ENC_PROP_FILE, ConfigurationConstants.ENC_PROP_REF_ID, requestData);
    }

    protected Crypto loadCrypto(String str, String str2, RequestData requestData) throws WSSecurityException {
        String string;
        Object msgContext = requestData.getMsgContext();
        Crypto crypto = null;
        String string2 = getString(str2, msgContext);
        if (string2 != null) {
            crypto = this.cryptos.get(string2);
            if (crypto == null) {
                Object property = getProperty(msgContext, string2);
                if (property instanceof Properties) {
                    crypto = CryptoFactory.getInstance((Properties) property, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor(requestData));
                    this.cryptos.put(string2, crypto);
                } else if (property instanceof Crypto) {
                    crypto = (Crypto) property;
                }
            }
            if (crypto == null) {
                LOG.warn("The Crypto reference " + string2 + " specified by " + str2 + " could not be loaded");
            }
        }
        if (crypto == null && (string = getString(str, msgContext)) != null) {
            crypto = this.cryptos.get(string);
            if (crypto == null) {
                crypto = loadCryptoFromPropertiesFile(string, requestData);
                this.cryptos.put(string, crypto);
            }
            if (crypto == null) {
                LOG.warn("The Crypto properties file " + string + " specified by " + str + " could not be loaded or found");
            }
        }
        return crypto;
    }

    protected Crypto loadCryptoFromPropertiesFile(String str, RequestData requestData) throws WSSecurityException {
        ClassLoader classLoader = getClassLoader(requestData.getMsgContext());
        return CryptoFactory.getInstance(CryptoFactory.getProperties(str, classLoader), classLoader, getPasswordEncryptor(requestData));
    }

    public CallbackHandler getCallbackHandler(String str, String str2, RequestData requestData) throws WSSecurityException {
        String string;
        Object msgContext = requestData.getMsgContext();
        CallbackHandler callbackHandler = (CallbackHandler) getOption(str2);
        if (callbackHandler == null) {
            callbackHandler = (CallbackHandler) getProperty(msgContext, str2);
        }
        if (callbackHandler == null && (string = getString(str, msgContext)) != null) {
            callbackHandler = loadCallbackHandler(string, requestData);
        }
        return callbackHandler;
    }

    public CallbackHandler getPasswordCallbackHandler(RequestData requestData) throws WSSecurityException {
        return getCallbackHandler(ConfigurationConstants.PW_CALLBACK_CLASS, ConfigurationConstants.PW_CALLBACK_REF, requestData);
    }

    private CallbackHandler loadCallbackHandler(String str, RequestData requestData) throws WSSecurityException {
        try {
            try {
                return (CallbackHandler) Loader.loadClass(getClassLoader(requestData.getMsgContext()), str, CallbackHandler.class).newInstance();
            } catch (Exception e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"WSHandler: cannot create instance of callback handler: " + str});
            }
        } catch (ClassNotFoundException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2, "empty", new Object[]{"WSHandler: cannot load callback handler class: " + str});
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordEncryptor getPasswordEncryptor(RequestData requestData) {
        CallbackHandler callbackHandler;
        PasswordEncryptor passwordEncryptor = requestData.getPasswordEncryptor();
        if (passwordEncryptor == null) {
            Object option = getOption(ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE);
            if (option instanceof PasswordEncryptor) {
                passwordEncryptor = (PasswordEncryptor) option;
            }
        }
        if (passwordEncryptor == null) {
            Object property = getProperty(requestData.getMsgContext(), ConfigurationConstants.PASSWORD_ENCRYPTOR_INSTANCE);
            if (property instanceof PasswordEncryptor) {
                passwordEncryptor = (PasswordEncryptor) property;
            }
        }
        if (passwordEncryptor == null && (callbackHandler = requestData.getCallbackHandler()) != null) {
            passwordEncryptor = new JasyptPasswordEncryptor(callbackHandler);
        }
        return passwordEncryptor;
    }

    public WSPasswordCallback getPasswordCB(String str, int i, CallbackHandler callbackHandler, RequestData requestData) throws WSSecurityException {
        if (callbackHandler != null) {
            return performPasswordCallback(callbackHandler, str, i);
        }
        String password = getPassword(requestData.getMsgContext());
        if (password == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: application provided null or empty password"});
        }
        WSPasswordCallback constructPasswordCallback = constructPasswordCallback(str, i);
        constructPasswordCallback.setPassword(password);
        return constructPasswordCallback;
    }

    private WSPasswordCallback performPasswordCallback(CallbackHandler callbackHandler, String str, int i) throws WSSecurityException {
        WSPasswordCallback constructPasswordCallback = constructPasswordCallback(str, i);
        try {
            callbackHandler.handle(new Callback[]{constructPasswordCallback});
            return constructPasswordCallback;
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"WSHandler: password callback failed"});
        }
    }

    private WSPasswordCallback constructPasswordCallback(String str, int i) throws WSSecurityException {
        int i2 = 0;
        switch (i) {
            case 1:
            case 64:
                i2 = 2;
                break;
            case 2:
                i2 = 3;
                break;
            case 4:
                i2 = 9;
                break;
            case 32768:
                i2 = 9;
                break;
            case 65536:
                i2 = 9;
                break;
        }
        return new WSPasswordCallback(str, i2);
    }

    private void splitEncParts(boolean z, String str, List<WSEncryptionPart> list, RequestData requestData) throws WSSecurityException {
        String substring;
        WSEncryptionPart wSEncryptionPart;
        for (String str2 : str.split(";")) {
            String[] split = str2.split("}");
            if (split.length == 1) {
                if (this.doDebug) {
                    LOG.debug("single partDef: '" + split[0] + "'");
                }
                wSEncryptionPart = new WSEncryptionPart(split[0].trim(), requestData.getSoapConstants().getEnvelopeURI(), "Content");
            } else if (split.length == 2) {
                wSEncryptionPart = new WSEncryptionPart(split[1].trim(), split[0].trim().substring(1));
            } else {
                if (split.length != 3) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"WSHandler: wrong part definition: " + str});
                }
                String trim = split[0].trim();
                String substring2 = trim.length() <= 1 ? "Content" : trim.substring(1);
                String trim2 = split[1].trim();
                if (trim2.length() <= 1) {
                    substring = requestData.getSoapConstants().getEnvelopeURI();
                } else {
                    substring = trim2.substring(1);
                    if (substring.equals(WSS4JConstants.NULL_NS)) {
                        substring = null;
                    }
                }
                String trim3 = split[2].trim();
                if (this.doDebug) {
                    LOG.debug("partDefs: '" + substring2 + "' ,'" + substring + "' ,'" + trim3 + "'");
                }
                wSEncryptionPart = new WSEncryptionPart(trim3, substring, substring2);
            }
            WSEncryptionPart wSEncryptionPart2 = wSEncryptionPart;
            wSEncryptionPart2.setRequired(z);
            list.add(wSEncryptionPart2);
        }
    }

    private void handleSpecialUser(RequestData requestData) {
        List<WSHandlerResult> list;
        EncryptionActionToken encryptionToken = requestData.getEncryptionToken();
        if (encryptionToken == null || !ConfigurationConstants.USE_REQ_SIG_CERT.equals(encryptionToken.getUser()) || (list = (List) getProperty(requestData.getMsgContext(), WSHandlerConstants.RECV_RESULTS)) == null) {
            return;
        }
        for (WSHandlerResult wSHandlerResult : list) {
            if (WSSecurityUtil.isActorEqual(requestData.getActor(), wSHandlerResult.getActor())) {
                for (WSSecurityEngineResult wSSecurityEngineResult : wSHandlerResult.getResults()) {
                    Integer num = (Integer) wSSecurityEngineResult.get("action");
                    if (num != null && num.intValue() == 2) {
                        encryptionToken.setCertificate((X509Certificate) wSSecurityEngineResult.get("x509-certificate"));
                        return;
                    }
                }
            }
        }
    }

    protected void decodeSignatureParameter2(RequestData requestData) throws WSSecurityException {
        String[] split;
        if (requestData.getSigVerCrypto() == null) {
            requestData.setSigVerCrypto(loadSignatureVerificationCrypto(requestData));
        }
        if (requestData.getSigVerCrypto() == null) {
            requestData.setSigVerCrypto(loadSignatureCrypto(requestData));
        }
        requestData.setEnableRevocation(decodeBooleanConfigValue(requestData.getMsgContext(), ConfigurationConstants.ENABLE_REVOCATION, false));
        String string = getString(ConfigurationConstants.SIG_SUBJECT_CERT_CONSTRAINTS, requestData.getMsgContext());
        if (string != null && (split = string.split(",")) != null) {
            ArrayList arrayList = new ArrayList(split.length);
            for (String str : split) {
                try {
                    arrayList.add(Pattern.compile(str.trim()));
                } catch (PatternSyntaxException e) {
                    LOG.debug(e.getMessage(), e);
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                }
            }
            requestData.setSubjectCertConstraints(arrayList);
        }
        requestData.setExpandXopIncludeForSignature(decodeBooleanConfigValue(requestData.getMsgContext(), ConfigurationConstants.EXPAND_XOP_INCLUDE_FOR_SIGNATURE, true));
    }

    protected void decodeDecryptionParameter(RequestData requestData) throws WSSecurityException {
        if (requestData.getDecCrypto() == null) {
            requestData.setDecCrypto(loadDecryptionCrypto(requestData));
        }
        requestData.setAllowRSA15KeyTransportAlgorithm(decodeBooleanConfigValue(requestData.getMsgContext(), ConfigurationConstants.ALLOW_RSA15_KEY_TRANSPORT_ALGORITHM, false));
    }

    public String getString(String str, Object obj) {
        if (str == null) {
            throw new IllegalArgumentException("Key cannot be null");
        }
        String stringOption = getStringOption(str);
        if (stringOption != null) {
            return stringOption;
        }
        if (obj == null) {
            throw new IllegalArgumentException("Message context cannot be null");
        }
        return (String) getProperty(obj, str);
    }

    public String getStringOption(String str) {
        Object option = getOption(str);
        if (option instanceof String) {
            return (String) option;
        }
        return null;
    }

    public ClassLoader getClassLoader(Object obj) {
        try {
            return Loader.getTCL();
        } catch (Exception e) {
            return null;
        }
    }

    public abstract Object getOption(String str);

    public abstract Object getProperty(Object obj, String str);

    public abstract void setProperty(Object obj, String str, Object obj2);

    public abstract String getPassword(Object obj);

    public abstract void setPassword(Object obj, String str);
}
