package org.picketlink.identity.federation.core.wstrust;

import java.io.OutputStream;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.Map;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
import javax.xml.stream.events.StartElement;
import org.apache.xml.security.encryption.XMLCipher;
import org.picketlink.identity.federation.PicketLinkLogger;
import org.picketlink.identity.federation.PicketLinkLoggerFactory;
import org.picketlink.identity.federation.core.config.STSType;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
import org.picketlink.identity.federation.ws.addressing.AttributedURIType;
import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
import org.picketlink.identity.federation.ws.policy.AppliesTo;
import org.picketlink.identity.federation.ws.trust.BinarySecretType;
import org.picketlink.identity.federation.ws.trust.EntropyType;
import org.picketlink.identity.federation.ws.trust.OnBehalfOfType;
import org.picketlink.identity.federation.ws.trust.RenewingType;
import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
import org.picketlink.identity.federation.ws.wss.secext.AttributedString;
import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType;
import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.picketlink.identity.federation.ws.wss.secext.UsernameTokenType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/picketlink-core-2.1.6.Final.jar:org/picketlink/identity/federation/core/wstrust/WSTrustUtil.class */
public class WSTrustUtil {
    private static final PicketLinkLogger logger = PicketLinkLoggerFactory.getLogger();

    public static KeyIdentifierType createKeyIdentifier(String str, String str2) {
        KeyIdentifierType keyIdentifierType = new KeyIdentifierType();
        keyIdentifierType.setValueType(str);
        keyIdentifierType.setValue(str2);
        return keyIdentifierType;
    }

    public static RequestedReferenceType createRequestedReference(KeyIdentifierType keyIdentifierType, Map<QName, String> map) {
        SecurityTokenReferenceType securityTokenReferenceType = new SecurityTokenReferenceType();
        securityTokenReferenceType.addAny(keyIdentifierType);
        securityTokenReferenceType.addOtherAttributes(map);
        RequestedReferenceType requestedReferenceType = new RequestedReferenceType();
        requestedReferenceType.setSecurityTokenReference(securityTokenReferenceType);
        return requestedReferenceType;
    }

    public static AppliesTo createAppliesTo(String str) {
        AttributedURIType attributedURIType = new AttributedURIType();
        attributedURIType.setValue(str);
        EndpointReferenceType endpointReferenceType = new EndpointReferenceType();
        endpointReferenceType.setAddress(attributedURIType);
        AppliesTo appliesTo = new AppliesTo();
        appliesTo.addAny(endpointReferenceType);
        return appliesTo;
    }

    public static EndpointReferenceType createIssuer(String str) {
        AttributedURIType attributedURIType = new AttributedURIType();
        attributedURIType.setValue(str);
        EndpointReferenceType endpointReferenceType = new EndpointReferenceType();
        endpointReferenceType.setAddress(attributedURIType);
        return endpointReferenceType;
    }

    public static String parseAppliesTo(AppliesTo appliesTo) {
        EndpointReferenceType endpointReferenceType = null;
        for (Object obj : appliesTo.getAny()) {
            if (obj instanceof EndpointReferenceType) {
                endpointReferenceType = (EndpointReferenceType) obj;
            } else if (obj instanceof JAXBElement) {
                JAXBElement jAXBElement = (JAXBElement) obj;
                if (jAXBElement.getName().getLocalPart().equalsIgnoreCase("EndpointReference")) {
                    endpointReferenceType = (EndpointReferenceType) jAXBElement.getValue();
                }
            }
            if (endpointReferenceType != null && endpointReferenceType.getAddress() != null) {
                return endpointReferenceType.getAddress().getValue();
            }
        }
        return null;
    }

    public static RenewingType parseRenewingType(XMLEventReader xMLEventReader) throws ParsingException {
        RenewingType renewingType = new RenewingType();
        StartElement nextStartElement = StaxParserUtil.getNextStartElement(xMLEventReader);
        StaxParserUtil.validate(nextStartElement, WSTrustConstants.RENEWING);
        Attribute attributeByName = nextStartElement.getAttributeByName(new QName("Allow"));
        if (attributeByName != null) {
            renewingType.setAllow(Boolean.valueOf(Boolean.parseBoolean(StaxParserUtil.getAttributeValue(attributeByName))));
        }
        Attribute attributeByName2 = nextStartElement.getAttributeByName(new QName(WSTrustConstants.OK));
        if (attributeByName != null) {
            renewingType.setOK(Boolean.valueOf(Boolean.parseBoolean(StaxParserUtil.getAttributeValue(attributeByName2))));
        }
        StaxParserUtil.validate(StaxParserUtil.getNextEndElement(xMLEventReader), WSTrustConstants.RENEWING);
        return renewingType;
    }

    public static Lifetime createDefaultLifetime(long j) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        GregorianCalendar gregorianCalendar2 = new GregorianCalendar();
        gregorianCalendar2.setTimeInMillis(gregorianCalendar.getTimeInMillis() + j);
        return new Lifetime(gregorianCalendar, gregorianCalendar2);
    }

    public static Principal getOnBehalfOfPrincipal(OnBehalfOfType onBehalfOfType) {
        UsernameTokenType usernameTokenType = null;
        for (Object obj : onBehalfOfType.getAny()) {
            if (obj instanceof UsernameTokenType) {
                usernameTokenType = (UsernameTokenType) obj;
            } else if (obj instanceof JAXBElement) {
                JAXBElement jAXBElement = (JAXBElement) obj;
                if (jAXBElement.getName().getLocalPart().equalsIgnoreCase("UsernameToken")) {
                    usernameTokenType = (UsernameTokenType) jAXBElement.getValue();
                }
            }
        }
        if (usernameTokenType == null || usernameTokenType.getUsername() == null) {
            logger.debug("Unable to parse the contents of the OnBehalfOfType: " + onBehalfOfType.getAny());
            return null;
        }
        final String value = usernameTokenType.getUsername().getValue();
        return new Principal() { // from class: org.picketlink.identity.federation.core.wstrust.WSTrustUtil.1
            @Override // java.security.Principal
            public String getName() {
                return value;
            }
        };
    }

    public static OnBehalfOfType createOnBehalfOfWithUsername(String str, String str2) {
        AttributedString attributedString = new AttributedString();
        attributedString.setValue(str);
        UsernameTokenType usernameTokenType = new UsernameTokenType();
        usernameTokenType.setId(str2);
        usernameTokenType.setUsername(attributedString);
        OnBehalfOfType onBehalfOfType = new OnBehalfOfType();
        onBehalfOfType.add(usernameTokenType);
        return onBehalfOfType;
    }

    public static byte[] getBinarySecret(EntropyType entropyType) {
        byte[] bArr = null;
        Iterator<Object> it = entropyType.getAny().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Object next = it.next();
            if (next instanceof BinarySecretType) {
                bArr = ((BinarySecretType) next).getValue();
                break;
            }
        }
        return bArr;
    }

    public static void persistSTSConfiguration(STSType sTSType, OutputStream outputStream) {
        throw new RuntimeException();
    }

    public static byte[] createRandomSecret(int i) {
        byte[] bArr = new byte[i];
        new SecureRandom().nextBytes(bArr);
        return bArr;
    }

    public static byte[] P_SHA1(byte[] bArr, byte[] bArr2, int i) throws NoSuchAlgorithmException, InvalidKeyException {
        int i2 = 0;
        byte[] bArr3 = new byte[i];
        SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HMACSHA1");
        Mac mac = Mac.getInstance("HMACSHA1");
        byte[] bArr4 = bArr2;
        while (i > 0) {
            mac.init(secretKeySpec);
            mac.update(bArr4);
            bArr4 = mac.doFinal();
            mac.reset();
            mac.init(secretKeySpec);
            mac.update(bArr4);
            mac.update(bArr2);
            byte[] doFinal = mac.doFinal();
            int min = Math.min(i, doFinal.length);
            System.arraycopy(doFinal, 0, bArr3, i2, min);
            i2 += min;
            i -= min;
        }
        return bArr3;
    }

    public static KeyInfoType createKeyInfo(byte[] bArr, PublicKey publicKey, URI uri) throws WSTrustException {
        KeyInfoType keyInfoType = null;
        if (publicKey != null) {
            try {
                Element martial = XMLCipher.getInstance().martial(XMLEncryptionUtil.encryptKey(DocumentUtil.createDocument(), new SecretKeySpec(bArr, "AES"), publicKey, bArr.length * 8));
                keyInfoType = new KeyInfoType();
                keyInfoType.addContent(martial);
            } catch (Exception e) {
                throw logger.stsKeyInfoTypeCreationError(e);
            }
        } else {
            logger.stsSecretKeyNotEncrypted();
        }
        return keyInfoType;
    }

    public static KeyInfoType createKeyInfo(Certificate certificate) throws WSTrustException {
        try {
            byte[] encoded = certificate.getEncoded();
            X509DataType x509DataType = new X509DataType();
            X509CertificateType x509CertificateType = new X509CertificateType();
            x509CertificateType.setEncodedCertificate(Base64.encodeBytes(encoded).getBytes());
            x509DataType.add(x509CertificateType);
            KeyInfoType keyInfoType = new KeyInfoType();
            keyInfoType.addContent(x509DataType);
            return keyInfoType;
        } catch (Exception e) {
            throw logger.stsKeyInfoTypeCreationError(e);
        }
    }

    public static KeyValueType createKeyValue(PublicKey publicKey) {
        return XMLSignatureUtil.createKeyValue(publicKey);
    }

    public static String getServiceNameFromAppliesTo(RequestSecurityToken requestSecurityToken) {
        AppliesTo appliesTo;
        String str = null;
        if (requestSecurityToken != null && (appliesTo = requestSecurityToken.getAppliesTo()) != null) {
            str = parseAppliesTo(appliesTo);
        }
        return str;
    }
}
