package org.jboss.ws.extensions.security;

import java.util.Calendar;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.xml.security.Init;
import org.jboss.ws.extensions.security.element.EncryptedKey;
import org.jboss.ws.extensions.security.element.SecurityHeader;
import org.jboss.ws.extensions.security.element.SecurityProcess;
import org.jboss.ws.extensions.security.element.Signature;
import org.jboss.ws.extensions.security.element.Timestamp;
import org.jboss.ws.extensions.security.element.Token;
import org.jboss.ws.extensions.security.element.UsernameToken;
import org.jboss.ws.extensions.security.exception.WSSecurityException;
import org.jboss.ws.extensions.security.nonce.NonceFactory;
import org.jboss.ws.extensions.security.operation.DecryptionOperation;
import org.jboss.ws.extensions.security.operation.ReceiveUsernameOperation;
import org.jboss.ws.extensions.security.operation.ReceiveX509Certificate;
import org.jboss.ws.extensions.security.operation.RequireEncryptionOperation;
import org.jboss.ws.extensions.security.operation.RequireOperation;
import org.jboss.ws.extensions.security.operation.RequireSignatureOperation;
import org.jboss.ws.extensions.security.operation.SignatureVerificationOperation;
import org.jboss.ws.extensions.security.operation.TimestampVerificationOperation;
import org.jboss.ws.metadata.wsse.Authenticate;
import org.jboss.ws.metadata.wsse.TimestampVerification;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/ws/extensions/security/SecurityDecoder.class */
public class SecurityDecoder {
    private Element headerElement;
    private Calendar now;
    private SecurityHeader header;
    private Document message;
    private NonceFactory nonceFactory;
    private SecurityStore store;
    private TimestampVerification timestampVerification;
    private Authenticate authenticate;
    private HashSet<String> signedIds;
    private HashSet<String> encryptedIds;

    public SecurityDecoder(SecurityStore securityStore, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate) {
        this.now = null;
        this.signedIds = new HashSet<>();
        this.encryptedIds = new HashSet<>();
        ClassLoader contextClassLoader = SecurityActions.getContextClassLoader();
        try {
            SecurityActions.setContextClassLoader(Init.class.getClassLoader());
            Init.init();
            SecurityActions.setContextClassLoader(contextClassLoader);
            this.store = securityStore;
            this.nonceFactory = nonceFactory;
            this.timestampVerification = timestampVerification;
            this.authenticate = authenticate;
        } catch (Throwable th) {
            SecurityActions.setContextClassLoader(contextClassLoader);
            throw th;
        }
    }

    public SecurityDecoder(SecurityStore securityStore, Calendar calendar, NonceFactory nonceFactory, TimestampVerification timestampVerification, Authenticate authenticate) {
        this(securityStore, nonceFactory, timestampVerification, authenticate);
        this.now = calendar;
    }

    private Element getHeader(Document document) throws WSSecurityException {
        Element findElement = Util.findElement(document.getDocumentElement(), "Security", Constants.WSSE_NS);
        if (findElement == null) {
            throw new WSSecurityException("Expected security header was not found");
        }
        return findElement;
    }

    private void detachHeader() {
        this.headerElement.getParentNode().removeChild(this.headerElement);
    }

    private void decode() throws WSSecurityException {
        Collection<String> process;
        Timestamp timestamp = this.header.getTimestamp();
        if (timestamp != null) {
            (this.now == null ? new TimestampVerificationOperation(this.timestampVerification) : new TimestampVerificationOperation(this.now)).process(this.message, timestamp);
        }
        if (this.authenticate == null || this.authenticate.isUsernameAuth()) {
            Iterator<Token> it = this.header.getTokens().iterator();
            while (it.hasNext()) {
                Token next = it.next();
                if (next instanceof UsernameToken) {
                    new ReceiveUsernameOperation(this.header, this.store, this.nonceFactory != null ? this.nonceFactory.getStore() : null).process(this.message, next);
                }
            }
        }
        this.signedIds.clear();
        this.encryptedIds.clear();
        SignatureVerificationOperation signatureVerificationOperation = new SignatureVerificationOperation(this.header, this.store);
        DecryptionOperation decryptionOperation = new DecryptionOperation(this.header, this.store);
        Iterator<SecurityProcess> it2 = this.header.getSecurityProcesses().iterator();
        while (it2.hasNext()) {
            SecurityProcess next2 = it2.next();
            if (next2 instanceof Signature) {
                Signature signature = (Signature) next2;
                Collection<String> process2 = signatureVerificationOperation.process(this.message, signature);
                if (process2 != null) {
                    this.signedIds.addAll(process2);
                }
                if (this.authenticate != null && this.authenticate.isSignatureCertAuth()) {
                    new ReceiveX509Certificate(this.authenticate.getSignatureCertAuth().getCertificatePrincipal()).process(this.message, signature.getSecurityToken());
                }
            } else if ((next2 instanceof EncryptedKey) && (process = decryptionOperation.process(this.message, next2)) != null) {
                this.encryptedIds.addAll(process);
            }
        }
    }

    public void verify(List<RequireOperation> list) throws WSSecurityException {
        if (list == null) {
            return;
        }
        for (RequireOperation requireOperation : list) {
            HashSet<String> hashSet = null;
            if (requireOperation instanceof RequireSignatureOperation) {
                hashSet = this.signedIds;
            } else if (requireOperation instanceof RequireEncryptionOperation) {
                hashSet = this.encryptedIds;
            }
            requireOperation.process(this.message, this.header, hashSet);
        }
    }

    public void decode(Document document) throws WSSecurityException {
        decode(document, getHeader(document));
    }

    public void decode(Document document, Element element) throws WSSecurityException {
        this.headerElement = element;
        this.header = new SecurityHeader(this.headerElement, this.store);
        this.message = document;
        decode();
    }

    public void complete() {
        detachHeader();
    }
}
