package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.util.Collection;
import java.util.Vector;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
import org.apache.cxf.ws.security.policy.model.TransportBinding;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/cxf-2.2.2-patched.jar:org/apache/cxf/ws/security/wss4j/policyhandlers/TransportBindingHandler.class */
public class TransportBindingHandler extends AbstractBindingBuilder {
    TransportBinding tbinding;

    public TransportBindingHandler(TransportBinding transportBinding, SOAPMessage sOAPMessage, WSSecHeader wSSecHeader, AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        super(transportBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage);
        this.tbinding = transportBinding;
    }

    private void addUsernameTokens(SupportingToken supportingToken) {
        for (Token token : supportingToken.getTokens()) {
            if (token instanceof UsernameToken) {
                WSSecUsernameToken addUsernameToken = addUsernameToken((UsernameToken) token);
                if (addUsernameToken != null) {
                    addUsernameToken.prepare(this.saaj.getSOAPPart());
                    addUsernameToken.appendToHeader(this.secHeader);
                }
            } else if (token instanceof IssuedToken) {
                SecurityToken securityToken = getSecurityToken();
                SPConstants.IncludeTokenType inclusion = token.getInclusion();
                if (inclusion != SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS) {
                    if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) {
                        if (isRequestor()) {
                        }
                    }
                }
                addEncyptedKeyElement(cloneElement(securityToken.getToken()));
            }
        }
    }

    private static void addSig(Vector<byte[]> vector, byte[] bArr) {
        if (bArr != null) {
            vector.add(bArr);
        }
    }

    public void handleBinding() {
        handleLayout(createTimestamp());
        try {
            if (isRequestor()) {
                Vector vector = new Vector();
                Collection<AssertionInfo> collection = this.aim.get(SP12Constants.SIGNED_SUPPORTING_TOKENS);
                if (collection != null) {
                    SupportingToken supportingToken = null;
                    for (AssertionInfo assertionInfo : collection) {
                        supportingToken = (SupportingToken) assertionInfo.getAssertion();
                        assertionInfo.setAsserted(true);
                    }
                    if (supportingToken != null) {
                        addUsernameTokens(supportingToken);
                    }
                }
                Collection<AssertionInfo> collection2 = this.aim.get(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS);
                if (collection2 != null) {
                    SupportingToken supportingToken2 = null;
                    for (AssertionInfo assertionInfo2 : collection2) {
                        supportingToken2 = (SupportingToken) assertionInfo2.getAssertion();
                        assertionInfo2.setAsserted(true);
                    }
                    if (supportingToken2 != null) {
                        SignedEncryptedParts signedParts = supportingToken2.getSignedParts();
                        for (Token token : supportingToken2.getTokens()) {
                            if ((token instanceof IssuedToken) || (token instanceof SecureConversationToken) || (token instanceof KeyValueToken)) {
                                addSig(vector, doIssuedTokenSignature(token, signedParts, supportingToken2, null));
                            } else if ((token instanceof X509Token) || (token instanceof KeyValueToken)) {
                                addSig(vector, doX509TokenSignature(token, signedParts, supportingToken2));
                            }
                        }
                    }
                }
                Collection<AssertionInfo> collection3 = this.aim.get(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS);
                if (collection3 != null) {
                    SupportingToken supportingToken3 = null;
                    for (AssertionInfo assertionInfo3 : collection3) {
                        supportingToken3 = (SupportingToken) assertionInfo3.getAssertion();
                        assertionInfo3.setAsserted(true);
                    }
                    if (supportingToken3 != null) {
                        addUsernameTokens(supportingToken3);
                    }
                }
                Collection<AssertionInfo> collection4 = this.aim.get(SP12Constants.ENDORSING_SUPPORTING_TOKENS);
                if (collection4 != null) {
                    SupportingToken supportingToken4 = null;
                    for (AssertionInfo assertionInfo4 : collection4) {
                        supportingToken4 = (SupportingToken) assertionInfo4.getAssertion();
                        assertionInfo4.setAsserted(true);
                    }
                    if (supportingToken4 != null) {
                        for (Token token2 : supportingToken4.getTokens()) {
                            if ((token2 instanceof IssuedToken) || (token2 instanceof SecureConversationToken)) {
                                addSig(vector, doIssuedTokenSignature(token2, supportingToken4.getSignedParts(), supportingToken4, null));
                            } else if ((token2 instanceof X509Token) || (token2 instanceof KeyValueToken)) {
                                addSig(vector, doX509TokenSignature(token2, supportingToken4.getSignedParts(), supportingToken4));
                            }
                        }
                    }
                }
                Collection<AssertionInfo> collection5 = this.aim.get(SP12Constants.SUPPORTING_TOKENS);
                if (collection5 != null) {
                    SupportingToken supportingToken5 = null;
                    for (AssertionInfo assertionInfo5 : collection5) {
                        supportingToken5 = (SupportingToken) assertionInfo5.getAssertion();
                        assertionInfo5.setAsserted(true);
                    }
                    if (supportingToken5 != null && supportingToken5.getTokens() != null && supportingToken5.getTokens().size() > 0) {
                        handleSupportingTokens(supportingToken5, false);
                    }
                }
            } else {
                addSignatureConfirmation(null);
            }
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    private byte[] doX509TokenSignature(Token token, SignedEncryptedParts signedEncryptedParts, TokenWrapper tokenWrapper) throws Exception {
        Document sOAPPart = this.saaj.getSOAPPart();
        Vector vector = new Vector();
        if (this.timestampEl != null) {
            vector.add(new WSEncryptionPart(this.timestampEl.getId()));
        }
        if (signedEncryptedParts != null) {
            if (signedEncryptedParts.isBody()) {
                vector.add(new WSEncryptionPart(addWsuIdToElement(this.saaj.getSOAPBody())));
            }
            for (Header header : signedEncryptedParts.getHeaders()) {
                vector.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"));
            }
        }
        if (!token.isDerivedKeys()) {
            WSSecSignature signatureBuider = getSignatureBuider(tokenWrapper, token, false);
            if (signatureBuider == null) {
                return null;
            }
            signatureBuider.prependBSTElementToHeader(this.secHeader);
            signatureBuider.addReferencesToSign(vector, this.secHeader);
            insertBeforeBottomUp(signatureBuider.getSignatureElement());
            signatureBuider.computeSignature();
            return signatureBuider.getSignatureValue();
        }
        WSSecEncryptedKey encryptedKeyBuilder = getEncryptedKeyBuilder(tokenWrapper, token);
        Element binarySecurityTokenElement = encryptedKeyBuilder.getBinarySecurityTokenElement();
        if (binarySecurityTokenElement != null) {
            addTopDownElement(binarySecurityTokenElement);
        }
        encryptedKeyBuilder.appendToHeader(this.secHeader);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setSigCanonicalization(this.binding.getAlgorithmSuite().getInclusiveC14n());
        wSSecDKSign.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        wSSecDKSign.setDerivedKeyLength(this.binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
        wSSecDKSign.setExternalKey(encryptedKeyBuilder.getEphemeralKey(), encryptedKeyBuilder.getId());
        wSSecDKSign.prepare(sOAPPart, this.secHeader);
        wSSecDKSign.setParts(vector);
        wSSecDKSign.addReferencesToSign(vector, this.secHeader);
        wSSecDKSign.computeSignature();
        wSSecDKSign.appendDKElementToHeader(this.secHeader);
        wSSecDKSign.appendSigToHeader(this.secHeader);
        return wSSecDKSign.getSignatureValue();
    }

    private byte[] doIssuedTokenSignature(Token token, SignedEncryptedParts signedEncryptedParts, TokenWrapper tokenWrapper, SecurityToken securityToken) throws Exception {
        Crypto signatureCrypto;
        Document sOAPPart = this.saaj.getSOAPPart();
        SecurityToken securityToken2 = securityToken;
        if (securityToken2 == null) {
            securityToken2 = getSecurityToken();
        }
        SPConstants.IncludeTokenType inclusion = token.getInclusion();
        boolean z = false;
        Vector vector = new Vector();
        if (inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS || ((inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT || inclusion == SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE) && isRequestor())) {
            Element cloneElement = cloneElement(securityToken2.getToken());
            if (securityToken != null) {
            }
            addEncyptedKeyElement(cloneElement);
            z = true;
        }
        if (this.timestampEl != null) {
            vector.add(new WSEncryptionPart(this.timestampEl.getId()));
        }
        if (signedEncryptedParts != null) {
            if (signedEncryptedParts.isBody()) {
                vector.add(new WSEncryptionPart(addWsuIdToElement(this.saaj.getSOAPBody())));
            }
            if (securityToken2.getX509Certificate() != null || securityToken != null) {
                for (Header header : signedEncryptedParts.getHeaders()) {
                    vector.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"));
                }
            }
        }
        AlgorithmSuite algorithmSuite = this.tbinding.getAlgorithmSuite();
        if (token.isDerivedKeys()) {
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            Element attachedReference = z ? securityToken2.getAttachedReference() : securityToken2.getUnattachedReference();
            if (attachedReference != null) {
                wSSecDKSign.setExternalKey(securityToken2.getSecret(), cloneElement(attachedReference));
            } else {
                wSSecDKSign.setExternalKey(securityToken2.getSecret(), securityToken2.getId());
            }
            wSSecDKSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength() / 8);
            if (token.getSPConstants() == SP12Constants.INSTANCE) {
                wSSecDKSign.setWscVersion(2);
            }
            wSSecDKSign.prepare(sOAPPart, this.secHeader);
            addDerivedKeyElement(wSSecDKSign.getdktElement());
            wSSecDKSign.setParts(vector);
            wSSecDKSign.addReferencesToSign(vector, this.secHeader);
            wSSecDKSign.computeSignature();
            wSSecDKSign.appendSigToHeader(this.secHeader);
            return wSSecDKSign.getSignatureValue();
        }
        WSSecSignature wSSecSignature = new WSSecSignature();
        if (securityToken2.getTokenType() == null) {
            wSSecSignature.setCustomTokenId(securityToken2.getId());
            wSSecSignature.setCustomTokenValueType(SecurityTokenReference.SAML_ID_URI);
            wSSecSignature.setKeyIdentifierType(12);
        } else {
            if (securityToken2.getWsuId() == null) {
                wSSecSignature.setCustomTokenId(securityToken2.getId());
                wSSecSignature.setKeyIdentifierType(11);
            } else {
                wSSecSignature.setCustomTokenId(securityToken2.getWsuId());
                wSSecSignature.setKeyIdentifierType(9);
            }
            wSSecSignature.setCustomTokenValueType(securityToken2.getTokenType());
            wSSecSignature.setCustomTokenValueType(securityToken2.getTokenType());
            wSSecSignature.setKeyIdentifierType(9);
        }
        if (securityToken2.getSecret() == null) {
            wSSecSignature.setX509Certificate(securityToken2.getX509Certificate());
            signatureCrypto = securityToken2.getCrypto();
            String certificateAlias = signatureCrypto.getKeyStore().getCertificateAlias(securityToken2.getX509Certificate());
            String password = getPassword(certificateAlias, token, 3);
            if (password == null) {
                password = "";
            }
            wSSecSignature.setUserInfo(certificateAlias, password);
            wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
        } else {
            signatureCrypto = getSignatureCrypto(tokenWrapper);
            wSSecSignature.setSecretKey(securityToken2.getSecret());
            wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        }
        wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getInclusiveC14n());
        wSSecSignature.prepare(sOAPPart, signatureCrypto, this.secHeader);
        wSSecSignature.setParts(vector);
        wSSecSignature.addReferencesToSign(vector, this.secHeader);
        wSSecSignature.computeSignature();
        insertBeforeBottomUp(wSSecSignature.getSignatureElement());
        return wSSecSignature.getSignatureValue();
    }
}
