package org.apache.ws.security.processor;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Vector;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSParameterCallback;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAML2Util;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:plugins/wss4j-1.6.0.wso2v7.jar:org/apache/ws/security/processor/ReferenceListProcessor.class */
public class ReferenceListProcessor implements Processor {
    private static final Log log = LogFactory.getLog(ReferenceListProcessor.class.getName());
    private boolean debug = false;
    WSDocInfo wsDocInfo = null;
    Principal krbPricipal;

    @Override // org.apache.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        this.debug = log.isDebugEnabled();
        if (this.debug) {
            log.debug("Found reference list element");
        }
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        this.wsDocInfo = wSDocInfo;
        ArrayList handleReferenceList = handleReferenceList(element, callbackHandler, crypto2);
        if (this.krbPricipal == null) {
            vector.add(0, new WSSecurityEngineResult(4, handleReferenceList));
            return;
        }
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(WSConstants.KERBEROS_ENCR, handleReferenceList);
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_PRINCIPAL, this.krbPricipal);
        vector.add(0, wSSecurityEngineResult);
    }

    private ArrayList handleReferenceList(Element element, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        ArrayList arrayList = new ArrayList();
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return arrayList;
            }
            if (node.getNodeType() == 1 && node.getNamespaceURI().equals("http://www.w3.org/2001/04/xmlenc#") && node.getLocalName().equals("DataReference")) {
                String attribute = ((Element) node).getAttribute("URI");
                if (attribute.charAt(0) == '#') {
                    attribute = attribute.substring(1);
                }
                arrayList.add(decryptDataRefEmbedded(element.getOwnerDocument(), attribute, callbackHandler, crypto));
            }
            firstChild = node.getNextSibling();
        }
    }

    private WSDataRef decryptDataRefEmbedded(Document document, String str, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        if (log.isDebugEnabled()) {
            log.debug("Found data reference: " + str);
        }
        Element findEncryptedDataElement = findEncryptedDataElement(document, str);
        String encAlgo = X509Util.getEncAlgo(findEncryptedDataElement);
        Element directChildElement = WSSecurityUtil.getDirectChildElement(findEncryptedDataElement, "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        if (directChildElement == null) {
            throw new WSSecurityException(3, "noKeyinfo");
        }
        Element directChildElement2 = WSSecurityUtil.getDirectChildElement(directChildElement, "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        return decryptEncryptedData(document, str, findEncryptedDataElement, directChildElement2 == null ? X509Util.getSharedKey(directChildElement, encAlgo, callbackHandler) : getKeyFromSecurityTokenReference(directChildElement2, encAlgo, crypto, callbackHandler), encAlgo);
    }

    public static Element findEncryptedDataElement(Document document, String str) throws WSSecurityException {
        Element elementByWsuId = WSSecurityUtil.getElementByWsuId(document, str);
        if (elementByWsuId == null) {
            elementByWsuId = WSSecurityUtil.getElementByGenId(document, str);
        }
        if (elementByWsuId == null) {
            throw new WSSecurityException(3, "dataRef", new Object[]{str});
        }
        return elementByWsuId;
    }

    public static WSDataRef decryptEncryptedData(Document document, String str, Element element, SecretKey secretKey, String str2) throws WSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(str2);
            xMLCipher.init(2, secretKey);
            WSDataRef wSDataRef = new WSDataRef(str);
            wSDataRef.setWsuId(str);
            wSDataRef.setAlgorithm(str2);
            boolean isContent = X509Util.isContent(element);
            wSDataRef.setContent(isContent);
            Node parentNode = element.getParentNode();
            Node previousSibling = element.getPreviousSibling();
            if (isContent) {
                element = (Element) element.getParentNode();
                parentNode = element.getParentNode();
            }
            try {
                xMLCipher.doFinal(document, element, isContent);
                if (parentNode.getLocalName().equals("EncryptedHeader") && parentNode.getNamespaceURI().equals("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd")) {
                    Element element2 = (Element) parentNode.getFirstChild().cloneNode(true);
                    parentNode.getParentNode().appendChild(element2);
                    parentNode.getParentNode().removeChild(parentNode);
                    wSDataRef.setProtectedElement(element2);
                    wSDataRef.setXpath(getXPath(element2));
                } else if (isContent) {
                    wSDataRef.setProtectedElement(element);
                    wSDataRef.setXpath(getXPath(element));
                } else {
                    Node firstChild = previousSibling == null ? parentNode.getFirstChild() : previousSibling.getNextSibling();
                    if (firstChild != null && 1 == firstChild.getNodeType()) {
                        wSDataRef.setProtectedElement((Element) firstChild);
                    }
                    wSDataRef.setXpath(getXPath(firstChild));
                }
                return wSDataRef;
            } catch (Exception e) {
                throw new WSSecurityException(6, null, null, e);
            }
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    private SecretKey getKeyFromSecurityTokenReference(Element element, String str, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        byte[] key;
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(element);
        if (securityTokenReference.containsReference()) {
            String uri = securityTokenReference.getReference().getURI();
            if (uri.charAt(0) == '#') {
                uri = uri.substring(1);
            }
            Processor processor = this.wsDocInfo.getProcessor(uri);
            if (processor instanceof EncryptedKeyProcessor) {
                key = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
            } else if (processor instanceof DerivedKeyTokenProcessor) {
                key = ((DerivedKeyTokenProcessor) processor).getKeyBytes(WSSecurityUtil.getKeyLength(str));
            } else {
                if (processor instanceof SAMLTokenProcessor) {
                    throw new WSSecurityException(6, "SAML 1.x is not supported");
                }
                if (processor instanceof KerberosTokenProcessor) {
                    KerberosTokenProcessor kerberosTokenProcessor = (KerberosTokenProcessor) processor;
                    WSParameterCallback wSParameterCallback = new WSParameterCallback(0);
                    int i = 0;
                    try {
                        callbackHandler.handle(new Callback[]{wSParameterCallback});
                        i = wSParameterCallback.getIntValue();
                    } catch (Exception e) {
                        log.error("Error while executing parameter callback", e);
                    }
                    byte[] sessionKey = kerberosTokenProcessor.getLastPrincipalFound().getSessionKey();
                    if (i > 1) {
                        byte[] bArr = new byte[sessionKey.length * i];
                        int i2 = 0;
                        for (int i3 = 0; i3 < bArr.length; i3++) {
                            int i4 = i2;
                            i2++;
                            bArr[i3] = sessionKey[i4];
                            if (i2 == sessionKey.length) {
                                i2 = 0;
                            }
                        }
                        key = bArr;
                    } else {
                        key = sessionKey;
                    }
                    this.krbPricipal = kerberosTokenProcessor.getLastPrincipalFound();
                } else {
                    WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(uri, 7);
                    try {
                        callbackHandler.handle(new Callback[]{wSPasswordCallback});
                        key = wSPasswordCallback.getKey();
                        if (key == null) {
                            throw new WSSecurityException(6, "unsupportedKeyId");
                        }
                    } catch (Exception e2) {
                        throw new WSSecurityException(0, "noPassword", new Object[]{uri}, e2);
                    }
                }
            }
        } else {
            if (!securityTokenReference.containsKeyIdentifier()) {
                throw new WSSecurityException(6, "noReference");
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType())) {
                throw new WSSecurityException(6, "SAML 1.x is not supported");
            }
            if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(securityTokenReference.getKeyIdentifierValueType())) {
                Element keyIdentifierTokenElement = securityTokenReference.getKeyIdentifierTokenElement(element.getOwnerDocument(), this.wsDocInfo, callbackHandler);
                if (crypto == null) {
                    throw new WSSecurityException(0, "noSigCryptoFile");
                }
                key = SAML2Util.getSAML2KeyInfo(keyIdentifierTokenElement, crypto, callbackHandler).getSecret();
            } else {
                String keyIdentifierValue = securityTokenReference.getKeyIdentifierValue();
                WSPasswordCallback wSPasswordCallback2 = new WSPasswordCallback(securityTokenReference.getKeyIdentifierValue(), null, securityTokenReference.getKeyIdentifierValueType(), 8);
                try {
                    callbackHandler.handle(new Callback[]{wSPasswordCallback2});
                    key = wSPasswordCallback2.getKey();
                } catch (Exception e3) {
                    throw new WSSecurityException(0, "noPassword", new Object[]{keyIdentifierValue}, e3);
                }
            }
        }
        return WSSecurityUtil.prepareSecretKey(str, key);
    }

    @Override // org.apache.ws.security.processor.Processor
    public String getId() {
        return null;
    }

    public static String getXPath(Node node) {
        String prependFullPath;
        if (node == null) {
            return null;
        }
        if (1 == node.getNodeType()) {
            prependFullPath = prependFullPath(node.getNodeName(), node.getParentNode());
        } else {
            if (2 != node.getNodeType()) {
                return null;
            }
            prependFullPath = prependFullPath("@" + node.getNodeName(), ((Attr) node).getOwnerElement());
        }
        return prependFullPath;
    }

    private static String prependFullPath(String str, Node node) {
        if (node == null) {
            return null;
        }
        return 1 == node.getNodeType() ? prependFullPath(node.getNodeName() + "/" + str, node.getParentNode()) : 9 == node.getNodeType() ? "/" + str : prependFullPath(str, node.getParentNode());
    }
}
