package org.apache.ws.security.processor;

import java.util.ArrayList;
import java.util.List;
import java.util.Vector;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.encryption.XMLCipher;
import org.apache.xml.security.encryption.XMLEncryptionException;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.EncryptionConstants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.4.jar:org/apache/ws/security/processor/ReferenceListProcessor.class */
public class ReferenceListProcessor extends ProcessorBase {
    private static Log log;
    private boolean debug = false;
    WSDocInfo wsDocInfo = null;
    static Class class$org$apache$ws$security$processor$ReferenceListProcessor;

    @Override // org.apache.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        this.debug = log.isDebugEnabled();
        if (this.debug) {
            log.debug("Found reference list element");
        }
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        this.wsDocInfo = wSDocInfo;
        vector.add(0, new WSSecurityEngineResult(4, handleReferenceList(element, callbackHandler, crypto)));
    }

    private ArrayList handleReferenceList(Element element, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        Document ownerDocument = element.getOwnerDocument();
        ArrayList arrayList = new ArrayList();
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return arrayList;
            }
            if (node.getNodeType() == 1 && node.getNamespaceURI().equals("http://www.w3.org/2001/04/xmlenc#") && node.getLocalName().equals(EncryptionConstants._TAG_DATAREFERENCE)) {
                String attribute = ((Element) node).getAttribute("URI");
                WSDataRef wSDataRef = new WSDataRef(attribute.substring(1));
                decryptDataRefEmbedded(ownerDocument, attribute, wSDataRef, callbackHandler, crypto);
                arrayList.add(wSDataRef);
            }
            firstChild = node.getNextSibling();
        }
    }

    public void decryptDataRefEmbedded(Document document, String str, WSDataRef wSDataRef, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        if (log.isDebugEnabled()) {
            log.debug(new StringBuffer().append("Found data reference: ").append(str).toString());
        }
        Element elementByWsuId = WSSecurityUtil.getElementByWsuId(document, str);
        Element element = elementByWsuId;
        if (elementByWsuId == null) {
            element = WSSecurityUtil.getElementByGenId(document, str);
        }
        if (element == null) {
            throw new WSSecurityException(3, "dataRef", new Object[]{str});
        }
        boolean isContent = X509Util.isContent(element);
        String encAlgo = X509Util.getEncAlgo(element);
        Element element2 = (Element) WSSecurityUtil.findElement(element, Constants._TAG_KEYINFO, "http://www.w3.org/2000/09/xmldsig#");
        if (element2 == null) {
            throw new WSSecurityException(3, "noKeyinfo");
        }
        Element element3 = (Element) WSSecurityUtil.getDirectChild(element2, "SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        SecretKey sharedKey = element3 == null ? X509Util.getSharedKey(element2, encAlgo, callbackHandler) : getKeyFromSecurityTokenReference(element3, encAlgo, crypto, callbackHandler);
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(encAlgo);
            xMLCipher.init(2, sharedKey);
            if (isContent) {
                element = (Element) element.getParentNode();
            }
            try {
                Node parentNode = element.getParentNode();
                List listChildren = listChildren(parentNode);
                xMLCipher.doFinal(document, element, isContent);
                if (parentNode.getLocalName().equals(WSConstants.ENCRYPTED_HEADER) && parentNode.getNamespaceURI().equals(WSConstants.WSSE11_NS)) {
                    Node firstChild = parentNode.getFirstChild();
                    Element element4 = (Element) firstChild.cloneNode(true);
                    String attributeNS = element4.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                    if (attributeNS == null || attributeNS.equals("")) {
                        String attributeNS2 = ((Element) parentNode).getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                        element4.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", new StringBuffer().append(WSSecurityUtil.setNamespace(element4, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu")).append(":Id").toString(), attributeNS2);
                        wSDataRef.setWsuId(attributeNS2.substring(1));
                    } else {
                        wSDataRef.setWsuId(attributeNS);
                    }
                    firstChild.getParentNode();
                    parentNode.getParentNode().appendChild(element4);
                    parentNode.getParentNode().removeChild(parentNode);
                }
                for (Node node : newNodes(listChildren, listChildren(parentNode))) {
                    if (node instanceof Element) {
                        if (!"http://www.w3.org/2000/09/xmldsig#".equals(node.getNamespaceURI()) && node.getAttributes().getNamedItemNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id") == null) {
                            ((Element) node).setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", new StringBuffer().append(WSSecurityUtil.setNamespace((Element) node, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu")).append(":Id").toString(), str);
                            wSDataRef.setWsuId(str.substring(1));
                        }
                        wSDataRef.setName(new QName(node.getNamespaceURI(), node.getLocalName()));
                    }
                }
            } catch (Exception e) {
                throw new WSSecurityException(6, null, null, e);
            }
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException(2, null, null, e2);
        }
    }

    @Override // org.apache.ws.security.processor.Processor
    public String getId() {
        return null;
    }

    private SecretKey getKeyFromSecurityTokenReference(Element element, String str, Crypto crypto, CallbackHandler callbackHandler) throws WSSecurityException {
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(element);
        byte[] bArr = null;
        if (securityTokenReference.containsReference()) {
            String substring = securityTokenReference.getReference().getURI().substring(1);
            Processor processor = this.wsDocInfo.getProcessor(substring);
            if (processor == null || (!(processor instanceof EncryptedKeyProcessor) && !(processor instanceof DerivedKeyTokenProcessor) && !(processor instanceof SAMLTokenProcessor))) {
                WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(substring, 7);
                try {
                    callbackHandler.handle(new Callback[]{wSPasswordCallback});
                    bArr = wSPasswordCallback.getKey();
                    if (bArr == null) {
                        throw new WSSecurityException(6, "unsupportedKeyId");
                    }
                } catch (Exception e) {
                    throw new WSSecurityException(0, "noPassword", new Object[]{substring});
                }
            }
            if (processor instanceof EncryptedKeyProcessor) {
                bArr = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
            } else if (processor instanceof DerivedKeyTokenProcessor) {
                bArr = ((DerivedKeyTokenProcessor) processor).getKeyBytes(WSSecurityUtil.getKeyLength(str));
            } else if (processor instanceof SAMLTokenProcessor) {
                bArr = SAMLUtil.getSAMLKeyInfo(((SAMLTokenProcessor) processor).getSamlTokenElement(), crypto, callbackHandler).getSecret();
            }
        } else {
            if (!securityTokenReference.containsKeyIdentifier()) {
                throw new WSSecurityException(6, "noReference");
            }
            if (securityTokenReference.getKeyIdentifierValueType().equals(SecurityTokenReference.ENC_KEY_SHA1_URI)) {
                String keyIdentifierValue = securityTokenReference.getKeyIdentifierValue();
                WSPasswordCallback wSPasswordCallback2 = new WSPasswordCallback(keyIdentifierValue, 8);
                try {
                    callbackHandler.handle(new Callback[]{wSPasswordCallback2});
                    bArr = wSPasswordCallback2.getKey();
                } catch (Exception e2) {
                    throw new WSSecurityException(0, "noPassword", new Object[]{keyIdentifierValue});
                }
            }
        }
        return WSSecurityUtil.prepareSecretKey(str, bArr);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$processor$ReferenceListProcessor == null) {
            cls = class$("org.apache.ws.security.processor.ReferenceListProcessor");
            class$org$apache$ws$security$processor$ReferenceListProcessor = cls;
        } else {
            cls = class$org$apache$ws$security$processor$ReferenceListProcessor;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
