package org.apache.wss4j.stax.ext;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
import javax.xml.transform.Source;
import javax.xml.transform.stream.StreamSource;
import javax.xml.validation.Schema;
import javax.xml.validation.SchemaFactory;
import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.WSSec;
import org.apache.wss4j.stax.impl.SecurityHeaderOrder;
import org.apache.wss4j.stax.securityEvent.DerivedKeyTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.EncryptedKeyTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.HttpsTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.KeyValueTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.RelTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SecurityContextTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.UsernameTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractOutputProcessor;
import org.apache.xml.security.stax.ext.OutboundSecurityContext;
import org.apache.xml.security.stax.ext.OutputProcessorChain;
import org.apache.xml.security.stax.ext.SecurePart;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.EncryptionPartDef;
import org.apache.xml.security.stax.impl.util.ConcreteLSInput;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.utils.ClassLoaderUtils;
import org.w3c.dom.ls.LSInput;
import org.w3c.dom.ls.LSResourceResolver;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/wss4j/stax/ext/WSSUtils.class */
public class WSSUtils extends XMLSecurityUtils {
    protected WSSUtils() {
    }

    public static void doPasswordCallback(CallbackHandler callbackHandler, Callback callback) throws WSSecurityException {
        if (callbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCallback");
        }
        try {
            callbackHandler.handle(new Callback[]{callback});
        } catch (IOException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        } catch (UnsupportedCallbackException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
        }
    }

    public static void doSecretKeyCallback(CallbackHandler callbackHandler, Callback callback, String str) throws WSSecurityException {
        if (callbackHandler != null) {
            try {
                callbackHandler.handle(new Callback[]{callback});
            } catch (IOException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "noPassword");
            } catch (UnsupportedCallbackException e2) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2, "noPassword");
            }
        }
    }

    public static String doPasswordDigest(byte[] bArr, String str, String str2) throws WSSecurityException {
        byte[] bArr2;
        if (bArr != null) {
            bArr2 = bArr;
        } else {
            try {
                bArr2 = new byte[0];
            } catch (UnsupportedEncodingException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
            } catch (NoSuchAlgorithmException e2) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2, "decoding.general");
            }
        }
        byte[] bArr3 = bArr2;
        byte[] bytes = str != null ? str.getBytes("UTF-8") : new byte[0];
        byte[] bytes2 = str2.getBytes("UTF-8");
        byte[] bArr4 = new byte[bArr3.length + bytes.length + bytes2.length];
        System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
        int length = 0 + bArr3.length;
        System.arraycopy(bytes, 0, bArr4, length, bytes.length);
        System.arraycopy(bytes2, 0, bArr4, length + bytes.length, bytes2.length);
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.reset();
        messageDigest.update(bArr4);
        return new String(Base64.encodeBase64(messageDigest.digest()));
    }

    public static String getSOAPMessageVersionNamespace(XMLSecEvent xMLSecEvent) {
        XMLSecStartElement startElementAtLevel = xMLSecEvent.getStartElementAtLevel(1);
        if (startElementAtLevel == null) {
            return null;
        }
        if (WSSConstants.TAG_soap11_Envelope.equals(startElementAtLevel.getName())) {
            return WSSConstants.NS_SOAP11;
        }
        if (WSSConstants.TAG_soap12_Envelope.equals(startElementAtLevel.getName())) {
            return WSSConstants.NS_SOAP12;
        }
        return null;
    }

    public static boolean isInSOAPHeader(XMLSecEvent xMLSecEvent) {
        return isInSOAPHeader((List<QName>) xMLSecEvent.getElementPath());
    }

    public static boolean isInSOAPHeader(List<QName> list) {
        if (list.size() <= 1) {
            return false;
        }
        QName qName = list.get(1);
        return WSSConstants.TAG_soap_Header_LocalName.equals(qName.getLocalPart()) && list.get(0).getNamespaceURI().equals(qName.getNamespaceURI());
    }

    public static boolean isInSOAPBody(XMLSecEvent xMLSecEvent) {
        return isInSOAPBody((List<QName>) xMLSecEvent.getElementPath());
    }

    public static boolean isInSOAPBody(List<QName> list) {
        if (list.size() <= 1) {
            return false;
        }
        QName qName = list.get(1);
        return WSSConstants.TAG_soap_Body_LocalName.equals(qName.getLocalPart()) && list.get(0).getNamespaceURI().equals(qName.getNamespaceURI());
    }

    public static boolean isInSecurityHeader(XMLSecEvent xMLSecEvent, String str) {
        return isInSecurityHeader(xMLSecEvent, xMLSecEvent.getElementPath(), str);
    }

    public static boolean isInSecurityHeader(XMLSecEvent xMLSecEvent, List<QName> list, String str) {
        if (list.size() <= 2) {
            return false;
        }
        QName qName = list.get(1);
        return WSSConstants.TAG_wsse_Security.equals(list.get(2)) && isResponsibleActorOrRole(xMLSecEvent.getStartElementAtLevel(3), str) && WSSConstants.TAG_soap_Header_LocalName.equals(qName.getLocalPart()) && list.get(0).getNamespaceURI().equals(qName.getNamespaceURI());
    }

    public static boolean isSecurityHeaderElement(XMLSecEvent xMLSecEvent, String str) {
        if (!xMLSecEvent.isStartElement()) {
            return false;
        }
        List elementPath = xMLSecEvent.getElementPath();
        if (elementPath.size() != 3) {
            return false;
        }
        QName qName = (QName) elementPath.get(1);
        return WSSConstants.TAG_wsse_Security.equals(elementPath.get(2)) && isResponsibleActorOrRole(xMLSecEvent.getStartElementAtLevel(3), str) && WSSConstants.TAG_soap_Header_LocalName.equals(qName.getLocalPart()) && ((QName) elementPath.get(0)).getNamespaceURI().equals(qName.getNamespaceURI());
    }

    public static void updateSecurityHeaderOrder(OutputProcessorChain outputProcessorChain, QName qName, XMLSecurityConstants.Action action, boolean z) {
        OutboundSecurityContext securityContext = outputProcessorChain.getSecurityContext();
        Map asMap = securityContext.getAsMap("encryptionParts");
        boolean z2 = false;
        if (asMap != null) {
            z2 = asMap.containsKey(qName);
        }
        List asList = securityContext.getAsList(SecurityHeaderOrder.class);
        if (asList == null) {
            securityContext.putList(SecurityHeaderOrder.class, Collections.emptyList());
            asList = securityContext.getAsList(SecurityHeaderOrder.class);
        }
        if (z) {
            asList.add(0, new SecurityHeaderOrder(qName, action, z2));
        } else {
            asList.add(new SecurityHeaderOrder(qName, action, z2));
        }
    }

    public static boolean isResponsibleActorOrRole(XMLSecStartElement xMLSecStartElement, String str) {
        String str2 = null;
        Attribute attributeByName = xMLSecStartElement.getAttributeByName(WSSConstants.NS_SOAP11.equals(getSOAPMessageVersionNamespace(xMLSecStartElement)) ? WSSConstants.ATT_soap11_Actor : WSSConstants.ATT_soap12_Role);
        if (attributeByName != null) {
            str2 = attributeByName.getValue();
        }
        return str == null ? str2 == null : str.equals(str2);
    }

    public static void createBinarySecurityTokenStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String str, X509Certificate[] x509CertificateArr, boolean z) throws XMLStreamException, XMLSecurityException {
        String str2 = z ? WSSConstants.NS_X509_V3_TYPE : WSSConstants.NS_X509PKIPathv1;
        ArrayList arrayList = new ArrayList(3);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, str2));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_wsu_Id, str));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken, false, arrayList);
        try {
            if (z) {
                abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(x509CertificateArr[0].getEncoded()));
            } else {
                try {
                    try {
                        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(CertificateFactory.getInstance("X.509", "BC").generateCertPath(Arrays.asList(x509CertificateArr)).getEncoded()));
                    } catch (NoSuchProviderException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                    }
                } catch (CertificateException e2) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
                }
            }
            abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_BinarySecurityToken);
        } catch (CertificateEncodingException e3) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e3);
        }
    }

    public static void createX509SubjectKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509CertificateArr) throws XMLSecurityException, XMLStreamException {
        if (x509CertificateArr[0].getVersion() != 3) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertForSKI");
        }
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509SubjectKeyIdentifier));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(new Merlin().getSKIBytesFromCert(x509CertificateArr[0])));
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
    }

    public static void createX509KeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509CertificateArr) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_X509_V3_TYPE));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        try {
            abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(x509CertificateArr[0].getEncoded()));
            abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }
    }

    public static void createThumbprintKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, X509Certificate[] x509CertificateArr) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_THUMBPRINT));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        try {
            abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(MessageDigest.getInstance("SHA-1").digest(x509CertificateArr[0].getEncoded())));
            abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        } catch (CertificateEncodingException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
        }
    }

    public static void createEncryptedKeySha1IdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, Key key) throws XMLStreamException, XMLSecurityException {
        try {
            createEncryptedKeySha1IdentifierStructure(abstractOutputProcessor, outputProcessorChain, new Base64(76, new byte[]{10}).encodeToString(MessageDigest.getInstance("SHA-1").digest(key.getEncoded())));
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }
    }

    public static void createEncryptedKeySha1IdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String str) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_ENCRYPTED_KEY_SHA1));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, str);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
    }

    public static void createKerberosSha1IdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String str) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_EncodingType, WSSConstants.SOAPMESSAGE_NS10_BASE64_ENCODING));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_Kerberos5_AP_REQ_SHA1));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, str);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
    }

    public static void createBSTReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String str, String str2, boolean z) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_URI, z ? "#" + str : str));
        if (str2 != null) {
            arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, str2));
        }
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, arrayList);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
    }

    public static void createEmbeddedKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, SecurityTokenConstants.TokenType tokenType, String str) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(1);
        if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) || WSSecurityTokenConstants.Saml11Token.equals(tokenType)) {
            arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE));
        } else if (WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
            arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE));
        }
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, str);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
    }

    public static void createSAMLKeyIdentifierStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, SecurityTokenConstants.TokenType tokenType, String str) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(1);
        if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) || WSSecurityTokenConstants.Saml11Token.equals(tokenType)) {
            arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML10_TYPE));
        } else if (WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
            arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_SAML20_TYPE));
        }
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier, false, arrayList);
        abstractOutputProcessor.createCharactersAndOutputAsEvent(outputProcessorChain, str);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_KeyIdentifier);
    }

    public static void createUsernameTokenReferenceStructure(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain, String str) throws XMLStreamException, XMLSecurityException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_URI, "#" + str));
        arrayList.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_ValueType, WSSConstants.NS_USERNAMETOKEN_PROFILE_UsernameToken));
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, arrayList);
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
    }

    public static void createReferenceListStructureForEncryption(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        List<EncryptionPartDef> asList = outputProcessorChain.getSecurityContext().getAsList(EncryptionPartDef.class);
        if (asList == null) {
            return;
        }
        abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_ReferenceList, true, (List) null);
        for (EncryptionPartDef encryptionPartDef : asList) {
            ArrayList arrayList = new ArrayList(1);
            arrayList.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_URI, "#" + encryptionPartDef.getEncRefId()));
            abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_DataReference, false, arrayList);
            String encryptionCompressionAlgorithm = ((WSSSecurityProperties) abstractOutputProcessor.getSecurityProperties()).getEncryptionCompressionAlgorithm();
            if (encryptionCompressionAlgorithm != null) {
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms, true, (List) null);
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, encryptionCompressionAlgorithm));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, false, arrayList2);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
            }
            abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_DataReference);
        }
        abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_ReferenceList);
    }

    public static void createEncryptedDataStructureForAttachments(AbstractOutputProcessor abstractOutputProcessor, OutputProcessorChain outputProcessorChain) throws XMLStreamException, XMLSecurityException {
        List<EncryptionPartDef> asList = outputProcessorChain.getSecurityContext().getAsList(EncryptionPartDef.class);
        if (asList == null) {
            return;
        }
        for (EncryptionPartDef encryptionPartDef : asList) {
            if (encryptionPartDef.getCipherReferenceId() != null) {
                ArrayList arrayList = new ArrayList(3);
                arrayList.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Id, encryptionPartDef.getEncRefId()));
                if (encryptionPartDef.getModifier() == SecurePart.Modifier.Element) {
                    arrayList.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Type, WSSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_COMPLETE));
                } else {
                    arrayList.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Type, WSSConstants.SWA_ATTACHMENT_ENCRYPTED_DATA_TYPE_CONTENT_ONLY));
                }
                arrayList.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_MimeType, encryptionPartDef.getMimeType()));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedData, true, arrayList);
                ArrayList arrayList2 = new ArrayList(1);
                arrayList2.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, abstractOutputProcessor.getSecurityProperties().getEncryptionSymAlgorithm()));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod, false, arrayList2);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptionMethod);
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo, true, (List) null);
                ArrayList arrayList3 = new ArrayList(1);
                arrayList3.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_wsse11_TokenType, WSSConstants.NS_WSS_ENC_KEY_VALUE_TYPE));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference, true, arrayList3);
                ArrayList arrayList4 = new ArrayList(1);
                arrayList4.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_URI, "#" + encryptionPartDef.getKeyId()));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference, false, arrayList4);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_Reference);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, WSSConstants.TAG_wsse_SecurityTokenReference);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_KeyInfo);
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData, false, (List) null);
                ArrayList arrayList5 = new ArrayList(1);
                arrayList5.add(abstractOutputProcessor.createAttribute(WSSConstants.ATT_NULL_URI, "cid:" + encryptionPartDef.getCipherReferenceId()));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherReference, false, arrayList5);
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_Transforms, false, (List) null);
                ArrayList arrayList6 = new ArrayList(1);
                arrayList6.add(abstractOutputProcessor.createAttribute(XMLSecurityConstants.ATT_NULL_Algorithm, WSSConstants.SWA_ATTACHMENT_CIPHERTEXT_TRANS));
                abstractOutputProcessor.createStartElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform, true, arrayList6);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transform);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_dsig_Transforms);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherReference);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_CipherData);
                abstractOutputProcessor.createEndElementAndOutputAsEvent(outputProcessorChain, XMLSecurityConstants.TAG_xenc_EncryptedData);
            }
        }
    }

    public static TokenSecurityEvent<? extends InboundSecurityToken> createTokenSecurityEvent(InboundSecurityToken inboundSecurityToken, String str) throws WSSecurityException {
        TokenSecurityEvent x509TokenSecurityEvent;
        SecurityTokenConstants.TokenType tokenType = inboundSecurityToken.getTokenType();
        if (WSSecurityTokenConstants.X509V1Token.equals(tokenType) || WSSecurityTokenConstants.X509V3Token.equals(tokenType) || WSSecurityTokenConstants.X509Pkcs7Token.equals(tokenType) || WSSecurityTokenConstants.X509PkiPathV1Token.equals(tokenType)) {
            x509TokenSecurityEvent = new X509TokenSecurityEvent();
        } else if (WSSecurityTokenConstants.UsernameToken.equals(tokenType)) {
            x509TokenSecurityEvent = new UsernameTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.KerberosToken.equals(tokenType)) {
            x509TokenSecurityEvent = new KerberosTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.SecurityContextToken.equals(tokenType)) {
            x509TokenSecurityEvent = new SecurityContextTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) || WSSecurityTokenConstants.Saml11Token.equals(tokenType) || WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
            x509TokenSecurityEvent = new SamlTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.RelToken.equals(tokenType)) {
            x509TokenSecurityEvent = new RelTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.HttpsToken.equals(tokenType)) {
            x509TokenSecurityEvent = new HttpsTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.KeyValueToken.equals(tokenType)) {
            x509TokenSecurityEvent = new KeyValueTokenSecurityEvent();
        } else if (WSSecurityTokenConstants.DerivedKeyToken.equals(tokenType)) {
            x509TokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
        } else {
            if (!WSSecurityTokenConstants.EncryptedKeyToken.equals(tokenType)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN);
            }
            x509TokenSecurityEvent = new EncryptedKeyTokenSecurityEvent();
        }
        x509TokenSecurityEvent.setSecurityToken(inboundSecurityToken);
        x509TokenSecurityEvent.setCorrelationID(str);
        return x509TokenSecurityEvent;
    }

    public static boolean pathMatches(List<QName> list, List<QName> list2, boolean z, boolean z2) {
        if (list == null) {
            throw new IllegalArgumentException("Internal error");
        }
        if (list2 == null || list.size() != list2.size()) {
            return false;
        }
        Iterator<QName> it = list.iterator();
        Iterator<QName> it2 = list2.iterator();
        while (it.hasNext()) {
            QName next = it.next();
            QName next2 = it2.next();
            if (z && (WSSConstants.NS_SOAP11.equals(next.getNamespaceURI()) || WSSConstants.NS_SOAP12.equals(next.getNamespaceURI()))) {
                if (!next.getLocalPart().equals(next2.getLocalPart())) {
                    return false;
                }
            } else if (!next.equals(next2) && (it.hasNext() || !z2 || !next.getNamespaceURI().equals(next2.getNamespaceURI()))) {
                return false;
            }
        }
        return true;
    }

    public static String pathAsString(List<QName> list) {
        StringBuilder sb = new StringBuilder();
        for (QName qName : list) {
            sb.append('/');
            sb.append(qName.toString());
        }
        return sb.toString();
    }

    public static <T extends SecurityToken> T getRootToken(T t) throws XMLSecurityException {
        SecurityToken securityToken = t;
        while (true) {
            T t2 = (T) securityToken;
            if (t2.getKeyWrappingToken() == null) {
                return t2;
            }
            securityToken = t2.getKeyWrappingToken();
        }
    }

    public static Schema loadWSSecuritySchemas() throws SAXException {
        SchemaFactory newInstance = SchemaFactory.newInstance("http://www.w3.org/2001/XMLSchema");
        newInstance.setResourceResolver(new LSResourceResolver() { // from class: org.apache.wss4j.stax.ext.WSSUtils.1
            @Override // org.w3c.dom.ls.LSResourceResolver
            public LSInput resolveResource(String str, String str2, String str3, String str4, String str5) {
                if ("http://www.w3.org/2001/XMLSchema.dtd".equals(str4)) {
                    ConcreteLSInput concreteLSInput = new ConcreteLSInput();
                    concreteLSInput.setByteStream(ClassLoaderUtils.getResourceAsStream("schemas/XMLSchema.dtd", WSSec.class));
                    return concreteLSInput;
                }
                if ("XMLSchema.dtd".equals(str4)) {
                    ConcreteLSInput concreteLSInput2 = new ConcreteLSInput();
                    concreteLSInput2.setByteStream(ClassLoaderUtils.getResourceAsStream("schemas/XMLSchema.dtd", WSSec.class));
                    return concreteLSInput2;
                }
                if ("datatypes.dtd".equals(str4)) {
                    ConcreteLSInput concreteLSInput3 = new ConcreteLSInput();
                    concreteLSInput3.setByteStream(ClassLoaderUtils.getResourceAsStream("schemas/datatypes.dtd", WSSec.class));
                    return concreteLSInput3;
                }
                if ("http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd".equals(str4)) {
                    ConcreteLSInput concreteLSInput4 = new ConcreteLSInput();
                    concreteLSInput4.setByteStream(ClassLoaderUtils.getResourceAsStream("schemas/xmldsig-core-schema.xsd", WSSec.class));
                    return concreteLSInput4;
                }
                if (!"http://www.w3.org/2001/xml.xsd".equals(str4)) {
                    return null;
                }
                ConcreteLSInput concreteLSInput5 = new ConcreteLSInput();
                concreteLSInput5.setByteStream(ClassLoaderUtils.getResourceAsStream("schemas/xml.xsd", WSSec.class));
                return concreteLSInput5;
            }
        });
        return newInstance.newSchema(new Source[]{new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/xml.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/soap-1.1.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/soap-1.2.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/exc-c14n.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/xmldsig-core-schema.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/xenc-schema.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/xenc-schema-11.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/xmldsig11-schema.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/oasis-wss-wssecurity-secext-1.1.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/ws-secureconversation-200502.xsd", WSSec.class)), new StreamSource(ClassLoaderUtils.getResourceAsStream("schemas/ws-secureconversation-1.3.xsd", WSSec.class))});
    }
}
