package org.apache.ws.security.message.token;

import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.text.DateFormat;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.TimeZone;
import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:org/apache/ws/security/message/token/UsernameToken.class */
public class UsernameToken {
    public static final String BASE64_ENCODING = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    public static final String PASSWORD_TYPE = "passwordType";
    public static final int DEFAULT_ITERATION = 1000;
    public static final QName TOKEN = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
    private static final Log LOG;
    private static final boolean DO_DEBUG;
    private static SecureRandom random;
    protected Element element;
    protected Element elementUsername;
    protected Element elementPassword;
    protected Element elementNonce;
    protected Element elementCreated;
    protected Element elementSalt;
    protected Element elementIteration;
    protected String passwordType;
    protected boolean hashed;
    private String rawPassword;
    private boolean passwordsAreEncoded;
    static Class class$org$apache$ws$security$message$token$UsernameToken;

    public UsernameToken(Element element) throws WSSecurityException {
        this(element, false);
    }

    public UsernameToken(Element element, boolean z) throws WSSecurityException {
        this.element = null;
        this.elementUsername = null;
        this.elementPassword = null;
        this.elementNonce = null;
        this.elementCreated = null;
        this.elementSalt = null;
        this.elementIteration = null;
        this.passwordType = null;
        this.hashed = true;
        this.passwordsAreEncoded = false;
        this.element = element;
        QName qName = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
        if (!qName.equals(TOKEN)) {
            throw new WSSecurityException(4, "badTokenType00", new Object[]{qName});
        }
        this.elementUsername = (Element) WSSecurityUtil.getDirectChild(this.element, "Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementPassword = (Element) WSSecurityUtil.getDirectChild(this.element, "Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementNonce = (Element) WSSecurityUtil.getDirectChild(this.element, "Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementCreated = (Element) WSSecurityUtil.getDirectChild(this.element, "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        this.elementSalt = (Element) WSSecurityUtil.getDirectChild(this.element, "Salt", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        this.elementIteration = (Element) WSSecurityUtil.getDirectChild(this.element, "Iteration", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        if (this.elementUsername == null) {
            throw new WSSecurityException(4, "badTokenType01", new Object[]{qName});
        }
        this.hashed = false;
        if (this.elementSalt != null) {
            if (this.elementPassword != null || this.elementIteration == null) {
                throw new WSSecurityException(4, "badTokenType01", new Object[]{qName});
            }
            return;
        }
        if (this.elementPassword != null) {
            if (this.elementPassword.hasAttribute("Type")) {
                this.passwordType = this.elementPassword.getAttribute("Type");
            } else if (this.elementPassword.hasAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type")) {
                if (!z) {
                    throw new WSSecurityException(4, "badTokenType01", new Object[]{qName});
                }
                this.passwordType = this.elementPassword.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type");
            }
        }
        if (this.passwordType == null || !this.passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
            return;
        }
        this.hashed = true;
        if (this.elementNonce == null || this.elementCreated == null) {
            throw new WSSecurityException(4, "badTokenType01", new Object[]{qName});
        }
    }

    public UsernameToken(boolean z, Document document) {
        this(z, document, WSConstants.PASSWORD_DIGEST);
    }

    public UsernameToken(boolean z, Document document, String str) {
        this.element = null;
        this.elementUsername = null;
        this.elementPassword = null;
        this.elementNonce = null;
        this.elementCreated = null;
        this.elementSalt = null;
        this.elementIteration = null;
        this.passwordType = null;
        this.hashed = true;
        this.passwordsAreEncoded = false;
        this.element = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:UsernameToken");
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
        this.elementUsername = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Username");
        this.elementUsername.appendChild(document.createTextNode(""));
        this.element.appendChild(this.elementUsername);
        if (str != null) {
            this.elementPassword = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Password");
            this.elementPassword.appendChild(document.createTextNode(""));
            this.element.appendChild(this.elementPassword);
            this.hashed = false;
            this.passwordType = str;
            if (this.passwordType.equals(WSConstants.PASSWORD_DIGEST)) {
                this.hashed = true;
                addNonce(document);
                addCreated(z, document);
            }
        }
    }

    public void addNonce(Document document) {
        if (this.elementNonce != null) {
            return;
        }
        byte[] bArr = new byte[16];
        random.nextBytes(bArr);
        this.elementNonce = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Nonce");
        this.elementNonce.appendChild(document.createTextNode(Base64.encode(bArr)));
        this.elementNonce.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        this.element.appendChild(this.elementNonce);
    }

    public void addCreated(boolean z, Document document) {
        DateFormat simpleDateFormat;
        if (this.elementCreated != null) {
            return;
        }
        if (z) {
            simpleDateFormat = new XmlSchemaDateFormat();
        } else {
            simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("UTC"));
        }
        Calendar calendar = Calendar.getInstance();
        this.elementCreated = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
        this.elementCreated.appendChild(document.createTextNode(simpleDateFormat.format(calendar.getTime())));
        this.element.appendChild(this.elementCreated);
    }

    public byte[] addSalt(Document document, byte[] bArr, boolean z) {
        if (bArr == null) {
            bArr = generateSalt(z);
        }
        this.elementSalt = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Salt");
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementSalt.appendChild(document.createTextNode(Base64.encode(bArr)));
        this.element.appendChild(this.elementSalt);
        return bArr;
    }

    public void addIteration(Document document, int i) {
        String stringBuffer = new StringBuffer().append("").append(i).toString();
        this.elementIteration = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Iteration");
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementIteration.appendChild(document.createTextNode(stringBuffer));
        this.element.appendChild(this.elementIteration);
    }

    public String getName() {
        return nodeString(this.elementUsername);
    }

    public void setName(String str) {
        getFirstNode(this.elementUsername).setData(str);
    }

    public String getNonce() {
        return nodeString(this.elementNonce);
    }

    public String getCreated() {
        return nodeString(this.elementCreated);
    }

    public String getPassword() {
        String nodeString = nodeString(this.elementPassword);
        return (nodeString != null || this.elementPassword == null) ? nodeString : "";
    }

    public byte[] getSalt() throws WSSecurityException {
        if (nodeString(this.elementSalt) != null) {
            return Base64.decode(nodeString(this.elementSalt));
        }
        return null;
    }

    public int getIteration() {
        String nodeString = nodeString(this.elementIteration);
        if (nodeString != null) {
            return Integer.parseInt(nodeString);
        }
        return 1000;
    }

    public boolean isHashed() {
        return this.hashed;
    }

    public String getPasswordType() {
        return this.passwordType;
    }

    public void setPassword(String str) {
        if (str == null) {
            if (this.passwordType != null) {
                throw new IllegalArgumentException("pwd == null but a password is needed");
            }
            return;
        }
        this.rawPassword = str;
        Text firstNode = getFirstNode(this.elementPassword);
        try {
            if (this.hashed) {
                if (this.passwordsAreEncoded) {
                    firstNode.setData(doPasswordDigest(getNonce(), getCreated(), Base64.decode(str)));
                } else {
                    firstNode.setData(doPasswordDigest(getNonce(), getCreated(), str));
                }
                this.elementPassword.setAttributeNS(null, "Type", WSConstants.PASSWORD_DIGEST);
            } else {
                firstNode.setData(str);
                this.elementPassword.setAttributeNS(null, "Type", WSConstants.PASSWORD_TEXT);
            }
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
    }

    public void setRawPassword(String str) {
        this.rawPassword = str;
    }

    public String getRawPassword() {
        return this.rawPassword;
    }

    public void setPasswordsAreEncoded(boolean z) {
        this.passwordsAreEncoded = z;
    }

    public boolean getPasswordsAreEncoded() {
        return this.passwordsAreEncoded;
    }

    public static String doPasswordDigest(String str, String str2, byte[] bArr) {
        String str3 = null;
        try {
            byte[] decode = str != null ? Base64.decode(str) : new byte[0];
            byte[] bytes = str2 != null ? str2.getBytes("UTF-8") : new byte[0];
            byte[] bArr2 = new byte[decode.length + bytes.length + bArr.length];
            System.arraycopy(decode, 0, bArr2, 0, decode.length);
            int length = 0 + decode.length;
            System.arraycopy(bytes, 0, bArr2, length, bytes.length);
            System.arraycopy(bArr, 0, bArr2, length + bytes.length, bArr.length);
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            str3 = Base64.encode(messageDigest.digest());
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return str3;
    }

    public static String doPasswordDigest(String str, String str2, String str3) {
        String str4 = null;
        try {
            str4 = doPasswordDigest(str, str2, str3.getBytes("UTF-8"));
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
        return str4;
    }

    private Text getFirstNode(Element element) {
        Node firstChild = element.getFirstChild();
        if (firstChild == null || !(firstChild instanceof Text)) {
            return null;
        }
        return (Text) firstChild;
    }

    private String nodeString(Element element) {
        Text firstNode;
        if (element == null || (firstNode = getFirstNode(element)) == null) {
            return null;
        }
        return firstNode.getData();
    }

    public Element getElement() {
        return this.element;
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    public String getID() {
        return this.element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
    }

    public void setID(String str) {
        this.element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", new StringBuffer().append(WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu")).append(":Id").toString(), str);
    }

    public byte[] getSecretKey() {
        return getSecretKey(16, WSConstants.LABEL_FOR_DERIVED_KEY);
    }

    public byte[] getSecretKey(int i) {
        return getSecretKey(i, WSConstants.LABEL_FOR_DERIVED_KEY);
    }

    public byte[] getSecretKey(int i, String str) {
        try {
            Mac mac = Mac.getInstance("HMACSHA1");
            byte[] decode = this.passwordsAreEncoded ? Base64.decode(this.rawPassword) : this.rawPassword.getBytes("UTF-8");
            byte[] bytes = str.getBytes("UTF-8");
            byte[] decode2 = Base64.decode(getNonce());
            byte[] bytes2 = getCreated().getBytes("UTF-8");
            byte[] bArr = new byte[bytes.length + decode2.length + bytes2.length];
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
            int length = 0 + bytes.length;
            System.arraycopy(decode2, 0, bArr, length, decode2.length);
            System.arraycopy(bytes2, 0, bArr, length + decode2.length, bytes2.length);
            byte[] P_hash = P_hash(decode, bArr, mac, i);
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("password   :").append(Base64.encode(decode)).toString());
                LOG.debug(new StringBuffer().append("label      :").append(Base64.encode(bytes)).toString());
                LOG.debug(new StringBuffer().append("nonce      :").append(Base64.encode(decode2)).toString());
                LOG.debug(new StringBuffer().append("created    :").append(Base64.encode(bytes2)).toString());
                LOG.debug(new StringBuffer().append("seed       :").append(Base64.encode(bArr)).toString());
                LOG.debug(new StringBuffer().append("Key        :").append(Base64.encode(P_hash)).toString());
            }
            return P_hash;
        } catch (Exception e) {
            if (!DO_DEBUG) {
                return null;
            }
            LOG.debug(e.getMessage(), e);
            return null;
        }
    }

    public static byte[] generateDerivedKey(byte[] bArr, byte[] bArr2, int i) throws WSSecurityException {
        if (i == 0) {
            i = 1000;
        }
        byte[] bArr3 = new byte[bArr2.length + bArr.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            byte[] digest = messageDigest.digest(bArr3);
            for (int i2 = 1; i2 < i; i2++) {
                digest = messageDigest.digest(digest);
            }
            return digest;
        } catch (NoSuchAlgorithmException e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
            throw new WSSecurityException(0, "noSHA1availabe", null, e);
        }
    }

    public static byte[] generateDerivedKey(String str, byte[] bArr, int i) throws WSSecurityException {
        try {
            return generateDerivedKey(str.getBytes("UTF-8"), bArr, i);
        } catch (UnsupportedEncodingException e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
            throw new WSSecurityException("Unable to convert password to UTF-8", e);
        }
    }

    public byte[] getDerivedKey() throws WSSecurityException {
        int iteration = getIteration();
        byte[] salt = getSalt();
        return this.passwordsAreEncoded ? generateDerivedKey(Base64.decode(this.rawPassword), salt, iteration) : generateDerivedKey(this.rawPassword, salt, iteration);
    }

    public boolean isDerivedKey() throws WSSecurityException {
        return (this.elementSalt == null || this.elementIteration == null) ? false : true;
    }

    public static byte[] generateSalt(boolean z) {
        byte[] bArr = new byte[16];
        random.nextBytes(bArr);
        if (z) {
            bArr[15] = 1;
        } else {
            bArr[15] = 2;
        }
        return bArr;
    }

    private static byte[] P_hash(byte[] bArr, byte[] bArr2, Mac mac, int i) throws Exception {
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        byte[] bArr4 = bArr2;
        mac.init(new SecretKeySpec(bArr, "HMACSHA1"));
        while (i > 0) {
            mac.update(bArr4);
            bArr4 = mac.doFinal();
            mac.update(bArr4);
            mac.update(bArr2);
            byte[] doFinal = mac.doFinal();
            int min = min(i, doFinal.length);
            System.arraycopy(doFinal, 0, bArr3, i2, min);
            i2 += min;
            i -= min;
        }
        return bArr3;
    }

    private static int min(int i, int i2) {
        return i > i2 ? i2 : i;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$message$token$UsernameToken == null) {
            cls = class$("org.apache.ws.security.message.token.UsernameToken");
            class$org$apache$ws$security$message$token$UsernameToken = cls;
        } else {
            cls = class$org$apache$ws$security$message$token$UsernameToken;
        }
        LOG = LogFactory.getLog(cls.getName());
        DO_DEBUG = LOG.isDebugEnabled();
        try {
            random = WSSecurityUtil.resolveSecureRandom();
        } catch (NoSuchAlgorithmException e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), e);
            }
        }
    }
}
