package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJUtils;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.wss4j.AttachmentCallbackHandler;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.neethi.Assertion;
import org.apache.neethi.Constants;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.JasyptPasswordEncryptor;
import org.apache.wss4j.common.crypto.PasswordEncryptor;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.UsernameTokenPrincipal;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.util.Loader;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.bsp.BSPEnforcer;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecBase;
import org.apache.wss4j.dom.message.WSSecDKSign;
import org.apache.wss4j.dom.message.WSSecEncryptedKey;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.wss4j.dom.message.WSSecSignatureConfirmation;
import org.apache.wss4j.dom.message.WSSecTimestamp;
import org.apache.wss4j.dom.message.WSSecUsernameToken;
import org.apache.wss4j.dom.message.token.BinarySecurity;
import org.apache.wss4j.dom.message.token.Reference;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.X509Security;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractBinding;
import org.apache.wss4j.policy.model.AbstractSecurityAssertion;
import org.apache.wss4j.policy.model.AbstractSymmetricAsymmetricBinding;
import org.apache.wss4j.policy.model.AbstractToken;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.AsymmetricBinding;
import org.apache.wss4j.policy.model.Attachments;
import org.apache.wss4j.policy.model.ContentEncryptedElements;
import org.apache.wss4j.policy.model.EncryptedElements;
import org.apache.wss4j.policy.model.EncryptedParts;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.IssuedToken;
import org.apache.wss4j.policy.model.KerberosToken;
import org.apache.wss4j.policy.model.KeyValueToken;
import org.apache.wss4j.policy.model.Layout;
import org.apache.wss4j.policy.model.SamlToken;
import org.apache.wss4j.policy.model.SecureConversationToken;
import org.apache.wss4j.policy.model.SecurityContextToken;
import org.apache.wss4j.policy.model.SignedElements;
import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.model.SpnegoContextToken;
import org.apache.wss4j.policy.model.SupportingTokens;
import org.apache.wss4j.policy.model.SymmetricBinding;
import org.apache.wss4j.policy.model.UsernameToken;
import org.apache.wss4j.policy.model.Wss11;
import org.apache.wss4j.policy.model.X509Token;
import org.apache.wss4j.policy.model.XPath;
import org.opensaml.common.SAMLVersion;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.class */
public abstract class AbstractBindingBuilder extends AbstractCommonBindingHandler {
    public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
    protected static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
    protected AbstractSymmetricAsymmetricBinding.ProtectionOrder protectionOrder;
    protected final WSSConfig wssConfig;
    protected SOAPMessage saaj;
    protected WSSecHeader secHeader;
    protected AssertionInfoMap aim;
    protected AbstractBinding binding;
    protected WSSecTimestamp timestampEl;
    protected String mainSigId;
    protected List<WSEncryptionPart> sigConfList;
    protected Set<WSEncryptionPart> encryptedTokensList;
    protected List<byte[]> signatures;
    protected Element bottomUpElement;
    protected Element topDownElement;
    protected Element bstElement;
    protected Element lastEncryptedKeyElement;
    private Element lastSupportingTokenElement;
    private Element lastDerivedKeyElement;
    private List<AbstractSecurityAssertion> suppTokenParts;
    private List<SupportingToken> endSuppTokList;
    private List<SupportingToken> sgndEndSuppTokList;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder$SupportingToken.class */
    public static class SupportingToken {
        private final AbstractToken token;
        private final Object tokenImplementation;
        private final List<WSEncryptionPart> signedParts;

        public SupportingToken(AbstractToken abstractToken, Object obj, List<WSEncryptionPart> list) {
            this.token = abstractToken;
            this.tokenImplementation = obj;
            this.signedParts = list;
        }

        public AbstractToken getToken() {
            return this.token;
        }

        public Object getTokenImplementation() {
            return this.tokenImplementation;
        }

        public List<WSEncryptionPart> getSignedParts() {
            return this.signedParts;
        }
    }

    public AbstractBindingBuilder(WSSConfig wSSConfig, AbstractBinding abstractBinding, SOAPMessage sOAPMessage, WSSecHeader wSSecHeader, AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        super(soapMessage);
        this.protectionOrder = AbstractSymmetricAsymmetricBinding.ProtectionOrder.SignBeforeEncrypting;
        this.encryptedTokensList = new HashSet();
        this.signatures = new ArrayList();
        this.suppTokenParts = new ArrayList();
        this.wssConfig = wSSConfig;
        this.binding = abstractBinding;
        this.aim = assertionInfoMap;
        this.secHeader = wSSecHeader;
        this.saaj = sOAPMessage;
        soapMessage.getExchange().put("_sendSignatureValues_", this.signatures);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertAfter(Element element, Element element2) {
        if (element2.getNextSibling() == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, element2.getNextSibling());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDerivedKeyElement(Element element) {
        if (this.lastDerivedKeyElement != null) {
            insertAfter(element, this.lastDerivedKeyElement);
        } else if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastEncryptedKeyElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addEncryptedKeyElement(Element element) {
        if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.lastDerivedKeyElement != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.lastDerivedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastEncryptedKeyElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSupportingElement(Element element) {
        if (this.lastSupportingTokenElement != null) {
            insertAfter(element, this.lastSupportingTokenElement);
        } else if (this.lastDerivedKeyElement != null) {
            insertAfter(element, this.lastDerivedKeyElement);
        } else if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.bottomUpElement != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.bottomUpElement);
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastSupportingTokenElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertBeforeBottomUp(Element element) {
        if (this.bottomUpElement == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, this.bottomUpElement);
        }
        this.bottomUpElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTopDownElement(Element element) {
        if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        }
        this.topDownElement = element;
    }

    protected final Map<Object, Crypto> getCryptoCache() {
        Map<Object, Crypto> map;
        EndpointInfo endpointInfo = ((Endpoint) this.message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            Map<Object, Crypto> cast = CastUtils.cast((Map<?, ?>) this.message.getContextualProperty(CRYPTO_CACHE));
            if (cast == null) {
                cast = new ConcurrentHashMap();
                endpointInfo.setProperty(CRYPTO_CACHE, cast);
            }
            map = cast;
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TokenStore getTokenStore() {
        return WSS4JUtils.getTokenStore(this.message);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecTimestamp createTimestamp() {
        if (this.binding.isIncludeTimestamp()) {
            Object contextualProperty = this.message.getContextualProperty(SecurityConstants.TIMESTAMP_TTL);
            int i = 300;
            if (contextualProperty instanceof Number) {
                i = ((Number) contextualProperty).intValue();
            } else if (contextualProperty instanceof String) {
                i = Integer.parseInt((String) contextualProperty);
            }
            if (i <= 0) {
                i = 300;
            }
            this.timestampEl = new WSSecTimestamp(this.wssConfig);
            this.timestampEl.setTimeToLive(i);
            this.timestampEl.prepare(this.saaj.getSOAPPart());
            Iterator<AssertionInfo> it = getAllAssertionsByLocalname("IncludeTimestamp").iterator();
            while (it.hasNext()) {
                it.next().setAsserted(true);
            }
        }
        return this.timestampEl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecTimestamp handleLayout(WSSecTimestamp wSSecTimestamp) {
        if (this.binding.getLayout() != null) {
            AssertionInfo assertionInfo = null;
            for (AssertionInfo assertionInfo2 : getAllAssertionsByLocalname("Layout")) {
                assertionInfo2.setAsserted(true);
                assertionInfo = assertionInfo2;
            }
            if (this.binding.getLayout().getLayoutType() == Layout.LayoutType.LaxTsLast) {
                if (wSSecTimestamp == null) {
                    assertionInfo.setNotAsserted("LaxTsLast requires a timestamp");
                } else {
                    assertionInfo.setAsserted(true);
                    assertPolicy(new QName(this.binding.getLayout().getName().getNamespaceURI(), "LaxTsLast"));
                    Element element = wSSecTimestamp.getElement();
                    this.secHeader.getSecurityHeader().appendChild(element);
                    if (this.bottomUpElement == null) {
                        this.bottomUpElement = element;
                    }
                }
            } else if (this.binding.getLayout().getLayoutType() == Layout.LayoutType.LaxTsFirst) {
                if (wSSecTimestamp == null) {
                    assertionInfo.setNotAsserted("LaxTsFirst requires a timestamp");
                } else {
                    addTopDownElement(this.timestampEl.getElement());
                    assertPolicy(new QName(this.binding.getLayout().getName().getNamespaceURI(), "LaxTsFirst"));
                }
            } else if (this.timestampEl != null) {
                addTopDownElement(this.timestampEl.getElement());
            }
            assertPolicy(new QName(this.binding.getLayout().getName().getNamespaceURI(), "Lax"));
            assertPolicy(new QName(this.binding.getLayout().getName().getNamespaceURI(), "Strict"));
        } else if (this.timestampEl != null) {
            addTopDownElement(this.timestampEl.getElement());
        }
        return wSSecTimestamp;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void reshuffleTimestamp() {
        Node node;
        if (this.binding.getLayout() == null || this.timestampEl == null) {
            return;
        }
        if (this.binding.getLayout().getLayoutType() != Layout.LayoutType.LaxTsFirst || this.secHeader.getSecurityHeader().getFirstChild() == this.timestampEl.getElement()) {
            if (this.binding.getLayout().getLayoutType() != Layout.LayoutType.LaxTsLast || this.secHeader.getSecurityHeader().getLastChild() == this.timestampEl.getElement()) {
                return;
            }
            this.secHeader.getSecurityHeader().appendChild(this.timestampEl.getElement());
            return;
        }
        Node firstChild = this.secHeader.getSecurityHeader().getFirstChild();
        while (true) {
            node = firstChild;
            if (node == null || node.getNodeType() == 1) {
                break;
            } else {
                firstChild = node.getNextSibling();
            }
        }
        if (node == null || node == this.timestampEl.getElement()) {
            return;
        }
        this.secHeader.getSecurityHeader().insertBefore(this.timestampEl.getElement(), node);
    }

    private List<SupportingToken> handleSupportingTokens(Collection<AssertionInfo> collection, boolean z) throws WSSecurityException {
        ArrayList arrayList = new ArrayList();
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() instanceof SupportingTokens) {
                    assertionInfo.setAsserted(true);
                    try {
                        handleSupportingTokens((SupportingTokens) assertionInfo.getAssertion(), z, arrayList);
                    } catch (SOAPException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
                    }
                }
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<SupportingToken> handleSupportingTokens(SupportingTokens supportingTokens, boolean z, List<SupportingToken> list) throws WSSecurityException, SOAPException {
        SamlAssertionWrapper addSamlToken;
        if (supportingTokens == null) {
            return list;
        }
        for (AbstractToken abstractToken : supportingTokens.getTokens()) {
            assertToken(abstractToken);
            if (!isTokenRequired(abstractToken.getIncludeTokenType())) {
                getSignedParts(supportingTokens);
            } else if (abstractToken instanceof UsernameToken) {
                handleUsernameTokenSupportingToken((UsernameToken) abstractToken, z, supportingTokens.isEncryptedToken(), list);
            } else if ((abstractToken instanceof IssuedToken) || (abstractToken instanceof SecureConversationToken) || (abstractToken instanceof SecurityContextToken) || (abstractToken instanceof KerberosToken) || (abstractToken instanceof SpnegoContextToken)) {
                SecurityToken securityToken = getSecurityToken();
                if (securityToken == null) {
                    policyNotAsserted((Assertion) abstractToken, "Could not find IssuedToken");
                }
                Element cloneElement = cloneElement(securityToken.getToken());
                securityToken.setToken(cloneElement);
                addSupportingElement(cloneElement);
                String id = securityToken.getId();
                if (id != null && id.charAt(0) == '#') {
                    id = id.substring(1);
                }
                if (supportingTokens.isEncryptedToken()) {
                    WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(id, "Element");
                    wSEncryptionPart.setElement(cloneElement);
                    this.encryptedTokensList.add(wSEncryptionPart);
                }
                if (securityToken.getX509Certificate() == null) {
                    list.add(new SupportingToken(abstractToken, new WSSecurityTokenHolder(this.wssConfig, securityToken), getSignedParts(supportingTokens)));
                } else {
                    WSSecSignature wSSecSignature = new WSSecSignature(this.wssConfig);
                    wSSecSignature.setX509Certificate(securityToken.getX509Certificate());
                    wSSecSignature.setCustomTokenId(id);
                    wSSecSignature.setKeyIdentifierType(12);
                    String tokenType = securityToken.getTokenType();
                    if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType)) {
                        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                    } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(tokenType) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(tokenType)) {
                        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID");
                    } else if (tokenType != null) {
                        wSSecSignature.setCustomTokenValueType(tokenType);
                    } else {
                        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                    }
                    wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
                    wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getC14n().getValue());
                    try {
                        String x509Identifier = securityToken.getCrypto().getX509Identifier(securityToken.getX509Certificate());
                        wSSecSignature.setUserInfo(x509Identifier, getPassword(x509Identifier, abstractToken, 3));
                        try {
                            wSSecSignature.prepare(this.saaj.getSOAPPart(), securityToken.getCrypto(), this.secHeader);
                            list.add(new SupportingToken(abstractToken, wSSecSignature, getSignedParts(supportingTokens)));
                        } catch (WSSecurityException e) {
                            LOG.log(Level.FINE, e.getMessage(), e);
                            throw new Fault(e);
                        }
                    } catch (WSSecurityException e2) {
                        LOG.log(Level.FINE, e2.getMessage(), e2);
                        throw new Fault(e2);
                    }
                }
            } else if (abstractToken instanceof X509Token) {
                WSSecSignature signatureBuilder = getSignatureBuilder(abstractToken, false, z);
                assertPolicy((Assertion) supportingTokens);
                Element binarySecurityTokenElement = signatureBuilder.getBinarySecurityTokenElement();
                if (binarySecurityTokenElement != null) {
                    if (this.lastEncryptedKeyElement == null) {
                        signatureBuilder.prependBSTElementToHeader(this.secHeader);
                    } else if (this.lastEncryptedKeyElement.getNextSibling() != null) {
                        this.secHeader.getSecurityHeader().insertBefore(binarySecurityTokenElement, this.lastEncryptedKeyElement.getNextSibling());
                    } else {
                        this.secHeader.getSecurityHeader().appendChild(binarySecurityTokenElement);
                    }
                    if (supportingTokens.isEncryptedToken()) {
                        WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(signatureBuilder.getBSTTokenId(), "Element");
                        wSEncryptionPart2.setElement(binarySecurityTokenElement);
                        this.encryptedTokensList.add(wSEncryptionPart2);
                    }
                }
                list.add(new SupportingToken(abstractToken, signatureBuilder, getSignedParts(supportingTokens)));
            } else if (abstractToken instanceof KeyValueToken) {
                WSSecSignature signatureBuilder2 = getSignatureBuilder(abstractToken, false, z);
                assertPolicy((Assertion) supportingTokens);
                if (supportingTokens.isEncryptedToken()) {
                    this.encryptedTokensList.add(new WSEncryptionPart(signatureBuilder2.getBSTTokenId(), "Element"));
                }
                list.add(new SupportingToken(abstractToken, signatureBuilder2, getSignedParts(supportingTokens)));
            } else if ((abstractToken instanceof SamlToken) && (addSamlToken = addSamlToken((SamlToken) abstractToken)) != null) {
                Element dom = addSamlToken.toDOM(this.saaj.getSOAPPart());
                addSupportingElement(dom);
                list.add(new SupportingToken(abstractToken, addSamlToken, getSignedParts(supportingTokens)));
                if (supportingTokens.isEncryptedToken()) {
                    WSEncryptionPart wSEncryptionPart3 = new WSEncryptionPart(addSamlToken.getId(), "Element");
                    wSEncryptionPart3.setElement(dom);
                    this.encryptedTokensList.add(wSEncryptionPart3);
                }
            }
        }
        return list;
    }

    protected void handleUsernameTokenSupportingToken(UsernameToken usernameToken, boolean z, boolean z2, List<SupportingToken> list) throws WSSecurityException {
        if (z) {
            WSSecUsernameToken addDKUsernameToken = addDKUsernameToken(usernameToken, true);
            if (addDKUsernameToken != null) {
                addDKUsernameToken.prepare(this.saaj.getSOAPPart());
                addSupportingElement(addDKUsernameToken.getUsernameTokenElement());
                list.add(new SupportingToken(usernameToken, addDKUsernameToken, null));
                if (z2) {
                    WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(addDKUsernameToken.getId(), "Element");
                    wSEncryptionPart.setElement(addDKUsernameToken.getUsernameTokenElement());
                    this.encryptedTokensList.add(wSEncryptionPart);
                    return;
                }
                return;
            }
            return;
        }
        WSSecUsernameToken addUsernameToken = addUsernameToken(usernameToken);
        if (addUsernameToken != null) {
            addUsernameToken.prepare(this.saaj.getSOAPPart());
            addSupportingElement(addUsernameToken.getUsernameTokenElement());
            list.add(new SupportingToken(usernameToken, addUsernameToken, null));
            if (z2 || MessageUtils.getContextualBoolean(this.message, SecurityConstants.ALWAYS_ENCRYPT_UT, true)) {
                WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(addUsernameToken.getId(), "Element");
                wSEncryptionPart2.setElement(addUsernameToken.getUsernameTokenElement());
                this.encryptedTokensList.add(wSEncryptionPart2);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element cloneElement(Element element) {
        return (Element) this.secHeader.getSecurityHeader().getOwnerDocument().importNode(element, true);
    }

    protected void addSignatureParts(List<SupportingToken> list, List<WSEncryptionPart> list2) {
        for (SupportingToken supportingToken : list) {
            Object tokenImplementation = supportingToken.getTokenImplementation();
            WSEncryptionPart wSEncryptionPart = null;
            if (tokenImplementation instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) tokenImplementation;
                SecurityTokenReference securityTokenReference = wSSecSignature.getSecurityTokenReference();
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(securityTokenReference.getKeyIdentifierValueType())) {
                    Element cloneElement = cloneElement(securityTokenReference.getElement());
                    addSupportingElement(cloneElement);
                    wSEncryptionPart = new WSEncryptionPart("STRTransform", (String) null, "Element");
                    wSEncryptionPart.setId(wSSecSignature.getSecurityTokenReferenceURI());
                    wSEncryptionPart.setElement(cloneElement);
                } else if (wSSecSignature.getBSTTokenId() != null) {
                    wSEncryptionPart = new WSEncryptionPart(wSSecSignature.getBSTTokenId());
                    wSEncryptionPart.setElement(wSSecSignature.getBinarySecurityTokenElement());
                }
            } else if (tokenImplementation instanceof WSSecUsernameToken) {
                WSSecUsernameToken wSSecUsernameToken = (WSSecUsernameToken) tokenImplementation;
                wSEncryptionPart = new WSEncryptionPart(wSSecUsernameToken.getId());
                wSEncryptionPart.setElement(wSSecUsernameToken.getUsernameTokenElement());
            } else if (tokenImplementation instanceof BinarySecurity) {
                BinarySecurity binarySecurity = (BinarySecurity) tokenImplementation;
                wSEncryptionPart = new WSEncryptionPart(binarySecurity.getID());
                wSEncryptionPart.setElement(binarySecurity.getElement());
            } else if (tokenImplementation instanceof SamlAssertionWrapper) {
                SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) tokenImplementation;
                SecurityTokenReference createSTRForSamlAssertion = createSTRForSamlAssertion(samlAssertionWrapper.getElement().getOwnerDocument(), samlAssertionWrapper.getId(), samlAssertionWrapper.getSaml1() != null, false);
                Element cloneElement2 = cloneElement(createSTRForSamlAssertion.getElement());
                addSupportingElement(cloneElement2);
                wSEncryptionPart = new WSEncryptionPart("STRTransform", (String) null, "Element");
                wSEncryptionPart.setId(createSTRForSamlAssertion.getID());
                wSEncryptionPart.setElement(cloneElement2);
            } else if (tokenImplementation instanceof WSSecurityTokenHolder) {
                SecurityToken token = ((WSSecurityTokenHolder) tokenImplementation).getToken();
                String tokenType = token.getTokenType();
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(tokenType) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(tokenType)) {
                    Document ownerDocument = token.getToken().getOwnerDocument();
                    boolean z = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType);
                    String id = token.getId();
                    if (id == null || "".equals(id)) {
                        id = z ? token.getToken().getAttributeNS(null, "AssertionID") : token.getToken().getAttributeNS(null, "ID");
                    }
                    SecurityTokenReference createSTRForSamlAssertion2 = createSTRForSamlAssertion(ownerDocument, id, z, false);
                    Element cloneElement3 = cloneElement(createSTRForSamlAssertion2.getElement());
                    addSupportingElement(cloneElement3);
                    wSEncryptionPart = new WSEncryptionPart("STRTransform", (String) null, "Element");
                    wSEncryptionPart.setId(createSTRForSamlAssertion2.getID());
                    wSEncryptionPart.setElement(cloneElement3);
                } else {
                    String id2 = token.getId();
                    if (id2 != null && id2.charAt(0) == '#') {
                        id2 = id2.substring(1);
                    }
                    wSEncryptionPart = new WSEncryptionPart(id2);
                    wSEncryptionPart.setElement(token.getToken());
                }
            } else {
                policyNotAsserted((Assertion) supportingToken.getToken(), "UnsupportedTokenInSupportingToken: " + tokenImplementation);
            }
            if (wSEncryptionPart != null) {
                list2.add(wSEncryptionPart);
            }
        }
    }

    private SecurityTokenReference createSTRForSamlAssertion(Document document, String str, boolean z, boolean z2) {
        String str2;
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        securityTokenReference.setID(this.wssConfig.getIdAllocator().createSecureId("STR-", securityTokenReference));
        if (z2) {
            Reference reference = new Reference(document);
            reference.setURI("#" + str);
            if (z) {
                reference.setValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            } else {
                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            }
            securityTokenReference.setReference(reference);
        } else {
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:KeyIdentifier");
            if (z) {
                str2 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";
                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            } else {
                str2 = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";
                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            }
            createElementNS.setAttributeNS(null, "ValueType", str2);
            createElementNS.appendChild(document.createTextNode(str));
            securityTokenReference.getElement().appendChild(createElementNS);
        }
        return securityTokenReference;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecUsernameToken addUsernameToken(UsernameToken usernameToken) {
        assertToken(usernameToken);
        if (!isTokenRequired(usernameToken.getIncludeTokenType())) {
            return null;
        }
        String str = (String) this.message.getContextualProperty(SecurityConstants.USERNAME);
        if (StringUtils.isEmpty(str)) {
            policyNotAsserted((Assertion) usernameToken, "No username available");
            return null;
        }
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(this.wssConfig);
        if (usernameToken.getPasswordType() == UsernameToken.PasswordType.NoPassword) {
            wSSecUsernameToken.setUserInfo(str, (String) null);
            wSSecUsernameToken.setPasswordType((String) null);
        } else {
            String str2 = (String) this.message.getContextualProperty(SecurityConstants.PASSWORD);
            if (StringUtils.isEmpty(str2)) {
                str2 = getPassword(str, usernameToken, 2);
            }
            if (StringUtils.isEmpty(str2)) {
                policyNotAsserted((Assertion) usernameToken, "No password available");
                return null;
            }
            if (usernameToken.getPasswordType() == UsernameToken.PasswordType.HashPassword) {
                wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
            } else {
                wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            }
            wSSecUsernameToken.setUserInfo(str, str2);
        }
        if (usernameToken.isCreated() && usernameToken.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
            wSSecUsernameToken.addCreated();
        }
        if (usernameToken.isNonce() && usernameToken.getPasswordType() != UsernameToken.PasswordType.HashPassword) {
            wSSecUsernameToken.addNonce();
        }
        return wSSecUsernameToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecUsernameToken addDKUsernameToken(UsernameToken usernameToken, boolean z) {
        assertToken(usernameToken);
        if (!isTokenRequired(usernameToken.getIncludeTokenType())) {
            return null;
        }
        String str = (String) this.message.getContextualProperty(SecurityConstants.USERNAME);
        if (StringUtils.isEmpty(str)) {
            policyNotAsserted((Assertion) usernameToken, "No username available");
            return null;
        }
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken(this.wssConfig);
        String str2 = (String) this.message.getContextualProperty(SecurityConstants.PASSWORD);
        if (StringUtils.isEmpty(str2)) {
            str2 = getPassword(str, usernameToken, 2);
        }
        if (StringUtils.isEmpty(str2)) {
            policyNotAsserted((Assertion) usernameToken, "No password available");
            return null;
        }
        wSSecUsernameToken.setUserInfo(str, str2);
        wSSecUsernameToken.addDerivedKey(z, (byte[]) null, 1000);
        wSSecUsernameToken.prepare(this.saaj.getSOAPPart());
        return wSSecUsernameToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SamlAssertionWrapper addSamlToken(SamlToken samlToken) throws WSSecurityException {
        SecurityToken securityToken;
        assertToken(samlToken);
        if (!isTokenRequired(samlToken.getIncludeTokenType())) {
            return null;
        }
        Object contextualProperty = this.message.getContextualProperty(SecurityConstants.SAML_CALLBACK_HANDLER);
        if (contextualProperty == null && (securityToken = getSecurityToken()) != null) {
            Element token = securityToken.getToken();
            String namespaceURI = token.getNamespaceURI();
            String localName = token.getLocalName();
            SamlToken.SamlTokenType samlTokenType = samlToken.getSamlTokenType();
            if ((samlTokenType == SamlToken.SamlTokenType.WssSamlV11Token10 || samlTokenType == SamlToken.SamlTokenType.WssSamlV11Token11) && "urn:oasis:names:tc:SAML:1.0:assertion".equals(namespaceURI) && "Assertion".equals(localName)) {
                return new SamlAssertionWrapper(token);
            }
            if (samlTokenType == SamlToken.SamlTokenType.WssSamlV20Token11 && "urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI) && "Assertion".equals(localName)) {
                return new SamlAssertionWrapper(token);
            }
        }
        CallbackHandler callbackHandler = null;
        if (contextualProperty instanceof CallbackHandler) {
            callbackHandler = (CallbackHandler) contextualProperty;
        } else if (contextualProperty instanceof String) {
            try {
                callbackHandler = (CallbackHandler) ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
            } catch (Exception e) {
                callbackHandler = null;
            }
        }
        if (callbackHandler == null) {
            policyNotAsserted((Assertion) samlToken, "No SAML CallbackHandler available");
            return null;
        }
        SAMLCallback sAMLCallback = new SAMLCallback();
        SamlToken.SamlTokenType samlTokenType2 = samlToken.getSamlTokenType();
        if (samlTokenType2 == SamlToken.SamlTokenType.WssSamlV11Token10 || samlTokenType2 == SamlToken.SamlTokenType.WssSamlV11Token11) {
            sAMLCallback.setSamlVersion(SAMLVersion.VERSION_11);
        } else if (samlTokenType2 == SamlToken.SamlTokenType.WssSamlV20Token11) {
            sAMLCallback.setSamlVersion(SAMLVersion.VERSION_20);
        }
        SAMLUtil.doSAMLCallback(callbackHandler, sAMLCallback);
        SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(sAMLCallback);
        if (sAMLCallback.isSignAssertion()) {
            String issuerKeyName = sAMLCallback.getIssuerKeyName();
            if (issuerKeyName == null) {
                issuerKeyName = (String) this.message.getContextualProperty(SecurityConstants.SIGNATURE_USERNAME);
            }
            String issuerKeyPassword = sAMLCallback.getIssuerKeyPassword();
            if (issuerKeyPassword == null) {
                issuerKeyPassword = getPassword(issuerKeyName, samlToken, 3);
            }
            Crypto issuerCrypto = sAMLCallback.getIssuerCrypto();
            if (issuerCrypto == null) {
                issuerCrypto = getSignatureCrypto();
            }
            samlAssertionWrapper.signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto, sAMLCallback.isSendKeyValue(), sAMLCallback.getCanonicalizationAlgorithm(), sAMLCallback.getSignatureAlgorithm());
        }
        return samlAssertionWrapper;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeAssertionAsSecurityToken(SamlAssertionWrapper samlAssertionWrapper) {
        String findIDFromSamlToken = findIDFromSamlToken(samlAssertionWrapper.getElement());
        if (findIDFromSamlToken == null) {
            return;
        }
        SecurityToken securityToken = new SecurityToken(findIDFromSamlToken);
        if (samlAssertionWrapper.getSaml2() != null) {
            securityToken.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
        } else {
            securityToken.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
        }
        securityToken.setToken(samlAssertionWrapper.getElement());
        getTokenStore().add(securityToken);
        this.message.put(SecurityConstants.TOKEN_ID, (Object) securityToken.getId());
    }

    protected String findIDFromSamlToken(Element element) {
        String str = null;
        if (element != null) {
            QName elementQName = DOMUtils.getElementQName(element);
            if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion")) && element.hasAttributeNS(null, "AssertionID")) {
                str = element.getAttributeNS(null, "AssertionID");
            } else if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion")) && element.hasAttributeNS(null, "ID")) {
                str = element.getAttributeNS(null, "ID");
            }
            if (str == null) {
                str = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
            }
        }
        return str;
    }

    public String getPassword(String str, Assertion assertion, int i) {
        CallbackHandler callbackHandler = getCallbackHandler();
        if (callbackHandler == null) {
            policyNotAsserted(assertion, "No callback handler and no password available");
            return null;
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str, i)};
        try {
            callbackHandler.handle(wSPasswordCallbackArr);
        } catch (Exception e) {
            policyNotAsserted(assertion, e);
        }
        return wSPasswordCallbackArr[0].getPassword();
    }

    protected CallbackHandler getCallbackHandler() {
        Object contextualProperty = this.message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
        CallbackHandler callbackHandler = null;
        if (contextualProperty instanceof CallbackHandler) {
            callbackHandler = (CallbackHandler) contextualProperty;
        } else if (contextualProperty instanceof String) {
            try {
                callbackHandler = (CallbackHandler) ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
                this.message.put(SecurityConstants.CALLBACK_HANDLER, (Object) callbackHandler);
            } catch (Exception e) {
                callbackHandler = null;
            }
        }
        return callbackHandler;
    }

    public String addWsuIdToElement(Element element) {
        String createId;
        String prefixRecursive;
        String namespace;
        Attr attributeNodeNS = element.getAttributeNodeNS(null, "Id");
        if (attributeNodeNS == null) {
            attributeNodeNS = element.getAttributeNodeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        }
        if (attributeNodeNS != null) {
            createId = attributeNodeNS.getValue();
        } else {
            createId = this.wssConfig.getIdAllocator().createId("_", element);
            try {
                prefixRecursive = element.lookupPrefix("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            } catch (Throwable th) {
                prefixRecursive = DOMUtils.getPrefixRecursive(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            }
            boolean z = !StringUtils.isEmpty(prefixRecursive);
            int i = 0;
            while (StringUtils.isEmpty(prefixRecursive)) {
                prefixRecursive = Constants.ATTR_WSU + (i == 0 ? "" : Integer.valueOf(i));
                try {
                    namespace = element.lookupNamespaceURI(prefixRecursive);
                } catch (Throwable th2) {
                    namespace = DOMUtils.getNamespace(element, prefixRecursive);
                }
                if (!StringUtils.isEmpty(namespace)) {
                    prefixRecursive = null;
                    i++;
                }
            }
            if (!z) {
                Attr createAttributeNS = element.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + prefixRecursive);
                createAttributeNS.setValue("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                element.setAttributeNodeNS(createAttributeNS);
            }
            Attr createAttributeNS2 = element.getOwnerDocument().createAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", prefixRecursive + ":Id");
            createAttributeNS2.setValue(createId);
            element.setAttributeNodeNS(createAttributeNS2);
        }
        return createId;
    }

    public List<WSEncryptionPart> getEncryptedParts() throws SOAPException {
        boolean z = false;
        EncryptedParts encryptedParts = null;
        EncryptedElements encryptedElements = null;
        ContentEncryptedElements contentEncryptedElements = null;
        Collection<AssertionInfo> allAssertionsByLocalname = getAllAssertionsByLocalname("EncryptedParts");
        if (!allAssertionsByLocalname.isEmpty()) {
            for (AssertionInfo assertionInfo : allAssertionsByLocalname) {
                encryptedParts = (EncryptedParts) assertionInfo.getAssertion();
                assertionInfo.setAsserted(true);
            }
        }
        Collection<AssertionInfo> allAssertionsByLocalname2 = getAllAssertionsByLocalname("EncryptedElements");
        if (!allAssertionsByLocalname2.isEmpty()) {
            for (AssertionInfo assertionInfo2 : allAssertionsByLocalname2) {
                encryptedElements = (EncryptedElements) assertionInfo2.getAssertion();
                assertionInfo2.setAsserted(true);
            }
        }
        Collection<AssertionInfo> allAssertionsByLocalname3 = getAllAssertionsByLocalname("ContentEncryptedElements");
        if (!allAssertionsByLocalname3.isEmpty()) {
            for (AssertionInfo assertionInfo3 : allAssertionsByLocalname3) {
                contentEncryptedElements = (ContentEncryptedElements) assertionInfo3.getAssertion();
                assertionInfo3.setAsserted(true);
            }
        }
        if (encryptedParts == null && encryptedElements == null && contentEncryptedElements == null) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        if (encryptedParts != null) {
            z = encryptedParts.isBody();
            for (Header header : encryptedParts.getHeaders()) {
                arrayList.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Header"));
            }
            if (encryptedParts.getAttachments() != null) {
                arrayList.add(new WSEncryptionPart("cid:Attachments", "Element"));
            }
        }
        return getPartsAndElements(false, z, arrayList, encryptedElements == null ? null : encryptedElements.getXPaths(), contentEncryptedElements == null ? null : contentEncryptedElements.getXPaths());
    }

    public List<WSEncryptionPart> getSignedParts(SupportingTokens supportingTokens) throws SOAPException {
        boolean z = false;
        AbstractSecurityAssertion abstractSecurityAssertion = null;
        AbstractSecurityAssertion abstractSecurityAssertion2 = null;
        if (supportingTokens == null || !supportingTokens.isEndorsing()) {
            Collection<AssertionInfo> allAssertionsByLocalname = getAllAssertionsByLocalname("SignedParts");
            if (!allAssertionsByLocalname.isEmpty()) {
                for (AssertionInfo assertionInfo : allAssertionsByLocalname) {
                    AbstractSecurityAssertion abstractSecurityAssertion3 = (SignedParts) assertionInfo.getAssertion();
                    if (!this.suppTokenParts.contains(abstractSecurityAssertion3)) {
                        abstractSecurityAssertion = abstractSecurityAssertion3;
                        assertionInfo.setAsserted(true);
                    }
                }
            }
            Collection<AssertionInfo> allAssertionsByLocalname2 = getAllAssertionsByLocalname("SignedElements");
            if (!allAssertionsByLocalname2.isEmpty()) {
                for (AssertionInfo assertionInfo2 : allAssertionsByLocalname2) {
                    AbstractSecurityAssertion abstractSecurityAssertion4 = (SignedElements) assertionInfo2.getAssertion();
                    if (!this.suppTokenParts.contains(abstractSecurityAssertion4)) {
                        abstractSecurityAssertion2 = abstractSecurityAssertion4;
                        assertionInfo2.setAsserted(true);
                    }
                }
            }
        } else {
            abstractSecurityAssertion = supportingTokens.getSignedParts();
            abstractSecurityAssertion2 = supportingTokens.getSignedElements();
            if (abstractSecurityAssertion != null) {
                this.suppTokenParts.add(abstractSecurityAssertion);
            }
            if (abstractSecurityAssertion2 != null) {
                this.suppTokenParts.add(abstractSecurityAssertion2);
            }
        }
        if (abstractSecurityAssertion == null && abstractSecurityAssertion2 == null) {
            return new ArrayList();
        }
        ArrayList arrayList = new ArrayList();
        if (abstractSecurityAssertion != null) {
            z = abstractSecurityAssertion.isBody();
            for (Header header : abstractSecurityAssertion.getHeaders()) {
                arrayList.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Header"));
            }
            Attachments attachments = abstractSecurityAssertion.getAttachments();
            if (attachments != null) {
                arrayList.add(new WSEncryptionPart("cid:Attachments", attachments.isContentSignatureTransform() ? "Content" : "Element"));
            }
        }
        return getPartsAndElements(true, z, arrayList, abstractSecurityAssertion2 == null ? null : abstractSecurityAssertion2.getXPaths(), null);
    }

    public List<WSEncryptionPart> getPartsAndElements(boolean z, boolean z2, List<WSEncryptionPart> list, List<XPath> list2, List<XPath> list3) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        arrayList.addAll(getParts(z, z2, list, arrayList2));
        arrayList.addAll(getElements("Header", list2, arrayList2, z));
        if (!z) {
            arrayList.addAll(getElements("Content", list3, arrayList2, z));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<WSEncryptionPart> getParts(boolean z, boolean z2, List<WSEncryptionPart> list, List<Element> list2) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        if (z2 && !list2.contains(SAAJUtils.getBody(this.saaj))) {
            list2.add(SAAJUtils.getBody(this.saaj));
            String addWsuIdToElement = addWsuIdToElement(SAAJUtils.getBody(this.saaj));
            if (z) {
                WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(addWsuIdToElement, "Element");
                wSEncryptionPart.setElement(SAAJUtils.getBody(this.saaj));
                arrayList.add(wSEncryptionPart);
            } else {
                WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(addWsuIdToElement, "Content");
                wSEncryptionPart2.setElement(SAAJUtils.getBody(this.saaj));
                arrayList.add(wSEncryptionPart2);
            }
        }
        SOAPHeader header = SAAJUtils.getHeader(this.saaj);
        for (WSEncryptionPart wSEncryptionPart3 : list) {
            if (wSEncryptionPart3.getId() == null || !wSEncryptionPart3.getId().startsWith("cid:")) {
                for (Element element : StringUtils.isEmpty(wSEncryptionPart3.getName()) ? DOMUtils.getChildrenWithNamespace(header, wSEncryptionPart3.getNamespace()) : DOMUtils.getChildrenWithName(header, wSEncryptionPart3.getNamespace(), wSEncryptionPart3.getName())) {
                    if (!list2.contains(element)) {
                        list2.add(element);
                        WSEncryptionPart wSEncryptionPart4 = new WSEncryptionPart(addWsuIdToElement(element), wSEncryptionPart3.getEncModifier());
                        wSEncryptionPart4.setElement(element);
                        arrayList.add(wSEncryptionPart4);
                    }
                }
            } else {
                arrayList.add(wSEncryptionPart3);
            }
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<WSEncryptionPart> getElements(String str, List<XPath> list, List<Element> list2, boolean z) throws SOAPException {
        ArrayList arrayList = new ArrayList();
        if (list != null && !list.isEmpty()) {
            XPathFactory newInstance = XPathFactory.newInstance();
            for (XPath xPath : list) {
                javax.xml.xpath.XPath newXPath = newInstance.newXPath();
                if (xPath.getPrefixNamespaceMap() != null) {
                    newXPath.setNamespaceContext(new MapNamespaceContext((Map<String, String>) xPath.getPrefixNamespaceMap()));
                }
                NodeList nodeList = null;
                try {
                    nodeList = (NodeList) newXPath.evaluate(xPath.getXPath(), this.saaj.getSOAPPart().getEnvelope(), XPathConstants.NODESET);
                } catch (XPathExpressionException e) {
                    LOG.log(Level.WARNING, "Failure in evaluating an XPath expression", (Throwable) e);
                }
                if (nodeList != null) {
                    for (int i = 0; i < nodeList.getLength(); i++) {
                        Element element = (Element) nodeList.item(i);
                        if (!list2.contains(element)) {
                            WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(setIdOnElement(element, z), str);
                            wSEncryptionPart.setElement(element);
                            wSEncryptionPart.setXpath(xPath.getXPath());
                            arrayList.add(wSEncryptionPart);
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    private String setIdOnElement(Element element, boolean z) {
        if (z) {
            return addWsuIdToElement(element);
        }
        Attr attributeNodeNS = element.getAttributeNodeNS(null, "Id");
        if (attributeNodeNS == null) {
            attributeNodeNS = element.getAttributeNodeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        }
        if (attributeNodeNS != null) {
            return attributeNodeNS.getValue();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecEncryptedKey getEncryptedKeyBuilder(AbstractToken abstractToken) throws WSSecurityException {
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey(this.wssConfig);
        Crypto encryptionCrypto = getEncryptionCrypto();
        this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, encryptionCrypto);
        setKeyIdentifierType(wSSecEncryptedKey, abstractToken);
        boolean z = false;
        if ((abstractToken instanceof X509Token) && abstractToken.getIncludeTokenType() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER && wSSecEncryptedKey.getKeyIdentifierType() != 1) {
            z = true;
        }
        String encryptionUser = setEncryptionUser(wSSecEncryptedKey, abstractToken, false, encryptionCrypto);
        AlgorithmSuite.AlgorithmSuiteType algorithmSuiteType = this.binding.getAlgorithmSuite().getAlgorithmSuiteType();
        wSSecEncryptedKey.setSymmetricEncAlgorithm(algorithmSuiteType.getEncryption());
        wSSecEncryptedKey.setKeyEncAlgo(algorithmSuiteType.getAsymmetricKeyWrap());
        wSSecEncryptedKey.prepare(this.saaj.getSOAPPart(), encryptionCrypto);
        if (z) {
            X509Certificate encryptCert = getEncryptCert(encryptionCrypto, encryptionUser);
            X509Security x509Security = new X509Security(this.saaj.getSOAPPart());
            x509Security.setX509Certificate(encryptCert);
            x509Security.addWSUNamespace();
            x509Security.setID(this.wssConfig.getIdAllocator().createSecureId("X509-", encryptCert));
            WSSecurityUtil.prependChildElement(this.secHeader.getSecurityHeader(), x509Security.getElement());
            this.bstElement = x509Security.getElement();
        }
        return wSSecEncryptedKey;
    }

    private X509Certificate getEncryptCert(Crypto crypto, String str) throws WSSecurityException {
        X509Certificate x509Certificate = (X509Certificate) this.message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        return crypto.getX509Certificates(cryptoType)[0];
    }

    public Crypto getSignatureCrypto() throws WSSecurityException {
        return getCrypto(SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
    }

    public Crypto getEncryptionCrypto() throws WSSecurityException {
        Crypto crypto = getCrypto(SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
        boolean isTrue = MessageUtils.isTrue(this.message.getContextualProperty(SecurityConstants.ENABLE_REVOCATION));
        if (isTrue && crypto != null) {
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
            String str = (String) this.message.getContextualProperty(SecurityConstants.ENCRYPT_USERNAME);
            if (str == null) {
                try {
                    str = crypto.getDefaultX509Identifier();
                } catch (WSSecurityException e) {
                    throw new Fault((Throwable) e);
                }
            }
            cryptoType.setAlias(str);
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates != null && x509Certificates.length > 0) {
                crypto.verifyTrust(x509Certificates, isTrue, (Collection) null);
            }
        }
        return crypto;
    }

    protected Crypto getCrypto(String str, String str2) throws WSSecurityException {
        Crypto crypto = (Crypto) this.message.getContextualProperty(str);
        if (crypto != null) {
            return crypto;
        }
        Object contextualProperty = this.message.getContextualProperty(str2);
        if (contextualProperty == null) {
            return null;
        }
        Crypto crypto2 = getCryptoCache().get(contextualProperty);
        if (crypto2 != null) {
            return crypto2;
        }
        Properties props = WSS4JUtils.getProps(contextualProperty, WSS4JUtils.getPropertiesFileURL(contextualProperty, (ResourceManager) ((Bus) this.message.getExchange().get(Bus.class)).getExtension(ResourceManager.class), getClass()));
        if (props != null) {
            crypto2 = CryptoFactory.getInstance(props, Loader.getClassLoader(CryptoFactory.class), getPasswordEncryptor());
            getCryptoCache().put(contextualProperty, crypto2);
        }
        return crypto2;
    }

    protected PasswordEncryptor getPasswordEncryptor() {
        PasswordEncryptor passwordEncryptor = (PasswordEncryptor) this.message.getContextualProperty(SecurityConstants.PASSWORD_ENCRYPTOR_INSTANCE);
        if (passwordEncryptor != null) {
            return passwordEncryptor;
        }
        CallbackHandler callbackHandler = getCallbackHandler();
        if (callbackHandler != null) {
            return new JasyptPasswordEncryptor(callbackHandler);
        }
        return null;
    }

    public void setKeyIdentifierType(WSSecBase wSSecBase, AbstractToken abstractToken) {
        boolean z = false;
        if (abstractToken instanceof X509Token) {
            X509Token x509Token = (X509Token) abstractToken;
            if (x509Token.isRequireIssuerSerialReference()) {
                wSSecBase.setKeyIdentifierType(2);
                z = true;
            } else if (x509Token.isRequireKeyIdentifierReference()) {
                wSSecBase.setKeyIdentifierType(4);
                z = true;
            } else if (x509Token.isRequireThumbprintReference()) {
                wSSecBase.setKeyIdentifierType(8);
                z = true;
            }
        } else if (abstractToken instanceof KeyValueToken) {
            wSSecBase.setKeyIdentifierType(13);
            z = true;
        }
        assertPolicy((Assertion) abstractToken);
        if (z) {
            return;
        }
        boolean isRequestor = isRequestor();
        if (abstractToken.getIncludeTokenType() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER && (!(abstractToken instanceof X509Token) || ((abstractToken.getIncludeTokenType() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT || isRequestor) && (abstractToken.getIncludeTokenType() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_INITIATOR || !isRequestor)))) {
            wSSecBase.setKeyIdentifierType(1);
            return;
        }
        Wss11 wss10 = getWss10();
        assertPolicy((Assertion) wss10);
        if (wss10 == null || wss10.isMustSupportRefKeyIdentifier()) {
            wSSecBase.setKeyIdentifierType(4);
            return;
        }
        if (wss10.isMustSupportRefIssuerSerial()) {
            wSSecBase.setKeyIdentifierType(2);
        } else if ((wss10 instanceof Wss11) && wss10.isMustSupportRefThumbprint()) {
            wSSecBase.setKeyIdentifierType(8);
        } else {
            wSSecBase.setKeyIdentifierType(2);
        }
    }

    public String setEncryptionUser(WSSecEncryptedKey wSSecEncryptedKey, AbstractToken abstractToken, boolean z, Crypto crypto) {
        X509Certificate x509Certificate = (X509Certificate) this.message.getContextualProperty(SecurityConstants.ENCRYPT_CERT);
        if (x509Certificate != null) {
            wSSecEncryptedKey.setUseThisCert(x509Certificate);
            return null;
        }
        String str = (String) this.message.getContextualProperty(z ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME);
        if (crypto != null && (str == null || "".equals(str))) {
            try {
                str = crypto.getDefaultX509Identifier();
            } catch (WSSecurityException e) {
                throw new Fault((Throwable) e);
            }
        }
        if (str == null || "".equals(str)) {
            policyNotAsserted((Assertion) abstractToken, "A " + (z ? "signature" : "encryption") + " username needs to be declared.");
        }
        if ("useReqSigCert".equals(str)) {
            List cast = CastUtils.cast((List<?>) this.message.getExchange().getInMessage().get("RECV_RESULTS"));
            if (cast != null) {
                wSSecEncryptedKey.setUseThisCert(getReqSigCert(cast));
                if (wSSecEncryptedKey.isCertSet()) {
                    wSSecEncryptedKey.setUserInfo(getUsername(cast));
                }
            } else {
                policyNotAsserted((Assertion) abstractToken, "No security results in incoming message");
            }
        } else {
            wSSecEncryptedKey.setUserInfo(str);
        }
        return str;
    }

    private static X509Certificate getReqSigCert(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 2) {
                    return (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
                }
            }
        }
        return null;
    }

    public static String getUsername(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 1) {
                    return ((UsernameTokenPrincipal) wSSecurityEngineResult.get("principal")).getName();
                }
            }
        }
        return null;
    }

    private void checkForX509PkiPath(WSSecSignature wSSecSignature, AbstractToken abstractToken) {
        if (abstractToken instanceof X509Token) {
            X509Token.TokenType tokenType = ((X509Token) abstractToken).getTokenType();
            if (tokenType == X509Token.TokenType.WssX509PkiPathV1Token10 || tokenType == X509Token.TokenType.WssX509PkiPathV1Token11) {
                wSSecSignature.setUseSingleCertificate(false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuilder(AbstractToken abstractToken, boolean z, boolean z2) throws WSSecurityException {
        String id;
        WSSecSignature wSSecSignature = new WSSecSignature(this.wssConfig);
        wSSecSignature.setAttachmentCallbackHandler(new AttachmentCallbackHandler(this.message));
        checkForX509PkiPath(wSSecSignature, abstractToken);
        if ((abstractToken instanceof IssuedToken) || (abstractToken instanceof SamlToken)) {
            assertPolicy((Assertion) abstractToken);
            SecurityToken securityToken = getSecurityToken();
            String tokenType = securityToken.getTokenType();
            Element attachedReference = z ? securityToken.getAttachedReference() : securityToken.getUnattachedReference();
            if (attachedReference != null) {
                wSSecSignature.setSecurityTokenReference(new SecurityTokenReference(cloneElement(attachedReference), new BSPEnforcer()));
                wSSecSignature.setKeyIdentifierType(12);
            } else {
                int i = z ? 9 : 11;
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType)) {
                    wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                    wSSecSignature.setKeyIdentifierType(12);
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(tokenType) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(tokenType)) {
                    wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID");
                    wSSecSignature.setKeyIdentifierType(12);
                } else {
                    wSSecSignature.setCustomTokenValueType(tokenType);
                    wSSecSignature.setKeyIdentifierType(i);
                }
            }
            if (z) {
                id = securityToken.getWsuId();
                if (id == null) {
                    id = securityToken.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
            } else {
                id = securityToken.getId();
            }
            wSSecSignature.setCustomTokenId(id);
        } else {
            setKeyIdentifierType(wSSecSignature, abstractToken);
            if ((abstractToken instanceof X509Token) && abstractToken.getIncludeTokenType() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER && wSSecSignature.getKeyIdentifierType() != 1 && wSSecSignature.getKeyIdentifierType() != 13) {
                wSSecSignature.setIncludeSignatureToken(true);
            }
        }
        boolean z3 = false;
        String str = SecurityConstants.SIGNATURE_USERNAME;
        String str2 = "signature";
        if ((this.binding instanceof SymmetricBinding) && !z2) {
            z3 = this.binding.getProtectionToken() != null;
            str = SecurityConstants.ENCRYPT_USERNAME;
        }
        Crypto encryptionCrypto = z3 ? getEncryptionCrypto() : getSignatureCrypto();
        if (z2 && encryptionCrypto == null && (this.binding instanceof SymmetricBinding)) {
            str2 = "encryption";
            str = SecurityConstants.ENCRYPT_USERNAME;
            encryptionCrypto = getEncryptionCrypto();
        }
        if (!z2) {
            this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, encryptionCrypto);
        }
        String str3 = (String) this.message.getContextualProperty(str);
        if (StringUtils.isEmpty(str3)) {
            if (encryptionCrypto == null) {
                policyNotAsserted((Assertion) abstractToken, "Security configuration could not be detected. Potential cause: Make sure jaxws:client element with name attribute value matching endpoint port is defined as well as a ws-security.signature.properties element within it.");
                return null;
            }
            try {
                str3 = encryptionCrypto.getDefaultX509Identifier();
                if (StringUtils.isEmpty(str3)) {
                    policyNotAsserted((Assertion) abstractToken, "No configured " + str2 + " username detected");
                    return null;
                }
            } catch (WSSecurityException e) {
                LOG.log(Level.FINE, e.getMessage(), e);
                throw new Fault(e);
            }
        }
        wSSecSignature.setUserInfo(str3, getPassword(str3, abstractToken, 3));
        wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
        wSSecSignature.setDigestAlgo(this.binding.getAlgorithmSuite().getAlgorithmSuiteType().getDigest());
        wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getC14n().getValue());
        wSSecSignature.setWsConfig(this.wssConfig);
        try {
            wSSecSignature.prepare(this.saaj.getSOAPPart(), encryptionCrypto, this.secHeader);
        } catch (WSSecurityException e2) {
            LOG.log(Level.FINE, e2.getMessage(), (Throwable) e2);
            policyNotAsserted((Assertion) abstractToken, (Exception) e2);
        }
        return wSSecSignature;
    }

    protected void doEndorsedSignatures(List<SupportingToken> list, boolean z, boolean z2) {
        for (SupportingToken supportingToken : list) {
            Object tokenImplementation = supportingToken.getTokenImplementation();
            ArrayList arrayList = new ArrayList();
            WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(this.mainSigId);
            wSEncryptionPart.setElement(this.bottomUpElement);
            arrayList.add(wSEncryptionPart);
            if (supportingToken.getSignedParts() != null) {
                Iterator<WSEncryptionPart> it = supportingToken.getSignedParts().iterator();
                while (it.hasNext()) {
                    arrayList.add(it.next());
                }
            }
            if (tokenImplementation instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) tokenImplementation;
                if (z && wSSecSignature.getBSTTokenId() != null) {
                    WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(wSSecSignature.getBSTTokenId());
                    wSEncryptionPart2.setElement(wSSecSignature.getBinarySecurityTokenElement());
                    arrayList.add(wSEncryptionPart2);
                }
                try {
                    wSSecSignature.computeSignature(wSSecSignature.addReferencesToSign(arrayList, this.secHeader), false, (Element) null);
                    this.signatures.add(wSSecSignature.getSignatureValue());
                    if (z2) {
                        this.encryptedTokensList.add(new WSEncryptionPart(wSSecSignature.getId(), "Element"));
                    }
                } catch (WSSecurityException e) {
                    policyNotAsserted((Assertion) supportingToken.getToken(), (Exception) e);
                }
            } else if (tokenImplementation instanceof WSSecurityTokenHolder) {
                SecurityToken token = ((WSSecurityTokenHolder) tokenImplementation).getToken();
                if (z) {
                    arrayList.add(new WSEncryptionPart(token.getId()));
                }
                try {
                    if (supportingToken.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                        doSymmSignatureDerived(supportingToken.getToken(), token, arrayList, z);
                    } else {
                        doSymmSignature(supportingToken.getToken(), token, arrayList, z);
                    }
                } catch (Exception e2) {
                    LOG.log(Level.FINE, e2.getMessage(), (Throwable) e2);
                }
            } else if (tokenImplementation instanceof WSSecUsernameToken) {
                WSSecUsernameToken wSSecUsernameToken = (WSSecUsernameToken) tokenImplementation;
                String id = wSSecUsernameToken.getId();
                Date date = new Date();
                Date date2 = new Date();
                date2.setTime(date.getTime() + 300000);
                SecurityToken securityToken = new SecurityToken(id, wSSecUsernameToken.getUsernameTokenElement(), date, date2);
                if (z) {
                    arrayList.add(new WSEncryptionPart(securityToken.getId()));
                }
                try {
                    securityToken.setSecret(wSSecUsernameToken.getDerivedKey());
                    if (supportingToken.getToken().getDerivedKeys() == AbstractToken.DerivedKeys.RequireDerivedKeys) {
                        doSymmSignatureDerived(supportingToken.getToken(), securityToken, arrayList, z);
                    } else {
                        doSymmSignature(supportingToken.getToken(), securityToken, arrayList, z);
                    }
                } catch (Exception e3) {
                    LOG.log(Level.FINE, e3.getMessage(), (Throwable) e3);
                }
            }
        }
    }

    private void doSymmSignatureDerived(AbstractToken abstractToken, SecurityToken securityToken, List<WSEncryptionPart> list, boolean z) throws WSSecurityException {
        SOAPPart sOAPPart = this.saaj.getSOAPPart();
        WSSecDKSign wSSecDKSign = new WSSecDKSign(this.wssConfig);
        if (abstractToken.getVersion() == SPConstants.SPVersion.SP11) {
            wSSecDKSign.setWscVersion(1);
        }
        boolean z2 = false;
        if (isTokenRequired(abstractToken.getIncludeTokenType())) {
            z2 = true;
        }
        Element attachedReference = z2 ? securityToken.getAttachedReference() : securityToken.getUnattachedReference();
        if (attachedReference != null) {
            wSSecDKSign.setExternalKey(securityToken.getSecret(), cloneElement(attachedReference));
        } else if (isRequestor() || abstractToken.getDerivedKeys() != AbstractToken.DerivedKeys.RequireDerivedKeys) {
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityToken.getId());
        } else {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
            if (securityToken.getSHA1() != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(securityToken.getSHA1());
                securityTokenReference.addTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            }
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityTokenReference.getElement());
        }
        wSSecDKSign.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        wSSecDKSign.setSigCanonicalization(this.binding.getAlgorithmSuite().getC14n().getValue());
        wSSecDKSign.setDerivedKeyLength(this.binding.getAlgorithmSuite().getAlgorithmSuiteType().getSignatureDerivedKeyLength() / 8);
        if (securityToken.getSHA1() != null) {
            wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
        } else if (abstractToken instanceof UsernameToken) {
            wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
        }
        wSSecDKSign.prepare(sOAPPart, this.secHeader);
        if (z) {
            String id = securityToken.getId();
            if (id.startsWith("#")) {
                id = id.substring(1);
            }
            list.add(new WSEncryptionPart(id));
        }
        wSSecDKSign.setParts(list);
        List addReferencesToSign = wSSecDKSign.addReferencesToSign(list, this.secHeader);
        addSupportingElement(wSSecDKSign.getdktElement());
        wSSecDKSign.computeSignature(addReferencesToSign, false, (Element) null);
        this.signatures.add(wSSecDKSign.getSignatureValue());
    }

    private void doSymmSignature(AbstractToken abstractToken, SecurityToken securityToken, List<WSEncryptionPart> list, boolean z) throws WSSecurityException {
        SOAPPart sOAPPart = this.saaj.getSOAPPart();
        WSSecSignature wSSecSignature = new WSSecSignature(this.wssConfig);
        if (!(abstractToken instanceof X509Token)) {
            String tokenType = securityToken.getTokenType();
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(tokenType) || "urn:oasis:names:tc:SAML:1.0:assertion".equals(tokenType)) {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(tokenType) || "urn:oasis:names:tc:SAML:2.0:assertion".equals(tokenType)) {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID");
            } else if (tokenType != null) {
                wSSecSignature.setCustomTokenValueType(tokenType);
            } else if (abstractToken instanceof UsernameToken) {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken");
            } else {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
            }
            wSSecSignature.setKeyIdentifierType(9);
        } else if (isRequestor()) {
            wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            wSSecSignature.setKeyIdentifierType(9);
        } else {
            wSSecSignature.setEncrKeySha1value(securityToken.getSHA1());
            wSSecSignature.setKeyIdentifierType(10);
        }
        String wsuId = securityToken.getWsuId();
        if (wsuId == null) {
            wsuId = securityToken.getId();
        }
        if (wsuId.startsWith("#")) {
            wsuId = wsuId.substring(1);
        }
        wSSecSignature.setCustomTokenId(wsuId);
        wSSecSignature.setSecretKey(securityToken.getSecret());
        wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getC14n().getValue());
        wSSecSignature.prepare(sOAPPart, getSignatureCrypto(), this.secHeader);
        wSSecSignature.setParts(list);
        wSSecSignature.computeSignature(wSSecSignature.addReferencesToSign(list, this.secHeader), false, (Element) null);
        this.signatures.add(wSSecSignature.getSignatureValue());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSupportingTokens(List<WSEncryptionPart> list) throws WSSecurityException {
        List<SupportingToken> handleSupportingTokens = handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "SignedSupportingTokens"), false);
        this.endSuppTokList = handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "EndorsingSupportingTokens"), true);
        this.sgndEndSuppTokList = handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "SignedEndorsingSupportingTokens"), true);
        List<SupportingToken> handleSupportingTokens2 = handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "SignedEncryptedSupportingTokens"), false);
        this.endSuppTokList.addAll(handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "EndorsingEncryptedSupportingTokens"), true));
        this.sgndEndSuppTokList.addAll(handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "SignedEndorsingEncryptedSupportingTokens"), true));
        handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "SupportingTokens"), false);
        handleSupportingTokens(getAllAssertionsByLocalname(this.aim, "EncryptedSupportingTokens"), false);
        addSignatureParts(handleSupportingTokens, list);
        addSignatureParts(handleSupportingTokens2, list);
        addSignatureParts(this.sgndEndSuppTokList, list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doEndorse() {
        boolean z = false;
        boolean z2 = false;
        if (this.binding instanceof AsymmetricBinding) {
            z = this.binding.isProtectTokens();
            z2 = this.binding.isEncryptSignature();
        } else if (this.binding instanceof SymmetricBinding) {
            z = this.binding.isProtectTokens();
            z2 = this.binding.isEncryptSignature();
        }
        doEndorsedSignatures(this.endSuppTokList, z, z2);
        doEndorsedSignatures(this.sgndEndSuppTokList, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSignatureConfirmation(List<WSEncryptionPart> list) {
        Wss11 wss10 = getWss10();
        if ((wss10 instanceof Wss11) && wss10.isRequireSignatureConfirmation()) {
            List cast = CastUtils.cast((List<?>) this.message.getExchange().getInMessage().get("RECV_RESULTS"));
            ArrayList arrayList = new ArrayList();
            ArrayList arrayList2 = new ArrayList(2);
            arrayList2.add(2);
            arrayList2.add(64);
            Iterator it = cast.iterator();
            while (it.hasNext()) {
                arrayList.addAll(WSSecurityUtil.fetchAllActionResults(((WSHandlerResult) it.next()).getResults(), arrayList2));
            }
            this.sigConfList = new ArrayList();
            WSSecSignatureConfirmation wSSecSignatureConfirmation = new WSSecSignatureConfirmation(this.wssConfig);
            if (arrayList.size() > 0) {
                Iterator it2 = arrayList.iterator();
                while (it2.hasNext()) {
                    wSSecSignatureConfirmation.setSignatureValue((byte[]) ((WSSecurityEngineResult) it2.next()).get("signature-value"));
                    wSSecSignatureConfirmation.prepare(this.saaj.getSOAPPart());
                    addSupportingElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                    if (list != null) {
                        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(wSSecSignatureConfirmation.getId(), "Element");
                        wSEncryptionPart.setElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                        list.add(wSEncryptionPart);
                        this.sigConfList.add(wSEncryptionPart);
                    }
                }
            } else {
                wSSecSignatureConfirmation.prepare(this.saaj.getSOAPPart());
                addSupportingElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (list != null) {
                    WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(wSSecSignatureConfirmation.getId(), "Element");
                    wSEncryptionPart2.setElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                    list.add(wSEncryptionPart2);
                    this.sigConfList.add(wSEncryptionPart2);
                }
            }
            assertPolicy(new QName(wss10.getName().getNamespaceURI(), "RequireSignatureConfirmation"));
        }
    }

    public void handleEncryptedSignedHeaders(List<WSEncryptionPart> list, List<WSEncryptionPart> list2) {
        ArrayList arrayList = new ArrayList();
        for (WSEncryptionPart wSEncryptionPart : list) {
            Iterator<WSEncryptionPart> it = list2.iterator();
            while (it.hasNext()) {
                WSEncryptionPart next = it.next();
                if (next.getId() == null && !"Token".equals(next.getName())) {
                    throw new IllegalArgumentException("WSEncryptionPart must be ID based but no id was found.");
                }
                if (wSEncryptionPart.getEncModifier().equals("Header") && next.getId().equals(wSEncryptionPart.getId())) {
                    it.remove();
                    WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(wSEncryptionPart.getEncId(), wSEncryptionPart.getEncModifier());
                    wSEncryptionPart2.setElement(wSEncryptionPart.getElement());
                    arrayList.add(wSEncryptionPart2);
                }
            }
        }
        list2.addAll(arrayList);
    }

    public WSEncryptionPart convertToEncryptionPart(Element element) {
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(addWsuIdToElement(element));
        wSEncryptionPart.setElement(element);
        return wSEncryptionPart;
    }
}
