package org.apache.rampart.builder;

import java.util.Iterator;
import java.util.Vector;
import org.apache.axiom.om.OMElement;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/rampart/builder/TransportBindingBuilder.class */
public class TransportBindingBuilder extends BindingBuilder {
    private static Log log;
    static Class class$org$apache$rampart$builder$TransportBindingBuilder;

    public void build(RampartMessageData rampartMessageData) throws RampartException {
        log.debug("TransportBindingBuilder build invoked");
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        addTimestamp(rampartMessageData);
        if (!rampartMessageData.isClientSide()) {
            addSignatureConfirmation(rampartMessageData, null);
            return;
        }
        Vector vector = new Vector();
        SupportingToken signedSupportingTokens = policyData.getSignedSupportingTokens();
        if (signedSupportingTokens != null && signedSupportingTokens.getTokens() != null && signedSupportingTokens.getTokens().size() > 0) {
            log.debug("Processing signed supporting tokens");
            Iterator it = signedSupportingTokens.getTokens().iterator();
            while (it.hasNext()) {
                Token token = (Token) it.next();
                if (!(token instanceof UsernameToken)) {
                    throw new RampartException("unsupportedSignedSupportingToken", new String[]{new StringBuffer().append("{").append(token.getName().getNamespaceURI()).append("}").append(token.getName().getLocalPart()).toString()});
                }
                WSSecUsernameToken addUsernameToken = addUsernameToken(rampartMessageData);
                addUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
                addUsernameToken.prepare(rampartMessageData.getDocument());
                addUsernameToken.appendToHeader(rampartMessageData.getSecHeader());
            }
        }
        SupportingToken signedEndorsingSupportingTokens = policyData.getSignedEndorsingSupportingTokens();
        if (signedEndorsingSupportingTokens != null && signedEndorsingSupportingTokens.getTokens() != null && signedEndorsingSupportingTokens.getTokens().size() > 0) {
            log.debug("Processing endorsing signed supporting tokens");
            Iterator it2 = signedEndorsingSupportingTokens.getTokens().iterator();
            while (it2.hasNext()) {
                Token token2 = (Token) it2.next();
                if ((token2 instanceof IssuedToken) && rampartMessageData.isClientSide()) {
                    vector.add(doIssuedTokenSignature(rampartMessageData, token2));
                } else if (token2 instanceof X509Token) {
                    vector.add(doX509TokenSignature(rampartMessageData, token2));
                }
            }
        }
        SupportingToken endorsingSupportingTokens = policyData.getEndorsingSupportingTokens();
        if (endorsingSupportingTokens != null && endorsingSupportingTokens.getTokens() != null && endorsingSupportingTokens.getTokens().size() > 0) {
            log.debug("Processing endorsing supporting tokens");
            Iterator it3 = endorsingSupportingTokens.getTokens().iterator();
            while (it3.hasNext()) {
                Token token3 = (Token) it3.next();
                if ((token3 instanceof IssuedToken) && rampartMessageData.isClientSide()) {
                    vector.add(doIssuedTokenSignature(rampartMessageData, token3));
                } else if (token3 instanceof X509Token) {
                    vector.add(doX509TokenSignature(rampartMessageData, token3));
                }
            }
        }
        rampartMessageData.getMsgContext().setProperty("_sendSignatureValues_", vector);
    }

    private byte[] doX509TokenSignature(RampartMessageData rampartMessageData, Token token) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        if (!token.isDerivedKeys()) {
            try {
                WSSecSignature signatureBuider = getSignatureBuider(rampartMessageData, token);
                signatureBuider.appendBSTElementToHeader(rampartMessageData.getSecHeader());
                Vector vector = new Vector();
                vector.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
                if (policyData.isTokenProtection() && !"http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never".equals(token.getInclusion())) {
                    vector.add(new WSEncryptionPart(signatureBuider.getBSTTokenId()));
                }
                signatureBuider.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                signatureBuider.appendToHeader(rampartMessageData.getSecHeader());
                signatureBuider.computeSignature();
                return signatureBuider.getSignatureValue();
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", (Throwable) e);
            }
        }
        try {
            WSSecEncryptedKey encryptedKeyBuilder = getEncryptedKeyBuilder(rampartMessageData, token);
            Element binarySecurityTokenElement = encryptedKeyBuilder.getBinarySecurityTokenElement();
            if (binarySecurityTokenElement != null) {
                RampartUtil.appendChildToSecHeader(rampartMessageData, binarySecurityTokenElement);
            }
            encryptedKeyBuilder.appendToHeader(rampartMessageData.getSecHeader());
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            wSSecDKSign.setWsConfig(rampartMessageData.getConfig());
            wSSecDKSign.setSigCanonicalization(policyData.getAlgorithmSuite().getInclusiveC14n());
            wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(policyData.getAlgorithmSuite().getMinimumSymmetricKeyLength() / 8);
            wSSecDKSign.setExternalKey(encryptedKeyBuilder.getEphemeralKey(), encryptedKeyBuilder.getId());
            wSSecDKSign.prepare(document, rampartMessageData.getSecHeader());
            Vector vector2 = new Vector();
            vector2.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
            if (policyData.isTokenProtection()) {
                vector2.add(new WSEncryptionPart(encryptedKeyBuilder.getBSTTokenId()));
            }
            wSSecDKSign.setParts(vector2);
            wSSecDKSign.addReferencesToSign(vector2, rampartMessageData.getSecHeader());
            wSSecDKSign.computeSignature();
            wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
            wSSecDKSign.appendSigToHeader(rampartMessageData.getSecHeader());
            return wSSecDKSign.getSignatureValue();
        } catch (WSSecurityException e2) {
            throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e2);
        } catch (ConversationException e3) {
            throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e3);
        }
    }

    private byte[] doIssuedTokenSignature(RampartMessageData rampartMessageData, Token token) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        String issuedToken = RampartUtil.getIssuedToken(rampartMessageData, (IssuedToken) token);
        String inclusion = token.getInclusion();
        try {
            org.apache.rahas.Token token2 = rampartMessageData.getTokenStorage().getToken(issuedToken);
            boolean z = false;
            if (inclusion.equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Always") || ((inclusion.equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient") || inclusion.equals("http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Once")) && rampartMessageData.isClientSide())) {
                rampartMessageData.getSecHeader().getSecurityHeader().appendChild(document.importNode(token2.getToken(), true));
                z = true;
            }
            if (!token.isDerivedKeys()) {
                return null;
            }
            try {
                WSSecDKSign wSSecDKSign = new WSSecDKSign();
                OMElement attachedReference = token2.getAttachedReference();
                if (attachedReference == null) {
                    attachedReference = token2.getUnattachedReference();
                }
                if (attachedReference != null) {
                    wSSecDKSign.setExternalKey(token2.getSecret(), (Element) document.importNode((Element) attachedReference, true));
                } else {
                    wSSecDKSign.setExternalKey(token2.getSecret(), token2.getId());
                }
                wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
                wSSecDKSign.prepare(document);
                wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
                Vector vector = new Vector();
                vector.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
                if (policyData.isTokenProtection() && z) {
                    vector.add(new WSEncryptionPart(issuedToken));
                }
                wSSecDKSign.setParts(vector);
                wSSecDKSign.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                wSSecDKSign.computeSignature();
                wSSecDKSign.appendSigToHeader(rampartMessageData.getSecHeader());
                return wSSecDKSign.getSignatureValue();
            } catch (WSSecurityException e) {
                throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e);
            } catch (ConversationException e2) {
                throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e2);
            }
        } catch (TrustException e3) {
            throw new RampartException("errorExtractingToken", new String[]{issuedToken}, e3);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$apache$rampart$builder$TransportBindingBuilder == null) {
            cls = class$("org.apache.rampart.builder.TransportBindingBuilder");
            class$org$apache$rampart$builder$TransportBindingBuilder = cls;
        } else {
            cls = class$org$apache$rampart$builder$TransportBindingBuilder;
        }
        log = LogFactory.getLog(cls);
    }
}
