package org.apache.rahas;

import java.security.SecureRandom;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.dom.DOOMAbstractFactory;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axis2.context.ConfigurationContext;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.impl.AbstractIssuerConfig;
import org.apache.tools.ant.util.XmlConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.message.token.Reference;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.XmlSchemaDateFormat;
import org.apache.xerces.util.SecurityManager;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLSubjectStatement;
import org.opensaml.saml2.core.Assertion;
import org.opensaml.saml2.core.SubjectConfirmation;
import org.springframework.beans.factory.support.BeanDefinitionReaderUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/rampart-trust-1.6.1-wso2v26.jar:org/apache/rahas/TrustUtil.class */
public class TrustUtil {
    private static final int ENTITY_EXPANSION_LIMIT = 0;
    private static final QName NAME = new QName("name");
    private static Log logger = LogFactory.getLog(TrustUtil.class);

    public static Element createSecurityTokenReference(Document document, String str, String str2) {
        Reference reference = new Reference(document);
        reference.setURI(str);
        if (str2 != null) {
            reference.setValueType(str2);
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        securityTokenReference.setReference(reference);
        return securityTokenReference.getElement();
    }

    public static Element createSecurityTokenReferenceWithTokenType(Document document, String str, String str2, String str3) {
        Reference reference = new Reference(document);
        reference.setURI(BeanDefinitionReaderUtils.GENERATED_BEAN_NAME_SEPARATOR + str);
        if (str2 != null) {
            reference.setValueType(str2);
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
        securityTokenReference.setReference(reference);
        Element element = securityTokenReference.getElement();
        element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse11", "http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd");
        element.setAttributeNS("http://docs.oasis-open.org/wss/oasis-wsswssecurity-secext-1.1.xsd", "wsse11:TokenType", str3);
        return element;
    }

    public static OMElement createRequestSecurityTokenResponseElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), "RequestSecurityTokenResponse", "wst");
    }

    public static OMElement createRequestSecurityTokenResponseCollectionElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN_RESPONSE_COLLECTION, "wst");
    }

    public static OMElement createRequestedSecurityTokenElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), "RequestedSecurityToken", "wst");
    }

    public static OMElement createRequestSecurityTokenElement(int i) throws TrustException {
        return OMAbstractFactory.getOMFactory().createOMElement(RahasConstants.LocalNames.REQUEST_SECURITY_TOKEN, getWSTNamespace(i), "wst");
    }

    public static OMElement createRequestedProofTokenElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), RahasConstants.LocalNames.REQUESTED_PROOF_TOKEN, "wst");
    }

    public static OMElement createEntropyElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), RahasConstants.IssuanceBindingLocalNames.ENTROPY, "wst");
    }

    public static OMElement createComputedKeyElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), "ComputedKey", "wst");
    }

    public static OMElement createRequestTypeElement(int i, OMElement oMElement, String str) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), "RequestType", "wst");
        if (RahasConstants.REQ_TYPE_ISSUE.equals(str) || RahasConstants.REQ_TYPE_CANCEL.equals(str) || RahasConstants.REQ_TYPE_RENEW.equals(str) || RahasConstants.REQ_TYPE_VALIDATE.equals(str)) {
            createOMElement.setText(getWSTNamespaceForRSTRequestTye(i) + str);
        } else {
            createOMElement.setText(str);
        }
        return createOMElement;
    }

    public static OMElement createTokenTypeElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), "TokenType", "wst");
    }

    public static OMElement createValidateTargetElement(int i, OMElement oMElement, OMElement oMElement2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.LocalNames.VALIDATE_TARGET, "wst");
        createOMElement.addChild(oMElement2);
        return createOMElement;
    }

    public static OMElement createRenewTargetElement(int i, OMElement oMElement, OMElement oMElement2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.LocalNames.RENEW_TARGET, "wst");
        createOMElement.addChild(oMElement2);
        return createOMElement;
    }

    public static OMElement createBinarySecretElement(int i, OMElement oMElement, String str) throws TrustException {
        String wSTNamespace = getWSTNamespace(i);
        OMElement createOMElement = createOMElement(oMElement, wSTNamespace, "BinarySecret", "wst");
        if (str != null) {
            createOMElement.addAttribute(createOMElement.getOMFactory().createOMAttribute("Type", null, wSTNamespace + str));
        }
        return createOMElement;
    }

    public static OMElement createComputedKeyAlgorithm(int i, OMElement oMElement, String str) throws TrustException {
        String wSTNamespace = getWSTNamespace(i);
        OMElement createOMElement = createOMElement(oMElement, wSTNamespace, RahasConstants.IssuanceBindingLocalNames.COMPUTED_KEY_ALGO, "wst");
        createOMElement.setText(wSTNamespace + str);
        return createOMElement;
    }

    public static OMElement createRequestedUnattachedRef(int i, OMElement oMElement, String str, String str2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.IssuanceBindingLocalNames.REQUESTED_UNATTACHED_REFERENCE, "wst");
        createOMElement.addChild((OMElement) createSecurityTokenReference(((Element) oMElement).getOwnerDocument(), str, str2));
        return createOMElement;
    }

    public static OMElement createRequestedAttachedRef(int i, OMElement oMElement, String str, String str2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE, "wst");
        createOMElement.addChild((OMElement) createSecurityTokenReference(((Element) oMElement).getOwnerDocument(), str, str2));
        return createOMElement;
    }

    public static void createRequestedAttachedRef(OMElement oMElement, String str, int i) throws TrustException {
        String wSTNamespace = getWSTNamespace(i);
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier", WSConstants.WSSE_PREFIX), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", WSConstants.WSSE_PREFIX), oMFactory.createOMElement(new QName(wSTNamespace, RahasConstants.IssuanceBindingLocalNames.REQUESTED_ATTACHED_REFERENCE, "wst"), oMElement)));
        createOMElement.addAttribute(WSSecurityEngine.VALUE_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", null);
        createOMElement.setText(str);
    }

    public static void createRequestedUnattachedRef(OMElement oMElement, String str, int i) throws TrustException {
        String wSTNamespace = getWSTNamespace(i);
        OMFactory oMFactory = oMElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier", WSConstants.WSSE_PREFIX), oMFactory.createOMElement(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference", WSConstants.WSSE_PREFIX), oMFactory.createOMElement(new QName(wSTNamespace, RahasConstants.IssuanceBindingLocalNames.REQUESTED_UNATTACHED_REFERENCE, "wst"), oMElement)));
        createOMElement.addAttribute(WSSecurityEngine.VALUE_TYPE, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", null);
        createOMElement.setText(str);
    }

    public static OMElement createKeySizeElement(int i, OMElement oMElement, int i2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), "KeySize", "wst");
        createOMElement.setText(Integer.toString(i2));
        return createOMElement;
    }

    public static OMElement createKeyTypeElement(int i, OMElement oMElement, String str) throws TrustException {
        String wSTNamespace = getWSTNamespace(i);
        OMElement createOMElement = createOMElement(oMElement, wSTNamespace, RahasConstants.IssuanceBindingLocalNames.KEY_TYPE, "wst");
        if (RahasConstants.KEY_TYPE_BEARER.equals(str) || RahasConstants.KEY_TYPE_PUBLIC_KEY.equals(str) || RahasConstants.KEY_TYPE_SYMM_KEY.equals(str)) {
            createOMElement.setText(wSTNamespace + str);
        } else {
            createOMElement.setText(str);
        }
        return createOMElement;
    }

    public static OMElement createRequestedTokenCanceledElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), RahasConstants.CancelBindingLocalNames.REQUESTED_TOKEN_CANCELED, "wst");
    }

    public static OMElement createLifetimeElement(int i, OMElement oMElement, String str, String str2) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.IssuanceBindingLocalNames.LIFETIME, "wst");
        createOMElement(createOMElement, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", WSConstants.CREATED_LN, "wsu").setText(str);
        createOMElement(createOMElement, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Expires", "wsu").setText(str2);
        return createOMElement;
    }

    public static OMElement createLifetimeElement(int i, OMElement oMElement, long j) throws TrustException {
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + j);
        XmlSchemaDateFormat xmlSchemaDateFormat = new XmlSchemaDateFormat();
        return createLifetimeElement(i, oMElement, xmlSchemaDateFormat.format(date), xmlSchemaDateFormat.format(date2));
    }

    public static OMElement createAppliesToElement(OMElement oMElement, String str, String str2) {
        OMElement createOMElement = createOMElement(oMElement, "http://schemas.xmlsoap.org/ws/2004/09/policy", "AppliesTo", "wsp");
        createOMElement(createOMElement(createOMElement, str2, "EndpointReference", "wsa"), str2, "Address", "wsa").setText(str);
        return createOMElement;
    }

    public static String getActionValue(int i, String str) throws TrustException {
        return (RahasConstants.RST_ACTION_ISSUE.equals(str) || RahasConstants.RST_ACTION_CANCEL.equals(str) || RahasConstants.RST_ACTION_RENEW.equals(str) || RahasConstants.RST_ACTION_VALIDATE.equals(str) || RahasConstants.RST_ACTION_SCT.equals(str) || RahasConstants.RSTR_ACTION_ISSUE.equals(str) || RahasConstants.RSTR_ACTION_CANCEL.equals(str) || RahasConstants.RSTR_ACTION_RENEW.equals(str) || RahasConstants.RSTR_ACTION_VALIDATE.equals(str) || RahasConstants.RSTR_ACTION_SCT.equals(str) || RahasConstants.RSTRC_ACTION_ISSUE_FINAL.equals(str)) ? getWSTNamespaceForRSTRequestTye(i) + str : str;
    }

    public static SOAPEnvelope createSOAPEnvelope(String str) {
        return (str == null || !"http://schemas.xmlsoap.org/soap/envelope/".equals(str)) ? DOOMAbstractFactory.getSOAP12Factory().getDefaultEnvelope() : DOOMAbstractFactory.getSOAP11Factory().getDefaultEnvelope();
    }

    private static OMElement createOMElement(OMElement oMElement, String str, String str2, String str3) {
        return oMElement.getOMFactory().createOMElement(new QName(str, str2, str3), oMElement);
    }

    public static String getWSTNamespace(int i) throws TrustException {
        switch (i) {
            case 1:
                return "http://schemas.xmlsoap.org/ws/2005/02/trust";
            case 2:
                return RahasConstants.WST_NS_05_12;
            case 3:
                return RahasConstants.WST_NS_08_02;
            default:
                throw new TrustException("unsupportedWSTVersion");
        }
    }

    public static int getWSTVersion(String str) throws TrustException {
        if ("http://schemas.xmlsoap.org/ws/2005/02/trust".equals(str)) {
            return 1;
        }
        if (RahasConstants.WST_NS_05_12.equals(str)) {
            return 2;
        }
        if (RahasConstants.WST_NS_08_02.equals(str)) {
            return 3;
        }
        throw new TrustException("unsupportedWSTVersion");
    }

    public static TokenStorage getTokenStore(MessageContext messageContext) {
        return getTokenStore(messageContext.getConfigurationContext());
    }

    public static TokenStorage getTokenStore(ConfigurationContext configurationContext) {
        TokenStorage tokenStorage = (TokenStorage) configurationContext.getProperty(TokenStorage.TOKEN_STORAGE_KEY);
        if (tokenStorage == null) {
            tokenStorage = new SimpleTokenStore();
            configurationContext.setProperty(TokenStorage.TOKEN_STORAGE_KEY, tokenStorage);
        }
        return tokenStorage;
    }

    protected byte[] generateEphemeralKey(int i) throws TrustException {
        try {
            byte[] bArr = new byte[i / 8];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            throw new TrustException("Error in creating the ephemeral key", e);
        }
    }

    protected byte[] generateEphemeralKey(byte[] bArr, byte[] bArr2, String str, int i) throws TrustException {
        try {
            byte[] bArr3 = new byte[i / 8];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr3);
            return bArr3;
        } catch (Exception e) {
            throw new TrustException("Error in creating the ephemeral key", e);
        }
    }

    public static OMElement createCancelTargetElement(int i, OMElement oMElement) throws TrustException {
        return createOMElement(oMElement, getWSTNamespace(i), RahasConstants.CancelBindingLocalNames.CANCEL_TARGET, "wst");
    }

    public static OMElement createClaims(int i, OMElement oMElement, String str) throws TrustException {
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), "Claims", "wst");
        createOMElement.addAttribute("Dialect", str, createOMElement.getOMFactory().createOMNamespace(getWSTNamespace(i), "wsp"));
        return createOMElement;
    }

    public static OMElement createCancelRequest(String str, int i) throws TrustException {
        OMElement createRequestSecurityTokenElement = createRequestSecurityTokenElement(i);
        createRequestTypeElement(i, createRequestSecurityTokenElement, RahasConstants.REQ_TYPE_CANCEL);
        OMElement createCancelTargetElement = createCancelTargetElement(i, createRequestSecurityTokenElement);
        OMFactory oMFactory = createRequestSecurityTokenElement.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement("SecurityTokenReference", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", WSConstants.WSSE_PREFIX);
        OMElement createOMElement2 = oMFactory.createOMElement(Reference.TOKEN);
        createOMElement2.addAttribute(oMFactory.createOMAttribute("URI", null, str));
        createOMElement.addChild(createOMElement2);
        createCancelTargetElement.addChild(createOMElement);
        return createRequestSecurityTokenElement;
    }

    public static Properties toProperties(OMElement oMElement) {
        Properties properties = new Properties();
        Iterator childElements = oMElement.getChildElements();
        while (childElements.hasNext()) {
            OMElement oMElement2 = (OMElement) childElements.next();
            properties.setProperty(oMElement2.getAttribute(NAME).getAttributeValue().trim(), oMElement2.getText().trim());
        }
        properties.setProperty("org.apache.ws.security.crypto.provider", oMElement.getAttribute(AbstractIssuerConfig.PROVIDER).getAttributeValue().trim());
        return properties;
    }

    public static String getSAML11SubjectConfirmationMethod(SAMLAssertion sAMLAssertion) {
        String str = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key";
        Iterator statements = sAMLAssertion.getStatements();
        if (statements.hasNext()) {
            Iterator confirmationMethods = ((SAMLSubjectStatement) statements.next()).getSubject().getConfirmationMethods();
            if (confirmationMethods.hasNext()) {
                str = (String) confirmationMethods.next();
            }
        }
        return str;
    }

    public static String getSAML2SubjectConfirmationMethod(Assertion assertion) {
        String str = RahasConstants.SAML20_SUBJECT_CONFIRMATION_HOK;
        List<SubjectConfirmation> subjectConfirmations = assertion.getSubject().getSubjectConfirmations();
        if (subjectConfirmations.size() > 0) {
            str = subjectConfirmations.get(0).getMethod();
        }
        return str;
    }

    public static String getWSTNamespaceForRSTRequestTye(int i) throws TrustException {
        switch (i) {
            case 1:
                return "http://schemas.xmlsoap.org/ws/2005/02/trust";
            case 2:
                return RahasConstants.WST_NS_05_12;
            case 3:
                return "http://schemas.xmlsoap.org/ws/2005/02/trust";
            default:
                throw new TrustException("unsupportedWSTVersion");
        }
    }

    public static OMElement createActAsElement(OMElement oMElement, int i, OMElement oMElement2) throws TrustException {
        if (i < 3) {
            throw new TrustException("ActAs element is not supported in this trust version.");
        }
        OMElement createOMElement = createOMElement(oMElement, getWSTNamespace(i), RahasConstants.LocalNames.ACTAS, "wst");
        if (oMElement2 == null) {
            throw new TrustException("The child element of the ActAs element should not be null");
        }
        createOMElement.addChild(oMElement2);
        return createOMElement;
    }

    public static DocumentBuilderFactory getSecuredDocumentBuilderFactory() {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setXIncludeAware(false);
        newInstance.setExpandEntityReferences(false);
        try {
            newInstance.setFeature(XmlConstants.FEATURE_EXTERNAL_ENTITIES, false);
            newInstance.setFeature("http://xml.org/sax/features/external-parameter-entities", false);
            newInstance.setFeature("http://apache.org/xml/features/nonvalidating/load-external-dtd", false);
            newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", true);
        } catch (ParserConfigurationException e) {
            logger.error("Failed to load XML Processor Feature external-general-entities or external-parameter-entities or nonvalidating/load-external-dtdor secure-processing.");
        }
        SecurityManager securityManager = new SecurityManager();
        securityManager.setEntityExpansionLimit(0);
        newInstance.setAttribute("http://apache.org/xml/properties/security-manager", securityManager);
        return newInstance;
    }

    public static boolean isDoomParserPoolUsed() {
        String property = System.getProperty(RahasConstants.AXIOM_PARSE_POOL_ENABLED_PROPERTY);
        boolean z = true;
        if (StringUtils.isNotBlank(property) && !Boolean.parseBoolean(property)) {
            z = false;
        }
        return z;
    }
}
