package org.apache.rampart.builder;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Vector;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.TrustException;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.AlgorithmSuite;
import org.apache.ws.secpolicy.model.Header;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SignedEncryptedParts;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.compass.core.util.SystemPropertyUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/rampart-core-1.6.1.wso2v25.jar:org/apache/rampart/builder/TransportBindingBuilder.class */
public class TransportBindingBuilder extends BindingBuilder {
    private static Log log = LogFactory.getLog(TransportBindingBuilder.class);
    private static Log tlog = LogFactory.getLog(RampartConstants.TIME_LOG);

    public void build(RampartMessageData rampartMessageData) throws RampartException {
        log.debug("TransportBindingBuilder build invoked");
        if (tlog.isDebugEnabled()) {
            System.currentTimeMillis();
        }
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (policyData.isIncludeTimestamp()) {
            addTimestamp(rampartMessageData);
        }
        if (rampartMessageData.isInitiator()) {
            Vector vector = new Vector();
            SupportingToken signedSupportingTokens = policyData.getSignedSupportingTokens();
            if (signedSupportingTokens != null && signedSupportingTokens.getTokens() != null && signedSupportingTokens.getTokens().size() > 0) {
                log.debug("Processing signed supporting tokens");
                Iterator it = signedSupportingTokens.getTokens().iterator();
                while (it.hasNext()) {
                    Token token = (Token) it.next();
                    if (!(token instanceof UsernameToken)) {
                        throw new RampartException("unsupportedSignedSupportingToken", new String[]{"{" + token.getName().getNamespaceURI() + SystemPropertyUtils.PLACEHOLDER_SUFFIX + token.getName().getLocalPart()});
                    }
                    WSSecUsernameToken addUsernameToken = addUsernameToken(rampartMessageData, (UsernameToken) token);
                    addUsernameToken.prepare(rampartMessageData.getDocument());
                    addUsernameToken.appendToHeader(rampartMessageData.getSecHeader());
                }
            }
            SupportingToken signedEndorsingSupportingTokens = policyData.getSignedEndorsingSupportingTokens();
            if (signedEndorsingSupportingTokens != null && signedEndorsingSupportingTokens.getTokens() != null && signedEndorsingSupportingTokens.getTokens().size() > 0) {
                log.debug("Processing endorsing signed supporting tokens");
                ArrayList tokens = signedEndorsingSupportingTokens.getTokens();
                SignedEncryptedParts signedParts = signedEndorsingSupportingTokens.getSignedParts();
                Iterator it2 = tokens.iterator();
                while (it2.hasNext()) {
                    Token token2 = (Token) it2.next();
                    if ((token2 instanceof IssuedToken) && rampartMessageData.isInitiator()) {
                        vector.add(doIssuedTokenSignature(rampartMessageData, token2, signedParts));
                    } else if (token2 instanceof X509Token) {
                        vector.add(doX509TokenSignature(rampartMessageData, token2, signedParts));
                    }
                }
            }
            SupportingToken endorsingSupportingTokens = policyData.getEndorsingSupportingTokens();
            if (endorsingSupportingTokens != null && endorsingSupportingTokens.getTokens() != null && endorsingSupportingTokens.getTokens().size() > 0) {
                log.debug("Processing endorsing supporting tokens");
                ArrayList tokens2 = endorsingSupportingTokens.getTokens();
                SignedEncryptedParts signedParts2 = endorsingSupportingTokens.getSignedParts();
                Iterator it3 = tokens2.iterator();
                while (it3.hasNext()) {
                    Token token3 = (Token) it3.next();
                    if ((token3 instanceof IssuedToken) && rampartMessageData.isInitiator()) {
                        vector.add(doIssuedTokenSignature(rampartMessageData, token3, signedParts2));
                    } else if (token3 instanceof X509Token) {
                        vector.add(doX509TokenSignature(rampartMessageData, token3, signedParts2));
                    } else if (token3 instanceof SecureConversationToken) {
                        handleSecureConversationTokens(rampartMessageData, (SecureConversationToken) token3);
                        vector.add(doSecureConversationSignature(rampartMessageData, token3, signedParts2));
                    }
                }
            }
            Vector supportingTokensList = policyData.getSupportingTokensList();
            for (int i = 0; i < supportingTokensList.size(); i++) {
                handleSupportingTokens(rampartMessageData, (SupportingToken) supportingTokensList.get(i));
            }
            rampartMessageData.getMsgContext().setProperty(WSHandlerConstants.SEND_SIGV, vector);
        } else {
            addSignatureConfirmation(rampartMessageData, null);
        }
        if (tlog.isDebugEnabled()) {
            tlog.debug("Transport binding build took " + (System.currentTimeMillis() - 0));
        }
    }

    private byte[] doX509TokenSignature(RampartMessageData rampartMessageData, Token token, SignedEncryptedParts signedEncryptedParts) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        Vector vector = new Vector();
        if (this.timestampElement != null) {
            vector.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
        }
        if (signedEncryptedParts != null) {
            if (signedEncryptedParts.isBody()) {
                vector.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(rampartMessageData.getMsgContext().getEnvelope().getBody())));
            }
            Iterator it = signedEncryptedParts.getHeaders().iterator();
            while (it.hasNext()) {
                Header header = (Header) it.next();
                vector.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"));
            }
        }
        if (!token.isDerivedKeys()) {
            try {
                WSSecSignature signatureBuilder = getSignatureBuilder(rampartMessageData, token);
                signatureBuilder.appendBSTElementToHeader(rampartMessageData.getSecHeader());
                if (policyData.isTokenProtection() && 1 != token.getInclusion()) {
                    vector.add(new WSEncryptionPart(signatureBuilder.getBSTTokenId()));
                }
                signatureBuilder.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                signatureBuilder.appendToHeader(rampartMessageData.getSecHeader());
                signatureBuilder.computeSignature();
                return signatureBuilder.getSignatureValue();
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", (Throwable) e);
            }
        }
        try {
            WSSecEncryptedKey encryptedKeyBuilder = getEncryptedKeyBuilder(rampartMessageData, token);
            Element binarySecurityTokenElement = encryptedKeyBuilder.getBinarySecurityTokenElement();
            if (binarySecurityTokenElement != null) {
                RampartUtil.appendChildToSecHeader(rampartMessageData, binarySecurityTokenElement);
            }
            encryptedKeyBuilder.appendToHeader(rampartMessageData.getSecHeader());
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            wSSecDKSign.setWsConfig(rampartMessageData.getConfig());
            wSSecDKSign.setSigCanonicalization(policyData.getAlgorithmSuite().getInclusiveC14n());
            wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(policyData.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
            wSSecDKSign.setExternalKey(encryptedKeyBuilder.getEphemeralKey(), encryptedKeyBuilder.getId());
            wSSecDKSign.prepare(document, rampartMessageData.getSecHeader());
            if (policyData.isTokenProtection()) {
                vector.add(new WSEncryptionPart(encryptedKeyBuilder.getBSTTokenId()));
            }
            wSSecDKSign.setParts(vector);
            wSSecDKSign.addReferencesToSign(vector, rampartMessageData.getSecHeader());
            wSSecDKSign.computeSignature();
            wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
            wSSecDKSign.appendSigToHeader(rampartMessageData.getSecHeader());
            return wSSecDKSign.getSignatureValue();
        } catch (WSSecurityException e2) {
            throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e2);
        } catch (ConversationException e3) {
            throw new RampartException("errorInDerivedKeyTokenSignature", e3);
        }
    }

    private byte[] doIssuedTokenSignature(RampartMessageData rampartMessageData, Token token, SignedEncryptedParts signedEncryptedParts) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        String issuedToken = RampartUtil.getIssuedToken(rampartMessageData, (IssuedToken) token);
        int inclusion = token.getInclusion();
        try {
            org.apache.rahas.Token token2 = rampartMessageData.getTokenStorage().getToken(issuedToken);
            boolean z = false;
            if (inclusion == 5 || ((inclusion == 3 || inclusion == 2) && rampartMessageData.isInitiator())) {
                rampartMessageData.getSecHeader().getSecurityHeader().appendChild(document.importNode((Element) token2.getToken(), true));
                z = true;
            }
            Vector vector = new Vector();
            if (this.timestampElement != null) {
                vector.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
            }
            if (policyData.isTokenProtection() && z) {
                vector.add(new WSEncryptionPart(issuedToken));
            }
            if (signedEncryptedParts != null) {
                if (signedEncryptedParts.isBody()) {
                    vector.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(rampartMessageData.getMsgContext().getEnvelope().getBody())));
                }
                Iterator it = signedEncryptedParts.getHeaders().iterator();
                while (it.hasNext()) {
                    Header header = (Header) it.next();
                    vector.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"));
                }
            }
            AlgorithmSuite algorithmSuite = policyData.getAlgorithmSuite();
            if (token.isDerivedKeys()) {
                try {
                    WSSecDKSign wSSecDKSign = new WSSecDKSign();
                    Object attachedReference = z ? token2.getAttachedReference() : token2.getUnattachedReference();
                    if (attachedReference != null) {
                        wSSecDKSign.setExternalKey(token2.getSecret(), (Element) document.importNode((Element) attachedReference, true));
                    } else {
                        wSSecDKSign.setExternalKey(token2.getSecret(), token2.getId());
                    }
                    wSSecDKSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                    wSSecDKSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
                    wSSecDKSign.prepare(document);
                    wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
                    wSSecDKSign.setParts(vector);
                    wSSecDKSign.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                    wSSecDKSign.computeSignature();
                    wSSecDKSign.appendSigToHeader(rampartMessageData.getSecHeader());
                    return wSSecDKSign.getSignatureValue();
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e);
                } catch (ConversationException e2) {
                    throw new RampartException("errorInDerivedKeyTokenSignature", e2);
                }
            }
            try {
                WSSecSignature wSSecSignature = new WSSecSignature();
                wSSecSignature.setWsConfig(rampartMessageData.getConfig());
                String id = token2.getId();
                if (id.charAt(0) == '#') {
                    id = id.substring(1);
                }
                wSSecSignature.setCustomTokenId(id);
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(((IssuedToken) token).getRstTokenType())) {
                    wSSecSignature.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
                } else {
                    wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                }
                wSSecSignature.setSecretKey(token2.getSecret());
                wSSecSignature.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
                wSSecSignature.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                wSSecSignature.setKeyIdentifierType(9);
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                wSSecSignature.setParts(vector);
                wSSecSignature.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                wSSecSignature.computeSignature();
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecSignature.getSignatureElement()));
                return wSSecSignature.getSignatureValue();
            } catch (WSSecurityException e3) {
                throw new RampartException("errorInSignatureWithACustomToken", (Throwable) e3);
            }
        } catch (TrustException e4) {
            throw new RampartException("errorExtractingToken", new String[]{issuedToken}, e4);
        }
    }

    private byte[] doSecureConversationSignature(RampartMessageData rampartMessageData, Token token, SignedEncryptedParts signedEncryptedParts) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        String secConvTokenId = rampartMessageData.getSecConvTokenId();
        int inclusion = token.getInclusion();
        try {
            org.apache.rahas.Token token2 = rampartMessageData.getTokenStorage().getToken(secConvTokenId);
            boolean z = false;
            if (inclusion == 5 || ((inclusion == 3 || inclusion == 2) && rampartMessageData.isInitiator())) {
                rampartMessageData.getSecHeader().getSecurityHeader().appendChild(document.importNode((Element) token2.getToken(), true));
                z = true;
            }
            Vector vector = new Vector();
            if (this.timestampElement != null) {
                vector.add(new WSEncryptionPart(rampartMessageData.getTimestampId()));
            }
            if (policyData.isTokenProtection() && z) {
                vector.add(new WSEncryptionPart(secConvTokenId));
            }
            if (signedEncryptedParts != null) {
                if (signedEncryptedParts.isBody()) {
                    vector.add(new WSEncryptionPart(RampartUtil.addWsuIdToElement(rampartMessageData.getMsgContext().getEnvelope().getBody())));
                }
                Iterator it = signedEncryptedParts.getHeaders().iterator();
                while (it.hasNext()) {
                    Header header = (Header) it.next();
                    vector.add(new WSEncryptionPart(header.getName(), header.getNamespace(), "Content"));
                }
            }
            AlgorithmSuite algorithmSuite = policyData.getAlgorithmSuite();
            if (token.isDerivedKeys()) {
                try {
                    WSSecDKSign wSSecDKSign = new WSSecDKSign();
                    Object attachedReference = z ? token2.getAttachedReference() : token2.getUnattachedReference();
                    if (attachedReference != null) {
                        wSSecDKSign.setExternalKey(token2.getSecret(), (Element) document.importNode((Element) attachedReference, true));
                    } else {
                        wSSecDKSign.setExternalKey(token2.getSecret(), token2.getId());
                    }
                    wSSecDKSign.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                    wSSecDKSign.setDerivedKeyLength(algorithmSuite.getSignatureDerivedKeyLength());
                    wSSecDKSign.prepare(document);
                    wSSecDKSign.appendDKElementToHeader(rampartMessageData.getSecHeader());
                    wSSecDKSign.setParts(vector);
                    wSSecDKSign.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                    wSSecDKSign.computeSignature();
                    wSSecDKSign.appendSigToHeader(rampartMessageData.getSecHeader());
                    return wSSecDKSign.getSignatureValue();
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e);
                } catch (ConversationException e2) {
                    throw new RampartException("errorInDerivedKeyTokenSignature", e2);
                }
            }
            try {
                WSSecSignature wSSecSignature = new WSSecSignature();
                wSSecSignature.setWsConfig(rampartMessageData.getConfig());
                wSSecSignature.setCustomTokenId(token2.getId().substring(1));
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(((IssuedToken) token).getRstTokenType())) {
                    wSSecSignature.setCustomTokenValueType(WSConstants.WSS_SAML2_KI_VALUE_TYPE);
                } else {
                    wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                }
                wSSecSignature.setSecretKey(token2.getSecret());
                wSSecSignature.setSignatureAlgorithm(algorithmSuite.getAsymmetricSignature());
                wSSecSignature.setSignatureAlgorithm(algorithmSuite.getSymmetricSignature());
                wSSecSignature.setKeyIdentifierType(9);
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                wSSecSignature.setParts(vector);
                wSSecSignature.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                wSSecSignature.computeSignature();
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecSignature.getSignatureElement()));
                return wSSecSignature.getSignatureValue();
            } catch (WSSecurityException e3) {
                throw new RampartException("errorInSignatureWithACustomToken", (Throwable) e3);
            }
        } catch (TrustException e4) {
            throw new RampartException("errorExtractingToken", new String[]{secConvTokenId}, e4);
        }
    }

    private void handleSecureConversationTokens(RampartMessageData rampartMessageData, SecureConversationToken secureConversationToken) throws RampartException {
        MessageContext msgContext = rampartMessageData.getMsgContext();
        String secConvTokenId = rampartMessageData.getSecConvTokenId();
        String action = msgContext.getOptions().getAction();
        boolean z = action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel") || action.equals("http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel");
        if (secConvTokenId != null && z) {
            try {
                rampartMessageData.getTokenStorage().getToken(secConvTokenId).setState(3);
                msgContext.setProperty(RampartMessageData.SCT_ID, secConvTokenId);
                RampartUtil.getContextMap(msgContext).remove(RampartUtil.getContextIdentifierKey(msgContext));
            } catch (TrustException e) {
                throw new RampartException("errorExtractingToken", (Throwable) e);
            }
        }
        if (secConvTokenId == null || !(secConvTokenId == null || RampartUtil.isTokenValid(rampartMessageData, secConvTokenId) || z)) {
            log.debug("No SecureConversationToken found, requesting a new token");
            try {
                rampartMessageData.setSecConvTokenId(RampartUtil.getSecConvToken(rampartMessageData, secureConversationToken));
            } catch (TrustException e2) {
                throw new RampartException("errorInObtainingSct", (Throwable) e2);
            }
        }
    }
}
