package org.apache.ws.security.message.token;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.Text;

/* loaded from: input_file:lib/open/security/wss4j-1.5.12.jar:org/apache/ws/security/message/token/SecurityTokenReference.class */
public class SecurityTokenReference {
    private static Log log;
    public static final String SECURITY_TOKEN_REFERENCE = "SecurityTokenReference";
    public static final String KEY_NAME = "KeyName";
    public static final String SKI_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
    public static final String THUMB_URI = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";
    public static final String SAML_ID_URI = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID";
    public static final String ENC_KEY_SHA1_URI = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";
    protected Element element;
    private XMLX509IssuerSerial issuerSerial = null;
    private byte[] skiBytes = null;
    private static boolean doDebug;
    static Class class$org$apache$ws$security$message$token$SecurityTokenReference;

    public SecurityTokenReference(Element element) throws WSSecurityException {
        this.element = null;
        doDebug = log.isDebugEnabled();
        this.element = element;
        if (!("SecurityTokenReference".equals(this.element.getLocalName()) ? "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(this.element.getNamespaceURI()) : false)) {
            throw new WSSecurityException(0, "badElement", null);
        }
    }

    public SecurityTokenReference(Document document) {
        this.element = null;
        doDebug = log.isDebugEnabled();
        this.element = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference");
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", WSConstants.WSSE_PREFIX);
    }

    public void setReference(Reference reference) {
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(reference.getElement(), firstElement);
        } else {
            this.element.appendChild(reference.getElement());
        }
    }

    public Reference getReference() throws WSSecurityException {
        return new Reference(getFirstElement());
    }

    public Element getTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler) throws WSSecurityException {
        Reference reference = getReference();
        String uri = reference.getURI();
        if (doDebug) {
            log.debug(new StringBuffer().append("Token reference uri: ").append(uri).toString());
        }
        if (uri == null) {
            throw new WSSecurityException(3, "badReferenceURI");
        }
        Element findTokenElement = findTokenElement(document, wSDocInfo, callbackHandler, uri, reference.getValueType());
        if (findTokenElement == null) {
            throw new WSSecurityException(7, "noToken", new Object[]{uri});
        }
        return findTokenElement;
    }

    public Element getKeyIdentifierTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler) throws WSSecurityException {
        String keyIdentifierValue = getKeyIdentifierValue();
        String keyIdentifierValueType = getKeyIdentifierValueType();
        if (doDebug) {
            log.debug(new StringBuffer().append("Token reference uri: ").append(keyIdentifierValue).toString());
        }
        if (keyIdentifierValue == null) {
            throw new WSSecurityException(3, "badReferenceURI");
        }
        Element findTokenElement = findTokenElement(document, wSDocInfo, callbackHandler, keyIdentifierValue, keyIdentifierValueType);
        if (findTokenElement == null) {
            throw new WSSecurityException(7, "noToken", new Object[]{keyIdentifierValue});
        }
        return findTokenElement;
    }

    private Element findTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler, String str, String str2) {
        Element findSAMLAssertionElementById;
        Element element = null;
        String str3 = str;
        if (str3.charAt(0) == '#') {
            str3 = str3.substring(1);
        }
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(str2) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#Assertion".equals(str2)) {
            Element assertion = wSDocInfo.getAssertion();
            if (assertion != null) {
                String attribute = assertion.getAttribute("AssertionID");
                if (doDebug) {
                    log.debug(new StringBuffer().append("SAML token ID: ").append(attribute).toString());
                }
                if (attribute.equals(str3)) {
                    element = assertion;
                }
            }
            if (element == null && (findSAMLAssertionElementById = WSSecurityUtil.findSAMLAssertionElementById(document.getDocumentElement(), str3)) != null) {
                element = findSAMLAssertionElementById;
            }
        }
        if (element == null && callbackHandler != null && ("http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(str2) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(str2) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#Assertion".equals(str2))) {
            WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str3, 7);
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
                Element customToken = wSPasswordCallback.getCustomToken();
                if (customToken != null) {
                    element = (Element) document.importNode(customToken, true);
                }
            } catch (Exception e) {
                log.debug(e.getMessage(), e);
            }
        }
        if (element == null) {
            element = WSSecurityUtil.getElementByWsuId(document, str);
            if (element == null) {
                element = WSSecurityUtil.getElementByGenId(document, str);
            }
        }
        return element;
    }

    public void setKeyIdentifier(X509Certificate x509Certificate) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        try {
            createKeyIdentifier(ownerDocument, X509Security.X509_V3_TYPE, ownerDocument.createTextNode(Base64.encode(x509Certificate.getEncoded())), true);
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError", null, e);
        }
    }

    public void setKeyIdentifierSKI(X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException {
        if (x509Certificate.getVersion() != 3) {
            throw new WSSecurityException(1, "invalidCertForSKI", new Object[]{new Integer(x509Certificate.getVersion())});
        }
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, SKI_URI, ownerDocument.createTextNode(Base64.encode(crypto.getSKIBytesFromCert(x509Certificate))), true);
    }

    public void setKeyIdentifierThumb(X509Certificate x509Certificate) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            try {
                messageDigest.update(x509Certificate.getEncoded());
                createKeyIdentifier(ownerDocument, THUMB_URI, ownerDocument.createTextNode(Base64.encode(messageDigest.digest())), true);
            } catch (CertificateEncodingException e) {
                throw new WSSecurityException(7, "encodeError", null, e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new WSSecurityException(0, "noSHA1availabe", null, e2);
        }
    }

    public void setKeyIdentifierEncKeySHA1(String str) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, ENC_KEY_SHA1_URI, ownerDocument.createTextNode(str), true);
    }

    public void setSAMLKeyIdentifier(String str) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", ownerDocument.createTextNode(str), false);
    }

    public void setKeyIdentifier(String str, String str2) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, str, ownerDocument.createTextNode(str2), false);
    }

    private void createKeyIdentifier(Document document, String str, Node node, boolean z) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:KeyIdentifier");
        createElementNS.setAttributeNS(null, WSSecurityEngine.VALUE_TYPE, str);
        if (z) {
            createElementNS.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        }
        createElementNS.appendChild(node);
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(createElementNS, firstElement);
        } else {
            this.element.appendChild(createElementNS);
        }
    }

    public Element getFirstElement() {
        Node firstChild = this.element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (node instanceof Element) {
                return (Element) node;
            }
            firstChild = node.getNextSibling();
        }
    }

    public X509Certificate[] getKeyIdentifier(Crypto crypto) throws WSSecurityException {
        Element firstElement = getFirstElement();
        String attribute = firstElement.getAttribute(WSSecurityEngine.VALUE_TYPE);
        String str = null;
        if (X509Security.X509_V3_TYPE.equals(attribute)) {
            X509Security x509Security = new X509Security(firstElement);
            if (x509Security != null) {
                return new X509Certificate[]{x509Security.getX509Certificate(crypto)};
            }
        } else if (SKI_URI.equals(attribute)) {
            str = getX509SKIAlias(crypto);
        } else if (THUMB_URI.equals(attribute)) {
            Node firstChild = getFirstElement().getFirstChild();
            if (firstChild == null) {
                return null;
            }
            if (firstChild.getNodeType() == 3) {
                str = crypto.getAliasForX509CertThumb(Base64.decode(((Text) firstChild).getData()));
            }
        }
        if (str != null) {
            return crypto.getCertificates(str);
        }
        return null;
    }

    public String getKeyIdentifierValue() {
        Node firstChild;
        if (containsKeyIdentifier() && (firstChild = getFirstElement().getFirstChild()) != null && firstChild.getNodeType() == 3) {
            return ((Text) firstChild).getData();
        }
        return null;
    }

    public String getKeyIdentifierValueType() {
        if (containsKeyIdentifier()) {
            return getFirstElement().getAttribute(WSSecurityEngine.VALUE_TYPE);
        }
        return null;
    }

    public String getX509SKIAlias(Crypto crypto) throws WSSecurityException {
        if (this.skiBytes == null) {
            this.skiBytes = getSKIBytes();
            if (this.skiBytes == null) {
                return null;
            }
        }
        String aliasForX509Cert = crypto.getAliasForX509Cert(this.skiBytes);
        if (doDebug) {
            log.info(new StringBuffer().append("X509 SKI alias: ").append(aliasForX509Cert).toString());
        }
        return aliasForX509Cert;
    }

    public byte[] getSKIBytes() {
        if (this.skiBytes != null) {
            return this.skiBytes;
        }
        Node firstChild = getFirstElement().getFirstChild();
        if (firstChild == null) {
            return null;
        }
        if (firstChild.getNodeType() == 3) {
            try {
                this.skiBytes = Base64.decode(((Text) firstChild).getData());
            } catch (WSSecurityException e) {
                return null;
            }
        }
        return this.skiBytes;
    }

    public void setX509IssuerSerial(X509Data x509Data) {
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(x509Data.getElement(), firstElement);
        } else {
            this.element.appendChild(x509Data.getElement());
        }
    }

    public X509Certificate[] getX509IssuerSerial(Crypto crypto) throws WSSecurityException {
        String x509IssuerSerialAlias = getX509IssuerSerialAlias(crypto);
        if (x509IssuerSerialAlias != null) {
            return crypto.getCertificates(x509IssuerSerialAlias);
        }
        return null;
    }

    public String getX509IssuerSerialAlias(Crypto crypto) throws WSSecurityException {
        if (this.issuerSerial == null) {
            this.issuerSerial = getIssuerSerial();
            if (this.issuerSerial == null) {
                return null;
            }
        }
        String aliasForX509Cert = crypto.getAliasForX509Cert(this.issuerSerial.getIssuerName(), this.issuerSerial.getSerialNumber());
        if (doDebug) {
            log.info(new StringBuffer().append("X509IssuerSerial alias: ").append(aliasForX509Cert).toString());
        }
        return aliasForX509Cert;
    }

    private XMLX509IssuerSerial getIssuerSerial() throws WSSecurityException {
        if (this.issuerSerial != null) {
            return this.issuerSerial;
        }
        Element firstElement = getFirstElement();
        if (firstElement == null) {
            return null;
        }
        try {
            if ("X509Data".equals(firstElement.getLocalName())) {
                firstElement = (Element) WSSecurityUtil.findElement(firstElement, "X509IssuerSerial", "http://www.w3.org/2000/09/xmldsig#");
            }
            this.issuerSerial = new XMLX509IssuerSerial(firstElement, "");
            return this.issuerSerial;
        } catch (XMLSecurityException e) {
            throw new WSSecurityException(7, "noToken", new Object[]{"Issuer/Serial data element missing"}, e);
        }
    }

    public boolean containsReference() {
        return lengthReference() > 0;
    }

    public int lengthReference() {
        return length("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", Constants._TAG_REFERENCE);
    }

    public boolean containsX509IssuerSerial() {
        return lengthX509IssuerSerial() > 0;
    }

    public boolean containsX509Data() {
        return lengthX509Data() > 0;
    }

    public int lengthX509IssuerSerial() {
        return length("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
    }

    public int lengthX509Data() {
        return length("http://www.w3.org/2000/09/xmldsig#", "X509Data");
    }

    public boolean containsKeyIdentifier() {
        return lengthKeyIdentifier() > 0;
    }

    public int lengthKeyIdentifier() {
        return length("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier");
    }

    public int length(String str, String str2) {
        NodeList childNodes = this.element.getChildNodes();
        int i = 0;
        for (int i2 = 0; i2 < childNodes.getLength(); i2++) {
            Node item = childNodes.item(i2);
            if (item.getNodeType() == 1) {
                String namespaceURI = item.getNamespaceURI();
                String localName = item.getLocalName();
                if (((str != null && str.equals(namespaceURI)) || (str == null && namespaceURI == null)) && str2.equals(localName)) {
                    i++;
                }
            }
        }
        return i;
    }

    public Element getElement() {
        return this.element;
    }

    public void setID(String str) {
        this.element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", new StringBuffer().append(WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu")).append(":Id").toString(), str);
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$message$token$SecurityTokenReference == null) {
            cls = class$("org.apache.ws.security.message.token.SecurityTokenReference");
            class$org$apache$ws$security$message$token$SecurityTokenReference = cls;
        } else {
            cls = class$org$apache$ws$security$message$token$SecurityTokenReference;
        }
        log = LogFactory.getLog(cls.getName());
        doDebug = false;
    }
}
