package com.ghc.wsSecurity;

import com.ghc.identity.gui.IdentityStoreResourcePanelEvent;
import com.ghc.ltpa.LTPATokenWrapper;
import com.ghc.ltpa.LTPAVersion;
import com.ghc.security.utils.CryptUtils;
import com.ghc.security.utils.GHSecurityException;
import com.ghc.utils.PairValue;
import com.ghc.wsSecurity.action.BinaryTokenAction;
import com.ghc.wsSecurity.action.CryptoSecurityAction;
import com.ghc.wsSecurity.action.ElementGenerator;
import com.ghc.wsSecurity.action.ElementReference;
import com.ghc.wsSecurity.action.EncryptBodyAction;
import com.ghc.wsSecurity.action.EncryptPartAction;
import com.ghc.wsSecurity.action.IllegalReferenceException;
import com.ghc.wsSecurity.action.LTPAAction;
import com.ghc.wsSecurity.action.SAMLAssertionTokenAction;
import com.ghc.wsSecurity.action.SecurityAction;
import com.ghc.wsSecurity.action.SignBodyAction;
import com.ghc.wsSecurity.action.SignPartAction;
import com.ghc.wsSecurity.action.TimeStampTokenAction;
import com.ghc.wsSecurity.action.UserNameTokenAction;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSAMLToken;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.saml.WSSecSignatureSAML;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/ghc/wsSecurity/WSSecurityActionProcessor.class */
public class WSSecurityActionProcessor {
    private static final String WSA_NAMESPACE = "http://www.w3.org/2005/08/addressing";
    private static final Map<String, String> KEY_ENCRYPTION_ALGOS = new HashMap<String, String>() { // from class: com.ghc.wsSecurity.WSSecurityActionProcessor.1
        {
            put("http://www.w3.org/2001/04/xmlenc#rsa-1_5".toLowerCase(), "http://www.w3.org/2001/04/xmlenc#rsa-1_5");
            put("http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".toLowerCase(), "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
        }
    };
    private final SOAPConstants m_soapConstants;
    private Document m_soapDocument;
    private Crypto m_crypto;
    private int m_keyIdentifierType;
    private String m_encryptionAlgo;
    private String m_signatureAlgo;
    private String m_keyEncryptionAlgo;
    private HashMap<String, WSSecUsernameToken> m_utMap;
    private final HashMap<String, SAMLAssertion> m_samlMap;
    private final Map<String, ElementGenerator> m_tokenNameGenMap;
    private final Logger m_logger;
    private static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$SecurityAction$Type;

    public WSSecurityActionProcessor(Document document) {
        this(document, null);
    }

    public WSSecurityActionProcessor(Document document, Crypto crypto) {
        this.m_keyIdentifierType = 2;
        this.m_encryptionAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        this.m_signatureAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
        this.m_keyEncryptionAlgo = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
        this.m_samlMap = new HashMap<>();
        this.m_tokenNameGenMap = new HashMap();
        this.m_logger = Logger.getLogger("com.gh.ws");
        this.m_soapConstants = WSSecurityUtil.getSOAPConstants(document.getDocumentElement());
        if (WSSecurityUtil.findBodyElement(document, this.m_soapConstants) == null) {
            throw new IllegalArgumentException("Provided document does not contain a SOAP Body element.");
        }
        this.m_soapDocument = document;
        this.m_crypto = crypto;
    }

    public void setCrypto(Crypto crypto) {
        this.m_crypto = crypto;
    }

    public void setKeyIdentifierType(int i) {
        switch (i) {
            case 1:
            case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
            case 3:
            case SecurityUtils.UT_SIGNING /* 7 */:
                this.m_keyIdentifierType = i;
                return;
            case SecurityUtils.SAML_SIGNING /* 123456789 */:
                this.m_keyIdentifierType = 1;
                return;
            default:
                throw new IllegalArgumentException("Unknown key identifier: " + i);
        }
    }

    public void setEncryptionAlgo(String str) {
        if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
            this.m_encryptionAlgo = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc";
            return;
        }
        if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc")) {
            this.m_encryptionAlgo = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
        } else if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc")) {
            this.m_encryptionAlgo = "http://www.w3.org/2001/04/xmlenc#aes192-cbc";
        } else {
            if (!str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc")) {
                throw new IllegalArgumentException("Unknown or unhandled encryption algorithm: " + str);
            }
            this.m_encryptionAlgo = "http://www.w3.org/2001/04/xmlenc#aes256-cbc";
        }
    }

    public void setSignatureAlgo(String str) {
        if (str.equalsIgnoreCase("RSA")) {
            this.m_signatureAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            return;
        }
        if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
            this.m_signatureAlgo = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
            return;
        }
        if (str.equalsIgnoreCase("DSA")) {
            this.m_signatureAlgo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            this.m_signatureAlgo = "http://www.w3.org/2000/09/xmldsig#dsa-sha1";
        } else {
            this.m_signatureAlgo = str;
        }
    }

    public void setKeyEncryptionAlgo(String str) {
        String lowerCase = str == null ? "" : str.toLowerCase();
        if (!KEY_ENCRYPTION_ALGOS.containsKey(lowerCase)) {
            throw new IllegalArgumentException("Unknown or unhandled key encryption algorithm: " + str);
        }
        this.m_keyEncryptionAlgo = KEY_ENCRYPTION_ALGOS.get(lowerCase);
    }

    public SOAPConstants getSoapConstants() {
        return this.m_soapConstants;
    }

    public WSSecHeader getSecurityHeader(String str, boolean z) {
        WSSecHeader wSSecHeader = new WSSecHeader(str, z);
        wSSecHeader.insertSecurityHeader(this.m_soapDocument);
        return wSSecHeader;
    }

    public WSSecHeader getSecurityHeader() {
        WSSecHeader wSSecHeader = new WSSecHeader();
        wSSecHeader.insertSecurityHeader(this.m_soapDocument);
        return wSSecHeader;
    }

    public String addUsernameToken(String str, String str2, boolean z, boolean z2, boolean z3, boolean z4) {
        return addUsernameToken(getSecurityHeader(), str, str2, z, z2, z3, z4);
    }

    public String addUsernameToken(WSSecHeader wSSecHeader, String str, String str2, boolean z, boolean z2, boolean z3, boolean z4) {
        WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
        wSSecUsernameToken.setUserInfo(str, str2);
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setPrecisionInMilliSeconds(z4);
        wSSecUsernameToken.setWsConfig(newInstance);
        if (z) {
            wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        } else {
            wSSecUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
            if (z2) {
                wSSecUsernameToken.addNonce();
            }
            if (z3) {
                wSSecUsernameToken.addCreated();
            }
        }
        this.m_soapDocument = wSSecUsernameToken.build(this.m_soapDocument, wSSecHeader);
        if (this.m_utMap == null) {
            this.m_utMap = new HashMap<>();
        }
        this.m_utMap.put(wSSecUsernameToken.getId(), wSSecUsernameToken);
        return wSSecUsernameToken.getId();
    }

    public WSSecUsernameToken getUsernameTokenForId(String str) {
        return this.m_utMap.get(str);
    }

    public String addTimestampToken(int i, boolean z) {
        return addTimestampToken(getSecurityHeader(), i, z);
    }

    public String addTimestampToken(WSSecHeader wSSecHeader, int i, boolean z) {
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
        WSSConfig newInstance = WSSConfig.getNewInstance();
        newInstance.setPrecisionInMilliSeconds(z);
        wSSecTimestamp.setWsConfig(newInstance);
        wSSecTimestamp.setTimeToLive(i);
        this.m_soapDocument = wSSecTimestamp.build(this.m_soapDocument, wSSecHeader);
        return wSSecTimestamp.getId();
    }

    public void encryptSOAPBody(EncryptBodyAction encryptBodyAction, WSSecHeader wSSecHeader, String str) throws WSSecurityException, GHSecurityException {
        QName bodyQName;
        validateCrypto();
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo(str, "");
        wSSecEncrypt.setKeyIdentifierType(this.m_keyIdentifierType);
        wSSecEncrypt.setSymmetricEncAlgorithm(this.m_encryptionAlgo);
        wSSecEncrypt.setKeyEncAlgo(this.m_keyEncryptionAlgo);
        Vector<WSEncryptionPart> vector = new Vector<>();
        X_addTokenPartsToEncrypt(encryptBodyAction, vector);
        X_addAddressingPartsToEncrypt(encryptBodyAction.getAddressesToEncrypt(), vector);
        if (encryptBodyAction.isEncryptBody() && (bodyQName = this.m_soapConstants.getBodyQName()) != null) {
            vector.add(new WSEncryptionPart(bodyQName.getLocalPart(), bodyQName.getNamespaceURI(), "Content"));
        }
        wSSecEncrypt.setParts(vector);
        this.m_soapDocument = wSSecEncrypt.build(this.m_soapDocument, this.m_crypto, wSSecHeader);
        if (encryptBodyAction.isEncryptBody()) {
            String str2 = null;
            NodeList childNodes = wSSecEncrypt.getEncryptedKeyElement().getChildNodes();
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeName().equals("xenc:ReferenceList")) {
                    str2 = ((Element) item.getChildNodes().item(0)).getAttribute("URI");
                    if (str2.startsWith("#")) {
                        str2 = str2.substring(1);
                    }
                }
            }
            encryptBodyAction.setGeneratedElementId(str2);
            this.m_tokenNameGenMap.put(encryptBodyAction.getName(), encryptBodyAction);
        }
    }

    public String encryptBodyPart(String str, String str2, boolean z) throws WSSecurityException, GHSecurityException {
        return encryptBodyPart(getSecurityHeader(), str, str2, z);
    }

    public String encryptBodyPart(WSSecHeader wSSecHeader, String str, String str2, boolean z) throws WSSecurityException, GHSecurityException {
        validateCrypto();
        this.m_logger.log(Level.INFO, "Encrypting ElementID " + str2);
        WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
        wSSecEncrypt.setUserInfo(str, "");
        wSSecEncrypt.setKeyIdentifierType(this.m_keyIdentifierType);
        wSSecEncrypt.setSymmetricEncAlgorithm(this.m_encryptionAlgo);
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str2, z ? "Content" : "Element");
        Vector vector = new Vector();
        vector.add(wSEncryptionPart);
        wSSecEncrypt.prepare(this.m_soapDocument, this.m_crypto);
        Element encryptForInternalRef = wSSecEncrypt.encryptForInternalRef((Element) null, vector);
        String attribute = ((Element) encryptForInternalRef.getChildNodes().item(0)).getAttribute("URI");
        if (attribute.startsWith("#")) {
            attribute = attribute.substring(1);
        }
        wSSecEncrypt.addInternalRefElement(encryptForInternalRef);
        wSSecEncrypt.prependToHeader(wSSecHeader);
        wSSecEncrypt.prependBSTElementToHeader(wSSecHeader);
        return attribute;
    }

    public void signSOAPBody(SignBodyAction signBodyAction, WSSecHeader wSSecHeader, String str, String str2) throws WSSecurityException, GHSecurityException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        if (signBodyAction.isSignBody() || signBodyAction.getTokensToSign() == null || signBodyAction.getTokensToSign().size() >= 1 || signBodyAction.getAddressesToSign().size() >= 1) {
            validateCrypto();
            if (str == null) {
                throw new KeyStoreException("Unable to retrieve key from the KeyStore, the key alias is invalid.");
            }
            if (str2 == null) {
                throw new KeyStoreException("Unable to retrieve key from the KeyStore, the password is invalid.");
            }
            Key key = this.m_crypto.getKeyStore().getKey(str, str2.toCharArray());
            if (key == null) {
                throw new KeyStoreException("Unable to retrieve key from the KeyStore, either the key alias or password is invalid.");
            }
            WSSecSignature wSSecSignature = new WSSecSignature();
            wSSecSignature.setUserInfo(str, str2);
            wSSecSignature.setKeyIdentifierType(this.m_keyIdentifierType);
            wSSecSignature.setUseSingleCertificate(!signBodyAction.isUseCertChains());
            setSignatureAlgo(key.getAlgorithm());
            wSSecSignature.setSignatureAlgorithm(this.m_signatureAlgo);
            wSSecSignature.setSigCanonicalization("http://www.w3.org/2001/10/xml-exc-c14n#");
            Vector<WSEncryptionPart> vector = new Vector<>();
            if (signBodyAction.isSignBody()) {
                this.m_logger.log(Level.INFO, "Signing Body");
                vector.add(new WSEncryptionPart(this.m_soapConstants.getBodyQName().getLocalPart(), this.m_soapConstants.getEnvelopeURI(), "Element"));
            }
            X_addTokenPartsToSign(signBodyAction, vector);
            X_addAddressingPartsToSign(signBodyAction.getAddressesToSign(), vector);
            wSSecSignature.setParts(vector);
            wSSecSignature.build(this.m_soapDocument, this.m_crypto, wSSecHeader);
        }
    }

    private void X_addAddressingPartsToSign(Collection<String> collection, Vector<WSEncryptionPart> vector) {
        if (collection != null) {
            QName headerQName = this.m_soapConstants.getHeaderQName();
            Node findElement = WSSecurityUtil.findElement(this.m_soapDocument.getDocumentElement(), headerQName.getLocalPart(), headerQName.getNamespaceURI());
            if (findElement == null || !(findElement instanceof Element)) {
                return;
            }
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                NodeList elementsByTagNameNS = ((Element) findElement).getElementsByTagNameNS(WSA_NAMESPACE, it.next());
                if (elementsByTagNameNS != null) {
                    for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                        Element element = (Element) elementsByTagNameNS.item(i);
                        this.m_logger.log(Level.INFO, "Signing WSA element '" + element.getLocalName() + "'");
                        this.m_logger.log(Level.FINE, "Test log");
                        vector.add(new WSEncryptionPart(element.getLocalName(), WSA_NAMESPACE, "Element"));
                    }
                }
            }
        }
    }

    private void X_addTokenPartsToSign(SignBodyAction signBodyAction, Vector<WSEncryptionPart> vector) throws WSSecurityException {
        Collection<PairValue<String, String>> tokensToSign = signBodyAction.getTokensToSign();
        if (tokensToSign != null) {
            for (PairValue<String, String> pairValue : tokensToSign) {
                ElementGenerator X_findProcessedToken = X_findProcessedToken((String) pairValue.getFirst(), (String) pairValue.getSecond());
                if (X_findProcessedToken == null) {
                    throw new WSSecurityException(String.format("Unable to locate token to sign: name=%s, type=%s", pairValue.getFirst(), pairValue.getSecond()));
                }
                String generatedElementId = X_findProcessedToken.getGeneratedElementId();
                if (generatedElementId == null) {
                    throw new WSSecurityException(String.format("Unable to retrieve generated element ID for token: name=%s, type=%s", pairValue.getFirst(), pairValue.getSecond()));
                }
                this.m_logger.log(Level.INFO, "Signing Part with generated ID " + generatedElementId);
                vector.add(new WSEncryptionPart(generatedElementId, "Element"));
            }
        }
    }

    private void X_addTokenPartsToEncrypt(EncryptBodyAction encryptBodyAction, Vector<WSEncryptionPart> vector) throws WSSecurityException {
        Collection<PairValue<String, String>> tokensToEncrypt = encryptBodyAction.getTokensToEncrypt();
        if (tokensToEncrypt != null) {
            for (PairValue<String, String> pairValue : tokensToEncrypt) {
                ElementGenerator X_findProcessedToken = X_findProcessedToken((String) pairValue.getFirst(), (String) pairValue.getSecond());
                if (X_findProcessedToken == null) {
                    throw new WSSecurityException(String.format("Unable to locate token to sign: name=%s, type=%s", pairValue.getFirst(), pairValue.getSecond()));
                }
                String generatedElementId = X_findProcessedToken.getGeneratedElementId();
                if (generatedElementId == null) {
                    throw new WSSecurityException(String.format("Unable to retrieve generated element ID for token: name=%s, type=%s", pairValue.getFirst(), pairValue.getSecond()));
                }
                this.m_logger.log(Level.INFO, "Encrypting Part with generated ID " + generatedElementId);
                vector.add(new WSEncryptionPart(generatedElementId, "Element"));
            }
        }
    }

    private void X_addAddressingPartsToEncrypt(Collection<String> collection, List<WSEncryptionPart> list) {
        if (collection != null) {
            QName headerQName = this.m_soapConstants.getHeaderQName();
            Node findElement = WSSecurityUtil.findElement(this.m_soapDocument.getDocumentElement(), headerQName.getLocalPart(), headerQName.getNamespaceURI());
            if (findElement == null || !(findElement instanceof Element)) {
                return;
            }
            Iterator<String> it = collection.iterator();
            while (it.hasNext()) {
                NodeList elementsByTagNameNS = ((Element) findElement).getElementsByTagNameNS(WSA_NAMESPACE, it.next());
                if (elementsByTagNameNS != null) {
                    for (int i = 0; i < elementsByTagNameNS.getLength(); i++) {
                        Element element = (Element) elementsByTagNameNS.item(i);
                        this.m_logger.log(Level.INFO, "Encrypting WSA element '" + element.getLocalName() + "'");
                        this.m_logger.log(Level.FINE, "Test log");
                        list.add(new WSEncryptionPart(element.getLocalName(), WSA_NAMESPACE, "Element"));
                    }
                }
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    private ElementGenerator X_findProcessedToken(String str, String str2) {
        ElementGenerator elementGenerator = this.m_tokenNameGenMap.get(str);
        if (elementGenerator == 0 || !(elementGenerator instanceof SecurityAction)) {
            return null;
        }
        SecurityAction securityAction = (SecurityAction) elementGenerator;
        if (str2 == null || securityAction.getType() == null || !securityAction.getType().equals(str2)) {
            return null;
        }
        return elementGenerator;
    }

    public void utSignSoapBody(WSSecHeader wSSecHeader, WSSecUsernameToken wSSecUsernameToken) throws WSSecurityException {
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUsernameToken(wSSecUsernameToken);
        wSSecSignature.setKeyIdentifierType(7);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        this.m_soapDocument = wSSecSignature.build(this.m_soapDocument, this.m_crypto, wSSecHeader);
    }

    public void samlSignSoapBody(WSSecHeader wSSecHeader, String str, String str2, SAMLAssertion sAMLAssertion, Crypto crypto, String str3, String str4) throws WSSecurityException {
        if (str4 != null && CryptUtils.isEncrypted(str4)) {
            str4 = CryptUtils.decrypt(str4);
        }
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo(str, str2);
        wSSecSignatureSAML.setKeyIdentifierType(1);
        this.m_soapDocument = wSSecSignatureSAML.build(this.m_soapDocument, this.m_crypto, sAMLAssertion, crypto, str3, str4, wSSecHeader);
    }

    public String signBodyPart(String str, String str2, String str3) throws WSSecurityException, GHSecurityException {
        return signBodyPart(getSecurityHeader(), str, str2, str3);
    }

    public String signBodyPart(WSSecHeader wSSecHeader, String str, String str2, String str3) throws WSSecurityException, GHSecurityException {
        validateCrypto();
        this.m_logger.log(Level.INFO, "Signing Body Part using ElementID " + str3);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUserInfo(str, str2);
        wSSecSignature.setKeyIdentifierType(this.m_keyIdentifierType);
        wSSecSignature.setSignatureAlgorithm(this.m_signatureAlgo);
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str3, "Element");
        Vector vector = new Vector();
        vector.add(wSEncryptionPart);
        wSSecSignature.prepare(this.m_soapDocument, this.m_crypto, wSSecHeader);
        wSSecSignature.addReferencesToSign(vector, wSSecHeader);
        wSSecSignature.prependToHeader(wSSecHeader);
        wSSecSignature.prependBSTElementToHeader(wSSecHeader);
        wSSecSignature.computeSignature();
        return wSSecSignature.getId();
    }

    public String utSignSoapBodyPart(WSSecHeader wSSecHeader, WSSecUsernameToken wSSecUsernameToken, String str) throws WSSecurityException {
        this.m_logger.log(Level.INFO, "Signing Body Part using UT - ID " + str);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setUsernameToken(wSSecUsernameToken);
        wSSecSignature.setKeyIdentifierType(7);
        wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str, "Element");
        Vector vector = new Vector();
        vector.add(wSEncryptionPart);
        wSSecSignature.prepare(this.m_soapDocument, this.m_crypto, wSSecHeader);
        wSSecSignature.addReferencesToSign(vector, wSSecHeader);
        wSSecSignature.prependToHeader(wSSecHeader);
        wSSecSignature.prependBSTElementToHeader(wSSecHeader);
        wSSecSignature.computeSignature();
        return wSSecSignature.getId();
    }

    public String samlSignSoapBodyPart(WSSecHeader wSSecHeader, String str, String str2, SAMLAssertion sAMLAssertion, Crypto crypto, String str3, String str4, String str5) throws WSSecurityException {
        this.m_logger.log(Level.INFO, "Signing Body Part ElementID " + str5);
        WSSecSignatureSAML wSSecSignatureSAML = new WSSecSignatureSAML();
        wSSecSignatureSAML.setUserInfo(str, str2);
        wSSecSignatureSAML.setKeyIdentifierType(1);
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str5, "Element");
        Vector vector = new Vector();
        vector.add(wSEncryptionPart);
        wSSecSignatureSAML.setParts(vector);
        this.m_soapDocument = wSSecSignatureSAML.build(this.m_soapDocument, this.m_crypto, sAMLAssertion, crypto, str3, str4, wSSecHeader);
        return wSSecSignatureSAML.getId();
    }

    public String addBinarySecurityToken(String str) throws WSSecurityException, GHSecurityException {
        return addBinarySecurityToken(getSecurityHeader(), str);
    }

    public String addBinarySecurityToken(WSSecHeader wSSecHeader, String str) throws WSSecurityException, GHSecurityException {
        validateCrypto();
        X509Security x509Security = new X509Security(this.m_soapDocument);
        X509Certificate[] certificates = this.m_crypto.getCertificates(str);
        if (certificates == null || certificates.length <= 0) {
            throw new WSSecurityException(0, "invalidX509Data", new Object[]{"for Encryption"});
        }
        x509Security.setX509Certificate(certificates[0]);
        x509Security.setID("CertId-" + certificates[0].hashCode());
        WSSecurityUtil.prependChildElement(this.m_soapDocument, wSSecHeader.getSecurityHeader(), x509Security.getElement(), false);
        return x509Security.getID();
    }

    public String addLTPASecurityToken(WSSecHeader wSSecHeader, LTPATokenWrapper lTPATokenWrapper) {
        BinarySecurity binarySecurity = new BinarySecurity(this.m_soapDocument);
        LTPAVersion byVersionId = LTPAVersion.getByVersionId(lTPATokenWrapper.getVersion());
        binarySecurity.getElement().setAttribute("xmlns:ltpa", byVersionId.getNamespace());
        binarySecurity.setValueType("ltpa:" + byVersionId.getVersionId());
        binarySecurity.setID("ltpa_20-" + lTPATokenWrapper.getBase64().hashCode());
        binarySecurity.setToken(lTPATokenWrapper.getBytes());
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), binarySecurity.getElement());
        return binarySecurity.getID();
    }

    /* JADX WARN: Multi-variable type inference failed */
    private String getIdForReference(SecurityAction[] securityActionArr, int i) throws IllegalReferenceException {
        if (!(securityActionArr[i] instanceof ElementReference)) {
            if (securityActionArr[i] instanceof ElementGenerator) {
                ElementGenerator elementGenerator = (ElementGenerator) securityActionArr[i];
                if (elementGenerator.getGeneratedElementId() != null && elementGenerator.getGeneratedElementId().length() > 0) {
                    return elementGenerator.getGeneratedElementId();
                }
            }
            throw new IllegalReferenceException("Referenced Action is neither an ElementReference nor an ElementGenerator for index: " + i + " in the action list");
        }
        ElementReference elementReference = (ElementReference) securityActionArr[i];
        if (elementReference.getElementReferenceIndex() >= 0 && elementReference.getElementReferenceIndex() < i) {
            return getIdForReference(securityActionArr, elementReference.getElementReferenceIndex());
        }
        if (elementReference.getElementId() == null || elementReference.getElementId().length() <= 0) {
            throw new IllegalReferenceException("ElementReference is missing both reference index and element at index: " + i + " in the action list");
        }
        if (securityActionArr[i] instanceof ElementGenerator) {
            ElementGenerator elementGenerator2 = (ElementGenerator) securityActionArr[i];
            if (elementGenerator2.getGeneratedElementId() != null && elementGenerator2.getGeneratedElementId().length() > 0) {
                return elementGenerator2.getGeneratedElementId();
            }
        }
        return elementReference.getElementId();
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void resetGeneratedActionIds(SecurityAction[] securityActionArr) {
        for (int i = 0; i < securityActionArr.length; i++) {
            if (securityActionArr[i] instanceof ElementGenerator) {
                ((ElementGenerator) securityActionArr[i]).setGeneratedElementId(null);
            }
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Failed to find 'out' block for switch in B:11:0x005f. Please report as an issue. */
    public void applyActionList(SecurityAction[] securityActionArr, SecurityInfo[] securityInfoArr) throws WSSecurityException, IllegalReferenceException, IOException, GHSecurityException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        if (securityActionArr == null || securityActionArr.length == 0) {
            return;
        }
        this.m_tokenNameGenMap.clear();
        SAMLGenerator sAMLGenerator = null;
        resetGeneratedActionIds(securityActionArr);
        Map<String, SecurityInfo> buildSecurityInfoMap = buildSecurityInfoMap(securityInfoArr);
        WSSecHeader X_createAndInsertSecurityHeader = X_createAndInsertSecurityHeader(securityActionArr[0]);
        int i = 0;
        for (SecurityAction securityAction : securityActionArr) {
            if (securityAction.getActionType() != null) {
                X_setCrypto(buildSecurityInfoMap, securityAction);
                switch ($SWITCH_TABLE$com$ghc$wsSecurity$action$SecurityAction$Type()[securityAction.getActionType().ordinal()]) {
                    case 1:
                        X_applyUserToken(securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case IdentityStoreResourcePanelEvent.CONTENTS_CHANGED /* 2 */:
                        X_applyCertificate(buildSecurityInfoMap, securityActionArr, securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 3:
                        X_applyBinaryToken(securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 4:
                        X_applyEncryptPart(securityActionArr, i, securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 5:
                        X_applyEncrptBody(securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 6:
                        X_applySignPart(buildSecurityInfoMap, securityActionArr, i, securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case SecurityUtils.UT_SIGNING /* 7 */:
                        X_applyTimeStamp(securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 8:
                        if (sAMLGenerator == null) {
                            sAMLGenerator = SAMLGenerator.getInstance(securityInfoArr);
                        }
                        X_applySAMLToken(sAMLGenerator, securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                    case 9:
                        i++;
                        break;
                    case 10:
                    default:
                        throw new IllegalArgumentException("Unknown Security Action: " + securityAction.getName());
                    case 11:
                        X_applyLTPAToken(securityAction, X_createAndInsertSecurityHeader);
                        i++;
                        break;
                }
            }
        }
    }

    private void X_applyLTPAToken(SecurityAction securityAction, WSSecHeader wSSecHeader) {
        LTPAAction lTPAAction = (LTPAAction) securityAction;
        lTPAAction.setGeneratedElementId(addLTPASecurityToken(wSSecHeader, lTPAAction.getToken()));
        this.m_tokenNameGenMap.put(lTPAAction.getName(), lTPAAction);
    }

    private WSSecHeader X_createAndInsertSecurityHeader(SecurityAction securityAction) {
        WSSecHeader wSSecHeader = (securityAction.getActor() == null || securityAction.getActor().length() == 0) ? new WSSecHeader((String) null, false) : new WSSecHeader();
        wSSecHeader.insertSecurityHeader(this.m_soapDocument);
        return wSSecHeader;
    }

    private void X_applyTimeStamp(SecurityAction securityAction, WSSecHeader wSSecHeader) {
        TimeStampTokenAction timeStampTokenAction = (TimeStampTokenAction) securityAction;
        timeStampTokenAction.setGeneratedElementId(addTimestampToken(wSSecHeader, timeStampTokenAction.getTtl(), timeStampTokenAction.isMillis()));
        this.m_tokenNameGenMap.put(timeStampTokenAction.getName(), timeStampTokenAction);
    }

    private void X_applySAMLToken(SAMLGenerator sAMLGenerator, SecurityAction securityAction, WSSecHeader wSSecHeader) throws GHSecurityException {
        SAMLAssertionTokenAction sAMLAssertionTokenAction = (SAMLAssertionTokenAction) securityAction;
        try {
            sAMLAssertionTokenAction.setGeneratedElementId(X_addSAMLToken(wSSecHeader, sAMLGenerator.generateAssertion(sAMLAssertionTokenAction.getAssertion())));
            this.m_tokenNameGenMap.put(sAMLAssertionTokenAction.getName(), sAMLAssertionTokenAction);
        } catch (Exception e) {
            throw new GHSecurityException("Unable to generate SAML Assertion.", e);
        } catch (Throwable th) {
            throw new GHSecurityException("Unrecoverable error generating SAML Assertion: " + th.getClass().getName() + " :: " + th.getMessage(), th);
        }
    }

    private String X_addSAMLToken(WSSecHeader wSSecHeader, SAMLAssertion sAMLAssertion) {
        WSSecSAMLToken wSSecSAMLToken = new WSSecSAMLToken();
        this.m_soapDocument = wSSecSAMLToken.build(this.m_soapDocument, sAMLAssertion, wSSecHeader);
        this.m_samlMap.put(wSSecSAMLToken.getId(), sAMLAssertion);
        return wSSecSAMLToken.getId();
    }

    private void X_applyUserToken(SecurityAction securityAction, WSSecHeader wSSecHeader) {
        UserNameTokenAction userNameTokenAction = (UserNameTokenAction) securityAction;
        userNameTokenAction.setGeneratedElementId(addUsernameToken(wSSecHeader, userNameTokenAction.getUsername(), userNameTokenAction.getPassword(), userNameTokenAction.isDigested(), userNameTokenAction.isNonced(), userNameTokenAction.isCreated(), userNameTokenAction.isMillis()));
        this.m_tokenNameGenMap.put(userNameTokenAction.getName(), userNameTokenAction);
    }

    private void X_applySignPart(Map<String, SecurityInfo> map, SecurityAction[] securityActionArr, int i, SecurityAction securityAction, WSSecHeader wSSecHeader) throws WSSecurityException, IllegalReferenceException, GHSecurityException {
        SignPartAction signPartAction = (SignPartAction) securityAction;
        setKeyIdentifierType(signPartAction.getKeyIdentifierType());
        setSignatureAlgo(SecurityUtils.findSignatureAlgorithm(signPartAction.getAlgorithm()));
        switch (signPartAction.getKeyIdentifierType()) {
            case SecurityUtils.UT_SIGNING /* 7 */:
                signPartAction.setGeneratedElementId(utSignSoapBodyPart(wSSecHeader, this.m_utMap.get(((UserNameTokenAction) securityActionArr[signPartAction.getKeyIdentifierReferenceIndex()]).getGeneratedElementId()), getIdForReference(securityActionArr, i)));
                break;
            case SecurityUtils.SAML_SIGNING /* 123456789 */:
                SAMLAssertionTokenAction sAMLAssertionTokenAction = (SAMLAssertionTokenAction) securityActionArr[signPartAction.getKeyIdentifierReferenceIndex()];
                SecurityInfo securityInfo = map.get(sAMLAssertionTokenAction.getAssertion().getKeystoreName());
                Crypto crypto = null;
                if (securityInfo != null) {
                    crypto = KeyStoreUtil.getBouncyCastle(securityInfo);
                }
                signPartAction.setGeneratedElementId(samlSignSoapBodyPart(wSSecHeader, signPartAction.getCertificateAlias(), signPartAction.getPassword(), this.m_samlMap.get(sAMLAssertionTokenAction.getGeneratedElementId()), crypto, sAMLAssertionTokenAction.getAssertion().getKeystoreAlias(), sAMLAssertionTokenAction.getAssertion().getKeystoreAliasPassword(), getIdForReference(securityActionArr, i)));
                break;
            default:
                signPartAction.setGeneratedElementId(signBodyPart(wSSecHeader, signPartAction.getCertificateAlias(), signPartAction.getPassword(), getIdForReference(securityActionArr, i)));
                break;
        }
        this.m_tokenNameGenMap.put(signPartAction.getName(), signPartAction);
    }

    private void X_applyEncryptPart(SecurityAction[] securityActionArr, int i, SecurityAction securityAction, WSSecHeader wSSecHeader) throws WSSecurityException, GHSecurityException, IllegalReferenceException {
        EncryptPartAction encryptPartAction = (EncryptPartAction) securityAction;
        setKeyIdentifierType(encryptPartAction.getKeyIdentifierType());
        setEncryptionAlgo(SecurityUtils.findEncryptionAlgorithm(encryptPartAction.getAlgorithm()));
        setKeyEncryptionAlgo(encryptPartAction.getKeyEncryptionAlgorithm());
        encryptPartAction.setGeneratedElementId(encryptBodyPart(wSSecHeader, encryptPartAction.getCertificateAlias(), getIdForReference(securityActionArr, i), encryptPartAction.encryptDataOnly()));
        this.m_tokenNameGenMap.put(encryptPartAction.getName(), encryptPartAction);
    }

    private void X_applyEncrptBody(SecurityAction securityAction, WSSecHeader wSSecHeader) throws WSSecurityException, GHSecurityException {
        EncryptBodyAction encryptBodyAction = (EncryptBodyAction) securityAction;
        setKeyIdentifierType(encryptBodyAction.getKeyIdentifierType());
        setEncryptionAlgo(SecurityUtils.findEncryptionAlgorithm(encryptBodyAction.getAlgorithm()));
        setKeyEncryptionAlgo(encryptBodyAction.getKeyEncryptionAlgorithm());
        encryptSOAPBody(encryptBodyAction, wSSecHeader, encryptBodyAction.getCertificateAlias());
    }

    private void X_applyCertificate(Map<String, SecurityInfo> map, SecurityAction[] securityActionArr, SecurityAction securityAction, WSSecHeader wSSecHeader) throws WSSecurityException, GHSecurityException, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        SignBodyAction signBodyAction = (SignBodyAction) securityAction;
        setKeyIdentifierType(signBodyAction.getKeyIdentifierType());
        setSignatureAlgo(SecurityUtils.findSignatureAlgorithm(signBodyAction.getAlgorithm()));
        switch (signBodyAction.getKeyIdentifierType()) {
            case SecurityUtils.UT_SIGNING /* 7 */:
                utSignSoapBody(wSSecHeader, this.m_utMap.get(((UserNameTokenAction) securityActionArr[signBodyAction.getKeyIdentifierReferenceIndex()]).getGeneratedElementId()));
                return;
            case SecurityUtils.SAML_SIGNING /* 123456789 */:
                SAMLAssertionTokenAction sAMLAssertionTokenAction = (SAMLAssertionTokenAction) securityActionArr[signBodyAction.getKeyIdentifierReferenceIndex()];
                SecurityInfo securityInfo = map.get(sAMLAssertionTokenAction.getAssertion().getKeystoreName());
                Crypto crypto = null;
                if (securityInfo != null) {
                    crypto = KeyStoreUtil.getBouncyCastle(securityInfo);
                }
                samlSignSoapBody(wSSecHeader, signBodyAction.getCertificateAlias(), signBodyAction.getPassword(), this.m_samlMap.get(sAMLAssertionTokenAction.getGeneratedElementId()), crypto, sAMLAssertionTokenAction.getAssertion().getKeystoreAlias(), sAMLAssertionTokenAction.getAssertion().getKeystoreAliasPassword());
                return;
            default:
                signSOAPBody(signBodyAction, wSSecHeader, signBodyAction.getCertificateAlias(), signBodyAction.getPassword());
                return;
        }
    }

    private void X_applyBinaryToken(SecurityAction securityAction, WSSecHeader wSSecHeader) throws WSSecurityException, GHSecurityException {
        BinaryTokenAction binaryTokenAction = (BinaryTokenAction) securityAction;
        binaryTokenAction.setGeneratedElementId(addBinarySecurityToken(wSSecHeader, binaryTokenAction.getAlias()));
        this.m_tokenNameGenMap.put(binaryTokenAction.getName(), binaryTokenAction);
    }

    private void X_setCrypto(Map<String, SecurityInfo> map, SecurityAction securityAction) throws WSSecurityException {
        if (securityAction instanceof CryptoSecurityAction) {
            SecurityInfo securityInfo = map.get(((CryptoSecurityAction) securityAction).getKeyStoreName());
            if (securityInfo == null) {
                setCrypto(null);
            } else {
                setCrypto(KeyStoreUtil.getBouncyCastle(securityInfo));
            }
        }
    }

    public static Map<String, SecurityInfo> buildSecurityInfoMap(SecurityInfo[] securityInfoArr) {
        HashMap hashMap = new HashMap();
        if (securityInfoArr != null) {
            for (SecurityInfo securityInfo : securityInfoArr) {
                hashMap.put(securityInfo.getKeyStoreName(), securityInfo);
            }
        }
        return hashMap;
    }

    public void validateAndDecrypt(CallbackHandler callbackHandler, boolean z) throws WSSecurityException {
        validateAndDecrypt("", callbackHandler, z);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v5, types: [org.apache.ws.security.WSSecurityEngine] */
    public void validateAndDecrypt(String str, CallbackHandler callbackHandler, boolean z) throws WSSecurityException {
        (z ? WSSecurityEngine.getInstance() : new WSSecurityEngineNoSignatureProcessing()).processSecurityHeader(this.m_soapDocument, str, callbackHandler, this.m_crypto);
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v9, types: [org.apache.ws.security.WSSecurityEngine] */
    public void validateAndDecrypt(String str, CallbackHandler callbackHandler, SecurityInfo securityInfo, SecurityInfo securityInfo2) throws WSSecurityException {
        WSSecurityEngineNoSignatureProcessing wSSecurityEngine = securityInfo2 == null ? WSSecurityEngine.getInstance() : new WSSecurityEngineNoSignatureProcessing();
        Crypto bouncyCastle = securityInfo == null ? null : KeyStoreUtil.getBouncyCastle(securityInfo);
        wSSecurityEngine.processSecurityHeader(this.m_soapDocument, str, callbackHandler, bouncyCastle, securityInfo2 == null ? bouncyCastle : KeyStoreUtil.getBouncyCastle(securityInfo2));
    }

    private void validateCrypto() throws GHSecurityException {
        if (this.m_crypto == null) {
            throw new GHSecurityException("Crypto error, keystore may be missing.");
        }
    }

    static /* synthetic */ int[] $SWITCH_TABLE$com$ghc$wsSecurity$action$SecurityAction$Type() {
        int[] iArr = $SWITCH_TABLE$com$ghc$wsSecurity$action$SecurityAction$Type;
        if (iArr != null) {
            return iArr;
        }
        int[] iArr2 = new int[SecurityAction.Type.valuesCustom().length];
        try {
            iArr2[SecurityAction.Type.BinaryToken.ordinal()] = 3;
        } catch (NoSuchFieldError unused) {
        }
        try {
            iArr2[SecurityAction.Type.Certificate.ordinal()] = 2;
        } catch (NoSuchFieldError unused2) {
        }
        try {
            iArr2[SecurityAction.Type.Decrypt.ordinal()] = 9;
        } catch (NoSuchFieldError unused3) {
        }
        try {
            iArr2[SecurityAction.Type.EncryptBody.ordinal()] = 5;
        } catch (NoSuchFieldError unused4) {
        }
        try {
            iArr2[SecurityAction.Type.EncryptPart.ordinal()] = 4;
        } catch (NoSuchFieldError unused5) {
        }
        try {
            iArr2[SecurityAction.Type.LTPAToken.ordinal()] = 11;
        } catch (NoSuchFieldError unused6) {
        }
        try {
            iArr2[SecurityAction.Type.SAMLToken.ordinal()] = 8;
        } catch (NoSuchFieldError unused7) {
        }
        try {
            iArr2[SecurityAction.Type.SignPart.ordinal()] = 6;
        } catch (NoSuchFieldError unused8) {
        }
        try {
            iArr2[SecurityAction.Type.TimeStamp.ordinal()] = 7;
        } catch (NoSuchFieldError unused9) {
        }
        try {
            iArr2[SecurityAction.Type.UserToken.ordinal()] = 1;
        } catch (NoSuchFieldError unused10) {
        }
        try {
            iArr2[SecurityAction.Type.ValidateSignatures.ordinal()] = 10;
        } catch (NoSuchFieldError unused11) {
        }
        $SWITCH_TABLE$com$ghc$wsSecurity$action$SecurityAction$Type = iArr2;
        return iArr2;
    }
}
