package org.apache.rampart.util;

import java.security.NoSuchAlgorithmException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.KeyGenerator;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMAttribute;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNamespace;
import org.apache.axiom.om.xpath.AXIOMXPath;
import org.apache.axiom.soap.SOAPEnvelope;
import org.apache.axiom.soap.SOAPHeader;
import org.apache.axiom.soap.SOAPHeaderBlock;
import org.apache.axis2.AxisFault;
import org.apache.axis2.addressing.AddressingConstants;
import org.apache.axis2.client.Options;
import org.apache.axis2.context.MessageContext;
import org.apache.axis2.dataretrieval.client.MexClient;
import org.apache.axis2.description.Parameter;
import org.apache.axis2.mex.MexException;
import org.apache.axis2.mex.om.Metadata;
import org.apache.axis2.mex.om.MetadataReference;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.neethi.Policy;
import org.apache.neethi.PolicyEngine;
import org.apache.rahas.RahasConstants;
import org.apache.rahas.Token;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rahas.client.STSClient;
import org.apache.rampart.PolicyBasedResultsValidator;
import org.apache.rampart.PolicyValidatorCallbackHandler;
import org.apache.rampart.RampartConfigCallbackHandler;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.CryptoConfig;
import org.apache.rampart.policy.model.RampartConfig;
import org.apache.ws.secpolicy.SPConstants;
import org.apache.ws.secpolicy.model.HttpsToken;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Wss11;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationConstants;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecBase;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.util.Loader;
import org.apache.ws.security.util.WSSecurityUtil;
import org.jaxen.JaxenException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:lib/open/rampart/rampart-core-1.6.2.jar:org/apache/rampart/util/RampartUtil.class */
public class RampartUtil {
    private static final String CRYPTO_PROVIDER = "org.apache.ws.security.crypto.provider";
    private static Log log;
    private static Map<String, CachedCrypto> cryptoStore;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:lib/open/rampart/rampart-core-1.6.2.jar:org/apache/rampart/util/RampartUtil$CachedCrypto.class */
    public static class CachedCrypto {
        private Crypto crypto;
        private long creationTime;

        public CachedCrypto(Crypto crypto, long j) {
            this.crypto = crypto;
            this.creationTime = j;
        }
    }

    static {
        $assertionsDisabled = !RampartUtil.class.desiredAssertionStatus();
        log = LogFactory.getLog(RampartUtil.class);
        cryptoStore = new ConcurrentHashMap();
    }

    public static CallbackHandler getPasswordCB(RampartMessageData rampartMessageData) throws RampartException {
        return getPasswordCB(rampartMessageData.getMsgContext(), rampartMessageData.getPolicyData());
    }

    public static CallbackHandler getPasswordCB(MessageContext messageContext, RampartPolicyData rampartPolicyData) throws RampartException {
        CallbackHandler callbackHandler;
        Parameter parameter;
        if (rampartPolicyData.getRampartConfig() == null || rampartPolicyData.getRampartConfig().getPwCbClass() == null) {
            callbackHandler = (CallbackHandler) messageContext.getProperty(WSHandlerConstants.PW_CALLBACK_REF);
            if (callbackHandler == null && (parameter = messageContext.getParameter(WSHandlerConstants.PW_CALLBACK_REF)) != null) {
                callbackHandler = (CallbackHandler) parameter.getValue();
            }
        } else {
            String pwCbClass = rampartPolicyData.getRampartConfig().getPwCbClass();
            ClassLoader classLoader = messageContext.getAxisService().getClassLoader();
            if (log.isDebugEnabled()) {
                log.debug("loading class : " + pwCbClass);
            }
            try {
                try {
                    callbackHandler = (CallbackHandler) Loader.loadClass(classLoader, pwCbClass).newInstance();
                } catch (Exception e) {
                    throw new RampartException("cannotCreatePWCBInstance", new String[]{pwCbClass}, e);
                }
            } catch (ClassNotFoundException e2) {
                throw new RampartException("cannotLoadPWCBClass", new String[]{pwCbClass}, e2);
            }
        }
        return callbackHandler;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v21, types: [org.apache.rampart.PolicyValidatorCallbackHandler] */
    public static PolicyValidatorCallbackHandler getPolicyValidatorCB(MessageContext messageContext, RampartPolicyData rampartPolicyData) throws RampartException {
        PolicyBasedResultsValidator policyBasedResultsValidator;
        if (rampartPolicyData.getRampartConfig() == null || rampartPolicyData.getRampartConfig().getPolicyValidatorCbClass() == null) {
            policyBasedResultsValidator = new PolicyBasedResultsValidator();
        } else {
            String policyValidatorCbClass = rampartPolicyData.getRampartConfig().getPolicyValidatorCbClass();
            ClassLoader classLoader = messageContext.getAxisService().getClassLoader();
            if (log.isDebugEnabled()) {
                log.debug("loading class : " + policyValidatorCbClass);
            }
            try {
                try {
                    policyBasedResultsValidator = (PolicyValidatorCallbackHandler) Loader.loadClass(classLoader, policyValidatorCbClass).newInstance();
                } catch (Exception e) {
                    throw new RampartException("cannotCreatePolicyValidatorCallbackInstance", new String[]{policyValidatorCbClass}, e);
                }
            } catch (ClassNotFoundException e2) {
                throw new RampartException("cannotLoadPolicyValidatorCbClass", new String[]{policyValidatorCbClass}, e2);
            }
        }
        return policyBasedResultsValidator;
    }

    public static RampartConfigCallbackHandler getRampartConfigCallbackHandler(MessageContext messageContext, RampartPolicyData rampartPolicyData) throws RampartException {
        if (rampartPolicyData.getRampartConfig() == null || rampartPolicyData.getRampartConfig().getRampartConfigCbClass() == null) {
            return null;
        }
        String rampartConfigCbClass = rampartPolicyData.getRampartConfig().getRampartConfigCbClass();
        ClassLoader classLoader = messageContext.getAxisService().getClassLoader();
        if (log.isDebugEnabled()) {
            log.debug("loading class : " + rampartConfigCbClass);
        }
        try {
            try {
                return (RampartConfigCallbackHandler) Loader.loadClass(classLoader, rampartConfigCbClass).newInstance();
            } catch (Exception e) {
                throw new RampartException("cannotCreateRampartConfigCallbackInstance", new String[]{rampartConfigCbClass}, e);
            }
        } catch (ClassNotFoundException e2) {
            throw new RampartException("cannotLoadRampartConfigCallbackClass", new String[]{rampartConfigCbClass}, e2);
        }
    }

    public static WSPasswordCallback performCallback(CallbackHandler callbackHandler, String str, int i) throws RampartException {
        int i2 = 0;
        switch (i) {
            case 1:
            case 64:
                i2 = 2;
                break;
            case 2:
                i2 = 3;
                break;
            case 4:
                i2 = 4;
                break;
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, i2);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback;
        } catch (Exception e) {
            throw new RampartException("pwcbFailed", e);
        }
    }

    public static Crypto getEncryptionCrypto(RampartConfig rampartConfig, ClassLoader classLoader) throws RampartException {
        log.debug("Loading encryption crypto");
        Crypto crypto = null;
        if (rampartConfig == null || rampartConfig.getEncrCryptoConfig() == null) {
            log.debug("Trying the signature crypto info");
            crypto = getSignatureCrypto(rampartConfig, classLoader);
        } else {
            CryptoConfig encrCryptoConfig = rampartConfig.getEncrCryptoConfig();
            String provider = encrCryptoConfig.getProvider();
            if (log.isDebugEnabled()) {
                log.debug("Using provider: " + provider);
            }
            Properties prop = encrCryptoConfig.getProp();
            prop.put(CRYPTO_PROVIDER, provider);
            String str = null;
            String str2 = null;
            if (encrCryptoConfig.isCacheEnabled()) {
                if (encrCryptoConfig.getCryptoKey() != null) {
                    str = prop.getProperty(encrCryptoConfig.getCryptoKey());
                    str2 = encrCryptoConfig.getCacheRefreshInterval();
                } else if (provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)) {
                    str = encrCryptoConfig.getProp().getProperty("org.apache.ws.security.crypto.merlin.file");
                }
            }
            if (str != null) {
                crypto = retrieveCryptoFromCache(String.valueOf(str.trim()) + "#" + provider.trim(), str2);
            }
            if (crypto == null) {
                crypto = createCrypto(prop, classLoader);
                if (str != null) {
                    cacheCrypto(String.valueOf(str.trim()) + "#" + provider.trim(), crypto);
                }
            }
        }
        return crypto;
    }

    private static Crypto createCrypto(Properties properties, ClassLoader classLoader) throws RampartException {
        try {
            return CryptoFactory.getInstance(properties, classLoader);
        } catch (WSSecurityException e) {
            log.error("Error loading crypto properties.", e);
            throw new RampartException("cannotCrateCryptoInstance", e);
        }
    }

    public static Crypto getSignatureCrypto(RampartConfig rampartConfig, ClassLoader classLoader) throws RampartException {
        log.debug("Loading Signature crypto");
        Crypto crypto = null;
        if (rampartConfig != null && rampartConfig.getSigCryptoConfig() != null) {
            CryptoConfig sigCryptoConfig = rampartConfig.getSigCryptoConfig();
            String provider = sigCryptoConfig.getProvider();
            if (log.isDebugEnabled()) {
                log.debug("Using provider: " + provider);
            }
            Properties prop = sigCryptoConfig.getProp();
            prop.put(CRYPTO_PROVIDER, provider);
            String str = null;
            String str2 = null;
            if (sigCryptoConfig.isCacheEnabled()) {
                if (sigCryptoConfig.getCryptoKey() != null) {
                    str = prop.getProperty(sigCryptoConfig.getCryptoKey());
                    str2 = sigCryptoConfig.getCacheRefreshInterval();
                } else if (provider.equals(RampartConstants.MERLIN_CRYPTO_IMPL)) {
                    str = sigCryptoConfig.getProp().getProperty("org.apache.ws.security.crypto.merlin.file");
                }
            }
            if (str != null) {
                crypto = retrieveCryptoFromCache(String.valueOf(str.trim()) + "#" + provider.trim(), str2);
            }
            if (crypto == null) {
                crypto = createCrypto(prop, classLoader);
                if (str != null) {
                    cacheCrypto(String.valueOf(str.trim()) + "#" + provider.trim(), crypto);
                }
            }
        }
        return crypto;
    }

    public static int getKeyIdentifier(X509Token x509Token) throws RampartException {
        if (x509Token.isRequireIssuerSerialReference()) {
            return 2;
        }
        if (x509Token.isRequireThumbprintReference()) {
            return 8;
        }
        if (x509Token.isRequireEmbeddedTokenReference()) {
            return 1;
        }
        throw new RampartException("unknownKeyRefSpeficier");
    }

    public static String processIssuerAddress(OMElement oMElement) throws RampartException {
        if (oMElement == null) {
            throw new RampartException("invalidIssuerAddress", new String[]{"Issuer address null"});
        }
        if (oMElement.getText() == null || "".equals(oMElement.getText())) {
            throw new RampartException("invalidIssuerAddress", new String[]{oMElement.toString()});
        }
        return oMElement.getText().trim();
    }

    public static Policy getPolicyFromMetadataRef(OMElement oMElement) throws RampartException {
        try {
            Metadata metadata = new Metadata();
            metadata.fromOM(oMElement.getFirstElement());
            MetadataReference metadataReference = metadata.getMetadatSections()[0].getMetadataReference();
            MexClient mexClient = new MexClient();
            Options options = mexClient.getOptions();
            options.setTo(metadataReference.getEPR());
            options.setAction("http://schemas.xmlsoap.org/ws/2004/09/mex/GetMetadata/Request");
            metadata.fromOM(mexClient.sendReceive(mexClient.setupGetMetadataRequest("http://schemas.xmlsoap.org/ws/2004/09/policy", null)));
            return PolicyEngine.getPolicy((OMElement) metadata.getMetadataSection("http://schemas.xmlsoap.org/ws/2004/09/policy", null)[0].getInlineData());
        } catch (MexException e) {
            throw new RampartException("Error Retrieving the policy from mex", (Throwable) e);
        } catch (AxisFault e2) {
            throw new RampartException("Error Retrieving the policy from mex", (Throwable) e2);
        }
    }

    public static Policy addRampartConfig(RampartMessageData rampartMessageData, Policy policy) {
        RampartConfig rampartConfig = rampartMessageData.getPolicyData().getRampartConfig();
        RampartConfig rampartConfig2 = new RampartConfig();
        rampartConfig2.setUser(rampartConfig.getUser());
        rampartConfig2.setSigCryptoConfig(rampartConfig.getSigCryptoConfig());
        rampartConfig2.setPwCbClass(rampartConfig.getPwCbClass());
        rampartConfig2.setEncryptionUser(rampartConfig.getStsAlias());
        rampartConfig2.setEncrCryptoConfig(rampartConfig.getStsCryptoConfig());
        policy.addAssertion(rampartConfig2);
        return policy;
    }

    public static OMElement createRSTTempalteForSCT(int i, int i2) throws RampartException {
        try {
            log.debug("Creating RSTTemplate for an SCT request");
            OMFactory oMFactory = OMAbstractFactory.getOMFactory();
            OMElement createOMElement = oMFactory.createOMElement(SPConstants.REQUEST_SECURITY_TOKEN_TEMPLATE, oMFactory.createOMNamespace("http://schemas.xmlsoap.org/ws/2004/09/policy", "wsp"));
            TrustUtil.createTokenTypeElement(i2, createOMElement).setText(String.valueOf(ConversationConstants.getWSCNs(i)) + ConversationConstants.TOKEN_TYPE_SECURITY_CONTEXT_TOKEN);
            return createOMElement;
        } catch (TrustException e) {
            throw new RampartException("errorCreatingRSTTemplateForSCT", e);
        } catch (ConversationException e2) {
            throw new RampartException("errorCreatingRSTTemplateForSCT", e2);
        }
    }

    public static int getTimeToLive(RampartMessageData rampartMessageData) {
        RampartConfig rampartConfig = rampartMessageData.getPolicyData().getRampartConfig();
        if (rampartConfig == null) {
            return 300;
        }
        String timestampTTL = rampartConfig.getTimestampTTL();
        int i = 0;
        if (timestampTTL != null) {
            try {
                i = Integer.parseInt(timestampTTL);
            } catch (NumberFormatException e) {
                i = rampartMessageData.getTimeToLive();
            }
        }
        if (i <= 0) {
            i = rampartMessageData.getTimeToLive();
        }
        return i;
    }

    public static int getTimestampMaxSkew(RampartMessageData rampartMessageData) {
        RampartConfig rampartConfig = rampartMessageData.getPolicyData().getRampartConfig();
        if (rampartConfig == null) {
            return 300;
        }
        String timestampMaxSkew = rampartConfig.getTimestampMaxSkew();
        int i = 0;
        if (timestampMaxSkew != null) {
            try {
                i = Integer.parseInt(timestampMaxSkew);
            } catch (NumberFormatException e) {
                i = rampartMessageData.getTimestampMaxSkew();
            }
        }
        if (i < 0) {
            i = 0;
        }
        return i;
    }

    public static String getSecConvToken(RampartMessageData rampartMessageData, SecureConversationToken secureConversationToken) throws TrustException, RampartException {
        Policy issuerPolicy;
        String actionValue = TrustUtil.getActionValue(rampartMessageData.getWstVersion(), RahasConstants.RST_ACTION_SCT);
        OMElement issuerEpr = secureConversationToken.getIssuerEpr();
        String address = rampartMessageData.getMsgContext().getTo().getAddress();
        if (issuerEpr != null) {
            address = processIssuerAddress(issuerEpr);
        }
        OMElement createRSTTempalteForSCT = createRSTTempalteForSCT(rampartMessageData.getSecConvVersion(), rampartMessageData.getWstVersion());
        Policy bootstrapPolicy = secureConversationToken.getBootstrapPolicy();
        if (bootstrapPolicy != null) {
            log.debug("BootstrapPolicy found");
            bootstrapPolicy.addAssertion(rampartMessageData.getPolicyData().getRampartConfig());
            if (rampartMessageData.getPolicyData().getMTOMAssertion() != null) {
                bootstrapPolicy.addAssertion(rampartMessageData.getPolicyData().getMTOMAssertion());
            }
            issuerPolicy = bootstrapPolicy;
        } else {
            log.debug("No bootstrap policy, using issuer policy");
            issuerPolicy = rampartMessageData.getPolicyData().getIssuerPolicy();
        }
        String token = getToken(rampartMessageData, createRSTTempalteForSCT, address, actionValue, issuerPolicy);
        if (log.isDebugEnabled()) {
            log.debug("SecureConversationToken obtained: id=" + token);
        }
        return token;
    }

    public static String getIssuedToken(RampartMessageData rampartMessageData, IssuedToken issuedToken) throws RampartException {
        try {
            String actionValue = TrustUtil.getActionValue(rampartMessageData.getWstVersion(), RahasConstants.RST_ACTION_ISSUE);
            String processIssuerAddress = processIssuerAddress(issuedToken.getIssuerEpr());
            OMElement rstTemplate = issuedToken.getRstTemplate();
            Policy policy = (Policy) rampartMessageData.getMsgContext().getProperty(RampartMessageData.RAMPART_STS_POLICY);
            if (policy == null && issuedToken.getIssuerMex() != null) {
                policy = getPolicyFromMetadataRef(issuedToken.getIssuerMex());
                addRampartConfig(rampartMessageData, policy);
            }
            String token = getToken(rampartMessageData, rstTemplate, processIssuerAddress, actionValue, policy);
            if (log.isDebugEnabled()) {
                log.debug("Issued token obtained: id=" + token);
            }
            return token;
        } catch (TrustException e) {
            throw new RampartException("errorInObtainingToken", e);
        }
    }

    public static String getToken(RampartMessageData rampartMessageData, OMElement oMElement, String str, String str2, Policy policy) throws RampartException {
        try {
            MessageContext msgContext = rampartMessageData.getMsgContext();
            String str3 = (String) msgContext.getProperty(RampartMessageData.KEY_CUSTOM_ISSUED_TOKEN);
            if (str3 != null) {
                return str3;
            }
            Axis2Util.useDOOM(false);
            STSClient sTSClient = new STSClient(rampartMessageData.getMsgContext().getConfigurationContext());
            sTSClient.setAction(str2);
            sTSClient.setVersion(rampartMessageData.getWstVersion());
            sTSClient.setRstTemplate(oMElement);
            sTSClient.setCryptoInfo(getSignatureCrypto(rampartMessageData.getPolicyData().getRampartConfig(), rampartMessageData.getMsgContext().getAxisService().getClassLoader()), getPasswordCB(rampartMessageData));
            Policy servicePolicy = rampartMessageData.getServicePolicy();
            String address = rampartMessageData.getMsgContext().getOptions().getTo().getAddress();
            Object property = msgContext.getProperty(AddressingConstants.WS_ADDRESSING_VERSION);
            if (property != null) {
                sTSClient.setAddressingNs((String) property);
            }
            Options options = new Options();
            options.setUserName(rampartMessageData.getMsgContext().getOptions().getUserName());
            options.setPassword(rampartMessageData.getMsgContext().getOptions().getPassword());
            if (msgContext.getParameter(WSHandlerConstants.PW_CALLBACK_REF) != null) {
                sTSClient.addParameter(msgContext.getParameter(WSHandlerConstants.PW_CALLBACK_REF));
            }
            sTSClient.setOptions(options);
            if (msgContext.isSOAP11()) {
                sTSClient.setSoapVersion("http://schemas.xmlsoap.org/soap/envelope/");
            } else {
                sTSClient.setSoapVersion("http://www.w3.org/2003/05/soap-envelope");
            }
            Token requestSecurityToken = sTSClient.requestSecurityToken(servicePolicy, str, policy, address);
            requestSecurityToken.setState(1);
            rampartMessageData.getTokenStorage().add(requestSecurityToken);
            Axis2Util.useDOOM(true);
            return requestSecurityToken.getId();
        } catch (Exception e) {
            throw new RampartException("errorInObtainingToken", e);
        }
    }

    public static String getSoapBodyId(SOAPEnvelope sOAPEnvelope) {
        return addWsuIdToElement(sOAPEnvelope.getBody());
    }

    public static String addWsuIdToElement(OMElement oMElement) {
        String str;
        OMAttribute attribute = oMElement.getAttribute(new QName("Id"));
        if (attribute == null) {
            attribute = oMElement.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
        }
        if (attribute != null) {
            str = attribute.getAttributeValue();
        } else {
            OMNamespace createOMNamespace = oMElement.getOMFactory().createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
            str = "Id-" + oMElement.hashCode();
            oMElement.addAttribute(oMElement.getOMFactory().createOMAttribute("Id", createOMNamespace, str));
        }
        return str;
    }

    public static Element appendChildToSecHeader(RampartMessageData rampartMessageData, OMElement oMElement) {
        return appendChildToSecHeader(rampartMessageData, (Element) oMElement);
    }

    public static Element appendChildToSecHeader(RampartMessageData rampartMessageData, Element element) {
        Element securityHeader = rampartMessageData.getSecHeader().getSecurityHeader();
        return (Element) securityHeader.appendChild(securityHeader.getOwnerDocument().importNode(element, true));
    }

    public static Element insertSiblingAfter(RampartMessageData rampartMessageData, Element element, Element element2) {
        if (element == null) {
            return appendChildToSecHeader(rampartMessageData, element2);
        }
        if (!element.getOwnerDocument().equals(element2.getOwnerDocument())) {
            Element element3 = (Element) element.getOwnerDocument().importNode(element2, true);
            ((OMElement) element).insertSiblingAfter((OMElement) element3);
            return element3;
        }
        if (element.getParentNode() == null && !element.getLocalName().equals("UsernameToken")) {
            rampartMessageData.getSecHeader().getSecurityHeader().appendChild(element);
        }
        ((OMElement) element).insertSiblingAfter((OMElement) element2);
        return element2;
    }

    public static Element insertSiblingBefore(RampartMessageData rampartMessageData, Element element, Element element2) {
        if (element == null) {
            return appendChildToSecHeader(rampartMessageData, element2);
        }
        if (element.getOwnerDocument().equals(element2.getOwnerDocument())) {
            ((OMElement) element).insertSiblingBefore((OMElement) element2);
            return element2;
        }
        Element element3 = (Element) element.getOwnerDocument().importNode(element2, true);
        ((OMElement) element).insertSiblingBefore((OMElement) element3);
        return element3;
    }

    public static List<WSEncryptionPart> getEncryptedParts(RampartMessageData rampartMessageData) {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        SOAPEnvelope envelope = rampartMessageData.getMsgContext().getEnvelope();
        return getContentEncryptedElements(getPartsAndElements(false, envelope, policyData.isEncryptBody() && !policyData.isEncryptBodyOptional(), policyData.getEncryptedParts(), policyData.getEncryptedElements(), policyData.getDeclaredNamespaces()), envelope, policyData.getContentEncryptedElements(), policyData.getDeclaredNamespaces());
    }

    public static List<WSEncryptionPart> getSignedParts(RampartMessageData rampartMessageData) {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        SOAPEnvelope envelope = rampartMessageData.getMsgContext().getEnvelope();
        if (policyData.isSignAllHeaders()) {
            Iterator childElements = envelope.getHeader().getChildElements();
            while (childElements.hasNext()) {
                OMElement oMElement = (OMElement) childElements.next();
                if (!oMElement.getLocalName().equals("Security") || !oMElement.getNamespace().getNamespaceURI().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) {
                    policyData.addSignedPart(oMElement.getNamespace().getNamespaceURI(), oMElement.getLocalName());
                }
            }
        }
        return getPartsAndElements(true, envelope, policyData.isSignBody() && !policyData.isSignBodyOptional(), policyData.getSignedParts(), policyData.getSignedElements(), policyData.getDeclaredNamespaces());
    }

    public static List<WSEncryptionPart> getSupportingEncryptedParts(RampartMessageData rampartMessageData, SupportingPolicyData supportingPolicyData) {
        return getPartsAndElements(false, rampartMessageData.getMsgContext().getEnvelope(), supportingPolicyData.isEncryptBody() && !supportingPolicyData.isEncryptBodyOptional(), supportingPolicyData.getEncryptedParts(), supportingPolicyData.getEncryptedElements(), supportingPolicyData.getDeclaredNamespaces());
    }

    public static List<WSEncryptionPart> getSupportingSignedParts(RampartMessageData rampartMessageData, SupportingPolicyData supportingPolicyData) {
        return getPartsAndElements(true, rampartMessageData.getMsgContext().getEnvelope(), supportingPolicyData.isSignBody() && !supportingPolicyData.isSignBodyOptional(), supportingPolicyData.getSignedParts(), supportingPolicyData.getSignedElements(), supportingPolicyData.getDeclaredNamespaces());
    }

    public static Set findAllPrefixNamespaces(OMElement oMElement, HashMap hashMap) {
        HashSet hashSet = new HashSet();
        findPrefixNamespaces(oMElement, hashSet);
        Iterator it = getDefaultPrefixNamespaces(oMElement.getOMFactory()).iterator();
        while (it.hasNext()) {
            hashSet.add((OMNamespace) it.next());
        }
        for (String str : hashMap.keySet()) {
            hashSet.add(oMElement.getOMFactory().createOMNamespace((String) hashMap.get(str), str));
        }
        return hashSet;
    }

    private static void findPrefixNamespaces(OMElement oMElement, Set<OMNamespace> set) {
        Iterator allDeclaredNamespaces = oMElement.getAllDeclaredNamespaces();
        if (allDeclaredNamespaces != null) {
            while (allDeclaredNamespaces.hasNext()) {
                set.add((OMNamespace) allDeclaredNamespaces.next());
            }
        }
        Iterator childElements = oMElement.getChildElements();
        while (childElements.hasNext()) {
            findPrefixNamespaces((OMElement) childElements.next(), set);
        }
    }

    private static List getDefaultPrefixNamespaces(OMFactory oMFactory) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(oMFactory.createOMNamespace("http://www.w3.org/2001/04/xmlenc#", "xenc"));
        arrayList.add(oMFactory.createOMNamespace("http://www.w3.org/2000/09/xmldsig#", "ds"));
        arrayList.add(oMFactory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse"));
        arrayList.add(oMFactory.createOMNamespace("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu"));
        return arrayList;
    }

    public static List<WSEncryptionPart> getContentEncryptedElements(List<WSEncryptionPart> list, SOAPEnvelope sOAPEnvelope, List<String> list2, HashMap hashMap) {
        Set<OMNamespace> findAllPrefixNamespaces = findAllPrefixNamespaces(sOAPEnvelope, hashMap);
        for (String str : list2) {
            try {
                AXIOMXPath aXIOMXPath = new AXIOMXPath(str);
                for (OMNamespace oMNamespace : findAllPrefixNamespaces) {
                    aXIOMXPath.addNamespace(oMNamespace.getPrefix(), oMNamespace.getNamespaceURI());
                }
                for (OMElement oMElement : aXIOMXPath.selectNodes(sOAPEnvelope)) {
                    String localName = oMElement.getLocalName();
                    String namespaceURI = oMElement.getNamespace() != null ? oMElement.getNamespace().getNamespaceURI() : null;
                    OMAttribute attribute = oMElement.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
                    String str2 = null;
                    if (attribute != null) {
                        str2 = attribute.getAttributeValue();
                    }
                    list.add(createEncryptionPart(localName, str2, namespaceURI, RampartConstants.XML_ENCRYPTION_MODIFIER_CONTENT, str));
                }
            } catch (JaxenException e) {
                throw new RuntimeException(e);
            }
        }
        return list;
    }

    public static WSEncryptionPart createEncryptionPart(String str, String str2) {
        return createEncryptionPart(str, str2, null, null, null);
    }

    public static WSEncryptionPart createEncryptionPart(String str, String str2, String str3, String str4) {
        return createEncryptionPart(str, str2, str3, str4, null);
    }

    public static WSEncryptionPart createEncryptionPart(String str, String str2, String str3, String str4, String str5) {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        WSEncryptionPart wSEncryptionPart = new WSEncryptionPart(str, str3, str4);
        wSEncryptionPart.setId(str2);
        wSEncryptionPart.setXpath(str5);
        return wSEncryptionPart;
    }

    public static List<WSEncryptionPart> getPartsAndElements(boolean z, SOAPEnvelope sOAPEnvelope, boolean z2, List<WSEncryptionPart> list, List<String> list2, HashMap hashMap) {
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        if (z2) {
            String addWsuIdToElement = addWsuIdToElement(sOAPEnvelope.getBody());
            if (z) {
                arrayList2.add(createEncryptionPart(sOAPEnvelope.getBody().getLocalName(), addWsuIdToElement, null, null));
            } else {
                arrayList2.add(createEncryptionPart(sOAPEnvelope.getBody().getLocalName(), addWsuIdToElement, null, RampartConstants.XML_ENCRYPTION_MODIFIER_CONTENT));
            }
            arrayList.add(sOAPEnvelope.getBody());
        }
        SOAPHeader header = sOAPEnvelope.getHeader();
        for (WSEncryptionPart wSEncryptionPart : list) {
            if (wSEncryptionPart.getName() == null) {
                Iterator it = header.getHeaderBlocksWithNSURI(wSEncryptionPart.getNamespace()).iterator();
                while (it.hasNext()) {
                    OMElement firstChildWithName = header.getFirstChildWithName(((SOAPHeaderBlock) it.next()).getQName());
                    if (!arrayList.contains(firstChildWithName)) {
                        arrayList.add(firstChildWithName);
                        if (z) {
                            arrayList2.add(createEncryptionPart(firstChildWithName.getLocalName(), null, wSEncryptionPart.getNamespace(), RampartConstants.XML_ENCRYPTION_MODIFIER_CONTENT));
                        } else {
                            OMAttribute attribute = firstChildWithName.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
                            arrayList2.add(createEncryptionPart(firstChildWithName.getLocalName(), attribute != null ? attribute.getAttributeValue() : null, wSEncryptionPart.getNamespace(), RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT));
                        }
                    }
                }
            } else {
                OMElement firstChildWithName2 = header.getFirstChildWithName(new QName(wSEncryptionPart.getNamespace(), wSEncryptionPart.getName()));
                if (firstChildWithName2 != null && !arrayList.contains(firstChildWithName2)) {
                    arrayList.add(firstChildWithName2);
                    OMAttribute attribute2 = firstChildWithName2.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
                    if (attribute2 != null) {
                        wSEncryptionPart.setEncId(attribute2.getAttributeValue());
                    }
                    arrayList2.add(wSEncryptionPart);
                }
            }
        }
        Set<OMNamespace> findAllPrefixNamespaces = findAllPrefixNamespaces(sOAPEnvelope, hashMap);
        for (String str : list2) {
            try {
                AXIOMXPath aXIOMXPath = new AXIOMXPath(str);
                for (OMNamespace oMNamespace : findAllPrefixNamespaces) {
                    aXIOMXPath.addNamespace(oMNamespace.getPrefix(), oMNamespace.getNamespaceURI());
                }
                for (OMElement oMElement : aXIOMXPath.selectNodes(sOAPEnvelope)) {
                    String localName = oMElement.getLocalName();
                    String namespaceURI = oMElement.getNamespace() != null ? oMElement.getNamespace().getNamespaceURI() : null;
                    if (z) {
                        arrayList2.add(createEncryptionPart(localName, null, namespaceURI, RampartConstants.XML_ENCRYPTION_MODIFIER_CONTENT, str));
                    } else {
                        OMAttribute attribute3 = oMElement.getAttribute(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id"));
                        arrayList2.add(createEncryptionPart(localName, attribute3 != null ? attribute3.getAttributeValue() : null, namespaceURI, RampartConstants.XML_ENCRYPTION_MODIFIER_ELEMENT, str));
                    }
                }
            } catch (JaxenException e) {
                throw new RuntimeException(e);
            }
        }
        return arrayList2;
    }

    public static boolean checkRequiredElements(SOAPEnvelope sOAPEnvelope, HashMap hashMap, String str) {
        SOAPHeader header = sOAPEnvelope.getHeader();
        Set<OMNamespace> findAllPrefixNamespaces = findAllPrefixNamespaces(header, hashMap);
        try {
            AXIOMXPath aXIOMXPath = new AXIOMXPath(str);
            for (OMNamespace oMNamespace : findAllPrefixNamespaces) {
                aXIOMXPath.addNamespace(oMNamespace.getPrefix(), oMNamespace.getNamespaceURI());
            }
            return aXIOMXPath.selectNodes(header).size() != 0;
        } catch (JaxenException e) {
            throw new RuntimeException(e);
        }
    }

    public static KeyGenerator getEncryptionKeyGenerator(String str) throws WSSecurityException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
            if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#tripledes-cbc")) {
                keyGenerator = KeyGenerator.getInstance("DESede");
            } else if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes128-cbc")) {
                keyGenerator.init(128);
            } else if (str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes192-cbc")) {
                keyGenerator.init(192);
            } else {
                if (!str.equalsIgnoreCase("http://www.w3.org/2001/04/xmlenc#aes256-cbc")) {
                    return null;
                }
                keyGenerator.init(256);
            }
            return keyGenerator;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(2, null, null, e);
        }
    }

    public static String getContextIdentifierKey(MessageContext messageContext) {
        return messageContext.getAxisService().getName();
    }

    public static Hashtable getContextMap(MessageContext messageContext) {
        Object property = messageContext.getConfigurationContext().getProperty("contextMap");
        if (property == null) {
            property = new Hashtable();
            messageContext.getConfigurationContext().setProperty("contextMap", property);
        }
        return (Hashtable) property;
    }

    public static boolean isTokenValid(RampartMessageData rampartMessageData, String str) throws RampartException {
        try {
            Token token = rampartMessageData.getTokenStorage().getToken(str);
            if (token != null) {
                return token.getState() == 1;
            }
            return false;
        } catch (TrustException e) {
            throw new RampartException("errorExtractingToken");
        }
    }

    public static void setEncryptionUser(RampartMessageData rampartMessageData, WSSecEncryptedKey wSSecEncryptedKey) throws RampartException {
        setEncryptionUser(rampartMessageData, wSSecEncryptedKey, rampartMessageData.getPolicyData().getRampartConfig().getEncryptionUser());
    }

    public static void setEncryptionUser(RampartMessageData rampartMessageData, WSSecEncryptedKey wSSecEncryptedKey, String str) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (str == null) {
            str = policyData.getRampartConfig().getEncryptionUser();
        }
        if (str == null || "".equals(str)) {
            throw new RampartException("missingEncryptionUser");
        }
        if (!str.equals(WSHandlerConstants.USE_REQ_SIG_CERT)) {
            wSSecEncryptedKey.setUserInfo(str);
            return;
        }
        List list = (List) rampartMessageData.getMsgContext().getProperty(WSHandlerConstants.RECV_RESULTS);
        if (list == null) {
            throw new RampartException("noSecurityResults");
        }
        wSSecEncryptedKey.setUseThisCert(getReqSigCert(list));
        if (wSSecEncryptedKey.isCertSet()) {
            wSSecEncryptedKey.setUserInfo(getUsername(list));
        }
    }

    public static void setKeyIdentifierType(RampartMessageData rampartMessageData, WSSecBase wSSecBase, org.apache.ws.secpolicy.model.Token token) {
        if (!(token.getInclusion() == 1 || (!rampartMessageData.isInitiator() && token.getInclusion() == 3) || (rampartMessageData.isInitiator() && token.getInclusion() == 4))) {
            wSSecBase.setKeyIdentifierType(1);
            return;
        }
        boolean z = false;
        if (token instanceof X509Token) {
            X509Token x509Token = (X509Token) token;
            if (x509Token.isRequireIssuerSerialReference()) {
                wSSecBase.setKeyIdentifierType(2);
                z = true;
            } else if (x509Token.isRequireKeyIdentifierReference()) {
                wSSecBase.setKeyIdentifierType(4);
                z = true;
            } else if (x509Token.isRequireThumbprintReference()) {
                wSSecBase.setKeyIdentifierType(8);
                z = true;
            }
        }
        if (z) {
            return;
        }
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Wss11 wss11 = policyData.getWss11();
        if (wss11 == null) {
            wss11 = policyData.getWss10();
        }
        if (wss11.isMustSupportRefKeyIdentifier()) {
            wSSecBase.setKeyIdentifierType(4);
            return;
        }
        if (wss11.isMustSupportRefIssuerSerial()) {
            wSSecBase.setKeyIdentifierType(2);
        } else if ((wss11 instanceof Wss11) && wss11.isMustSupportRefThumbprint()) {
            wSSecBase.setKeyIdentifierType(8);
        }
    }

    private static X509Certificate getReqSigCert(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 2) {
                    return (X509Certificate) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                }
            }
        }
        return null;
    }

    public static String getUsername(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 1) {
                    return ((WSUsernameTokenPrincipal) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_PRINCIPAL)).getName();
                }
            }
        }
        return null;
    }

    public static String getRequestEncryptedKeyId(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                String str = (String) wSSecurityEngineResult.get("id");
                if (num.intValue() == 4 && str != null) {
                    return str;
                }
            }
        }
        return null;
    }

    public static byte[] getRequestEncryptedKeyValue(List<WSHandlerResult> list) {
        Iterator<WSHandlerResult> it = list.iterator();
        while (it.hasNext()) {
            for (WSSecurityEngineResult wSSecurityEngineResult : it.next().getResults()) {
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                byte[] bArr = (byte[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECRET);
                if (num.intValue() == 4 && bArr != null) {
                    return bArr;
                }
            }
        }
        return null;
    }

    public static Element insertSiblingAfterOrPrepend(RampartMessageData rampartMessageData, Element element, Element element2) {
        return element != null ? insertSiblingAfter(rampartMessageData, element, element2) : prependSecHeader(rampartMessageData, element2);
    }

    public static Element insertSiblingBeforeOrPrepend(RampartMessageData rampartMessageData, Element element, Element element2) {
        return (element == null || element.getPreviousSibling() == null) ? prependSecHeader(rampartMessageData, element2) : insertSiblingBefore(rampartMessageData, element, element2);
    }

    private static Element prependSecHeader(RampartMessageData rampartMessageData, Element element) {
        Element element2;
        Element securityHeader = rampartMessageData.getSecHeader().getSecurityHeader();
        Node importNode = securityHeader.getOwnerDocument().importNode(element, true);
        Element element3 = (Element) securityHeader.getFirstChild();
        if (element3 == null) {
            element2 = (Element) securityHeader.appendChild(importNode);
        } else if (element3.getOwnerDocument().equals(element.getOwnerDocument())) {
            ((OMElement) element3).insertSiblingBefore((OMElement) element);
            element2 = element;
        } else {
            Element element4 = (Element) element3.getOwnerDocument().importNode(element, true);
            ((OMElement) element3).insertSiblingBefore((OMElement) element4);
            element2 = element4;
        }
        return element2;
    }

    public static boolean isSecHeaderRequired(RampartPolicyData rampartPolicyData, boolean z, boolean z2) {
        if (rampartPolicyData.isIncludeTimestamp() || rampartPolicyData.isSignBody() || rampartPolicyData.getSignedParts().size() != 0 || rampartPolicyData.getSignedElements().size() != 0 || rampartPolicyData.isEncryptBody() || rampartPolicyData.getEncryptedParts().size() != 0 || rampartPolicyData.getEncryptedElements().size() != 0) {
            return true;
        }
        if ((z || !z2) && (!z || z2)) {
            return false;
        }
        for (SupportingToken supportingToken : rampartPolicyData.getSupportingTokensList()) {
            if (supportingToken != null && supportingToken.getTokens().size() != 0) {
                return true;
            }
        }
        SupportingToken signedSupportingTokens = rampartPolicyData.getSignedSupportingTokens();
        if (signedSupportingTokens != null && signedSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken endorsingSupportingTokens = rampartPolicyData.getEndorsingSupportingTokens();
        if (endorsingSupportingTokens != null && endorsingSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken signedEndorsingSupportingTokens = rampartPolicyData.getSignedEndorsingSupportingTokens();
        if (signedEndorsingSupportingTokens != null && signedEndorsingSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken encryptedSupportingTokens = rampartPolicyData.getEncryptedSupportingTokens();
        if (encryptedSupportingTokens != null && encryptedSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken signedEncryptedSupportingTokens = rampartPolicyData.getSignedEncryptedSupportingTokens();
        if (signedEncryptedSupportingTokens != null && signedEncryptedSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken endorsingEncryptedSupportingTokens = rampartPolicyData.getEndorsingEncryptedSupportingTokens();
        if (endorsingEncryptedSupportingTokens != null && endorsingEncryptedSupportingTokens.getTokens().size() != 0) {
            return true;
        }
        SupportingToken signedEndorsingEncryptedSupportingTokens = rampartPolicyData.getSignedEndorsingEncryptedSupportingTokens();
        return (signedEndorsingEncryptedSupportingTokens == null || signedEndorsingEncryptedSupportingTokens.getTokens().size() == 0) ? false : true;
    }

    public static void handleEncryptedSignedHeaders(List<WSEncryptionPart> list, List<WSEncryptionPart> list2, Document document) {
        String attributeNS;
        for (WSEncryptionPart wSEncryptionPart : list2) {
            if (wSEncryptionPart.getNamespace() != null && wSEncryptionPart.getName() != null) {
                for (WSEncryptionPart wSEncryptionPart2 : list) {
                    if (wSEncryptionPart2.getNamespace() != null && wSEncryptionPart2.getName() != null && wSEncryptionPart.getName().equals(wSEncryptionPart2.getName()) && wSEncryptionPart.getNamespace().equals(wSEncryptionPart2.getNamespace())) {
                        Element findElementById = WSSecurityUtil.findElementById(document.getDocumentElement(), wSEncryptionPart2.getEncId(), false);
                        if (findElementById != null && (attributeNS = ((Element) findElementById.getParentNode()).getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id")) != null && !"".equals(attributeNS.trim())) {
                            list2.remove(wSEncryptionPart);
                            list2.add(createEncryptionPart(wSEncryptionPart.getName(), attributeNS, wSEncryptionPart.getNamespace(), wSEncryptionPart.getEncModifier(), wSEncryptionPart.getXpath()));
                        }
                    }
                }
            }
        }
    }

    public static String getSigElementId(RampartMessageData rampartMessageData) {
        ArrayList headerBlocksWithNSURI;
        SOAPHeader header = rampartMessageData.getMsgContext().getEnvelope().getHeader();
        if (header == null || (headerBlocksWithNSURI = header.getHeaderBlocksWithNSURI("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")) == null || headerBlocksWithNSURI.size() <= 0) {
            return null;
        }
        QName qName = new QName("http://www.w3.org/2000/09/xmldsig#", "Signature");
        QName qName2 = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        OMElement firstChildWithName = ((SOAPHeaderBlock) headerBlocksWithNSURI.get(0)).getFirstChildWithName(qName);
        OMAttribute attribute = firstChildWithName.getAttribute(qName2);
        if (attribute != null) {
            return attribute.getAttributeValue();
        }
        OMAttribute attribute2 = firstChildWithName.getAttribute(new QName("Id"));
        if (attribute2 != null) {
            return attribute2.getAttributeValue();
        }
        return null;
    }

    public static WSSConfig getWSSConfigInstance() {
        WSSConfig newInstance = WSSConfig.getNewInstance();
        WSSConfig newInstance2 = WSSConfig.getNewInstance();
        newInstance2.setEnableSignatureConfirmation(newInstance.isEnableSignatureConfirmation());
        newInstance2.setTimeStampStrict(newInstance.isTimeStampStrict());
        newInstance2.setWsiBSPCompliant(newInstance.isWsiBSPCompliant());
        newInstance2.setPrecisionInMilliSeconds(newInstance.isPrecisionInMilliSeconds());
        return newInstance2;
    }

    public static void validateTransport(RampartMessageData rampartMessageData) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (policyData != null && policyData.isTransportBinding() && !rampartMessageData.isInitiator() && (policyData.getTransportToken() instanceof HttpsToken)) {
            String incomingTransportName = rampartMessageData.getMsgContext().getIncomingTransportName();
            if (!incomingTransportName.equals("https")) {
                throw new RampartException("invalidTransport", new String[]{incomingTransportName});
            }
            if (((HttpsToken) policyData.getTransportToken()).isRequireClientCertificate()) {
                rampartMessageData.getMsgContext();
            }
        }
    }

    private static Crypto retrieveCryptoFromCache(String str, String str2) {
        if (!cryptoStore.containsKey(str)) {
            log.debug("Cache Miss : Crypto Object was not found in cache.");
            return null;
        }
        CachedCrypto cachedCrypto = cryptoStore.get(str);
        if (str2 == null) {
            log.debug("Cache Hit : Crypto Object was found in cache.");
            return cachedCrypto.crypto;
        }
        if (cachedCrypto.creationTime + new Long(str2).longValue() > Calendar.getInstance().getTimeInMillis()) {
            log.debug("Cache Hit : Crypto Object was found in cache.");
            return cachedCrypto.crypto;
        }
        log.debug("Cache Miss : Crypto Object found in cache is expired.");
        return null;
    }

    private static void cacheCrypto(String str, Crypto crypto) {
        cryptoStore.put(str, new CachedCrypto(crypto, Calendar.getInstance().getTimeInMillis()));
        log.debug("Crypto object is inserted into the Cache.");
    }

    public static String getSAML10AssertionNamespace() {
        StringBuilder sb = new StringBuilder("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0");
        sb.append("#").append(WSConstants.SAML_ASSERTION_ID);
        return sb.toString();
    }

    public static void setEncryptionCrypto(MessageContext messageContext) {
        setEncryptionCryptoFileProperty(messageContext);
        setEncryptionCryptoReferenceProperty(messageContext);
    }

    public static void setDecryptionCrypto(MessageContext messageContext) {
        setDecryptionCryptoFileProperty(messageContext);
        setDecryptionCryptoReferenceProperty(messageContext);
    }

    private static void setEncryptionCryptoReferenceProperty(MessageContext messageContext) {
        setCryptoProperty(messageContext, WSHandlerConstants.SIG_PROP_REF_ID, WSHandlerConstants.ENC_PROP_REF_ID);
    }

    private static void setDecryptionCryptoReferenceProperty(MessageContext messageContext) {
        setCryptoProperty(messageContext, WSHandlerConstants.SIG_PROP_REF_ID, WSHandlerConstants.DEC_PROP_REF_ID);
    }

    private static void setEncryptionCryptoFileProperty(MessageContext messageContext) {
        setCryptoProperty(messageContext, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.ENC_PROP_FILE);
    }

    private static void setDecryptionCryptoFileProperty(MessageContext messageContext) {
        setCryptoProperty(messageContext, WSHandlerConstants.SIG_PROP_FILE, WSHandlerConstants.DEC_PROP_FILE);
    }

    private static void setCryptoProperty(MessageContext messageContext, String str, String str2) {
        if (messageContext.getProperty(str2) == null) {
            String str3 = (String) messageContext.getProperty(str);
            if (str3 != null) {
                messageContext.setProperty(str2, str3);
            } else if (log.isDebugEnabled()) {
                log.debug("Signature crypto property file is not set. Property file key - signaturePropFile");
            }
        }
    }

    public static boolean encryptFirst(RampartPolicyData rampartPolicyData) {
        return "EncryptBeforeSigning".equals(rampartPolicyData.getProtectionOrder());
    }
}
