package org.apache.ws.security.message.token;

import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.message.CallbackLookup;
import org.apache.ws.security.message.DOMCallbackLookup;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.DOM2Writer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.ws.wssecurity.Embedded;
import org.opensaml.ws.wssecurity.KeyIdentifier;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.16.jar:org/apache/ws/security/message/token/SecurityTokenReference.class */
public class SecurityTokenReference {
    public static final String SECURITY_TOKEN_REFERENCE = "SecurityTokenReference";
    public static final String SKI_URI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
    public static final String THUMB_URI = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1";
    public static final String ENC_KEY_SHA1_URI = "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1";
    protected Element element;
    private DOMX509IssuerSerial issuerSerial;
    private byte[] skiBytes;
    private Reference reference;
    public static final QName STR_QNAME = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference");
    private static Log log = LogFactory.getLog(SecurityTokenReference.class);

    public SecurityTokenReference(Element element) throws WSSecurityException {
        this(element, true);
    }

    public SecurityTokenReference(Element element, boolean z) throws WSSecurityException {
        this.element = null;
        this.issuerSerial = null;
        this.skiBytes = null;
        this.reference = null;
        this.element = element;
        QName qName = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
        if (!STR_QNAME.equals(qName)) {
            throw new WSSecurityException(0, "badElement", new Object[]{STR_QNAME, qName});
        }
        if (z) {
            checkBSPCompliance();
        }
        if (!containsReference()) {
            return;
        }
        Node firstChild = this.element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return;
            }
            if (1 == node.getNodeType() && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(node.getNamespaceURI()) && "Reference".equals(node.getLocalName())) {
                this.reference = new Reference((Element) node);
                return;
            }
            firstChild = node.getNextSibling();
        }
    }

    public SecurityTokenReference(Document document) {
        this.element = null;
        this.issuerSerial = null;
        this.skiBytes = null;
        this.reference = null;
        this.element = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:SecurityTokenReference");
    }

    public void addWSSENamespace() {
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
    }

    public void addWSUNamespace() {
        WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
    }

    public void addTokenType(String str) {
        if (str != null) {
            WSSecurityUtil.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
            this.element.setAttributeNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:TokenType", str);
        }
    }

    public String getTokenType() {
        return this.element.getAttributeNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "TokenType");
    }

    public void setReference(Reference reference) {
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(reference.getElement(), firstElement);
        } else {
            this.element.appendChild(reference.getElement());
        }
        this.reference = reference;
    }

    public Reference getReference() throws WSSecurityException {
        return this.reference;
    }

    public Element getTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler) throws WSSecurityException {
        String keyIdentifierValue;
        String keyIdentifierValueType;
        Reference reference = getReference();
        if (reference != null) {
            keyIdentifierValue = reference.getURI();
            keyIdentifierValueType = reference.getValueType();
        } else {
            keyIdentifierValue = getKeyIdentifierValue();
            keyIdentifierValueType = getKeyIdentifierValueType();
        }
        if (log.isDebugEnabled()) {
            log.debug("Token reference uri: " + keyIdentifierValue);
            log.debug("Token reference ValueType: " + keyIdentifierValueType);
        }
        if (keyIdentifierValue == null) {
            throw new WSSecurityException(3, "badReferenceURI");
        }
        Element findProcessedTokenElement = findProcessedTokenElement(document, wSDocInfo, callbackHandler, keyIdentifierValue, keyIdentifierValueType);
        if (findProcessedTokenElement == null) {
            findProcessedTokenElement = findUnprocessedTokenElement(document, wSDocInfo, callbackHandler, keyIdentifierValue, keyIdentifierValueType);
        }
        if (findProcessedTokenElement == null) {
            throw new WSSecurityException(7, "noToken", new Object[]{keyIdentifierValue});
        }
        return findProcessedTokenElement;
    }

    public Element findUnprocessedTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler, String str, String str2) throws WSSecurityException {
        String str3 = str;
        if (str3.charAt(0) == '#') {
            str3 = str3.substring(1);
        }
        CallbackLookup callbackLookup = null;
        if (wSDocInfo != null) {
            callbackLookup = wSDocInfo.getCallbackLookup();
        }
        if (callbackLookup == null) {
            callbackLookup = new DOMCallbackLookup(document);
        }
        return callbackLookup.getElement(str3, str2, true);
    }

    public Element findProcessedTokenElement(Document document, WSDocInfo wSDocInfo, CallbackHandler callbackHandler, String str, String str2) throws WSSecurityException {
        Element tokenElement;
        String str3 = str;
        if (str3.charAt(0) == '#') {
            str3 = str3.substring(1);
        }
        if (wSDocInfo != null && (tokenElement = wSDocInfo.getTokenElement(str3)) != null) {
            return tokenElement;
        }
        if (callbackHandler == null) {
            return null;
        }
        if (!"http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(str2) && !"http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct".equals(str2) && !WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(str2) && !WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(str2) && !KerberosSecurity.isKerberosToken(str2)) {
            return null;
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str3, 7);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            Element customToken = wSPasswordCallback.getCustomToken();
            if (customToken != null) {
                return (Element) document.importNode(customToken, true);
            }
            return null;
        } catch (Exception e) {
            log.debug(e.getMessage(), e);
            return null;
        }
    }

    public void setKeyIdentifier(X509Certificate x509Certificate) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        try {
            createKeyIdentifier(ownerDocument, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3", ownerDocument.createTextNode(Base64.encode(x509Certificate.getEncoded())), true);
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError", null, e);
        }
    }

    public void setKeyIdentifierSKI(X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException {
        if (x509Certificate.getVersion() != 3) {
            throw new WSSecurityException(1, "invalidCertForSKI", new Object[]{Integer.valueOf(x509Certificate.getVersion())});
        }
        Document ownerDocument = this.element.getOwnerDocument();
        Crypto crypto2 = crypto;
        if (crypto2 == null) {
            crypto2 = new Merlin();
        }
        createKeyIdentifier(ownerDocument, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier", ownerDocument.createTextNode(Base64.encode(crypto2.getSKIBytesFromCert(x509Certificate))), true);
    }

    public void setKeyIdentifierThumb(X509Certificate x509Certificate) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        try {
            try {
                createKeyIdentifier(ownerDocument, THUMB_URI, ownerDocument.createTextNode(Base64.encode(WSSecurityUtil.generateDigest(x509Certificate.getEncoded()))), true);
            } catch (WSSecurityException e) {
                throw new WSSecurityException(0, "noSHA1availabe", null, e);
            }
        } catch (CertificateEncodingException e2) {
            throw new WSSecurityException(7, "encodeError", null, e2);
        }
    }

    public void setKeyIdentifierEncKeySHA1(String str) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, ENC_KEY_SHA1_URI, ownerDocument.createTextNode(str), true);
    }

    public void setKeyIdentifier(String str, String str2) throws WSSecurityException {
        setKeyIdentifier(str, str2, false);
    }

    public void setKeyIdentifier(String str, String str2, boolean z) throws WSSecurityException {
        Document ownerDocument = this.element.getOwnerDocument();
        createKeyIdentifier(ownerDocument, str, ownerDocument.createTextNode(str2), z);
    }

    private void createKeyIdentifier(Document document, String str, Node node, boolean z) {
        Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:KeyIdentifier");
        createElementNS.setAttributeNS(null, "ValueType", str);
        if (z) {
            createElementNS.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        }
        createElementNS.appendChild(node);
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(createElementNS, firstElement);
        } else {
            this.element.appendChild(createElementNS);
        }
    }

    public Element getFirstElement() {
        Node firstChild = this.element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return null;
            }
            if (1 == node.getNodeType()) {
                return (Element) node;
            }
            firstChild = node.getNextSibling();
        }
    }

    public X509Certificate[] getKeyIdentifier(Crypto crypto) throws WSSecurityException {
        Node firstChild;
        Element firstElement = getFirstElement();
        String attributeNS = firstElement.getAttributeNS(null, "ValueType");
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(attributeNS)) {
            X509Security x509Security = new X509Security(firstElement);
            if (x509Security != null) {
                return new X509Certificate[]{x509Security.getX509Certificate(crypto)};
            }
            return null;
        }
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier".equals(attributeNS)) {
            X509Certificate x509SKIAlias = getX509SKIAlias(crypto);
            if (x509SKIAlias != null) {
                return new X509Certificate[]{x509SKIAlias};
            }
            return null;
        }
        if (!THUMB_URI.equals(attributeNS) || (firstChild = getFirstElement().getFirstChild()) == null || 3 != firstChild.getNodeType()) {
            return null;
        }
        byte[] decode = Base64.decode(((Text) firstChild).getData());
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.THUMBPRINT_SHA1);
        cryptoType.setBytes(decode);
        X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
        if (x509Certificates != null) {
            return new X509Certificate[]{x509Certificates[0]};
        }
        return null;
    }

    public String getKeyIdentifierValue() {
        Node firstChild;
        if (containsKeyIdentifier() && (firstChild = getFirstElement().getFirstChild()) != null && firstChild.getNodeType() == 3) {
            return ((Text) firstChild).getData();
        }
        return null;
    }

    public String getKeyIdentifierValueType() {
        if (containsKeyIdentifier()) {
            return getFirstElement().getAttributeNS(null, "ValueType");
        }
        return null;
    }

    public String getKeyIdentifierEncodingType() {
        if (containsKeyIdentifier()) {
            return getFirstElement().getAttributeNS(null, "EncodingType");
        }
        return null;
    }

    public X509Certificate getX509SKIAlias(Crypto crypto) throws WSSecurityException {
        if (this.skiBytes == null) {
            this.skiBytes = getSKIBytes();
            if (this.skiBytes == null) {
                return null;
            }
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.SKI_BYTES);
        cryptoType.setBytes(this.skiBytes);
        X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
        if (x509Certificates != null) {
            return x509Certificates[0];
        }
        return null;
    }

    public byte[] getSKIBytes() {
        if (this.skiBytes != null) {
            return this.skiBytes;
        }
        Node firstChild = getFirstElement().getFirstChild();
        if (firstChild == null) {
            return null;
        }
        if (firstChild.getNodeType() == 3) {
            try {
                this.skiBytes = Base64.decode(((Text) firstChild).getData());
            } catch (WSSecurityException e) {
                return null;
            }
        }
        return this.skiBytes;
    }

    public void setX509Data(DOMX509Data dOMX509Data) {
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(dOMX509Data.getElement(), firstElement);
        } else {
            this.element.appendChild(dOMX509Data.getElement());
        }
    }

    public void setUnknownElement(Element element) {
        Element firstElement = getFirstElement();
        if (firstElement != null) {
            this.element.replaceChild(element, firstElement);
        } else {
            this.element.appendChild(element);
        }
    }

    public X509Certificate[] getX509IssuerSerial(Crypto crypto) throws WSSecurityException {
        if (this.issuerSerial == null) {
            this.issuerSerial = getIssuerSerial();
            if (this.issuerSerial == null) {
                return null;
            }
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
        cryptoType.setIssuerSerial(this.issuerSerial.getIssuer(), this.issuerSerial.getSerialNumber());
        return crypto.getX509Certificates(cryptoType);
    }

    private DOMX509IssuerSerial getIssuerSerial() throws WSSecurityException {
        if (this.issuerSerial != null) {
            return this.issuerSerial;
        }
        Element firstElement = getFirstElement();
        if (firstElement == null) {
            return null;
        }
        if ("X509Data".equals(firstElement.getLocalName())) {
            firstElement = WSSecurityUtil.findElement(firstElement, "X509IssuerSerial", "http://www.w3.org/2000/09/xmldsig#");
        }
        this.issuerSerial = new DOMX509IssuerSerial(firstElement);
        return this.issuerSerial;
    }

    public boolean containsReference() {
        return lengthReference() > 0;
    }

    public int lengthReference() {
        return length("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference");
    }

    public boolean containsX509IssuerSerial() {
        return lengthX509IssuerSerial() > 0;
    }

    public boolean containsX509Data() {
        return lengthX509Data() > 0;
    }

    public int lengthX509IssuerSerial() {
        return length("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
    }

    public int lengthX509Data() {
        return length("http://www.w3.org/2000/09/xmldsig#", "X509Data");
    }

    public boolean containsKeyIdentifier() {
        return lengthKeyIdentifier() > 0;
    }

    public int lengthKeyIdentifier() {
        return length("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", KeyIdentifier.ELEMENT_LOCAL_NAME);
    }

    public int length(String str, String str2) {
        int i = 0;
        Node firstChild = this.element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return i;
            }
            if (1 == node.getNodeType()) {
                String namespaceURI = node.getNamespaceURI();
                String localName = node.getLocalName();
                if (((str != null && str.equals(namespaceURI)) || (str == null && namespaceURI == null)) && str2.equals(localName)) {
                    i++;
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    public Element getElement() {
        return this.element;
    }

    public void setID(String str) {
        this.element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", str);
    }

    public String getID() {
        return this.element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    private void checkBSPCompliance() throws WSSecurityException {
        int i = 0;
        Element element = null;
        for (Node firstChild = this.element.getFirstChild(); firstChild != null; firstChild = firstChild.getNextSibling()) {
            if (1 == firstChild.getNodeType()) {
                i++;
                element = (Element) firstChild;
            }
        }
        if (i != 1) {
            throw new WSSecurityException(3, "invalidDataRef");
        }
        if (KeyIdentifier.ELEMENT_LOCAL_NAME.equals(element.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI())) {
            String keyIdentifierValueType = getKeyIdentifierValueType();
            if (keyIdentifierValueType == null || "".equals(keyIdentifierValueType)) {
                throw new WSSecurityException(3, "invalidValueType");
            }
            String attributeNS = getFirstElement().getAttributeNS(null, "EncodingType");
            if (attributeNS != null && !"".equals(attributeNS) && !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(attributeNS)) {
                throw new WSSecurityException(3, "badEncodingType", new Object[]{attributeNS});
            }
            if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(keyIdentifierValueType) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(keyIdentifierValueType)) {
                return;
            }
            if (attributeNS == null || "".equals(attributeNS)) {
                throw new WSSecurityException(3, "noEncodingType");
            }
            return;
        }
        if (!Embedded.ELEMENT_LOCAL_NAME.equals(element.getLocalName())) {
            return;
        }
        int i2 = 0;
        Node firstChild2 = element.getFirstChild();
        while (true) {
            Node node = firstChild2;
            if (node == null) {
                if (i2 != 1) {
                    throw new WSSecurityException(3, "invalidEmbeddedRef");
                }
                return;
            }
            if (1 == node.getNodeType()) {
                i2++;
                if ("SecurityTokenReference".equals(node.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(node.getNamespaceURI())) {
                    throw new WSSecurityException(3, "invalidEmbeddedRef");
                }
            }
            firstChild2 = node.getNextSibling();
        }
    }

    public int hashCode() {
        int i = 17;
        try {
            Reference reference = getReference();
            if (reference != null) {
                i = (31 * 17) + reference.hashCode();
            }
        } catch (WSSecurityException e) {
            log.error(e);
        }
        String keyIdentifierEncodingType = getKeyIdentifierEncodingType();
        if (keyIdentifierEncodingType != null) {
            i = (31 * i) + keyIdentifierEncodingType.hashCode();
        }
        String keyIdentifierValueType = getKeyIdentifierValueType();
        if (keyIdentifierValueType != null) {
            i = (31 * i) + keyIdentifierValueType.hashCode();
        }
        String keyIdentifierValue = getKeyIdentifierValue();
        if (keyIdentifierValue != null) {
            i = (31 * i) + keyIdentifierValue.hashCode();
        }
        String tokenType = getTokenType();
        if (tokenType != null) {
            i = (31 * i) + tokenType.hashCode();
        }
        byte[] sKIBytes = getSKIBytes();
        if (sKIBytes != null) {
            i = (31 * i) + Arrays.hashCode(sKIBytes);
        }
        String str = null;
        BigInteger bigInteger = null;
        try {
            str = getIssuerSerial().getIssuer();
            bigInteger = getIssuerSerial().getSerialNumber();
        } catch (WSSecurityException e2) {
            log.error(e2);
        }
        if (str != null) {
            i = (31 * i) + str.hashCode();
        }
        if (bigInteger != null) {
            i = (31 * i) + bigInteger.hashCode();
        }
        return i;
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof SecurityTokenReference)) {
            return false;
        }
        SecurityTokenReference securityTokenReference = (SecurityTokenReference) obj;
        try {
            if (!getReference().equals(securityTokenReference.getReference()) || !compare(getKeyIdentifierEncodingType(), securityTokenReference.getKeyIdentifierEncodingType()) || !compare(getKeyIdentifierValueType(), securityTokenReference.getKeyIdentifierValueType()) || !compare(getKeyIdentifierValue(), securityTokenReference.getKeyIdentifierValue()) || !compare(getTokenType(), securityTokenReference.getTokenType()) || !Arrays.equals(getSKIBytes(), securityTokenReference.getSKIBytes())) {
                return false;
            }
            try {
                if (getIssuerSerial() == null || securityTokenReference.getIssuerSerial() == null) {
                    return true;
                }
                if (compare(getIssuerSerial().getIssuer(), securityTokenReference.getIssuerSerial().getIssuer())) {
                    return compare(getIssuerSerial().getSerialNumber(), securityTokenReference.getIssuerSerial().getSerialNumber());
                }
                return false;
            } catch (WSSecurityException e) {
                log.error(e);
                return false;
            }
        } catch (WSSecurityException e2) {
            log.error(e2);
            return false;
        }
    }

    private boolean compare(String str, String str2) {
        if (str != null || str2 == null) {
            return str == null || str.equals(str2);
        }
        return false;
    }

    private boolean compare(BigInteger bigInteger, BigInteger bigInteger2) {
        if (bigInteger != null || bigInteger2 == null) {
            return bigInteger == null || bigInteger.equals(bigInteger2);
        }
        return false;
    }
}
