package com.ibm.ws.wssecurity.saml.security.impl;

import com.ibm.ws.wssecurity.saml.common.util.MessageHelper;
import com.ibm.ws.wssecurity.saml.security.HoKAssertion;
import com.ibm.ws.wssecurity.util.Tr;
import com.ibm.ws.wssecurity.util.TraceComponent;
import com.ibm.ws.wssecurity.wssapi.token.impl.KeyStoreManager;
import com.ibm.ws.wssecurity.xml.xss4j.domutil.DOMUtil;
import com.ibm.ws.wssecurity.xml.xss4j.dsig.util.Base64;
import com.ibm.wsspi.wssecurity.core.SoapSecurityException;
import com.ibm.wsspi.wssecurity.core.token.config.RequesterConfiguration;
import com.ibm.wsspi.wssecurity.saml.config.ConsumerConfig;
import com.ibm.wsspi.wssecurity.saml.config.CredentialConfig;
import com.ibm.wsspi.wssecurity.saml.config.ProviderConfig;
import com.ibm.wsspi.wssecurity.saml.config.RequesterConfig;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.OMNode;

/* loaded from: input_file:lib/com.ibm.wsfp.main.jar:com/ibm/ws/wssecurity/saml/security/impl/HoKAssertionImpl.class */
public class HoKAssertionImpl implements HoKAssertion {
    private static final String comp = "security.wssecurity";
    private KeyStoreManager.KeyInformation keyInformation;
    private String thumbprint;
    private byte[] symmetricProofKey;
    private Key key;
    private Key privatekey;
    private SAMLEncryptedKey encryptedKey;
    private OMElement xml;
    private ProviderConfig issueCfg;
    private RequesterConfig requestData;
    private CredentialConfig cred;
    private ConsumerConfig assertionConsumingCfg;
    private static final TraceComponent tc = Tr.register(HoKAssertionImpl.class, "Web Services Security", "com.ibm.ws.wssecurity.resources.wssmessages");
    private static final String clsName = HoKAssertionImpl.class.getName();
    private static final OMFactory omFactory = OMAbstractFactory.getOMFactory();

    public HoKAssertionImpl() {
        this.keyInformation = null;
        this.thumbprint = null;
        this.symmetricProofKey = null;
        this.key = null;
        this.privatekey = null;
        this.encryptedKey = null;
        this.xml = null;
        this.issueCfg = null;
        this.requestData = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
    }

    public HoKAssertionImpl(OMElement oMElement) {
        this.keyInformation = null;
        this.thumbprint = null;
        this.symmetricProofKey = null;
        this.key = null;
        this.privatekey = null;
        this.encryptedKey = null;
        this.xml = null;
        this.issueCfg = null;
        this.requestData = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        this.xml = oMElement;
    }

    public HoKAssertionImpl(ConsumerConfig consumerConfig) {
        this.keyInformation = null;
        this.thumbprint = null;
        this.symmetricProofKey = null;
        this.key = null;
        this.privatekey = null;
        this.encryptedKey = null;
        this.xml = null;
        this.issueCfg = null;
        this.requestData = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        this.assertionConsumingCfg = consumerConfig;
    }

    public HoKAssertionImpl(ProviderConfig providerConfig, RequesterConfig requesterConfig, CredentialConfig credentialConfig) {
        this.keyInformation = null;
        this.thumbprint = null;
        this.symmetricProofKey = null;
        this.key = null;
        this.privatekey = null;
        this.encryptedKey = null;
        this.xml = null;
        this.issueCfg = null;
        this.requestData = null;
        this.cred = null;
        this.assertionConsumingCfg = null;
        this.issueCfg = providerConfig;
        this.requestData = requesterConfig;
        this.cred = credentialConfig;
    }

    public void createHok() throws SoapSecurityException {
        String str = this.requestData.getRSTTProperties().get(RequesterConfiguration.RSTT.KEYTYPE);
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey".equals(str)) {
            createSymmetricKeyInfo();
        } else if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey".equals(str)) {
            createAsymmetricKeyInfo();
        } else if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer".equals(str)) {
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.WSSML0000E"));
        }
    }

    public void createAsymmetricKeyInfo() throws SoapSecurityException {
        try {
            this.keyInformation = KeyStoreManager.getInstance().getKeyInformation(this.issueCfg.getTrustStoreConfig().getPath(), this.issueCfg.getTrustStoreConfig().getType(), this.issueCfg.getTrustStoreConfig().getPassword().toCharArray(), this.issueCfg.getTrustStoreConfig().getKsRef(), this.requestData.getKeyAliasForRequester(), null, "");
            this.key = this.keyInformation.getPublicOrSecretKey();
            this.privatekey = null;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    public void createSymmetricKeyInfo() throws SoapSecurityException {
        String keyAliasForAppliesTo = this.requestData.getKeyAliasForAppliesTo();
        if (keyAliasForAppliesTo == null) {
            throw new SoapSecurityException(MessageHelper.getMessage("security.wssecurity.WSSML0001E"));
        }
        try {
            this.keyInformation = KeyStoreManager.getInstance().getKeyInformation(this.issueCfg.getTrustStoreConfig().getPath(), this.issueCfg.getTrustStoreConfig().getType(), this.issueCfg.getTrustStoreConfig().getPassword().toCharArray(), this.issueCfg.getTrustStoreConfig().getKsRef(), keyAliasForAppliesTo, null, "");
            this.encryptedKey = EncryptedKeyGenerate.generateEncryptedKey(this.requestData, this.keyInformation, false);
            this.symmetricProofKey = this.encryptedKey.getClearKey().getEncoded();
            this.key = this.encryptedKey.getClearKey();
            this.privatekey = this.key;
        } catch (Exception e) {
            throw new SoapSecurityException(e.getMessage(), e.getCause());
        }
    }

    public byte[] getSymmetricProofKey() {
        return this.symmetricProofKey;
    }

    @Override // com.ibm.ws.wssecurity.saml.security.HoKAssertion
    public Key getPrivateOrSharedKey() {
        return this.privatekey;
    }

    public void setPrivateKey(Key key) {
        this.privatekey = key;
    }

    @Override // com.ibm.ws.wssecurity.saml.security.HoKAssertion
    public Key getKey() {
        return this.key;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement getXML() throws SoapSecurityException {
        return this.xml != null ? this.xml : marshal(null);
    }

    @Override // com.ibm.ws.wssecurity.saml.security.HoKAssertion
    public void setXML(OMElement oMElement) {
        this.xml = oMElement;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public OMElement marshal(OMElement oMElement) throws SoapSecurityException {
        OMElement createOMElement;
        if (this.xml != null) {
            return this.xml;
        }
        if (oMElement == null) {
            createOMElement = omFactory.createOMElement("KeyInfo", "http://www.w3.org/2000/09/xmldsig#", "ds");
            createOMElement.declareNamespace("http://www.w3.org/2000/09/xmldsig#", "ds");
        } else {
            createOMElement = oMElement.getOMFactory().createOMElement("KeyInfo", "http://www.w3.org/2000/09/xmldsig#", "ds");
        }
        if (this.requestData == null) {
            throw new SoapSecurityException(clsName + ".requestData: " + ((Object) null));
        }
        String str = this.requestData.getRSTTProperties().get(RequesterConfiguration.RSTT.KEYTYPE);
        if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey".equals(str)) {
            if (this.encryptedKey == null) {
                throw new SoapSecurityException(clsName + ".encryptedKey: " + ((Object) null));
            }
            createOMElement.addChild(this.encryptedKey.getEncryptedKeyElement());
        } else if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey".equals(str)) {
            try {
                createOMElement.addChild(KeyInfoUtil.createKeyInfoContent(this.requestData.getHolderOfKeyKeyInfoType(), this.key, this.keyInformation, null));
            } catch (Exception e) {
                throw new SoapSecurityException(e.getMessage(), e.getCause());
            }
        } else if (tc.isDebugEnabled()) {
            Tr.debug(tc, "no proof key generated for Keyless Assertion.");
        }
        this.xml = createOMElement;
        return createOMElement;
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void unMarshal(OMElement oMElement) throws SoapSecurityException {
        this.xml = oMElement;
        if (this.assertionConsumingCfg == null) {
            return;
        }
        OMElement firstChild2 = DOMUtil.getFirstChild2(oMElement);
        while (true) {
            OMElement oMElement2 = firstChild2;
            if (oMElement2 == null) {
                return;
            }
            if (oMElement2.getType() == 1) {
                OMElement oMElement3 = oMElement2;
                String localName = oMElement3.getLocalName();
                if ("KeyValue".equals(localName)) {
                    try {
                        this.key = ProcessKey.createKey(oMElement3);
                        this.privatekey = null;
                    } catch (Exception e) {
                        throw new SoapSecurityException(e.getMessage(), e.getCause());
                    }
                } else if ("X509Data".equals(localName)) {
                    this.privatekey = null;
                    try {
                        for (OMNode firstChild22 = DOMUtil.getFirstChild2(oMElement3); firstChild22 != null; firstChild22 = DOMUtil.getNextSibling2(firstChild22)) {
                            if (firstChild22.getType() == 1) {
                                OMElement oMElement4 = (OMElement) firstChild22;
                                if (KeyInfoUtil.isDsigElement(oMElement4) && KeyInfoUtil.isDsigElement(oMElement4, "X509Certificate")) {
                                    X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decode(DOMUtil.getStringValue(oMElement3))));
                                    this.key = KeyStoreManager.getInstance().getKeyInformation(x509Certificate).getPublicOrSecretKey();
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "Holder-of-key for " + x509Certificate.getSubjectDN().getName());
                                    }
                                }
                            }
                        }
                    } catch (Exception e2) {
                        throw new SoapSecurityException(e2.getMessage(), e2.getCause());
                    }
                } else if ("EncryptedKey".equals(localName)) {
                    try {
                        this.key = EncryptedKeyConsume.decryptEncryptedKey(oMElement3, this.assertionConsumingCfg);
                        this.symmetricProofKey = this.key.getEncoded();
                        this.privatekey = this.key;
                    } catch (Exception e3) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Fail to decrypt EncryptedKey:" + e3.getMessage());
                        }
                        throw new RuntimeException("Fail to decrypt EncryptedKey");
                    }
                } else {
                    continue;
                }
            }
            firstChild2 = DOMUtil.getNextSibling2(oMElement2);
        }
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public void create() throws SoapSecurityException {
        createHok();
    }

    @Override // com.ibm.ws.wssecurity.saml.common.SAMLObjectElement
    public boolean validate() throws SoapSecurityException {
        return true;
    }

    private static boolean matchClass(Class cls, String str) {
        if (cls.getName().equals(str)) {
            return true;
        }
        Class superclass = cls.getSuperclass();
        if (superclass != null && matchClass(superclass, str)) {
            return true;
        }
        for (Class<?> cls2 : cls.getInterfaces()) {
            if (matchClass(cls2, str)) {
                return true;
            }
        }
        return false;
    }

    private static boolean instanceOf(Object obj, String str) {
        return matchClass(obj.getClass(), str);
    }

    private static String encodeBigInteger(BigInteger bigInteger) {
        byte[] byteArray = bigInteger.toByteArray();
        int i = 0;
        while (byteArray[i] == 0) {
            i++;
        }
        return Base64.encode(byteArray, i, byteArray.length - i);
    }
}
