package org.apache.wss4j.dom.util;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.ext.Attachment;
import org.apache.wss4j.common.ext.AttachmentRequestCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.SOAP11Constants;
import org.apache.wss4j.dom.SOAP12Constants;
import org.apache.wss4j.dom.SOAPConstants;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.HandlerAction;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.message.CallbackLookup;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.JavaUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:org/apache/wss4j/dom/util/WSSecurityUtil.class */
public final class WSSecurityUtil {
    private static final Logger LOG = LoggerFactory.getLogger(WSSecurityUtil.class);

    private WSSecurityUtil() {
    }

    public static Element getSOAPHeader(Document document) {
        return XMLUtils.getDirectChildElement(document.getDocumentElement(), "Header", getSOAPNamespace(document.getDocumentElement()));
    }

    public static Element getSecurityHeader(Document document, String str) throws WSSecurityException {
        Element sOAPHeader = getSOAPHeader(document);
        if (sOAPHeader == null) {
            return null;
        }
        return getSecurityHeader(sOAPHeader, str, "http://www.w3.org/2003/05/soap-envelope".equals(getSOAPNamespace(document.getDocumentElement())));
    }

    public static Element getSecurityHeader(Element element, String str, boolean z) throws WSSecurityException {
        String str2 = "actor";
        String str3 = "http://schemas.xmlsoap.org/soap/envelope/";
        if (z) {
            str2 = "role";
            str3 = "http://www.w3.org/2003/05/soap-envelope";
        }
        Element element2 = null;
        Node firstChild = element.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                return element2;
            }
            if (1 == node.getNodeType() && "Security".equals(node.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(node.getNamespaceURI())) {
                Element element3 = (Element) node;
                Attr attributeNodeNS = element3.getAttributeNodeNS(str3, str2);
                if (!isActorEqual(str, attributeNodeNS != null ? attributeNodeNS.getValue() : null)) {
                    continue;
                } else {
                    if (element2 != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Two or more security headers have the same actor name: " + str);
                        }
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
                    }
                    element2 = element3;
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    public static boolean isActorEqual(String str, String str2) {
        if ((str2 == null || str2.length() == 0) && (str == null || str.length() == 0)) {
            return true;
        }
        return (str2 == null || str == null || !str2.equalsIgnoreCase(str)) ? false : true;
    }

    public static List<Element> getDirectChildElements(Node node, String str, String str2) {
        ArrayList arrayList = new ArrayList();
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return arrayList;
            }
            if (1 == node2.getNodeType() && str.equals(node2.getLocalName()) && str2.equals(node2.getNamespaceURI())) {
                arrayList.add((Element) node2);
            }
            firstChild = node2.getNextSibling();
        }
    }

    public static Element findBodyElement(Document document) {
        Element documentElement = document.getDocumentElement();
        return XMLUtils.getDirectChildElement(documentElement, "Body", documentElement.getNamespaceURI());
    }

    public static List<Element> findElements(WSEncryptionPart wSEncryptionPart, CallbackLookup callbackLookup, Document document) throws WSSecurityException {
        if (wSEncryptionPart.getElement() != null) {
            return Collections.singletonList(wSEncryptionPart.getElement());
        }
        String id = wSEncryptionPart.getId();
        return id != null ? Collections.singletonList(callbackLookup.getElement(id, null, false)) : callbackLookup.getElements(wSEncryptionPart.getName(), wSEncryptionPart.getNamespace());
    }

    public static WSEncryptionPart getDefaultEncryptionPart(Document document) {
        return new WSEncryptionPart("Body", getSOAPNamespace(document.getDocumentElement()), "Content");
    }

    private static Element createElementInSameNamespace(Element element, String str) {
        String str2 = str;
        String prefix = element.getPrefix();
        if (prefix != null && prefix.length() > 0) {
            str2 = prefix + ":" + str;
        }
        return element.getOwnerDocument().createElementNS(element.getNamespaceURI(), str2);
    }

    public static Element prependChildElement(Element element, Element element2) {
        Node firstChild = element.getFirstChild();
        return firstChild == null ? (Element) element.appendChild(element2) : (Element) element.insertBefore(element2, firstChild);
    }

    public static Element findWsseSecurityHeaderBlock(Document document, Element element, boolean z) throws WSSecurityException {
        return findWsseSecurityHeaderBlock(document, element, null, z);
    }

    public static Element findWsseSecurityHeaderBlock(Document document, Element element, String str, boolean z) throws WSSecurityException {
        String sOAPNamespace = getSOAPNamespace(document.getDocumentElement());
        Element directChildElement = XMLUtils.getDirectChildElement(document.getDocumentElement(), "Header", sOAPNamespace);
        if (directChildElement == null) {
            if (!z) {
                return null;
            }
            directChildElement = prependChildElement(element, createElementInSameNamespace(element, "Header"));
        }
        String str2 = "http://www.w3.org/2003/05/soap-envelope".equals(sOAPNamespace) ? "role" : "actor";
        Element element2 = null;
        Node firstChild = directChildElement.getFirstChild();
        while (true) {
            Node node = firstChild;
            if (node == null) {
                if (element2 != null) {
                    return element2;
                }
                if (!z) {
                    return null;
                }
                Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Security");
                createElementNS.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsse", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                return prependChildElement(directChildElement, createElementNS);
            }
            if (1 == node.getNodeType() && "Security".equals(node.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(node.getNamespaceURI())) {
                Element element3 = (Element) node;
                Attr attributeNodeNS = element3.getAttributeNodeNS(sOAPNamespace, str2);
                if (!isActorEqual(str, attributeNodeNS != null ? attributeNodeNS.getValue() : null)) {
                    continue;
                } else {
                    if (element2 != null) {
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("Two or more security headers have the same actor name: " + str);
                        }
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
                    }
                    element2 = element3;
                }
            }
            firstChild = node.getNextSibling();
        }
    }

    public static Text createBase64EncodedTextNode(Document document, byte[] bArr) {
        return document.createTextNode(Base64.encode(bArr));
    }

    public static SOAPConstants getSOAPConstants(Element element) {
        return "http://www.w3.org/2003/05/soap-envelope".equals(element.getOwnerDocument().getDocumentElement().getNamespaceURI()) ? new SOAP12Constants() : new SOAP11Constants();
    }

    public static String getSOAPNamespace(Element element) {
        return getSOAPConstants(element).getEnvelopeURI();
    }

    public static List<Integer> decodeAction(String str) throws WSSecurityException {
        if (str == null) {
            return Collections.emptyList();
        }
        String trim = str.trim();
        if ("".equals(trim)) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        String[] split = trim.split("\\s");
        for (int i = 0; i < split.length && !split[i].equals(WSHandlerConstants.NO_SECURITY); i++) {
            if (split[i].equals("UsernameToken")) {
                arrayList.add(1);
            } else if (split[i].equals("UsernameTokenNoPassword")) {
                arrayList.add(Integer.valueOf(WSConstants.UT_NOPASSWORD));
            } else if (split[i].equals("Signature")) {
                arrayList.add(2);
            } else if (split[i].equals("SignatureDerived")) {
                arrayList.add(Integer.valueOf(WSConstants.DKT_SIGN));
            } else if (split[i].equals("Encrypt")) {
                arrayList.add(4);
            } else if (split[i].equals("EncryptDerived")) {
                arrayList.add(Integer.valueOf(WSConstants.DKT_ENCR));
            } else if (split[i].equals("SAMLTokenUnsigned")) {
                arrayList.add(8);
            } else if (split[i].equals("SAMLTokenSigned")) {
                arrayList.add(16);
            } else if (split[i].equals("Timestamp")) {
                arrayList.add(32);
            } else if (split[i].equals("UsernameTokenSignature")) {
                arrayList.add(64);
            } else if (split[i].equals("enableSignatureConfirmation")) {
                arrayList.add(Integer.valueOf(WSConstants.SC));
            } else {
                if (!split[i].equals("CustomToken")) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Unknown action defined: " + split[i]});
                }
                arrayList.add(Integer.valueOf(WSConstants.CUSTOM_TOKEN));
            }
        }
        return arrayList;
    }

    public static List<HandlerAction> decodeHandlerAction(String str, WSSConfig wSSConfig) throws WSSecurityException {
        if (str == null) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        String[] split = str.split(" ");
        for (int i = 0; i < split.length && !split[i].equals(WSHandlerConstants.NO_SECURITY); i++) {
            if (split[i].equals("UsernameToken")) {
                arrayList.add(new HandlerAction(1));
            } else if (split[i].equals("Signature")) {
                arrayList.add(new HandlerAction(2));
            } else if (split[i].equals("SignatureDerived")) {
                arrayList.add(new HandlerAction(Integer.valueOf(WSConstants.DKT_SIGN)));
            } else if (split[i].equals("Encrypt")) {
                arrayList.add(new HandlerAction(4));
            } else if (split[i].equals("EncryptDerived")) {
                arrayList.add(new HandlerAction(Integer.valueOf(WSConstants.DKT_ENCR)));
            } else if (split[i].equals("SAMLTokenUnsigned")) {
                arrayList.add(new HandlerAction(8));
            } else if (split[i].equals("SAMLTokenSigned")) {
                arrayList.add(new HandlerAction(16));
            } else if (split[i].equals("Timestamp")) {
                arrayList.add(new HandlerAction(32));
            } else if (split[i].equals("UsernameTokenSignature")) {
                arrayList.add(new HandlerAction(64));
            } else if (split[i].equals("enableSignatureConfirmation")) {
                arrayList.add(new HandlerAction(Integer.valueOf(WSConstants.SC)));
            } else {
                try {
                    int parseInt = Integer.parseInt(split[i]);
                    if (wSSConfig.getAction(parseInt) == null) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Unknown action defined: " + split[i]});
                    }
                    arrayList.add(new HandlerAction(Integer.valueOf(parseInt)));
                } catch (NumberFormatException e) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"Unknown action defined: " + split[i]});
                }
            }
        }
        return arrayList;
    }

    public static byte[] generateNonce(int i) throws WSSecurityException {
        try {
            return XMLSecurityConstants.generateBytes(i);
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"Error in generating nonce of length " + i});
        }
    }

    public static void verifySignedElement(Element element, WSDocInfo wSDocInfo) throws WSSecurityException {
        verifySignedElement(element, wSDocInfo.getResultsByTag(2));
    }

    public static void verifySignedElement(Element element, List<WSSecurityEngineResult> list) throws WSSecurityException {
        if (list != null) {
            Iterator<WSSecurityEngineResult> it = list.iterator();
            while (it.hasNext()) {
                List list2 = (List) it.next().get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
                if (list2 != null) {
                    Iterator it2 = list2.iterator();
                    while (it2.hasNext()) {
                        if (isElementOrAncestorSigned(element, ((WSDataRef) it2.next()).getProtectedElement())) {
                            return;
                        }
                    }
                }
            }
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "requiredElementNotSigned", new Object[]{element});
    }

    private static boolean isElementOrAncestorSigned(Element element, Element element2) throws WSSecurityException {
        Element documentElement = element.getOwnerDocument().getDocumentElement();
        Node node = element;
        while (true) {
            Node node2 = node;
            if (node2.isSameNode(documentElement)) {
                return false;
            }
            if (node2.getNodeType() == 1 && node2.equals(element2)) {
                return true;
            }
            node = node2.getParentNode();
        }
    }

    public static byte[] getBytesFromAttachment(String str, RequestData requestData) throws WSSecurityException {
        CallbackHandler attachmentCallbackHandler = requestData.getAttachmentCallbackHandler();
        if (attachmentCallbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        }
        String substring = str.substring("cid:".length());
        AttachmentRequestCallback attachmentRequestCallback = new AttachmentRequestCallback();
        attachmentRequestCallback.setAttachmentId(substring);
        try {
            attachmentCallbackHandler.handle(new Callback[]{attachmentRequestCallback});
            List attachments = attachmentRequestCallback.getAttachments();
            if (attachments == null || attachments.isEmpty() || !substring.equals(((Attachment) attachments.get(0)).getId())) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "empty", new Object[]{"Attachment not found"});
            }
            return JavaUtils.getBytesFromStream(((Attachment) attachments.get(0)).getSourceStream());
        } catch (IOException | UnsupportedCallbackException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, e);
        }
    }
}
