package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.Vector;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.i18n.Message;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.helpers.MapNamespaceContext;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.policy.PolicyAssertion;
import org.apache.cxf.ws.policy.PolicyException;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.policy.SP12Constants;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Binding;
import org.apache.cxf.ws.security.policy.model.Header;
import org.apache.cxf.ws.security.policy.model.IssuedToken;
import org.apache.cxf.ws.security.policy.model.KeyValueToken;
import org.apache.cxf.ws.security.policy.model.Layout;
import org.apache.cxf.ws.security.policy.model.SecureConversationToken;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedElements;
import org.apache.cxf.ws.security.policy.model.SignedEncryptedParts;
import org.apache.cxf.ws.security.policy.model.SupportingToken;
import org.apache.cxf.ws.security.policy.model.SymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
import org.apache.cxf.ws.security.policy.model.UsernameToken;
import org.apache.cxf.ws.security.policy.model.Wss10;
import org.apache.cxf.ws.security.policy.model.Wss11;
import org.apache.cxf.ws.security.policy.model.X509Token;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.tika.parser.chm.core.ChmConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecBase;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecSignatureConfirmation;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/cxf-2.2.2-patched.jar:org/apache/cxf/ws/security/wss4j/policyhandlers/AbstractBindingBuilder.class */
public abstract class AbstractBindingBuilder {
    public static final String CRYPTO_CACHE = "ws-security.crypto.cache";
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractBindingBuilder.class);
    protected SOAPMessage saaj;
    protected WSSecHeader secHeader;
    protected AssertionInfoMap aim;
    protected Binding binding;
    protected SoapMessage message;
    protected WSSecTimestamp timestampEl;
    protected String mainSigId;
    protected Map<Token, WSSecBase> endEncSuppTokMap;
    protected Map<Token, WSSecBase> endSuppTokMap;
    protected Map<Token, WSSecBase> sgndEndEncSuppTokMap;
    protected Map<Token, WSSecBase> sgndEndSuppTokMap;
    Element lastSupportingTokenElement;
    Element lastEncryptedKeyElement;
    Element lastDerivedKeyElement;
    Element bottomUpElement;
    Element topDownElement;
    protected SPConstants.ProtectionOrder protectionOrder = SPConstants.ProtectionOrder.SignBeforeEncrypting;
    protected Set<String> encryptedTokensIdList = new HashSet();
    protected Vector<byte[]> signatures = new Vector<>();

    public AbstractBindingBuilder(Binding binding, SOAPMessage sOAPMessage, WSSecHeader wSSecHeader, AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        this.binding = binding;
        this.aim = assertionInfoMap;
        this.secHeader = wSSecHeader;
        this.saaj = sOAPMessage;
        this.message = soapMessage;
        soapMessage.getExchange().put(WSHandlerConstants.SEND_SIGV, this.signatures);
    }

    private void insertAfter(Element element, Element element2) {
        if (element2.getNextSibling() == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, element2.getNextSibling());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addDerivedKeyElement(Element element) {
        if (this.lastDerivedKeyElement != null) {
            insertAfter(element, this.lastDerivedKeyElement);
        } else if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastEncryptedKeyElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addEncyptedKeyElement(Element element) {
        if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.lastDerivedKeyElement != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.lastDerivedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastEncryptedKeyElement = element;
    }

    protected void addSupportingElement(Element element) {
        if (this.lastSupportingTokenElement != null) {
            insertAfter(element, this.lastSupportingTokenElement);
        } else if (this.lastDerivedKeyElement != null) {
            insertAfter(element, this.lastDerivedKeyElement);
        } else if (this.lastEncryptedKeyElement != null) {
            insertAfter(element, this.lastEncryptedKeyElement);
        } else if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.bottomUpElement != null) {
            this.secHeader.getSecurityHeader().insertBefore(element, this.bottomUpElement);
        } else {
            this.secHeader.getSecurityHeader().appendChild(element);
        }
        this.lastSupportingTokenElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void insertBeforeBottomUp(Element element) {
        if (this.bottomUpElement == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, this.bottomUpElement);
        }
        this.bottomUpElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTopDownElement(Element element) {
        if (this.topDownElement != null) {
            insertAfter(element, this.topDownElement);
        } else if (this.secHeader.getSecurityHeader().getFirstChild() == null) {
            this.secHeader.getSecurityHeader().appendChild(element);
        } else {
            this.secHeader.getSecurityHeader().insertBefore(element, this.secHeader.getSecurityHeader().getFirstChild());
        }
        this.topDownElement = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isRequestor() {
        return MessageUtils.isRequestor(this.message);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void policyNotAsserted(PolicyAssertion policyAssertion, Exception exc) {
        if (policyAssertion == null) {
            return;
        }
        LOG.log(Level.FINE, "Not asserting " + policyAssertion.getName() + ": " + exc);
        Collection<AssertionInfo> collection = this.aim.get(policyAssertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == policyAssertion) {
                    assertionInfo.setNotAsserted(exc.getMessage());
                }
            }
        }
        throw new PolicyException(exc);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void policyNotAsserted(PolicyAssertion policyAssertion, String str) {
        if (policyAssertion == null) {
            return;
        }
        LOG.log(Level.FINE, "Not asserting " + policyAssertion.getName() + ": " + str);
        Collection<AssertionInfo> collection = this.aim.get(policyAssertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == policyAssertion) {
                    assertionInfo.setNotAsserted(str);
                }
            }
        }
        if (!policyAssertion.isOptional()) {
            throw new PolicyException(new Message(str, LOG, new Object[0]));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void policyAsserted(PolicyAssertion policyAssertion) {
        if (policyAssertion == null) {
            return;
        }
        LOG.log(Level.FINE, "Asserting " + policyAssertion.getName());
        Collection<AssertionInfo> collection = this.aim.get(policyAssertion.getName());
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                if (assertionInfo.getAssertion() == policyAssertion) {
                    assertionInfo.setAsserted(true);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void policyAsserted(QName qName) {
        Collection<AssertionInfo> assertionInfo = this.aim.getAssertionInfo(qName);
        if (assertionInfo == null || assertionInfo.isEmpty()) {
            return;
        }
        Iterator<AssertionInfo> it = assertionInfo.iterator();
        while (it.hasNext()) {
            it.next().setAsserted(true);
        }
    }

    protected Collection<PolicyAssertion> findAndAssertPolicy(QName qName) {
        Collection<AssertionInfo> assertionInfo = this.aim.getAssertionInfo(qName);
        if (assertionInfo == null || assertionInfo.isEmpty()) {
            return null;
        }
        ArrayList arrayList = new ArrayList(assertionInfo.size());
        for (AssertionInfo assertionInfo2 : assertionInfo) {
            assertionInfo2.setAsserted(true);
            arrayList.add(assertionInfo2.getAssertion());
        }
        return arrayList;
    }

    protected final Map<Object, Crypto> getCryptoCache() {
        Map<Object, Crypto> map;
        EndpointInfo endpointInfo = ((Endpoint) this.message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            Map<Object, Crypto> cast = CastUtils.cast((Map<?, ?>) this.message.getContextualProperty(CRYPTO_CACHE));
            if (cast == null) {
                cast = new ConcurrentHashMap();
                endpointInfo.setProperty(CRYPTO_CACHE, cast);
            }
            map = cast;
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final TokenStore getTokenStore() {
        TokenStore tokenStore;
        EndpointInfo endpointInfo = ((Endpoint) this.message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            TokenStore tokenStore2 = (TokenStore) this.message.getContextualProperty(TokenStore.class.getName());
            if (tokenStore2 == null) {
                tokenStore2 = new MemoryTokenStore();
                endpointInfo.setProperty(TokenStore.class.getName(), tokenStore2);
            }
            tokenStore = tokenStore2;
        }
        return tokenStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecTimestamp createTimestamp() {
        Collection<AssertionInfo> collection = this.aim.get(SP12Constants.INCLUDE_TIMESTAMP);
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                this.timestampEl = new WSSecTimestamp();
                this.timestampEl.prepare(this.saaj.getSOAPPart());
                assertionInfo.setAsserted(true);
            }
        }
        return this.timestampEl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecTimestamp handleLayout(WSSecTimestamp wSSecTimestamp) {
        Collection<AssertionInfo> collection = this.aim.get(SP12Constants.LAYOUT);
        if (collection != null) {
            for (AssertionInfo assertionInfo : collection) {
                Layout layout = (Layout) assertionInfo.getAssertion();
                assertionInfo.setAsserted(true);
                if (SPConstants.Layout.LaxTimestampLast == layout.getValue()) {
                    if (wSSecTimestamp == null) {
                        assertionInfo.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
                    } else {
                        assertionInfo.setAsserted(true);
                        Element element = wSSecTimestamp.getElement();
                        this.secHeader.getSecurityHeader().appendChild(element);
                        if (this.bottomUpElement == null) {
                            this.bottomUpElement = element;
                        }
                    }
                } else if (SPConstants.Layout.LaxTimestampFirst == layout.getValue()) {
                    if (wSSecTimestamp == null) {
                        assertionInfo.setNotAsserted(SPConstants.Layout.LaxTimestampLast + " requires a timestamp");
                    } else {
                        addTopDownElement(this.timestampEl.getElement());
                    }
                } else if (this.timestampEl != null) {
                    addTopDownElement(this.timestampEl.getElement());
                }
            }
        } else if (this.timestampEl != null) {
            addTopDownElement(this.timestampEl.getElement());
        }
        return wSSecTimestamp;
    }

    protected void assertSupportingTokens(Collection<PolicyAssertion> collection) {
        if (collection == null) {
            return;
        }
        for (PolicyAssertion policyAssertion : collection) {
            if (policyAssertion instanceof SupportingToken) {
                Iterator<Token> it = ((SupportingToken) policyAssertion).getTokens().iterator();
                while (it.hasNext()) {
                    policyAsserted(it.next());
                }
            }
        }
    }

    protected Map<Token, WSSecBase> handleSupportingTokens(Collection<PolicyAssertion> collection, boolean z) {
        HashMap hashMap = new HashMap();
        if (collection != null) {
            for (PolicyAssertion policyAssertion : collection) {
                if (policyAssertion instanceof SupportingToken) {
                    handleSupportingTokens((SupportingToken) policyAssertion, z, hashMap);
                }
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<Token, WSSecBase> handleSupportingTokens(SupportingToken supportingToken, boolean z) {
        return handleSupportingTokens(supportingToken, z, new HashMap());
    }

    protected Map<Token, WSSecBase> handleSupportingTokens(SupportingToken supportingToken, boolean z, Map<Token, WSSecBase> map) {
        if (supportingToken == null) {
            return map;
        }
        for (Token token : supportingToken.getTokens()) {
            if (token instanceof UsernameToken) {
                WSSecUsernameToken addUsernameToken = addUsernameToken((UsernameToken) token);
                if (addUsernameToken != null) {
                    addUsernameToken.prepare(this.saaj.getSOAPPart());
                    addSupportingElement(addUsernameToken.getUsernameTokenElement());
                    map.put(token, addUsernameToken);
                    this.encryptedTokensIdList.add(addUsernameToken.getId());
                }
            } else if (isRequestor() && ((token instanceof IssuedToken) || (token instanceof SecureConversationToken))) {
                SecurityToken securityToken = getSecurityToken();
                if (securityToken == null) {
                    policyNotAsserted(token, "Could not find IssuedToken");
                }
                addSupportingElement(cloneElement(securityToken.getToken()));
                if (supportingToken.isEncryptedToken()) {
                    this.encryptedTokensIdList.add(securityToken.getId());
                }
                if (securityToken.getX509Certificate() == null) {
                    map.put(token, new WSSecurityTokenHolder(securityToken));
                } else {
                    WSSecSignature wSSecSignature = new WSSecSignature();
                    wSSecSignature.setX509Certificate(securityToken.getX509Certificate());
                    wSSecSignature.setCustomTokenId(securityToken.getId());
                    wSSecSignature.setKeyIdentifierType(12);
                    if (securityToken.getTokenType() == null) {
                        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
                    } else {
                        wSSecSignature.setCustomTokenValueType(securityToken.getTokenType());
                    }
                    wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
                    wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getInclusiveC14n());
                    try {
                        String certificateAlias = securityToken.getCrypto().getKeyStore().getCertificateAlias(securityToken.getX509Certificate());
                        String password = getPassword(certificateAlias, token, 3);
                        if (password == null) {
                            password = "";
                        }
                        wSSecSignature.setUserInfo(certificateAlias, password);
                        try {
                            wSSecSignature.prepare(this.saaj.getSOAPPart(), securityToken.getCrypto(), this.secHeader);
                            if (supportingToken.isEncryptedToken()) {
                                this.encryptedTokensIdList.add(wSSecSignature.getBSTTokenId());
                            }
                            map.put(token, wSSecSignature);
                        } catch (WSSecurityException e) {
                            throw new Fault((Throwable) e);
                        }
                    } catch (KeyStoreException e2) {
                        throw new Fault(e2);
                    }
                }
            } else if (token instanceof X509Token) {
                WSSecSignature signatureBuider = getSignatureBuider(supportingToken, token, z);
                if (signatureBuider.getBinarySecurityTokenElement() != null) {
                    signatureBuider.prependBSTElementToHeader(this.secHeader);
                }
                if (supportingToken.isEncryptedToken()) {
                    this.encryptedTokensIdList.add(signatureBuider.getBSTTokenId());
                }
                map.put(token, signatureBuider);
            } else if (token instanceof KeyValueToken) {
                WSSecSignature signatureBuider2 = getSignatureBuider(supportingToken, token, z);
                if (supportingToken.isEncryptedToken()) {
                    this.encryptedTokensIdList.add(signatureBuider2.getBSTTokenId());
                }
                map.put(token, signatureBuider2);
            }
        }
        return map;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element cloneElement(Element element) {
        return (Element) this.secHeader.getSecurityHeader().getOwnerDocument().importNode(element, true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityToken getSecurityToken() {
        String str;
        SecurityToken securityToken = (SecurityToken) this.message.getContextualProperty(SecurityConstants.TOKEN);
        if (securityToken == null && (str = (String) this.message.getContextualProperty(SecurityConstants.TOKEN_ID)) != null) {
            securityToken = getTokenStore().getToken(str);
        }
        getTokenStore().add(securityToken);
        return securityToken;
    }

    protected void addSignatureParts(Map<Token, WSSecBase> map, List<WSEncryptionPart> list) {
        for (Map.Entry<Token, WSSecBase> entry : map.entrySet()) {
            WSSecBase value = entry.getValue();
            WSEncryptionPart wSEncryptionPart = null;
            if (value instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) value;
                if (wSSecSignature.getBSTTokenId() != null) {
                    wSEncryptionPart = new WSEncryptionPart(wSSecSignature.getBSTTokenId());
                }
            } else if (value instanceof WSSecUsernameToken) {
                wSEncryptionPart = new WSEncryptionPart(((WSSecUsernameToken) value).getId());
            } else {
                policyNotAsserted(entry.getKey(), "UnsupportedTokenInSupportingToken: " + value);
            }
            if (wSEncryptionPart != null) {
                list.add(wSEncryptionPart);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecUsernameToken addUsernameToken(UsernameToken usernameToken) {
        AssertionInfo assertionInfo = null;
        for (AssertionInfo assertionInfo2 : this.aim.getAssertionInfo(usernameToken.getName())) {
            if (assertionInfo2.getAssertion() == usernameToken) {
                assertionInfo = assertionInfo2;
                if (!isRequestor()) {
                    assertionInfo.setAsserted(true);
                    return null;
                }
            }
        }
        String str = (String) this.message.getContextualProperty(SecurityConstants.USERNAME);
        if (StringUtils.isEmpty(str)) {
            policyNotAsserted(usernameToken, "No username available");
            return null;
        }
        if (usernameToken.isNoPassword()) {
            WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
            wSSecUsernameToken.setUserInfo(str, null);
            wSSecUsernameToken.setPasswordType(null);
            assertionInfo.setAsserted(true);
            return wSSecUsernameToken;
        }
        String str2 = (String) this.message.getContextualProperty(SecurityConstants.PASSWORD);
        if (StringUtils.isEmpty(str2)) {
            str2 = getPassword(str, usernameToken, 2);
        }
        if (StringUtils.isEmpty(str2)) {
            policyNotAsserted(usernameToken, "No username available");
            return null;
        }
        WSSecUsernameToken wSSecUsernameToken2 = new WSSecUsernameToken();
        if (usernameToken.isHashPassword()) {
            wSSecUsernameToken2.setPasswordType(WSConstants.PASSWORD_DIGEST);
        } else {
            wSSecUsernameToken2.setPasswordType(WSConstants.PASSWORD_TEXT);
        }
        wSSecUsernameToken2.setUserInfo(str, str2);
        assertionInfo.setAsserted(true);
        return wSSecUsernameToken2;
    }

    public String getPassword(String str, PolicyAssertion policyAssertion, int i) {
        Object contextualProperty = this.message.getContextualProperty(SecurityConstants.CALLBACK_HANDLER);
        CallbackHandler callbackHandler = null;
        if (contextualProperty instanceof CallbackHandler) {
            callbackHandler = (CallbackHandler) contextualProperty;
        } else if (contextualProperty instanceof String) {
            try {
                callbackHandler = (CallbackHandler) ClassLoaderUtils.loadClass((String) contextualProperty, getClass()).newInstance();
            } catch (Exception e) {
                callbackHandler = null;
            }
        }
        if (callbackHandler == null) {
            policyNotAsserted(policyAssertion, "No callback handler and no password available");
            return null;
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str, i)};
        try {
            callbackHandler.handle(wSPasswordCallbackArr);
        } catch (Exception e2) {
            policyNotAsserted(policyAssertion, e2);
        }
        return wSPasswordCallbackArr[0].getPassword();
    }

    public String addWsuIdToElement(Element element) {
        String str;
        Attr attributeNode = element.getAttributeNode("Id");
        if (attributeNode == null) {
            attributeNode = element.getAttributeNodeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        }
        if (attributeNode != null) {
            str = attributeNode.getValue();
        } else {
            str = "Id-" + element.hashCode();
            String lookupPrefix = element.lookupPrefix("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
            boolean z = !StringUtils.isEmpty(lookupPrefix);
            int i = 0;
            while (StringUtils.isEmpty(lookupPrefix)) {
                lookupPrefix = "wsu" + (i == 0 ? "" : Integer.valueOf(i));
                if (!StringUtils.isEmpty(element.lookupNamespaceURI(lookupPrefix))) {
                    lookupPrefix = null;
                    i++;
                }
            }
            if (!z) {
                Attr createAttributeNS = element.getOwnerDocument().createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + lookupPrefix);
                createAttributeNS.setValue("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
                element.setAttributeNodeNS(createAttributeNS);
            }
            Attr createAttributeNS2 = element.getOwnerDocument().createAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", lookupPrefix + ":Id");
            createAttributeNS2.setValue(str);
            element.setAttributeNodeNS(createAttributeNS2);
        }
        return str;
    }

    public Vector<WSEncryptionPart> getEncryptedParts() throws SOAPException {
        boolean z = false;
        SignedEncryptedParts signedEncryptedParts = null;
        SignedEncryptedElements signedEncryptedElements = null;
        Collection<AssertionInfo> assertionInfo = this.aim.getAssertionInfo(SP12Constants.ENCRYPTED_PARTS);
        if (assertionInfo != null) {
            for (AssertionInfo assertionInfo2 : assertionInfo) {
                signedEncryptedParts = (SignedEncryptedParts) assertionInfo2.getAssertion();
                assertionInfo2.setAsserted(true);
            }
        }
        Collection<AssertionInfo> assertionInfo3 = this.aim.getAssertionInfo(SP12Constants.ENCRYPTED_ELEMENTS);
        if (assertionInfo3 != null) {
            for (AssertionInfo assertionInfo4 : assertionInfo3) {
                signedEncryptedElements = (SignedEncryptedElements) assertionInfo4.getAssertion();
                assertionInfo4.setAsserted(true);
            }
        }
        ArrayList arrayList = new ArrayList();
        if (signedEncryptedParts != null) {
            z = signedEncryptedParts.isBody();
            for (Header header : signedEncryptedParts.getHeaders()) {
                arrayList.add(new WSEncryptionPart(header.getName(), header.getNamespace(), ChmConstants.CONTENT));
            }
        }
        return getPartsAndElements(false, z, arrayList, signedEncryptedElements == null ? null : signedEncryptedElements.getXPathExpressions(), signedEncryptedElements == null ? null : signedEncryptedElements.getDeclaredNamespaces());
    }

    public Vector<WSEncryptionPart> getSignedParts() throws SOAPException {
        boolean z = false;
        SignedEncryptedParts signedEncryptedParts = null;
        SignedEncryptedElements signedEncryptedElements = null;
        Collection<AssertionInfo> assertionInfo = this.aim.getAssertionInfo(SP12Constants.SIGNED_PARTS);
        if (assertionInfo != null) {
            for (AssertionInfo assertionInfo2 : assertionInfo) {
                signedEncryptedParts = (SignedEncryptedParts) assertionInfo2.getAssertion();
                assertionInfo2.setAsserted(true);
            }
        }
        Collection<AssertionInfo> assertionInfo3 = this.aim.getAssertionInfo(SP12Constants.SIGNED_ELEMENTS);
        if (assertionInfo3 != null) {
            for (AssertionInfo assertionInfo4 : assertionInfo3) {
                signedEncryptedElements = (SignedEncryptedElements) assertionInfo4.getAssertion();
                assertionInfo4.setAsserted(true);
            }
        }
        ArrayList arrayList = new ArrayList();
        if (signedEncryptedParts != null) {
            z = signedEncryptedParts.isBody();
            for (Header header : signedEncryptedParts.getHeaders()) {
                arrayList.add(new WSEncryptionPart(header.getName(), header.getNamespace(), ChmConstants.CONTENT));
            }
        }
        return getPartsAndElements(true, z, arrayList, signedEncryptedElements == null ? null : signedEncryptedElements.getXPathExpressions(), signedEncryptedElements == null ? null : signedEncryptedElements.getDeclaredNamespaces());
    }

    public Vector<WSEncryptionPart> getPartsAndElements(boolean z, boolean z2, List<WSEncryptionPart> list, List<String> list2, Map<String, String> map) throws SOAPException {
        Vector<WSEncryptionPart> vector = new Vector<>();
        ArrayList arrayList = new ArrayList();
        if (z2) {
            if (z) {
                vector.add(new WSEncryptionPart(addWsuIdToElement(this.saaj.getSOAPBody()), (String) null, 2));
            } else {
                vector.add(new WSEncryptionPart(addWsuIdToElement(this.saaj.getSOAPBody()), ChmConstants.CONTENT, 2));
            }
            arrayList.add(this.saaj.getSOAPBody());
        }
        SOAPHeader sOAPHeader = this.saaj.getSOAPHeader();
        for (WSEncryptionPart wSEncryptionPart : list) {
            if (StringUtils.isEmpty(wSEncryptionPart.getName())) {
                Element firstElement = DOMUtils.getFirstElement(sOAPHeader);
                while (firstElement != null) {
                    if (wSEncryptionPart.getNamespace().equals(firstElement.getNamespaceURI()) && !arrayList.contains(firstElement)) {
                        arrayList.add(firstElement);
                        if (z) {
                            vector.add(new WSEncryptionPart(firstElement.getLocalName(), wSEncryptionPart.getNamespace(), ChmConstants.CONTENT, 1));
                        } else {
                            WSEncryptionPart wSEncryptionPart2 = new WSEncryptionPart(firstElement.getLocalName(), wSEncryptionPart.getNamespace(), "Element", 1);
                            String attributeNS = firstElement.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                            if (!StringUtils.isEmpty(attributeNS)) {
                                wSEncryptionPart2.setEncId(attributeNS);
                            }
                            vector.add(wSEncryptionPart2);
                        }
                    }
                }
                DOMUtils.getNextElement(firstElement);
            } else {
                Element firstElement2 = DOMUtils.getFirstElement(sOAPHeader);
                while (true) {
                    Element element = firstElement2;
                    if (element != null) {
                        if (wSEncryptionPart.getName().equals(element.getLocalName()) && wSEncryptionPart.getNamespace().equals(element.getNamespaceURI()) && !arrayList.contains(element)) {
                            arrayList.add(element);
                            wSEncryptionPart.setType(1);
                            String attributeNS2 = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                            if (!StringUtils.isEmpty(attributeNS2)) {
                                wSEncryptionPart.setEncId(attributeNS2);
                            }
                            vector.add(wSEncryptionPart);
                        }
                        firstElement2 = DOMUtils.getNextElement(element);
                    }
                }
            }
        }
        if (list2 != null && !list2.isEmpty()) {
            XPathFactory newInstance = XPathFactory.newInstance();
            for (String str : list2) {
                XPath newXPath = newInstance.newXPath();
                if (map != null) {
                    newXPath.setNamespaceContext(new MapNamespaceContext(map));
                }
                try {
                    NodeList nodeList = (NodeList) newXPath.evaluate(str, this.saaj.getSOAPPart().getEnvelope(), XPathConstants.NODESET);
                    for (int i = 0; i < nodeList.getLength(); i++) {
                        Element element2 = (Element) nodeList.item(i);
                        if (z) {
                            vector.add(new WSEncryptionPart(element2.getLocalName(), element2.getNamespaceURI(), ChmConstants.CONTENT, 3));
                        } else {
                            WSEncryptionPart wSEncryptionPart3 = new WSEncryptionPart(element2.getLocalName(), element2.getNamespaceURI(), "Element", 3);
                            String attributeNS3 = element2.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                            if (!StringUtils.isEmpty(attributeNS3)) {
                                wSEncryptionPart3.setEncId(attributeNS3);
                            }
                            vector.add(wSEncryptionPart3);
                        }
                    }
                } catch (XPathExpressionException e) {
                }
            }
        }
        return vector;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecEncryptedKey getEncryptedKeyBuilder(TokenWrapper tokenWrapper, Token token) throws WSSecurityException {
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        Crypto encryptionCrypto = getEncryptionCrypto(tokenWrapper);
        this.message.getExchange().put(SecurityConstants.ENCRYPT_CRYPTO, encryptionCrypto);
        setKeyIdentifierType(wSSecEncryptedKey, tokenWrapper, token);
        setEncryptionUser(wSSecEncryptedKey, tokenWrapper, false, encryptionCrypto);
        wSSecEncryptedKey.setKeySize(this.binding.getAlgorithmSuite().getMaximumSymmetricKeyLength());
        wSSecEncryptedKey.setKeyEncAlgo(this.binding.getAlgorithmSuite().getAsymmetricKeyWrap());
        wSSecEncryptedKey.prepare(this.saaj.getSOAPPart(), encryptionCrypto);
        return wSSecEncryptedKey;
    }

    public Crypto getSignatureCrypto(TokenWrapper tokenWrapper) {
        return getCrypto(tokenWrapper, SecurityConstants.SIGNATURE_CRYPTO, SecurityConstants.SIGNATURE_PROPERTIES);
    }

    public Crypto getEncryptionCrypto(TokenWrapper tokenWrapper) {
        return getCrypto(tokenWrapper, SecurityConstants.ENCRYPT_CRYPTO, SecurityConstants.ENCRYPT_PROPERTIES);
    }

    public Crypto getCrypto(TokenWrapper tokenWrapper, String str, String str2) {
        Crypto crypto = (Crypto) this.message.getContextualProperty(str);
        if (crypto != null) {
            return crypto;
        }
        Object contextualProperty = this.message.getContextualProperty(str2);
        if (contextualProperty == null) {
            return null;
        }
        Crypto crypto2 = getCryptoCache().get(contextualProperty);
        if (crypto2 != null) {
            return crypto2;
        }
        Properties properties = null;
        if (contextualProperty instanceof Properties) {
            properties = (Properties) contextualProperty;
        } else if (contextualProperty instanceof String) {
            URL url = (URL) ((ResourceManager) ((Bus) this.message.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) contextualProperty, URL.class);
            if (url == null) {
                try {
                    url = ClassLoaderUtils.getResource((String) contextualProperty, getClass());
                } catch (IOException e) {
                    policyNotAsserted(tokenWrapper, e);
                }
            }
            if (url != null) {
                InputStream openStream = url.openStream();
                properties = new Properties();
                properties.load(openStream);
                openStream.close();
            } else {
                policyNotAsserted(tokenWrapper, "Could not find properties file " + contextualProperty);
            }
        } else if (contextualProperty instanceof URL) {
            properties = new Properties();
            try {
                InputStream openStream2 = ((URL) contextualProperty).openStream();
                properties.load(openStream2);
                openStream2.close();
            } catch (IOException e2) {
                policyNotAsserted(tokenWrapper, e2);
            }
        }
        if (properties != null) {
            crypto2 = CryptoFactory.getInstance(properties);
            getCryptoCache().put(contextualProperty, crypto2);
        }
        return crypto2;
    }

    public void setKeyIdentifierType(WSSecBase wSSecBase, TokenWrapper tokenWrapper, Token token) {
        if (token.getInclusion() != SPConstants.IncludeTokenType.INCLUDE_TOKEN_NEVER) {
            policyAsserted(token);
            policyAsserted(tokenWrapper);
            wSSecBase.setKeyIdentifierType(1);
            return;
        }
        boolean z = false;
        if (token instanceof X509Token) {
            X509Token x509Token = (X509Token) token;
            if (x509Token.isRequireIssuerSerialReference()) {
                wSSecBase.setKeyIdentifierType(2);
                z = true;
            } else if (x509Token.isRequireKeyIdentifierReference()) {
                wSSecBase.setKeyIdentifierType(4);
                z = true;
            } else if (x509Token.isRequireThumbprintReference()) {
                wSSecBase.setKeyIdentifierType(8);
                z = true;
            }
        } else if (token instanceof KeyValueToken) {
            wSSecBase.setKeyIdentifierType(13);
            z = true;
        }
        if (z) {
            return;
        }
        policyAsserted(token);
        policyAsserted(tokenWrapper);
        Wss10 wss10 = getWss10();
        policyAsserted(wss10);
        if (wss10.isMustSupportRefKeyIdentifier()) {
            wSSecBase.setKeyIdentifierType(4);
            return;
        }
        if (wss10.isMustSupportRefIssuerSerial()) {
            wSSecBase.setKeyIdentifierType(2);
        } else if ((wss10 instanceof Wss11) && ((Wss11) wss10).isMustSupportRefThumbprint()) {
            wSSecBase.setKeyIdentifierType(8);
        }
    }

    public void setEncryptionUser(WSSecEncryptedKey wSSecEncryptedKey, TokenWrapper tokenWrapper, boolean z, Crypto crypto) {
        String str = (String) this.message.getContextualProperty(z ? SecurityConstants.SIGNATURE_USERNAME : SecurityConstants.ENCRYPT_USERNAME);
        if (crypto != null) {
            if (str == null) {
                str = crypto.getDefaultX509Alias();
            }
            if (str == null) {
                try {
                    Enumeration<String> aliases = crypto.getKeyStore().aliases();
                    if (aliases.hasMoreElements()) {
                        str = aliases.nextElement();
                    }
                    if (aliases.hasMoreElements()) {
                        str = null;
                    }
                } catch (KeyStoreException e) {
                }
            }
        } else if (str == null || "".equals(str)) {
            policyNotAsserted(tokenWrapper, "No " + (z ? "signature" : "encryption") + " crypto object found.");
        }
        if (str == null || "".equals(str)) {
            policyNotAsserted(tokenWrapper, "No " + (z ? "signature" : "encryption") + " username found.");
        }
        if (!WSHandlerConstants.USE_REQ_SIG_CERT.equals(str)) {
            wSSecEncryptedKey.setUserInfo(str);
            return;
        }
        Object obj = this.message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
        if (obj == null) {
            policyNotAsserted(tokenWrapper, "No security results in incoming message");
            return;
        }
        wSSecEncryptedKey.setUseThisCert(getReqSigCert((Vector) obj));
        if (wSSecEncryptedKey.isCertSet()) {
            wSSecEncryptedKey.setUserInfo(getUsername((Vector) obj));
        }
    }

    private static X509Certificate getReqSigCert(Vector vector) {
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 2) {
                    return (X509Certificate) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATE);
                }
            }
        }
        return null;
    }

    public static String getUsername(Vector vector) {
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                if (((Integer) wSSecurityEngineResult.get("action")).intValue() == 1) {
                    return ((WSUsernameTokenPrincipal) wSSecurityEngineResult.get("principal")).getName();
                }
            }
        }
        return null;
    }

    protected Wss10 getWss10() {
        Collection<AssertionInfo> assertionInfo = this.aim.getAssertionInfo(SP12Constants.WSS10);
        if (assertionInfo != null) {
            Iterator<AssertionInfo> it = assertionInfo.iterator();
            if (it.hasNext()) {
                return (Wss10) it.next().getAssertion();
            }
        }
        Collection<AssertionInfo> assertionInfo2 = this.aim.getAssertionInfo(SP12Constants.WSS11);
        if (assertionInfo2 == null) {
            return null;
        }
        Iterator<AssertionInfo> it2 = assertionInfo2.iterator();
        if (it2.hasNext()) {
            return (Wss10) it2.next().getAssertion();
        }
        return null;
    }

    private void checkForX509PkiPath(WSSecSignature wSSecSignature, Token token) {
        if (token instanceof X509Token) {
            X509Token x509Token = (X509Token) token;
            if (x509Token.getTokenVersionAndType().equals(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN10) || x509Token.getTokenVersionAndType().equals(SPConstants.WSS_X509_PKI_PATH_V1_TOKEN11)) {
                wSSecSignature.setUseSingleCertificate(false);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuider(TokenWrapper tokenWrapper, Token token, boolean z) {
        WSSecSignature wSSecSignature = new WSSecSignature();
        checkForX509PkiPath(wSSecSignature, token);
        setKeyIdentifierType(wSSecSignature, tokenWrapper, token);
        boolean z2 = false;
        String str = SecurityConstants.SIGNATURE_USERNAME;
        if ((this.binding instanceof SymmetricBinding) && !z) {
            z2 = ((SymmetricBinding) this.binding).getProtectionToken() != null;
            str = SecurityConstants.ENCRYPT_USERNAME;
        }
        Crypto encryptionCrypto = z2 ? getEncryptionCrypto(tokenWrapper) : getSignatureCrypto(tokenWrapper);
        if (z && encryptionCrypto == null && (this.binding instanceof SymmetricBinding)) {
            str = SecurityConstants.ENCRYPT_USERNAME;
            encryptionCrypto = getEncryptionCrypto(tokenWrapper);
        }
        if (!z) {
            this.message.getExchange().put(SecurityConstants.SIGNATURE_CRYPTO, encryptionCrypto);
        }
        String str2 = (String) this.message.getContextualProperty(str);
        if (encryptionCrypto != null) {
            if (StringUtils.isEmpty(str2)) {
                str2 = encryptionCrypto.getDefaultX509Alias();
            }
            if (str2 == null) {
                try {
                    Enumeration<String> aliases = encryptionCrypto.getKeyStore().aliases();
                    if (aliases.hasMoreElements()) {
                        str2 = aliases.nextElement();
                    }
                    if (aliases.hasMoreElements()) {
                        str2 = null;
                    }
                } catch (KeyStoreException e) {
                }
            }
        }
        if (StringUtils.isEmpty(str2)) {
            policyNotAsserted(token, "No signature username found.");
            return null;
        }
        String password = getPassword(str2, token, 3);
        if (password == null) {
            password = "";
        }
        wSSecSignature.setUserInfo(str2, password);
        wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
        wSSecSignature.setSigCanonicalization(this.binding.getAlgorithmSuite().getInclusiveC14n());
        try {
            wSSecSignature.prepare(this.saaj.getSOAPPart(), encryptionCrypto, this.secHeader);
        } catch (WSSecurityException e2) {
            policyNotAsserted((PolicyAssertion) token, (Exception) e2);
        }
        return wSSecSignature;
    }

    protected void doEndorsedSignatures(Map<Token, WSSecBase> map, boolean z, boolean z2) {
        for (Map.Entry<Token, WSSecBase> entry : map.entrySet()) {
            WSSecBase value = entry.getValue();
            Vector<WSEncryptionPart> vector = new Vector<>();
            vector.add(new WSEncryptionPart(this.mainSigId));
            if (value instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) value;
                if (z && wSSecSignature.getBSTTokenId() != null) {
                    vector.add(new WSEncryptionPart(wSSecSignature.getBSTTokenId()));
                }
                try {
                    wSSecSignature.addReferencesToSign(vector, this.secHeader);
                    wSSecSignature.computeSignature();
                    wSSecSignature.appendToHeader(this.secHeader);
                    this.signatures.add(wSSecSignature.getSignatureValue());
                    if (z2) {
                        this.encryptedTokensIdList.add(wSSecSignature.getId());
                    }
                } catch (WSSecurityException e) {
                    policyNotAsserted(entry.getKey(), (Exception) e);
                }
            } else if (value instanceof WSSecurityTokenHolder) {
                SecurityToken token = ((WSSecurityTokenHolder) value).getToken();
                if (z) {
                    vector.add(new WSEncryptionPart(token.getId()));
                }
                try {
                    if (entry.getKey().isDerivedKeys()) {
                        doSymmSignatureDerived(entry.getKey(), token, vector, z);
                    } else {
                        doSymmSignature(entry.getKey(), token, vector, z);
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                }
            }
        }
    }

    private void doSymmSignatureDerived(Token token, SecurityToken securityToken, Vector<WSEncryptionPart> vector, boolean z) throws WSSecurityException, ConversationException {
        SOAPPart sOAPPart = this.saaj.getSOAPPart();
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        if (SP12Constants.INSTANCE == token.getSPConstants()) {
            wSSecDKSign.setWscVersion(2);
        }
        boolean z2 = false;
        if (SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS == token.getInclusion() || SPConstants.IncludeTokenType.INCLUDE_TOKEN_ONCE == token.getInclusion() || (isRequestor() && SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT == token.getInclusion())) {
            z2 = true;
        }
        Element attachedReference = z2 ? securityToken.getAttachedReference() : securityToken.getUnattachedReference();
        if (attachedReference != null) {
            wSSecDKSign.setExternalKey(securityToken.getSecret(), cloneElement(attachedReference));
        } else if (isRequestor() || !token.isDerivedKeys()) {
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityToken.getId());
        } else {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(sOAPPart);
            if (securityToken.getSHA1() != null) {
                securityTokenReference.setKeyIdentifierEncKeySHA1(securityToken.getSHA1());
            }
            wSSecDKSign.setExternalKey(securityToken.getSecret(), securityTokenReference.getElement());
        }
        wSSecDKSign.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        wSSecDKSign.setDerivedKeyLength(this.binding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
        if (securityToken.getSHA1() != null) {
            wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
        }
        wSSecDKSign.prepare(sOAPPart, this.secHeader);
        if (z) {
            String id = securityToken.getId();
            if (id.startsWith("#")) {
                id = id.substring(1);
            }
            vector.add(new WSEncryptionPart(id));
        }
        wSSecDKSign.setParts(vector);
        wSSecDKSign.addReferencesToSign(vector, this.secHeader);
        wSSecDKSign.computeSignature();
        addSupportingElement(wSSecDKSign.getdktElement());
        this.secHeader.getSecurityHeader().appendChild(wSSecDKSign.getSignatureElement());
        this.signatures.add(wSSecDKSign.getSignatureValue());
    }

    private void doSymmSignature(Token token, SecurityToken securityToken, Vector<WSEncryptionPart> vector, boolean z) throws WSSecurityException, ConversationException {
        SOAPPart sOAPPart = this.saaj.getSOAPPart();
        WSSecSignature wSSecSignature = new WSSecSignature();
        if (!(token instanceof X509Token)) {
            if (securityToken.getTokenType() != null) {
                wSSecSignature.setCustomTokenValueType(securityToken.getTokenType());
            } else {
                wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID");
            }
            wSSecSignature.setKeyIdentifierType(9);
        } else if (isRequestor()) {
            wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#EncryptedKey");
            wSSecSignature.setKeyIdentifierType(9);
        } else {
            wSSecSignature.setEncrKeySha1value(securityToken.getSHA1());
            wSSecSignature.setKeyIdentifierType(10);
        }
        String wsuId = securityToken.getWsuId();
        if (wsuId == null) {
            wsuId = securityToken.getId();
        }
        if (wsuId.startsWith("#")) {
            wsuId = wsuId.substring(1);
        }
        wSSecSignature.setCustomTokenId(wsuId);
        wSSecSignature.setSecretKey(securityToken.getSecret());
        wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getAsymmetricSignature());
        wSSecSignature.setSignatureAlgorithm(this.binding.getAlgorithmSuite().getSymmetricSignature());
        wSSecSignature.prepare(sOAPPart, getSignatureCrypto(null), this.secHeader);
        wSSecSignature.setParts(vector);
        wSSecSignature.addReferencesToSign(vector, this.secHeader);
        wSSecSignature.computeSignature();
        this.signatures.add(wSSecSignature.getSignatureValue());
        this.secHeader.getSecurityHeader().appendChild(wSSecSignature.getSignatureElement());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertSupportingTokens(Vector<WSEncryptionPart> vector) {
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS));
        assertSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSupportingTokens(Vector<WSEncryptionPart> vector) {
        Map<Token, WSSecBase> handleSupportingTokens = handleSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_SUPPORTING_TOKENS), false);
        this.endSuppTokMap = handleSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_SUPPORTING_TOKENS), true);
        this.sgndEndSuppTokMap = handleSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_SUPPORTING_TOKENS), true);
        Map<Token, WSSecBase> handleSupportingTokens2 = handleSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENCRYPTED_SUPPORTING_TOKENS), false);
        this.endEncSuppTokMap = handleSupportingTokens(findAndAssertPolicy(SP12Constants.ENDORSING_ENCRYPTED_SUPPORTING_TOKENS), true);
        this.sgndEndEncSuppTokMap = handleSupportingTokens(findAndAssertPolicy(SP12Constants.SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS), true);
        handleSupportingTokens(findAndAssertPolicy(SP12Constants.SUPPORTING_TOKENS), false);
        handleSupportingTokens(findAndAssertPolicy(SP12Constants.ENCRYPTED_SUPPORTING_TOKENS), false);
        addSignatureParts(handleSupportingTokens, vector);
        addSignatureParts(handleSupportingTokens2, vector);
        addSignatureParts(this.sgndEndSuppTokMap, vector);
        addSignatureParts(this.sgndEndEncSuppTokMap, vector);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doEndorse() {
        boolean z = false;
        boolean z2 = false;
        if (this.binding instanceof AsymmetricBinding) {
            z = ((AsymmetricBinding) this.binding).isTokenProtection();
            z2 = ((AsymmetricBinding) this.binding).isSignatureProtection();
        } else if (this.binding instanceof SymmetricBinding) {
            z = ((SymmetricBinding) this.binding).isTokenProtection();
            z2 = ((SymmetricBinding) this.binding).isSignatureProtection();
        }
        this.endSuppTokMap.putAll(this.endEncSuppTokMap);
        doEndorsedSignatures(this.endSuppTokMap, z, z2);
        this.sgndEndSuppTokMap.putAll(this.sgndEndEncSuppTokMap);
        doEndorsedSignatures(this.sgndEndSuppTokMap, z, z2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSignatureConfirmation(Vector<WSEncryptionPart> vector) {
        Wss10 wss10 = getWss10();
        if ((wss10 instanceof Wss11) && ((Wss11) wss10).isRequireSignatureConfirmation()) {
            Vector vector2 = (Vector) this.message.getExchange().getInMessage().get(WSHandlerConstants.RECV_RESULTS);
            Vector vector3 = new Vector();
            for (int i = 0; i < vector2.size(); i++) {
                WSHandlerResult wSHandlerResult = (WSHandlerResult) vector2.get(i);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 2, vector3);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 16, vector3);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 64, vector3);
            }
            WSSecSignatureConfirmation wSSecSignatureConfirmation = new WSSecSignatureConfirmation();
            if (vector3.size() <= 0) {
                wSSecSignatureConfirmation.prepare(this.saaj.getSOAPPart());
                addSupportingElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (vector != null) {
                    vector.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                    return;
                }
                return;
            }
            for (int i2 = 0; i2 < vector3.size(); i2++) {
                wSSecSignatureConfirmation.setSignatureValue((byte[]) ((WSSecurityEngineResult) vector3.get(i2)).get(WSSecurityEngineResult.TAG_SIGNATURE_VALUE));
                wSSecSignatureConfirmation.prepare(this.saaj.getSOAPPart());
                addSupportingElement(wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (vector != null) {
                    vector.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                }
            }
        }
    }

    public void handleEncryptedSignedHeaders(Vector<WSEncryptionPart> vector, Vector<WSEncryptionPart> vector2) {
        Iterator<WSEncryptionPart> it = vector2.iterator();
        while (it.hasNext()) {
            WSEncryptionPart next = it.next();
            if (next.getNamespace() != null && next.getName() != null) {
                Iterator<WSEncryptionPart> it2 = vector.iterator();
                while (it2.hasNext()) {
                    WSEncryptionPart next2 = it2.next();
                    if (next2.getNamespace() != null && next2.getName() != null && next.getName().equals(next2.getName()) && next.getNamespace().equals(next2.getNamespace())) {
                        Element findElementById = WSSecurityUtil.findElementById(this.saaj.getSOAPPart().getDocumentElement(), next2.getEncId(), null);
                        if (findElementById != null) {
                            String attributeNS = ((Element) findElementById.getParentNode()).getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                            vector2.remove(next);
                            vector2.add(new WSEncryptionPart(attributeNS));
                        }
                    }
                }
            }
        }
    }
}
