package com.sun.xml.ws.security.opt.impl.incoming.processor;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.xml.bind.v2.runtime.unmarshaller.Base64Data;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.incoming.EncryptedKey;
import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
import com.sun.xml.ws.security.opt.impl.util.StreamUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.impl.opt.LogStringsMessages;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.KeySelector;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import javax.xml.stream.XMLStreamWriter;
import org.jvnet.staxex.XMLStreamReaderEx;

/* loaded from: input_file:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/opt/impl/incoming/processor/KeyInfoProcessor.class */
public class KeyInfoProcessor {
    private static final Logger logger = Logger.getLogger(LogDomainConstants.IMPL_OPT_DOMAIN, LogDomainConstants.IMPL_OPT_DOMAIN_BUNDLE);
    private static String KEYINFO = "KeyInfo".intern();
    private static String SECURITY_TOKEN_REFERENCE = "SecurityTokenReference".intern();
    private static final int SECURITY_TOKEN_REFERENCE_ELEMENT = 3;
    private static final int ENCRYPTED_KEY_ELEMENT = 4;
    private static final int KEY_VALUE_ELEMENT = 5;
    private static final int RSA_KEY_VALUE_ELEMENT = 6;
    private static final int DSA_KEY_VALUE_ELEMENT = 7;
    private static final int MODULUS_ELEMENT = 8;
    private static final int EXPONENT_ELEMENT = 9;
    private static final int X509_DATA_ELEMENT = 10;
    private static final int BINARY_SECRET_ELEMENT = 11;
    private static final String RSA_KEY_VALUE = "RSAKeyValue";
    private static final String DSA_KEY_VALUE = "DSAKeyValue";
    private static final String ENCRYPTED_KEY = "EncryptedKey";
    private static final String KEY_VALUE = "KeyValue";
    private static final String EXPONENT = "Exponent";
    private static final String MODULUS = "Modulus";
    private static final String X509_DATA = "X509Data";
    private static final String X509Certificate = "X509Certificate";
    private static final String BINARY_SECRET = "BinarySecret";
    private boolean strPresent;
    private JAXBFilterProcessingContext pc;
    private XMLStreamWriter canonWriter;
    private boolean isSAMLSubjectConfirmationKeyInfo;
    private KeySelector.Purpose purpose;

    public KeyInfoProcessor(JAXBFilterProcessingContext jAXBFilterProcessingContext) {
        this.strPresent = false;
        this.pc = null;
        this.canonWriter = null;
        this.isSAMLSubjectConfirmationKeyInfo = false;
        this.purpose = null;
        this.pc = jAXBFilterProcessingContext;
        ((NamespaceContextEx) jAXBFilterProcessingContext.getNamespaceContext()).addSignatureNS();
    }

    public KeyInfoProcessor(JAXBFilterProcessingContext jAXBFilterProcessingContext, XMLStreamWriter xMLStreamWriter, KeySelector.Purpose purpose) {
        this.strPresent = false;
        this.pc = null;
        this.canonWriter = null;
        this.isSAMLSubjectConfirmationKeyInfo = false;
        this.purpose = null;
        this.pc = jAXBFilterProcessingContext;
        this.canonWriter = xMLStreamWriter;
        this.purpose = purpose;
    }

    public KeyInfoProcessor(JAXBFilterProcessingContext jAXBFilterProcessingContext, KeySelector.Purpose purpose) {
        this.strPresent = false;
        this.pc = null;
        this.canonWriter = null;
        this.isSAMLSubjectConfirmationKeyInfo = false;
        this.purpose = null;
        this.pc = jAXBFilterProcessingContext;
        this.purpose = purpose;
    }

    public KeyInfoProcessor(JAXBFilterProcessingContext jAXBFilterProcessingContext, KeySelector.Purpose purpose, boolean z) {
        this.strPresent = false;
        this.pc = null;
        this.canonWriter = null;
        this.isSAMLSubjectConfirmationKeyInfo = false;
        this.purpose = null;
        this.pc = jAXBFilterProcessingContext;
        this.purpose = purpose;
        this.isSAMLSubjectConfirmationKeyInfo = z;
    }

    public Key getKey(XMLStreamReader xMLStreamReader) throws XMLStreamException, XWSSecurityException {
        return processKeyInfo(xMLStreamReader);
    }

    private Key processKeyInfo(XMLStreamReader xMLStreamReader) throws XMLStreamException, XWSSecurityException {
        X509Certificate certificate;
        Key key = null;
        if (this.canonWriter != null) {
            StreamUtil.writeStartElement(xMLStreamReader, this.canonWriter);
        }
        while (xMLStreamReader.hasNext() && !StreamUtil._break(xMLStreamReader, KEYINFO, "http://www.w3.org/2000/09/xmldsig#")) {
            xMLStreamReader.next();
            switch (getEventType(xMLStreamReader)) {
                case 3:
                    key = new SecurityTokenProcessor(this.pc, this.canonWriter, this.purpose).resolveReference(xMLStreamReader);
                    this.strPresent = true;
                    break;
                case 4:
                    EncryptedKey encryptedKey = new EncryptedKey(xMLStreamReader, this.pc, null, true);
                    String str = MessageConstants.AES_BLOCK_ENCRYPTION_128;
                    if (this.pc.getAlgorithmSuite() != null) {
                        str = this.pc.getAlgorithmSuite().getEncryptionAlgorithm();
                    }
                    key = encryptedKey.getKey(str);
                    break;
                case 5:
                    if (this.canonWriter != null) {
                        StreamUtil.writeCurrentEvent(xMLStreamReader, this.canonWriter);
                    }
                    key = new KeyValueProcessor(this.pc, this.canonWriter).processKeyValue(xMLStreamReader);
                    if (!this.isSAMLSubjectConfirmationKeyInfo && this.purpose == KeySelector.Purpose.VERIFY && (certificate = this.pc.getSecurityEnvironment().getCertificate(this.pc.getExtraneousProperties(), (PublicKey) key, false)) != null) {
                        this.pc.getSecurityEnvironment().validateCertificate(certificate);
                        break;
                    }
                    break;
                case 10:
                    if (this.canonWriter != null) {
                        StreamUtil.writeCurrentEvent(xMLStreamReader, this.canonWriter);
                    }
                    xMLStreamReader.next();
                    if (xMLStreamReader.getLocalName() == X509Certificate && xMLStreamReader.getNamespaceURI() == "http://www.w3.org/2000/09/xmldsig#") {
                        xMLStreamReader.next();
                        if (((XMLStreamReaderEx) xMLStreamReader).getPCDATA() instanceof Base64Data) {
                            byte[] exact = ((Base64Data) ((XMLStreamReaderEx) xMLStreamReader).getPCDATA()).getExact();
                            if (this.canonWriter != null) {
                                this.canonWriter.writeCharacters(Base64.encode(exact));
                                break;
                            } else {
                                break;
                            }
                        } else {
                            StringBuffer stringBuffer = new StringBuffer();
                            while (xMLStreamReader.getEventType() == 4 && xMLStreamReader.getEventType() != 2) {
                                CharSequence pcdata = ((XMLStreamReaderEx) xMLStreamReader).getPCDATA();
                                for (int i = 0; i < pcdata.length(); i++) {
                                    stringBuffer.append(pcdata.charAt(i));
                                }
                                xMLStreamReader.next();
                            }
                            String stringBuffer2 = stringBuffer.toString();
                            if (this.canonWriter != null) {
                                this.canonWriter.writeCharacters(stringBuffer2);
                            }
                            try {
                                X509Certificate buildCertificate = buildCertificate(new ByteArrayInputStream(Base64.decode(stringBuffer2)));
                                if (this.purpose == KeySelector.Purpose.DECRYPT) {
                                    key = this.pc.getSecurityEnvironment().getPrivateKey(this.pc.getExtraneousProperties(), buildCertificate);
                                } else if (this.purpose == KeySelector.Purpose.VERIFY) {
                                    key = buildCertificate.getPublicKey();
                                }
                                if (!this.isSAMLSubjectConfirmationKeyInfo && this.purpose == KeySelector.Purpose.VERIFY) {
                                    this.pc.getSecurityEnvironment().validateCertificate(buildCertificate);
                                    break;
                                }
                            } catch (Base64DecodingException e) {
                                logger.log(Level.SEVERE, LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                                throw new XWSSecurityException(LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                            }
                        }
                    }
                    break;
                case 11:
                    xMLStreamReader.next();
                    key = buildBinarySecret(xMLStreamReader);
                    break;
            }
        }
        if (xMLStreamReader.hasNext() && this.canonWriter != null) {
            StreamUtil.writeCurrentEvent(xMLStreamReader, this.canonWriter);
        }
        xMLStreamReader.next();
        return key;
    }

    private Key buildBinarySecret(XMLStreamReader xMLStreamReader) throws XWSSecurityException, XMLStreamException {
        byte[] bArr = null;
        if (xMLStreamReader.getEventType() == 4) {
            if (!(xMLStreamReader instanceof XMLStreamReaderEx)) {
                try {
                    bArr = Base64.decode(readCharacters(xMLStreamReader));
                } catch (Base64DecodingException e) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                    throw new XWSSecurityException(LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                }
            } else if (((XMLStreamReaderEx) xMLStreamReader).getPCDATA() instanceof Base64Data) {
                bArr = ((Base64Data) ((XMLStreamReaderEx) xMLStreamReader).getPCDATA()).getExact();
                if (this.canonWriter != null) {
                    this.canonWriter.writeCharacters(Base64.encode(bArr));
                }
            } else {
                try {
                    bArr = Base64.decode(readCharacters(xMLStreamReader));
                } catch (Base64DecodingException e2) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                    throw new XWSSecurityException(LogStringsMessages.WSS_1606_ERROR_RSAKEYINFO_BASE_64_DECODING("MODULUS"));
                }
            }
        }
        return new SecretKeySpec(bArr, this.pc.getAlgorithmSuite() != null ? SecurityUtil.getSecretKeyAlgorithm(this.pc.getAlgorithmSuite().getEncryptionAlgorithm()) : "AES");
    }

    private String readCharacters(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        StringBuffer stringBuffer = new StringBuffer();
        while (xMLStreamReader.getEventType() == 4 && xMLStreamReader.getEventType() != 2) {
            CharSequence pcdata = ((XMLStreamReaderEx) xMLStreamReader).getPCDATA();
            for (int i = 0; i < pcdata.length(); i++) {
                stringBuffer.append(pcdata.charAt(i));
            }
            xMLStreamReader.next();
        }
        String stringBuffer2 = stringBuffer.toString();
        if (this.canonWriter != null) {
            this.canonWriter.writeCharacters(stringBuffer2);
        }
        return stringBuffer2;
    }

    private X509Certificate buildCertificate(InputStream inputStream) throws XWSSecurityException {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
        } catch (CertificateException e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1605_ERROR_GENERATING_CERTIFICATE(e));
            throw new XWSSecurityException(LogStringsMessages.WSS_1605_ERROR_GENERATING_CERTIFICATE(e));
        }
    }

    private int getEventType(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        if (xMLStreamReader.getEventType() != 1) {
            return -1;
        }
        if (xMLStreamReader.getLocalName() == SECURITY_TOKEN_REFERENCE) {
            return 3;
        }
        if (xMLStreamReader.getLocalName() == "EncryptedKey") {
            return 4;
        }
        if (xMLStreamReader.getLocalName() == KEY_VALUE) {
            return 5;
        }
        if (xMLStreamReader.getLocalName() == "X509Data") {
            return 10;
        }
        return xMLStreamReader.getLocalName() == "BinarySecret" ? 11 : -1;
    }

    public boolean hasSTR() {
        return this.strPresent;
    }
}
