package org.apache.wss4j.dom.message.token;

import java.security.Principal;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.time.format.DateTimeParseException;
import java.util.Arrays;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSUsernameTokenPrincipalImpl;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.common.util.UsernameTokenUtil;
import org.apache.wss4j.common.util.WSCurrentTimeSource;
import org.apache.wss4j.common.util.WSTimeSource;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:lib/wss4j-ws-security-dom-3.0.3.jar:org/apache/wss4j/dom/message/token/UsernameToken.class */
public class UsernameToken {
    public static final String BASE64_ENCODING = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    public static final String PASSWORD_TYPE = "passwordType";
    public static final int DEFAULT_ITERATION = 1000;
    public static final QName TOKEN = new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) UsernameToken.class);
    private Element element;
    private Element elementUsername;
    private Element elementPassword;
    private Element elementNonce;
    private Element elementCreated;
    private Element elementSalt;
    private Element elementIteration;
    private int iteration;
    private String passwordType;
    private boolean hashed;
    private boolean passwordsAreEncoded;
    private Instant created;

    public UsernameToken(Element element, boolean z, BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String created;
        String elementText;
        this.iteration = 1000;
        this.hashed = true;
        this.element = element;
        QName qName = new QName(this.element.getNamespaceURI(), this.element.getLocalName());
        if (!qName.equals(TOKEN)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badElement", new Object[]{TOKEN, qName});
        }
        this.elementUsername = XMLUtils.getDirectChildElement(this.element, "Username", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementPassword = XMLUtils.getDirectChildElement(this.element, "Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementNonce = XMLUtils.getDirectChildElement(this.element, "Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        this.elementCreated = XMLUtils.getDirectChildElement(this.element, "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        this.elementSalt = XMLUtils.getDirectChildElement(this.element, "Salt", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        this.elementIteration = XMLUtils.getDirectChildElement(this.element, "Iteration", "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd");
        if (this.elementUsername == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Username is missing"});
        }
        checkBSPCompliance(bSPEnforcer);
        this.hashed = false;
        if (this.elementSalt != null && (this.elementPassword != null || this.elementIteration == null)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Password is missing"});
        }
        if (this.elementIteration != null && (elementText = XMLUtils.getElementText(this.elementIteration)) != null) {
            try {
                this.iteration = Integer.parseInt(elementText);
                if (this.iteration < 0 || this.iteration > 10000) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Iteration is missing"});
                }
            } catch (NumberFormatException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
            }
        }
        if (this.elementPassword != null) {
            if (this.elementPassword.hasAttributeNS(null, "Type")) {
                this.passwordType = this.elementPassword.getAttributeNS(null, "Type");
            } else if (this.elementPassword.hasAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type")) {
                if (!z) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"The Password Type is not allowed to be namespace qualified"});
                }
                this.passwordType = this.elementPassword.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type");
            }
        }
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest".equals(this.passwordType)) {
            this.hashed = true;
            if (this.elementNonce == null || this.elementCreated == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badUsernameToken", new Object[]{"Nonce or Created is missing"});
            }
        }
        if (this.elementCreated == null || (created = getCreated()) == null || created.length() == 0) {
            return;
        }
        try {
            this.created = ZonedDateTime.parse(created).toInstant();
        } catch (DateTimeParseException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e2);
        }
    }

    public UsernameToken(boolean z, Document document) {
        this(z, document, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
    }

    public UsernameToken(boolean z, Document document, String str) {
        this(z, document, new WSCurrentTimeSource(), str);
    }

    public UsernameToken(boolean z, Document document, WSTimeSource wSTimeSource, String str) {
        this.iteration = 1000;
        this.hashed = true;
        this.element = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:UsernameToken");
        this.elementUsername = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Username");
        this.elementUsername.appendChild(document.createTextNode(""));
        this.element.appendChild(this.elementUsername);
        if (str != null) {
            this.elementPassword = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Password");
            this.elementPassword.appendChild(document.createTextNode(""));
            this.element.appendChild(this.elementPassword);
            this.passwordType = str;
            if (!this.passwordType.equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest")) {
                this.hashed = false;
            } else {
                addNonce(document);
                addCreated(z, wSTimeSource, document);
            }
        }
    }

    public void addWSSENamespace() {
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
    }

    public void addWSUNamespace() {
        this.element.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
    }

    public void addNonce(Document document) {
        if (this.elementNonce != null) {
            return;
        }
        try {
            byte[] generateNonce = UsernameTokenUtil.generateNonce(16);
            this.elementNonce = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse:Nonce");
            this.elementNonce.appendChild(document.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(generateNonce)));
            this.elementNonce.setAttributeNS(null, "EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
            this.element.appendChild(this.elementNonce);
        } catch (WSSecurityException e) {
            LOG.debug(e.getMessage(), (Throwable) e);
        }
    }

    public void addCreated(boolean z, Document document) {
        addCreated(z, new WSCurrentTimeSource(), document);
    }

    public void addCreated(boolean z, WSTimeSource wSTimeSource, Document document) {
        if (this.elementCreated != null) {
            return;
        }
        this.elementCreated = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Created");
        Instant now = wSTimeSource.now();
        this.elementCreated.appendChild(document.createTextNode(now.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(z))));
        this.element.appendChild(this.elementCreated);
    }

    public void addSalt(Document document, byte[] bArr) {
        this.elementSalt = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Salt");
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementSalt.appendChild(document.createTextNode(org.apache.xml.security.utils.XMLUtils.encodeToString(bArr)));
        this.element.appendChild(this.elementSalt);
    }

    public void addIteration(Document document, int i) {
        this.elementIteration = document.createElementNS("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11:Iteration");
        XMLUtils.setNamespace(this.element, "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "wsse11");
        this.elementIteration.appendChild(document.createTextNode(i));
        this.element.appendChild(this.elementIteration);
        this.iteration = i;
    }

    public String getName() {
        return XMLUtils.getElementText(this.elementUsername);
    }

    public void setName(String str) {
        getFirstNode(this.elementUsername).setData(str);
    }

    public String getNonce() {
        return XMLUtils.getElementText(this.elementNonce);
    }

    public String getCreated() {
        return XMLUtils.getElementText(this.elementCreated);
    }

    public Instant getCreatedDate() {
        return this.created;
    }

    public String getPassword() {
        String elementText = XMLUtils.getElementText(this.elementPassword);
        return (elementText != null || this.elementPassword == null) ? elementText : "";
    }

    public boolean containsPasswordElement() {
        return this.elementPassword != null;
    }

    public byte[] getSalt() throws WSSecurityException {
        String elementText = XMLUtils.getElementText(this.elementSalt);
        return elementText != null ? org.apache.xml.security.utils.XMLUtils.decode(elementText) : new byte[0];
    }

    public int getIteration() {
        return this.iteration;
    }

    public boolean isHashed() {
        return this.hashed;
    }

    public String getPasswordType() {
        return this.passwordType;
    }

    public void setPassword(String str) {
        if (str == null) {
            if (this.passwordType != null) {
                throw new IllegalArgumentException("pwd == null but a password is needed");
            }
            return;
        }
        Text firstNode = getFirstNode(this.elementPassword);
        try {
            if (this.hashed) {
                byte[] decode = org.apache.xml.security.utils.XMLUtils.decode(getNonce());
                if (this.passwordsAreEncoded) {
                    firstNode.setData(UsernameTokenUtil.doPasswordDigest(decode, getCreated(), org.apache.xml.security.utils.XMLUtils.decode(str)));
                } else {
                    firstNode.setData(UsernameTokenUtil.doPasswordDigest(decode, getCreated(), str));
                }
            } else {
                firstNode.setData(str);
            }
            if (this.passwordType != null) {
                this.elementPassword.setAttributeNS(null, "Type", this.passwordType);
            }
        } catch (Exception e) {
            LOG.debug(e.getMessage(), (Throwable) e);
        }
    }

    public void setPasswordsAreEncoded(boolean z) {
        this.passwordsAreEncoded = z;
    }

    public boolean getPasswordsAreEncoded() {
        return this.passwordsAreEncoded;
    }

    private Text getFirstNode(Element element) {
        Node firstChild = element.getFirstChild();
        if (firstChild == null || 3 != firstChild.getNodeType()) {
            return null;
        }
        return (Text) firstChild;
    }

    public Element getElement() {
        return this.element;
    }

    public String toString() {
        return DOM2Writer.nodeToString(this.element);
    }

    public String getID() {
        return this.element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
    }

    public void setID(String str) {
        this.element.setAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu:Id", str);
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x004b, code lost:
    
        if (java.lang.Integer.parseInt(r0) < 1000) goto L17;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public byte[] getDerivedKey(org.apache.wss4j.common.bsp.BSPEnforcer r7, java.lang.String r8) throws org.apache.wss4j.common.ext.WSSecurityException {
        /*
            r6 = this;
            r0 = r8
            if (r0 != 0) goto L19
            org.slf4j.Logger r0 = org.apache.wss4j.dom.message.token.UsernameToken.LOG
            java.lang.String r1 = "The raw password was null"
            r0.warn(r1)
            org.apache.wss4j.common.ext.WSSecurityException r0 = new org.apache.wss4j.common.ext.WSSecurityException
            r1 = r0
            org.apache.wss4j.common.ext.WSSecurityException$ErrorCode r2 = org.apache.wss4j.common.ext.WSSecurityException.ErrorCode.FAILED_AUTHENTICATION
            r1.<init>(r2)
            throw r0
        L19:
            r0 = r6
            org.w3c.dom.Element r0 = r0.elementSalt
            if (r0 != 0) goto L27
            r0 = r7
            org.apache.wss4j.common.bsp.BSPRule r1 = org.apache.wss4j.common.bsp.BSPRule.R4217
            r0.handleBSPRule(r1)
        L27:
            r0 = r6
            org.w3c.dom.Element r0 = r0.elementIteration
            if (r0 != 0) goto L38
            r0 = r7
            org.apache.wss4j.common.bsp.BSPRule r1 = org.apache.wss4j.common.bsp.BSPRule.R4218
            r0.handleBSPRule(r1)
            goto L69
        L38:
            r0 = r6
            org.w3c.dom.Element r0 = r0.elementIteration
            java.lang.String r0 = org.apache.wss4j.common.util.XMLUtils.getElementText(r0)
            r9 = r0
            r0 = r9
            if (r0 == 0) goto L4e
            r0 = r9
            int r0 = java.lang.Integer.parseInt(r0)     // Catch: java.lang.NumberFormatException -> L58
            r1 = 1000(0x3e8, float:1.401E-42)
            if (r0 >= r1) goto L55
        L4e:
            r0 = r7
            org.apache.wss4j.common.bsp.BSPRule r1 = org.apache.wss4j.common.bsp.BSPRule.R4218     // Catch: java.lang.NumberFormatException -> L58
            r0.handleBSPRule(r1)     // Catch: java.lang.NumberFormatException -> L58
        L55:
            goto L69
        L58:
            r10 = move-exception
            org.apache.wss4j.common.ext.WSSecurityException r0 = new org.apache.wss4j.common.ext.WSSecurityException
            r1 = r0
            org.apache.wss4j.common.ext.WSSecurityException$ErrorCode r2 = org.apache.wss4j.common.ext.WSSecurityException.ErrorCode.FAILURE
            r3 = r10
            java.lang.String r4 = "decoding.general"
            r1.<init>(r2, r3, r4)
            throw r0
        L69:
            r0 = r6
            int r0 = r0.getIteration()
            r9 = r0
            r0 = r6
            byte[] r0 = r0.getSalt()
            r10 = r0
            r0 = r6
            boolean r0 = r0.passwordsAreEncoded
            if (r0 == 0) goto L86
            r0 = r8
            byte[] r0 = org.apache.xml.security.utils.XMLUtils.decode(r0)
            r1 = r10
            r2 = r9
            byte[] r0 = org.apache.wss4j.common.util.UsernameTokenUtil.generateDerivedKey(r0, r1, r2)
            return r0
        L86:
            r0 = r8
            r1 = r10
            r2 = r9
            byte[] r0 = org.apache.wss4j.common.util.UsernameTokenUtil.generateDerivedKey(r0, r1, r2)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wss4j.dom.message.token.UsernameToken.getDerivedKey(org.apache.wss4j.common.bsp.BSPEnforcer, java.lang.String):byte[]");
    }

    public boolean isDerivedKey() throws WSSecurityException {
        return (this.elementSalt == null || this.elementIteration == null) ? false : true;
    }

    public Principal createPrincipal() throws WSSecurityException {
        WSUsernameTokenPrincipalImpl wSUsernameTokenPrincipalImpl = new WSUsernameTokenPrincipalImpl(getName(), isHashed());
        String nonce = getNonce();
        if (nonce != null) {
            wSUsernameTokenPrincipalImpl.setNonce(org.apache.xml.security.utils.XMLUtils.decode(nonce));
        }
        wSUsernameTokenPrincipalImpl.setPassword(getPassword());
        wSUsernameTokenPrincipalImpl.setCreatedTime(getCreated());
        return wSUsernameTokenPrincipalImpl;
    }

    public boolean verifyCreated(int i, int i2) {
        return DateUtil.verifyCreated(this.created, i, i2);
    }

    public int hashCode() {
        int i = 17;
        String name = getName();
        if (name != null) {
            i = (31 * 17) + name.hashCode();
        }
        String password = getPassword();
        if (password != null) {
            i = (31 * i) + password.hashCode();
        }
        String passwordType = getPasswordType();
        if (passwordType != null) {
            i = (31 * i) + passwordType.hashCode();
        }
        String nonce = getNonce();
        if (nonce != null) {
            i = (31 * i) + nonce.hashCode();
        }
        String created = getCreated();
        if (created != null) {
            i = (31 * i) + created.hashCode();
        }
        try {
            byte[] salt = getSalt();
            if (salt != null && salt.length > 0) {
                i = (31 * i) + Arrays.hashCode(salt);
            }
        } catch (WSSecurityException e) {
            LOG.debug(e.getMessage(), (Throwable) e);
        }
        return (31 * i) + Integer.valueOf(getIteration()).hashCode();
    }

    public boolean equals(Object obj) {
        if (!(obj instanceof UsernameToken)) {
            return false;
        }
        UsernameToken usernameToken = (UsernameToken) obj;
        if (!compare(usernameToken.getName(), getName()) || !compare(usernameToken.getPassword(), getPassword()) || !compare(usernameToken.getPasswordType(), getPasswordType()) || !compare(usernameToken.getNonce(), getNonce()) || !compare(usernameToken.getCreated(), getCreated())) {
            return false;
        }
        try {
            if (!Arrays.equals(usernameToken.getSalt(), getSalt())) {
                return false;
            }
        } catch (WSSecurityException e) {
            LOG.debug(e.getMessage(), (Throwable) e);
        }
        return usernameToken.getIteration() == getIteration();
    }

    private boolean compare(String str, String str2) {
        if (str != null || str2 == null) {
            return str == null || str.equals(str2);
        }
        return false;
    }

    private void checkBSPCompliance(BSPEnforcer bSPEnforcer) throws WSSecurityException {
        String attributeNS;
        List<Element> directChildElements = WSSecurityUtil.getDirectChildElements(this.element, "Password", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        if (directChildElements.size() > 1) {
            LOG.debug("The Username Token had more than one password element");
            bSPEnforcer.handleBSPRule(BSPRule.R4222);
        }
        if (directChildElements.size() == 1 && ((attributeNS = directChildElements.get(0).getAttributeNS(null, "Type")) == null || attributeNS.length() == 0)) {
            LOG.debug("The Username Token password does not have a Type attribute");
            bSPEnforcer.handleBSPRule(BSPRule.R4201);
        }
        if (WSSecurityUtil.getDirectChildElements(this.element, "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd").size() > 1) {
            LOG.debug("The Username Token has more than one created element");
            bSPEnforcer.handleBSPRule(BSPRule.R4223);
        }
        List<Element> directChildElements2 = WSSecurityUtil.getDirectChildElements(this.element, "Nonce", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        if (directChildElements2.size() > 1) {
            LOG.debug("The Username Token has more than one nonce element");
            bSPEnforcer.handleBSPRule(BSPRule.R4225);
        }
        if (directChildElements2.size() == 1) {
            String attributeNS2 = directChildElements2.get(0).getAttributeNS(null, "EncodingType");
            if (attributeNS2 == null || attributeNS2.length() == 0) {
                bSPEnforcer.handleBSPRule(BSPRule.R4220);
            } else {
                if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(attributeNS2)) {
                    return;
                }
                LOG.debug("The Username Token's nonce element has a bad encoding type");
                bSPEnforcer.handleBSPRule(BSPRule.R4221);
            }
        }
    }
}
