package weblogic.xml.crypto.wss11.internal;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.xml.crypto.common.keyinfo.KeySelectorResultImpl;
import weblogic.xml.crypto.dsig.DsigConstants;
import weblogic.xml.crypto.dsig.ReferenceImpl;
import weblogic.xml.crypto.dsig.XMLSignatureImpl;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.XMLSignature;
import weblogic.xml.crypto.dsig.api.keyinfo.KeyInfo;
import weblogic.xml.crypto.encrypt.api.EncryptedData;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;

/* loaded from: input_file:weblogic/xml/crypto/wss11/internal/SecurityValidatorImpl.class */
public class SecurityValidatorImpl extends weblogic.xml.crypto.wss.SecurityValidatorImpl implements SecurityValidator {
    private static final boolean DEBUG = true;
    private static final boolean WS_POLICY_INTEROP = false;
    public static final String DK_VALUE_TYPE_V2005 = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk";
    public static final String DK_VALUE_TYPE_V13 = "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk";
    public static final String VERBOSE_PROPERTY = "weblogic.xml.crypto.wss11.verbose";
    public static final boolean VERBOSE = Boolean.getBoolean(VERBOSE_PROPERTY);
    private static final STRType enckeyDirectSTR = new STRType(WSSConstants.REFERENCE_QNAME, WSS11Constants.ENC_KEY_TOKEN_TYPE);
    private static final List enckeyDirectSTRList = new ArrayList();

    public SecurityValidatorImpl(WSSecurityContext wSSecurityContext) {
        super(wSSecurityContext);
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateSignature(SignedInfo signedInfo, String str, List list, String str2, Node node) throws WSSecurityException {
        for (XMLSignature xMLSignature : this.securityCtx.getSignatures()) {
            SecurityToken securityToken = ((KeySelectorResultImpl) ((XMLSignatureImpl) xMLSignature).getSignatureValidateResult().getKeySelectorResult()).getSecurityToken();
            if (match(xMLSignature.getSignedInfo(), signedInfo) && match(list, xMLSignature.getKeyInfo()) && validateSecurityToken(securityToken, str, str2, node, Purpose.SIGN) && validateIncludedInMessage(securityToken)) {
                return true;
            }
            if (!match(xMLSignature.getSignedInfo(), signedInfo)) {
                System.err.println("SignInfo mismatch " + getMismatchInfo(xMLSignature.getSignedInfo(), signedInfo));
                LogUtils.logWss("SignInfo mismatch " + getMismatchInfo(xMLSignature.getSignedInfo(), signedInfo));
            }
            if (!match(list, xMLSignature.getKeyInfo())) {
                System.err.println("STR type mismatch " + getMismatchInfo(list, xMLSignature.getKeyInfo()));
                LogUtils.logWss("STR type mismatch " + getMismatchInfo(list, xMLSignature.getKeyInfo()));
            }
            if (!validateSecurityToken(securityToken, str, str2, node, Purpose.SIGN)) {
                System.err.println("Security Token mismatch, token type =" + str + " and actual is" + securityToken.getValueType());
                LogUtils.logWss("Security Token mismatch, token type =" + str + " and actual is" + securityToken.getValueType());
            }
            if (!validateIncludedInMessage(securityToken)) {
                System.err.println("Security Token doesn't match Token Inclusion assertion in policy, included in message = " + this.securityCtx.getProperty(weblogic.xml.crypto.wss.SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE) + ", token id = " + securityToken.getId() + ", token type = " + securityToken.getValueType());
                LogUtils.logWss("Security Token doesn't match [Security Token Inclusion] assertion in policy, token id = " + securityToken.getId() + ", token type = " + securityToken.getValueType());
            }
        }
        return false;
    }

    private String getMismatchInfo(List list, List list2) throws WSSecurityException {
        StringBuffer stringBuffer = new StringBuffer(" Refs:");
        stringBuffer.append(" Msg size =" + list.size());
        for (int i = 0; i < list.size(); i++) {
            stringBuffer.append(((Reference) list.get(i)).getURI() + ",");
        }
        stringBuffer.append(" Policy size =" + list2.size());
        for (int i2 = 0; i2 < list2.size(); i2++) {
            stringBuffer.append(" " + ((Reference) list2.get(i2)).getURI() + ",");
        }
        return stringBuffer.toString();
    }

    private String getMismatchInfo(SignedInfo signedInfo, SignedInfo signedInfo2) throws WSSecurityException {
        StringBuffer stringBuffer = new StringBuffer();
        if (!signedInfo.getCanonicalizationMethod().getAlgorithm().equals(signedInfo2.getCanonicalizationMethod().getAlgorithm())) {
            stringBuffer.append("C14N mismatch " + signedInfo.getCanonicalizationMethod().getAlgorithm() + " VS. " + signedInfo2.getCanonicalizationMethod().getAlgorithm());
        }
        if (!signedInfo.getSignatureMethod().getAlgorithm().equals(signedInfo2.getSignatureMethod().getAlgorithm())) {
            stringBuffer.append(" Algo mismatch " + signedInfo.getSignatureMethod().getAlgorithm() + " VS. " + signedInfo2.getSignatureMethod().getAlgorithm());
        }
        stringBuffer.append(getMismatchInfo(signedInfo.getReferences(), signedInfo2.getReferences()));
        return stringBuffer.toString();
    }

    private String getMismatchInfo(List list, KeyInfo keyInfo) {
        StringBuffer stringBuffer = new StringBuffer("Actual KeyInfo:");
        for (Object obj : keyInfo.getContent()) {
            if (obj instanceof SecurityTokenReference) {
                SecurityTokenReference securityTokenReference = (SecurityTokenReference) obj;
                stringBuffer.append(securityTokenReference.getSTRType());
                stringBuffer.append("|" + securityTokenReference.getValueType() + ", ");
            }
        }
        stringBuffer.append(" StrTypes size=" + list.size() + " :");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            STRType sTRType = (STRType) it.next();
            stringBuffer.append(sTRType.getTopLevelElement().toString() + "|");
            stringBuffer.append("|" + sTRType.getValueType() + ", ");
        }
        return stringBuffer.toString();
    }

    private boolean match(List list, KeyInfo keyInfo) {
        if (null == list || list.size() == 0) {
            return true;
        }
        for (Object obj : keyInfo.getContent()) {
            if (obj instanceof SecurityTokenReference) {
                SecurityTokenReference securityTokenReference = (SecurityTokenReference) obj;
                QName sTRType = securityTokenReference.getSTRType();
                String valueType = securityTokenReference.getValueType();
                Iterator it = list.iterator();
                while (it.hasNext()) {
                    STRType sTRType2 = (STRType) it.next();
                    if (sTRType2.getTopLevelElement().equals(sTRType) && (sTRType2.getValueType() == null || sTRType2.getValueType().equals(valueType) || null == valueType)) {
                        return true;
                    }
                    if (sTRType2.getTopLevelElement().equals(DsigConstants.X509ISSUER_SERIAL_QNAME) && securityTokenReference.getIssuerSerial() != null) {
                        return true;
                    }
                }
            }
        }
        return false;
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateEncryption(List list, EncryptionMethod encryptionMethod, EncryptionMethod encryptionMethod2, String str, List list2, String str2, Node node) throws WSSecurityException, XMLEncryptionException {
        return validateEncryption(list, encryptionMethod, encryptionMethod2, str, list2, str2, node, null);
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateEncryptionforEncryptFirst(List list, EncryptionMethod encryptionMethod, EncryptionMethod encryptionMethod2, String str, List list2, String str2, Node node, Map map) throws WSSecurityException, XMLEncryptionException {
        if (null == map) {
            map = new HashMap();
        }
        return validateEncryption(list, encryptionMethod, encryptionMethod2, str, list2, str2, node, map);
    }

    /* JADX WARN: Code restructure failed: missing block: B:29:0x0137, code lost:
    
        if (r21 != false) goto L48;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x013a, code lost:
    
        return false;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private boolean validateEncryption(java.util.List r8, weblogic.xml.crypto.encrypt.api.EncryptionMethod r9, weblogic.xml.crypto.encrypt.api.EncryptionMethod r10, java.lang.String r11, java.util.List r12, java.lang.String r13, org.w3c.dom.Node r14, java.util.Map r15) throws weblogic.xml.crypto.wss.WSSecurityException, weblogic.xml.crypto.encrypt.api.XMLEncryptionException {
        /*
            Method dump skipped, instructions count: 321
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: weblogic.xml.crypto.wss11.internal.SecurityValidatorImpl.validateEncryption(java.util.List, weblogic.xml.crypto.encrypt.api.EncryptionMethod, weblogic.xml.crypto.encrypt.api.EncryptionMethod, java.lang.String, java.util.List, java.lang.String, org.w3c.dom.Node, java.util.Map):boolean");
    }

    private void addReferenceIntoEncryptedDataMap(Map map, List list, EncryptedData encryptedData) {
        if (null != map) {
            for (int i = 0; i < list.size(); i++) {
                Node node = (Node) list.get(i);
                if (null != node.getLocalName()) {
                    map.put(new QName(node.getNamespaceURI(), node.getLocalName()), encryptedData.getId());
                    try {
                        map.put(getUri((Element) node), encryptedData.getId());
                    } catch (WSSecurityException e) {
                        LogUtils.logEncrypt("NO URI for " + node.getLocalName() + " ERROR " + e.toString());
                    }
                }
            }
        }
    }

    private boolean hasDkStrType(List list) {
        if (null == list || list.size() == 0) {
            return false;
        }
        Iterator it = list.iterator();
        while (it.hasNext()) {
            STRType sTRType = (STRType) it.next();
            if ("http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(sTRType.getValueType()) || "http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk".equals(sTRType.getValueType())) {
                return true;
            }
        }
        return false;
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateSignatureAndEncryptionRequest(SignedInfo signedInfo, List list, EncryptionMethod encryptionMethod, EncryptionMethod encryptionMethod2, String str, List list2, String str2, boolean z, ContextHandler contextHandler) throws WSSecurityException, XMLEncryptionException {
        if (list != null && list.size() != 0 && !validateEncryption(list, encryptionMethod, encryptionMethod2, str, list2, str2, null)) {
            return false;
        }
        if (signedInfo == null) {
            return true;
        }
        this.securityCtx.setProperty(weblogic.xml.crypto.wss.SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE, null);
        return validateSignature(signedInfo, WSS11Constants.ENC_KEY_TOKEN_TYPE, enckeyDirectSTRList, str2, null);
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateEncryptionAndSignatureRequest(SignedInfo signedInfo, List list, EncryptionMethod encryptionMethod, EncryptionMethod encryptionMethod2, String str, List list2, String str2, boolean z, ContextHandler contextHandler) throws WSSecurityException, XMLEncryptionException {
        boolean z2 = true;
        if (list != null && list.size() != 0) {
            HashMap hashMap = new HashMap();
            z2 = validateEncryption(list, encryptionMethod, encryptionMethod2, str, list2, str2, null, hashMap);
            if (!z2) {
                this.securityCtx.setProperty(weblogic.xml.crypto.wss.SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE, null);
                z2 = validateEncryption(list, encryptionMethod, encryptionMethod2, WSS11Constants.ENC_KEY_TOKEN_TYPE, list2, str2, null, hashMap);
            }
            if (!z2) {
                return z2;
            }
            if (!hashMap.isEmpty()) {
                ((SecurityTokenContextHandler) contextHandler).addContextElement(SecurityTokenContextHandler.ENCRYPTED_ELEMENT_MAP, hashMap);
            }
        }
        if (signedInfo != null) {
            Map map = (Map) contextHandler.getValue(SecurityTokenContextHandler.ENCRYPTED_ELEMENT_MAP);
            if (null != map) {
                for (ReferenceImpl referenceImpl : signedInfo.getReferences()) {
                    if (map.containsKey(referenceImpl.getURI())) {
                        referenceImpl.setUri(SigningPreprocessor.FRAGMENT_URI + ((String) map.get(referenceImpl.getURI())));
                    }
                }
            }
            this.securityCtx.setProperty(weblogic.xml.crypto.wss.SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE, null);
            z2 = validateSignature(signedInfo, WSS11Constants.ENC_KEY_TOKEN_TYPE, enckeyDirectSTRList, str2, null);
        }
        return z2;
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateSignatureAndEncryptionResponse(SignedInfo signedInfo, List list, EncryptionMethod encryptionMethod, ContextHandler contextHandler) throws WSSecurityException, XMLEncryptionException {
        this.securityCtx.setProperty(weblogic.xml.crypto.wss.SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE, null);
        if (list != null && list.size() != 0 && !validateEncryption(list, null, encryptionMethod, WSS11Constants.ENC_KEY_TOKEN_TYPE, null, null)) {
            return false;
        }
        if (signedInfo != null) {
            return validateSignature(signedInfo, WSS11Constants.ENC_KEY_TOKEN_TYPE, null, null);
        }
        return true;
    }

    @Override // weblogic.xml.crypto.wss11.internal.SecurityValidator
    public boolean validateSignatureConfirmation() {
        WSS11Context wSS11Context = (WSS11Context) this.securityCtx;
        List signatureConfirmations = wSS11Context.getSignatureConfirmations();
        if (signatureConfirmations == null || signatureConfirmations.size() == 0) {
            LogUtils.logWss("No SignatureConfirmation element.");
            return false;
        }
        boolean z = false;
        Iterator<String[]> it = wSS11Context.getPreviousMessageSignatureValues().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            if (validateSignatureConfirmationForRequest(signatureConfirmations, it.next())) {
                z = true;
                break;
            }
        }
        if (z) {
            LogUtils.logWss("Succeed to validate sign conf using all sign values");
            return true;
        }
        LogUtils.logWss("Failed to validate sign conf using all sign values");
        return false;
    }

    private boolean validateSignatureConfirmationForRequest(List list, String[] strArr) {
        if (strArr == null || strArr.length <= 0) {
            if (list.size() > 1) {
                LogUtils.logWss("No Signature in request, but more than one SignatureConfirmation in response.");
                return false;
            }
            String signatureValue = ((SignatureConfirmation) list.get(0)).getSignatureValue();
            if (signatureValue == null || signatureValue.trim().equals("")) {
                return true;
            }
            LogUtils.logWss("No Signature in request, but SignatureConfirmation/@Value is not empty.");
            return false;
        }
        if (strArr.length != list.size()) {
            LogUtils.logWss("Number of SignatureConfirmation elements does not match number of Signatures from request.");
            return false;
        }
        for (String str : strArr) {
            boolean z = false;
            String str2 = "";
            Iterator it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SignatureConfirmation signatureConfirmation = (SignatureConfirmation) it.next();
                if (null != signatureConfirmation.getSignatureValue() && signatureConfirmation.getSignatureValue().equals(str)) {
                    LogUtils.logWss("See matched sign conf value: " + str);
                    z = true;
                    break;
                }
                str2 = str2 + signatureConfirmation.getSignatureValue() + "\n";
            }
            if (!z) {
                LogUtils.logWss("Failed to validate SignatureConfirmation/@Value: " + str);
                LogUtils.logWss("The signature confirmation values are: \n" + str2);
                return false;
            }
        }
        return true;
    }

    static {
        enckeyDirectSTRList.add(enckeyDirectSTR);
    }
}
