package weblogic.xml.crypto.wss;

import java.io.Serializable;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Calendar;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.security.UsernameAndPassword;
import weblogic.security.WSUserPasswordDigest;
import weblogic.security.service.ContextHandler;
import weblogic.security.utils.PasswordDigestUtils;
import weblogic.utils.collections.ConcurrentHashMap;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.api.Encoding;
import weblogic.xml.crypto.wss.api.UsernameToken;
import weblogic.xml.crypto.wss.policy.ClaimsBuilder;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo;
import weblogic.xml.dom.marshal.MarshalException;
import weblogic.xml.schema.types.XSDDateTime;
import weblogic.xml.security.utils.Utils;

/* loaded from: input_file:weblogic/xml/crypto/wss/UsernameTokenImpl.class */
public class UsernameTokenImpl extends SecurityTokenImpl implements UsernameToken, SecurityTokenPolicyInfo, WSUserPasswordDigest, Serializable {
    private static final long serialVersionUID = 9185634049782890759L;
    private static final String defaultNonceEncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    private static final String defaultPasswordType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    private static final boolean defaultUsePassword = true;
    private static final String DIGEST_ALGORITHM = "SHA-1";
    private static final String ASCII = "US-ASCII";
    private static final String UTF_8 = "UTF-8";
    private static final String ID_PREFIX = "unt";
    private static final String POLICY_URI = "http://www.bea.com/wls90/security/policy";
    private static final short USERNAME = 0;
    private static final short PWD = 1;
    private static final short NONCE = 2;
    private static final short CREATED = 3;
    private String id;
    private String username;
    private transient char[] password;
    private transient String passwordDigest;
    private transient byte[] decodedPwdDigest;
    private String passwordType;
    private boolean usePassword;
    private String passwordId;
    private byte[] nonce;
    private String encodedNonce;
    private String nonceEncodingType;
    private boolean useNonce;
    private Calendar created;
    private String serializedCreated;
    private boolean useCreated;
    private transient UsernameAndPassword credential;
    private static final String[] valueTypes = {WSSConstants.VALUE_TYPE_UNT};
    private static final QName POLICY_USE_PASSWD = new QName("http://www.bea.com/wls90/security/policy", "UsePassword");
    private static final QName POLICY_PASSWD_TYPE = new QName("Type");
    public static final QName POLICY_PASSWD_ATTR = new QName("Attribute");
    private static final ConcurrentHashMap encodings = new ConcurrentHashMap();

    public UsernameTokenImpl() {
        this.passwordType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
        this.usePassword = true;
        this.nonceEncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    }

    private UsernameTokenImpl(UsernameAndPassword usernameAndPassword) throws WSSecurityException {
        this(usernameAndPassword, null);
    }

    public UsernameTokenImpl(UsernameAndPassword usernameAndPassword, ContextHandler contextHandler) throws WSSecurityException {
        super(usernameAndPassword);
        this.passwordType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
        this.usePassword = true;
        this.nonceEncodingType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
        this.username = usernameAndPassword.getUsername();
        this.password = usernameAndPassword.getPassword();
        Node node = (Node) contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP);
        if (node == null || ClaimsBuilder.getClaimFromElt(node, POLICY_USE_PASSWD) == null) {
            this.usePassword = false;
            this.passwordType = null;
        } else {
            this.passwordType = ClaimsBuilder.getClaimFromAttr(node, POLICY_USE_PASSWD, POLICY_PASSWD_TYPE);
        }
        if (this.usePassword && this.password == null) {
            throw new WSSecurityException("No password provided for Password Type for UsernameToken: " + this.passwordType, WSSConstants.FAILURE_TOKEN_INVALID);
        }
        if (this.usePassword && this.password != null && !WSSConstants.PASSWORD_TYPE_DIGEST.equals(this.passwordType) && !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(this.passwordType)) {
            throw new WSSecurityException("Invalid Password Type for UsernameToken: " + this.passwordType, WSSConstants.FAILURE_TOKEN_INVALID);
        }
        if (WSSConstants.PASSWORD_TYPE_DIGEST.equals(this.passwordType)) {
            this.useNonce = true;
            this.useCreated = true;
        } else if (node != null) {
            String claimFromAttr = ClaimsBuilder.getClaimFromAttr(node, POLICY_USE_PASSWD, POLICY_PASSWD_ATTR);
            if (WSSConstants.PASSWORD_TYPE_NONCE_CREATE.equals(claimFromAttr)) {
                this.useNonce = true;
                this.useCreated = true;
            } else if (WSSConstants.PASSWORD_TYPE_NONCE.equals(claimFromAttr)) {
                this.useNonce = true;
            } else if (WSSConstants.PASSWORD_TYPE_CREATE.equals(claimFromAttr)) {
                this.useCreated = true;
            }
        }
        this.id = DOMUtils.generateId(ID_PREFIX);
    }

    public static void initEncodings() {
        register(new Base64Encoding());
    }

    public static void register(Encoding encoding) {
        encodings.put(encoding.getURI(), encoding);
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public String getValueType() {
        return WSSConstants.VALUE_TYPE_UNT;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public String getId() {
        return this.id;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public void setId(String str) {
        this.id = str;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public PrivateKey getPrivateKey() {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public PublicKey getPublicKey() {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public Key getSecretKey() {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenImpl, weblogic.xml.crypto.wss.provider.SecurityToken
    public Object getCredential() {
        if (this.credential == null) {
            this.credential = new UsernameAndPassword(this.username, this.password);
        }
        return this.credential;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public String getUsername() {
        return this.username;
    }

    public byte[] getDecodedPasswordDigest() {
        return this.decodedPwdDigest;
    }

    public byte[] getDecodedNonce() {
        return this.nonce;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public byte[] getPassword() {
        if (this.password != null) {
            return new String(this.password).getBytes();
        }
        return null;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public String getPasswordType() {
        return this.passwordType;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public String getEncodedNonce() {
        return this.encodedNonce;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public String getNonceEncodingType() {
        return this.nonceEncodingType;
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public Calendar getCreated() {
        return this.created;
    }

    public String getCreatedString() {
        return this.serializedCreated;
    }

    public SecurityToken getSecurityToken(String str, Object obj, ContextHandler contextHandler) throws WSSecurityException {
        return new UsernameTokenImpl((UsernameAndPassword) obj, contextHandler);
    }

    public void marshal(Element element, Node node, Map map) throws MarshalException {
        Map namespaceMap = DOMUtils.getNamespaceMap(element);
        String str = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        String str2 = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        Element createElement = DOMUtils.createElement(element, WSSConstants.UNT_QNAME, str);
        if (this.id != null) {
            DOMUtils.addPrefixedAttribute(createElement, WSSConstants.WSU_ID_QNAME, str2, this.id);
            DOMUtils.declareNamespace(createElement, WSSConstants.WSU_ID_QNAME.getNamespaceURI(), str2, namespaceMap);
        }
        DOMUtils.addText(DOMUtils.createAndAddElement(createElement, WSSConstants.USERNAME_QNAME, str), this.username);
        if (this.usePassword) {
            Element createAndAddElement = DOMUtils.createAndAddElement(createElement, WSSConstants.PASSWORD_QNAME, str);
            if (this.passwordId != null) {
                DOMUtils.addPrefixedAttribute(createAndAddElement, WSSConstants.WSU_ID_QNAME, str2, this.passwordId);
                DOMUtils.declareNamespace(createAndAddElement, WSSConstants.WSU_ID_QNAME.getNamespaceURI(), str2, namespaceMap);
            }
            DOMUtils.addAttribute(createAndAddElement, WSSConstants.TYPE_QNAME, this.passwordType);
            if (WSSConstants.PASSWORD_TYPE_DIGEST.equals(this.passwordType)) {
                createPasswordDigest();
                DOMUtils.addText(createAndAddElement, this.passwordDigest);
            } else {
                if (this.useCreated) {
                    createCreated();
                }
                if (this.useNonce) {
                    createNonce();
                }
                DOMUtils.addText(createAndAddElement, new String(this.password));
            }
        }
        if (this.useNonce) {
            Element createAndAddElement2 = DOMUtils.createAndAddElement(createElement, WSSConstants.NONCE_QNAME, str);
            DOMUtils.addAttribute(createAndAddElement2, WSSConstants.ENCODING_TYPE_QNAME, this.nonceEncodingType);
            DOMUtils.addText(createAndAddElement2, this.encodedNonce);
        }
        if (this.useCreated) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, WSSConstants.CREATED_QNAME, str2), XSDDateTime.getXml(this.created));
        }
        if (node != null) {
            element.insertBefore(createElement, node);
        } else {
            element.appendChild(createElement);
        }
    }

    public void unmarshal(Node node) throws MarshalException {
        Element element = (Element) node;
        this.id = DOMUtils.getAttributeValue(element, WSSConstants.WSU_ID_QNAME);
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            throw new MarshalException("UsernameToken is empty.");
        }
        DOMUtils.require(firstElement, WSSConstants.USERNAME_QNAME);
        if (null == firstElement.getFirstChild()) {
            throw new MarshalException("UsernameToken username is empty.");
        }
        this.username = DOMUtils.getText(firstElement);
        Element nextElement = DOMUtils.getNextElement(firstElement);
        while (true) {
            Element element2 = nextElement;
            if (element2 == null) {
                return;
            }
            if (DOMUtils.is(element2, WSSConstants.PASSWORD_QNAME)) {
                unmarshalPassword(element2);
            } else if (DOMUtils.is(element2, WSSConstants.NONCE_QNAME)) {
                unmarshalNonce(element2);
            } else {
                if (!DOMUtils.is(element2, WSSConstants.CREATED_QNAME)) {
                    throw new MarshalException("Unsupported child element " + DOMUtils.getQName(element2) + " in UsernameToken");
                }
                unmarshalCreated(element2);
            }
            nextElement = DOMUtils.getNextElement(element2);
        }
    }

    private void createCreated() {
        this.created = TimestampImpl.getCalendar();
        this.serializedCreated = XSDDateTime.getXml(this.created);
    }

    private void createNonce() {
        this.nonce = Utils.generateNonce(32);
        this.encodedNonce = ((Encoding) encodings.get(this.nonceEncodingType)).encode(this.nonce);
    }

    private void createPasswordDigest() {
        try {
            if (this.useCreated) {
                createCreated();
            }
            if (this.useNonce) {
                createNonce();
            }
            this.passwordDigest = ((Encoding) encodings.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")).encode(PasswordDigestUtils.passwordDigest(this.nonce, getCreatedString(), new String(this.password).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
        } catch (NoSuchAlgorithmException e2) {
        }
    }

    private void unmarshalCreated(Element element) throws MarshalException {
        if (null == element.getFirstChild() || null == DOMUtils.getText(element)) {
            throw new MarshalException("Invalid Createde.");
        }
        if (this.serializedCreated != null) {
            throw new MarshalException("Only one Created element allowed in UsernameToken.");
        }
        this.serializedCreated = DOMUtils.getText(element);
        this.created = XSDDateTime.convertXml(this.serializedCreated);
    }

    private void unmarshalNonce(Element element) throws MarshalException {
        if (this.encodedNonce != null) {
            throw new MarshalException("Only one Nonce element allowed in UsernameToken.");
        }
        if (null == element.getFirstChild() || null == DOMUtils.getText(element)) {
            throw new MarshalException("Invalid Nonce.");
        }
        this.nonceEncodingType = DOMUtils.getAttributeValue(element, WSSConstants.ENCODING_TYPE_QNAME, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        this.encodedNonce = DOMUtils.getText(element);
        this.nonce = ((Encoding) encodings.get(this.nonceEncodingType)).decode(this.encodedNonce);
    }

    private void unmarshalPassword(Element element) throws MarshalException {
        if (this.password != null || this.passwordDigest != null) {
            throw new MarshalException("Only one Password element allowed in UsernameToken.");
        }
        if (null == element.getFirstChild() || null == DOMUtils.getText(element)) {
            throw new MarshalException("Invalid Password.");
        }
        this.passwordId = DOMUtils.getAttributeValue(element, WSSConstants.WSU_ID_QNAME);
        String attributeValue = DOMUtils.getAttributeValue(element, WSSConstants.TYPE_QNAME);
        if (attributeValue != null) {
            this.passwordType = attributeValue;
        }
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(this.passwordType)) {
            this.password = DOMUtils.getText(element).toCharArray();
        } else {
            if (!WSSConstants.PASSWORD_TYPE_DIGEST.equals(this.passwordType)) {
                throw new MarshalException("Invalid Password Type.");
            }
            this.passwordDigest = DOMUtils.getText(element);
            this.decodedPwdDigest = Utils.base64(this.passwordDigest);
        }
    }

    @Override // weblogic.xml.crypto.api.XMLStructure
    public boolean isFeatureSupported(String str) {
        return false;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo
    public boolean supports(Purpose purpose) {
        return Purpose.IDENTITY.equals(purpose);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenPolicyInfo
    public Element getSecurityTokenAssertion(Element element, Purpose purpose, ContextHandler contextHandler) throws WSSecurityConfigurationException {
        String prefix = DOMUtils.getPrefix("http://www.bea.com/wls90/security/policy", element);
        Element createAndAddElement = DOMUtils.createAndAddElement(element, WSSConstants.POLICY_TOKEN_QNAME, prefix);
        DOMUtils.addAttribute(createAndAddElement, WSSConstants.POLICY_TOKEN_TYPE_QNAME, valueTypes[0]);
        Element createAndAddElement2 = DOMUtils.createAndAddElement(createAndAddElement, WSSConstants.POLICY_USE_PASSWD_QNAME, prefix);
        boolean z = false;
        List list = (List) contextHandler.getValue(WssPolicyContextHandler.TOKEN_HANDLER_LIST);
        if (list != null) {
            Iterator it = list.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityTokenHandler securityTokenHandler = (SecurityTokenHandler) it.next();
                if (securityTokenHandler instanceof UsernameTokenHandler) {
                    z = ((UsernameTokenHandler) securityTokenHandler).isPasswordDigestSupported();
                    break;
                }
            }
        }
        if (z) {
            DOMUtils.addAttribute(createAndAddElement2, WSSConstants.POLICY_USE_PASSWD_TYPE_QNAME, WSSConstants.PASSWORD_TYPE_DIGEST);
        } else {
            DOMUtils.addAttribute(createAndAddElement2, WSSConstants.POLICY_USE_PASSWD_TYPE_QNAME, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        }
        return createAndAddElement;
    }

    public String getNonce() {
        return getEncodedNonce();
    }

    public long getCreatedTimeInMillis() {
        return getCreated().getTimeInMillis();
    }

    @Override // weblogic.xml.crypto.wss.api.UsernameToken
    public String getPasswordDigest() {
        return this.passwordDigest;
    }

    static {
        initEncodings();
    }
}
