package weblogic.xml.security.wsse.v200207;

import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.NoSuchElementException;
import weblogic.xml.security.NamedKey;
import weblogic.xml.security.SecurityProcessingException;
import weblogic.xml.security.UserInfo;
import weblogic.xml.security.encryption.EncryptedKey;
import weblogic.xml.security.encryption.EncryptionException;
import weblogic.xml.security.encryption.ReferenceList;
import weblogic.xml.security.encryption.XMLEncReader;
import weblogic.xml.security.keyinfo.KeyInfo;
import weblogic.xml.security.keyinfo.KeyInfoValidationException;
import weblogic.xml.security.signature.DSIGReader;
import weblogic.xml.security.signature.InternalReference;
import weblogic.xml.security.signature.Reference;
import weblogic.xml.security.signature.Signature;
import weblogic.xml.security.signature.XMLSignatureException;
import weblogic.xml.security.specs.EncryptionSpec;
import weblogic.xml.security.specs.SignatureSpec;
import weblogic.xml.security.transforms.ExcC14NTransform;
import weblogic.xml.security.transforms.IncompatibleTransformException;
import weblogic.xml.security.transforms.Transform;
import weblogic.xml.security.transforms.TransformException;
import weblogic.xml.security.utils.ElementFactory;
import weblogic.xml.security.utils.MutableStart;
import weblogic.xml.security.utils.StreamUtils;
import weblogic.xml.security.wsse.BinarySecurityToken;
import weblogic.xml.security.wsse.Security;
import weblogic.xml.security.wsse.SecurityTokenReference;
import weblogic.xml.security.wsse.Token;
import weblogic.xml.security.wsse.UsernameToken;
import weblogic.xml.security.wsse.internal.Operation;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;
import weblogic.xml.security.wsu.Expires;
import weblogic.xml.security.wsu.Timestamp;
import weblogic.xml.security.wsu.WSUFactory;
import weblogic.xml.security.wsu.v200207.WSUConstants;
import weblogic.xml.stream.Attribute;
import weblogic.xml.stream.XMLEvent;
import weblogic.xml.stream.XMLInputStream;
import weblogic.xml.stream.XMLStreamException;

/* loaded from: input_file:weblogic/xml/security/wsse/v200207/SecurityImpl.class */
public class SecurityImpl implements WSSEConstants, Security {
    private static final WSUFactory timestampFac = WSUFactory.getInstance(WSUConstants.WSU_URI);
    private String role;
    private List elements;
    private List toDoList;
    private Map tokenMap;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/xml/security/wsse/v200207/SecurityImpl$TypeIterator.class */
    public static class TypeIterator implements Iterator {
        private final Class clazz;
        private final Iterator source;
        private Object next = null;
        private boolean used = false;

        public TypeIterator(Class cls, Iterator it) {
            this.clazz = cls;
            this.source = it;
        }

        @Override // java.util.Iterator
        public boolean hasNext() {
            if (this.next != null) {
                return true;
            }
            this.next = findNext();
            return this.next != null;
        }

        private Object findNext() {
            this.used = true;
            while (this.source.hasNext()) {
                Object next = this.source.next();
                if (this.clazz.isInstance(next)) {
                    return next;
                }
            }
            return null;
        }

        @Override // java.util.Iterator
        public Object next() {
            if (this.next != null) {
                Object obj = this.next;
                this.next = null;
                return obj;
            }
            Object findNext = findNext();
            if (findNext == null) {
                throw new NoSuchElementException();
            }
            return findNext;
        }

        @Override // java.util.Iterator
        public void remove() {
            if (!this.used) {
                throw new IllegalStateException("Iterator has not been used");
            }
            if (this.next != null) {
                throw new IllegalStateException("This iterator does not support remove() after hasNext()");
            }
            this.source.remove();
        }
    }

    public SecurityImpl(XMLInputStream xMLInputStream, String str) throws XMLStreamException {
        this.role = null;
        this.elements = new ArrayList(3);
        this.toDoList = new ArrayList();
        this.tokenMap = null;
        fromXMLInternal(xMLInputStream, str);
    }

    public SecurityImpl(String str) {
        this.role = null;
        this.elements = new ArrayList(3);
        this.toDoList = new ArrayList();
        this.tokenMap = null;
        this.role = str;
    }

    @Override // weblogic.xml.security.wsse.Security
    public Signature addSignature(Token token) throws SecurityProcessingException {
        return addSignature(token, SignatureSpec.getDefaultSpec());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Signature addSignature(Token token, SignatureSpec signatureSpec) throws SecurityProcessingException {
        Signature signature = new Signature();
        KeyInfo keyInfo = new KeyInfo(token);
        signature.setKeyInfo(keyInfo);
        if (WSSEConstants.SIGN_BST) {
            Iterator securityTokenReferences = keyInfo.getSecurityTokenReferences();
            while (securityTokenReferences.hasNext()) {
                signature.addReference(createReference(SigningPreprocessor.FRAGMENT_URI + token.getId(), token, signatureSpec));
            }
        }
        try {
            signature.setSignatureMethod(signatureSpec.getSignatureMethod());
            signature.setCanonicalizationMethod(signatureSpec.getCanonicalizationMethod());
            prepend(signature);
            addToDo(signature, signatureSpec);
            return signature;
        } catch (XMLSignatureException e) {
            throw new SecurityProcessingException("Unable to set Method", e);
        }
    }

    private Reference createReference(String str, Token token, SignatureSpec signatureSpec) {
        InternalReference internalReference = new InternalReference(str);
        try {
            internalReference.addTransform((ExcC14NTransform) Transform.getTransform(signatureSpec.getCanonicalizationMethod()));
            addBSTToReference(internalReference, (BinarySecurityTokenImpl) token);
        } catch (IncompatibleTransformException e) {
            e.printStackTrace();
        } catch (TransformException e2) {
            e2.printStackTrace();
        } catch (XMLStreamException e3) {
            e3.printStackTrace();
        }
        return internalReference;
    }

    private void addBSTToReference(InternalReference internalReference, BinarySecurityTokenImpl binarySecurityTokenImpl) throws XMLStreamException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(ElementFactory.createAttribute("ValueType", binarySecurityTokenImpl.getValueType()));
        arrayList.add(ElementFactory.createAttribute("EncodingType", binarySecurityTokenImpl.getEncodingType()));
        arrayList.add(ElementFactory.createAttribute(WSUConstants.WSU_URI, "Id", "wsu", binarySecurityTokenImpl.getId()));
        Attribute[] attributeArr = new Attribute[arrayList.size()];
        arrayList.toArray(attributeArr);
        MutableStart mutableStart = (MutableStart) ElementFactory.createStartElement(WSSEConstants.WSSE_URI, "BinarySecurityToken", "wsse");
        for (int i = 0; i < attributeArr.length; i++) {
            if (attributeArr[i] != null) {
                mutableStart.addAttribute(attributeArr[i]);
            }
        }
        internalReference.observe(mutableStart);
        internalReference.observe(ElementFactory.createCharacterData(binarySecurityTokenImpl.getEncodedValue()));
        internalReference.observe(ElementFactory.createEndElement(WSSEConstants.WSSE_URI, "BinarySecurityToken", "wsse"));
    }

    @Override // weblogic.xml.security.wsse.Security
    public EncryptedKey addEncryption(Token token, EncryptionSpec encryptionSpec) throws SecurityProcessingException {
        if (token == null && encryptionSpec != null) {
            token = encryptionSpec.getToken();
        }
        X509Certificate certificate = token != null ? token.getCertificate() : null;
        if (certificate == null) {
            throw new SecurityProcessingException("provided token " + token + " does not support key encryption");
        }
        return addEncryption(certificate, new KeyInfo(token), encryptionSpec);
    }

    @Override // weblogic.xml.security.wsse.Security
    public EncryptedKey addEncryption(Token token, NamedKey namedKey, EncryptionSpec encryptionSpec) throws SecurityProcessingException {
        EncryptedKey addEncryption = addEncryption(token, encryptionSpec);
        addEncryption.setWrappedKey(namedKey.getKey());
        addEncryption.setCarriedKeyName(namedKey.getName());
        return addEncryption;
    }

    @Override // weblogic.xml.security.wsse.Security
    public ReferenceList addEncryption(NamedKey namedKey, EncryptionSpec encryptionSpec) throws SecurityProcessingException {
        ReferenceList referenceList = new ReferenceList();
        addToDo(namedKey.copy(referenceList), encryptionSpec);
        prepend(referenceList);
        return referenceList;
    }

    @Override // weblogic.xml.security.wsse.Security
    public EncryptedKey addEncryption(X509Certificate x509Certificate, EncryptionSpec encryptionSpec) throws SecurityProcessingException {
        if (x509Certificate == null) {
            throw new AssertionError("No certificate available for key wrapping");
        }
        return addEncryption(x509Certificate, new KeyInfo(x509Certificate.getSubjectDN().toString()), encryptionSpec);
    }

    private EncryptedKey addEncryption(X509Certificate x509Certificate, KeyInfo keyInfo, EncryptionSpec encryptionSpec) throws SecurityProcessingException {
        try {
            PublicKey publicKey = x509Certificate.getPublicKey();
            EncryptedKey encryptedKey = new EncryptedKey(publicKey, encryptionSpec.getEncryptionMethod(), getWrappingAlgorithm(publicKey, encryptionSpec.getKeyWrappingMethod()));
            encryptedKey.setKeyInfo(keyInfo);
            return addEncryption(encryptedKey, encryptionSpec);
        } catch (EncryptionException e) {
            throw new SecurityProcessingException("Problem adding encrypted key", e);
        }
    }

    private EncryptedKey addEncryption(EncryptedKey encryptedKey, EncryptionSpec encryptionSpec) {
        prepend(encryptedKey);
        addToDo(encryptedKey, encryptionSpec);
        return encryptedKey;
    }

    private String getWrappingAlgorithm(Key key, String str) throws SecurityProcessingException {
        String algorithm = key.getAlgorithm();
        if ("RSA".equals(algorithm)) {
            return str;
        }
        throw new SecurityProcessingException("No keywrapping algorithm available for " + algorithm + " keys");
    }

    @Override // weblogic.xml.security.wsse.Security
    public EncryptedKey addEncryption(Token token) throws SecurityProcessingException {
        return addEncryption(token, EncryptionSpec.getDefaultSpec());
    }

    @Override // weblogic.xml.security.wsse.Security
    public void addBinarySecurityToken(BinarySecurityToken binarySecurityToken) {
        addToken(binarySecurityToken);
    }

    @Override // weblogic.xml.security.wsse.Security
    public void addUsernameToken(UsernameToken usernameToken) {
        addToken(usernameToken);
    }

    @Override // weblogic.xml.security.wsse.Security
    public Token addToken(Token token) {
        this.tokenMap = null;
        try {
            updateReferenes(token);
            prepend(token);
            addToDo(token);
            return token;
        } catch (SecurityProcessingException e) {
            throw new IllegalStateException(e.getMessage());
        }
    }

    @Override // weblogic.xml.security.wsse.Security
    public Token addToken(X509Certificate x509Certificate, PrivateKey privateKey) {
        return addToken(new BinarySecurityTokenImpl(x509Certificate, privateKey));
    }

    @Override // weblogic.xml.security.wsse.Security
    public Token addToken(UserInfo userInfo) {
        return addToken(new UsernameTokenImpl(userInfo.getUsername(), userInfo.getPassword()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void append(Object obj) {
        if (obj instanceof Token) {
            this.tokenMap = null;
        }
        this.elements.add(obj);
    }

    void prepend(Object obj) {
        this.elements.add(0, obj);
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getChildren() {
        return this.elements.iterator();
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getTimestamps() {
        return new TypeIterator(Timestamp.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Timestamp addTimestamp() {
        return addTimestamp(timestampFac.createTimestamp());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Timestamp addTimestamp(long j) {
        return addTimestamp(timestampFac.createTimestamp(j));
    }

    @Override // weblogic.xml.security.wsse.Security
    public Timestamp addTimestamp(Calendar calendar) {
        return addTimestamp(timestampFac.createTimestamp(calendar));
    }

    @Override // weblogic.xml.security.wsse.Security
    public Timestamp addTimestamp(Calendar calendar, Calendar calendar2) {
        return addTimestamp(timestampFac.createTimestamp(calendar, calendar2));
    }

    private Timestamp addTimestamp(Timestamp timestamp) {
        addToDo(timestamp);
        prepend(timestamp);
        return timestamp;
    }

    private void updateReferenes(Token token) throws SecurityProcessingException {
        for (Object obj : this.elements) {
            if (obj instanceof Signature) {
                try {
                    updateReferences(((Signature) obj).getKeyInfo(), token);
                } catch (KeyInfoValidationException e) {
                    throw new SecurityProcessingException("Unable to update references: " + e.getMessage(), e);
                }
            } else if (obj instanceof EncryptedKey) {
                updateReferences(((EncryptedKey) obj).getKeyInfo(), token);
            }
        }
    }

    private void updateReferences(KeyInfo keyInfo, Token token) {
        Iterator securityTokenReferences = keyInfo.getSecurityTokenReferences();
        while (securityTokenReferences.hasNext()) {
            SecurityTokenReference securityTokenReference = (SecurityTokenReference) securityTokenReferences.next();
            if (securityTokenReference.references(token)) {
                securityTokenReference.setReference(SigningPreprocessor.FRAGMENT_URI + token.getId());
            }
        }
    }

    private Map getTokenMap() {
        if (this.tokenMap != null) {
            return this.tokenMap;
        }
        this.tokenMap = new HashMap();
        Iterator tokens = getTokens();
        while (tokens.hasNext()) {
            Token token = (Token) tokens.next();
            String id = token.getId();
            if (id != null) {
                this.tokenMap.put(id, token);
            }
        }
        return this.tokenMap;
    }

    private Iterator getTokens() {
        return new TypeIterator(Token.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getUsernameTokens() {
        return new TypeIterator(UsernameToken.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getBinarySecurityTokens() {
        return new TypeIterator(BinarySecurityToken.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Token getTokenById(String str) {
        return (Token) getTokenMap().get(str);
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getSignatures() {
        return new TypeIterator(Signature.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public Iterator getEncryptedKeys() {
        return new TypeIterator(EncryptedKey.class, this.elements.iterator());
    }

    @Override // weblogic.xml.security.wsse.Security
    public String getRole() {
        return this.role;
    }

    private void fromXMLInternal(XMLInputStream xMLInputStream, String str) throws XMLStreamException {
        this.role = StreamUtils.getAttribute(StreamUtils.getElement(xMLInputStream, str, "Security"), "role");
        XMLEvent peek = xMLInputStream.peek();
        while (true) {
            XMLEvent xMLEvent = peek;
            if (xMLEvent.isEndElement()) {
                StreamUtils.closeScope(xMLInputStream, str, "Security");
                return;
            }
            if (xMLEvent.isStartElement()) {
                if (StreamUtils.matches(xMLEvent, "BinarySecurityToken", str)) {
                    append(new BinarySecurityTokenImpl(xMLInputStream, str));
                } else if (StreamUtils.matches(xMLEvent, "UsernameToken", str)) {
                    append(new UsernameTokenImpl(xMLInputStream, str));
                } else if (StreamUtils.matches(xMLEvent, "Signature", "http://www.w3.org/2000/09/xmldsig#")) {
                    append(DSIGReader.read(xMLInputStream, 8));
                } else if (StreamUtils.matches(xMLEvent, "ReferenceList", "http://www.w3.org/2001/04/xmlenc#")) {
                    append(XMLEncReader.read(xMLInputStream, 4));
                } else if (StreamUtils.matches(xMLEvent, "EncryptedData", "http://www.w3.org/2001/04/xmlenc#")) {
                    append(XMLEncReader.read(xMLInputStream, 1));
                } else if (StreamUtils.matches(xMLEvent, "EncryptedKey", "http://www.w3.org/2001/04/xmlenc#")) {
                    append(XMLEncReader.read(xMLInputStream, 2));
                } else {
                    StreamUtils.discard(xMLInputStream);
                }
                peek = xMLInputStream.peek();
            } else {
                xMLInputStream.next();
                peek = xMLInputStream.peek();
            }
        }
    }

    public String toString() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("[" + WSSE_URI + "]Security {\n");
        Iterator it = this.elements.iterator();
        while (it.hasNext()) {
            stringBuffer.append(it.next());
        }
        stringBuffer.append("\n}");
        return stringBuffer.toString();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List getToDoList() {
        return this.toDoList;
    }

    private void addToDo(Signature signature, SignatureSpec signatureSpec) {
        this.toDoList.add(new Operation(signature, signatureSpec));
    }

    private void addToDo(EncryptedKey encryptedKey, EncryptionSpec encryptionSpec) {
        this.toDoList.add(new Operation(encryptedKey, encryptionSpec));
    }

    private void addToDo(NamedKey namedKey, EncryptionSpec encryptionSpec) {
        this.toDoList.add(new Operation(namedKey, encryptionSpec));
    }

    private void addToDo(Token token) {
        this.toDoList.add(token);
    }

    private void addToDo(Timestamp timestamp) {
        this.toDoList.add(timestamp);
    }

    @Override // weblogic.xml.security.wsse.Security
    public boolean expired() {
        return expired(-1L);
    }

    @Override // weblogic.xml.security.wsse.Security
    public boolean expired(long j) {
        Iterator timestamps = getTimestamps();
        long currentTimeMillis = System.currentTimeMillis();
        long j2 = currentTimeMillis - j;
        boolean z = true;
        while (true) {
            if (!timestamps.hasNext()) {
                break;
            }
            Timestamp timestamp = (Timestamp) timestamps.next();
            if (j >= 0 && timestamp.getCreated().getTime().getTimeInMillis() < j2) {
                z = false;
                break;
            }
            Expires expires = timestamp.getExpires();
            if (expires != null && expires.getTime().getTimeInMillis() >= currentTimeMillis) {
                z = false;
                break;
            }
        }
        return z;
    }
}
