package weblogic.wsee.security.wssc.base.dk;

import java.io.UnsupportedEncodingException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.wsee.security.saml.SAMLToken;
import weblogic.wsee.security.wssc.SecurityTokenBase;
import weblogic.wsee.security.wssc.base.WSCConstantsBase;
import weblogic.wsee.security.wssc.base.faults.WSCFaultException;
import weblogic.wsee.security.wssc.dk.DKCredential;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.wsee.security.wst.helpers.EncryptedKeyInfoBuilder;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.utils.KeyUtils;
import weblogic.xml.crypto.wss.Base64Encoding;
import weblogic.xml.crypto.wss.SecurityTokenReferenceImpl;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.dom.DOMProcessingException;
import weblogic.xml.dom.marshal.MarshalException;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/dk/DKTokenBase.class */
public abstract class DKTokenBase extends SecurityTokenBase {
    private static final Logger LOGGER = Logger.getLogger(DKTokenBase.class.getName());
    private static final boolean DEBUG = false;
    private DKCredential credential;

    public DKTokenBase() {
    }

    public DKTokenBase(DKCredential dKCredential) {
        this.credential = dKCredential;
    }

    protected abstract QName getDK_ALGORITHM_QNAME();

    protected abstract QName getDK_QNAME();

    protected abstract QName getDK_OFFSET_QNAME();

    protected abstract QName getDK_LENGTH_QNAME();

    protected abstract QName getDK_LABEL_QNAME();

    protected abstract QName getDK_NONCE_QNAME();

    protected abstract QName getDK_GENERATION_QNAME();

    protected abstract String getDK_VALUE_TYPE();

    protected abstract String getURI_P_SHA1();

    protected abstract String getXMLNS_WSS();

    protected abstract String getXMLNS_WSC();

    protected abstract WSCFaultException newBadContextTokenException(String str);

    protected abstract WSCFaultException newUnknownDerivationSourceException(String str);

    protected abstract WSCFaultException newUnsupportedContextTokenException(String str);

    @Override // weblogic.wsee.security.wssc.SecurityTokenBase
    protected Element marshalInternal(Element element, Node node, Map map) throws MarshalException {
        Element createElement = DOMUtils.createElement(element, getDK_QNAME(), WSCConstantsBase.PREFIX_WSC);
        if (this.credential.getAlgorithm() != null) {
            DOMUtils.addAttribute(createElement, WSCConstantsBase.DK_ALGORITHM_QNAME, this.credential.getAlgorithm());
        }
        if (this.credential.getTokenReference() != null) {
            this.credential.getTokenReference().marshal(createElement, null, map);
        }
        if (this.credential.getGeneration() != -1) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, getDK_GENERATION_QNAME(), WSCConstantsBase.PREFIX_WSC), Integer.toString(this.credential.getGeneration()));
        }
        if (this.credential.getOffset() != -1) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, getDK_OFFSET_QNAME(), WSCConstantsBase.PREFIX_WSC), Integer.toString(this.credential.getOffset()));
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Marshall DK Credential: Length is: " + this.credential.getLength());
        }
        if (this.credential.getLength() != -1) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, getDK_LENGTH_QNAME(), WSCConstantsBase.PREFIX_WSC), Integer.toString(this.credential.getLength()));
        }
        if (this.credential.getLabel() != null) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, getDK_LABEL_QNAME(), WSCConstantsBase.PREFIX_WSC), this.credential.getLabel());
        }
        if (this.credential.getNonce() != null) {
            DOMUtils.addText(DOMUtils.createAndAddElement(createElement, getDK_NONCE_QNAME(), WSCConstantsBase.PREFIX_WSC), new Base64Encoding().encode(this.credential.getNonce()));
        }
        if (node == null) {
            element.appendChild(createElement);
        } else {
            element.insertBefore(createElement, node);
        }
        return createElement;
    }

    @Override // weblogic.wsee.security.wssc.SecurityTokenBase
    protected Element unmarshalInternal(Node node) throws MarshalException {
        Element element = (Element) node;
        this.credential = new DKCredential();
        this.credential.setAlgorithm(DOMUtils.getAttributeValue(element, getDK_ALGORITHM_QNAME()));
        Element element2 = getElement(element, getXMLNS_WSS(), "SecurityTokenReference");
        if (element2 != null) {
            this.credential.setTokenReference(SecurityTokenReferenceImpl.createAndUnmarshal(element2));
        }
        this.credential.setGeneration(getElementAsInt(element, getXMLNS_WSC(), WSCConstantsBase.DK_GENERATION_ELEMENT));
        this.credential.setOffset(getElementAsInt(element, getXMLNS_WSC(), WSCConstantsBase.DK_OFFSET_ELEMENT));
        this.credential.setLength(getElementAsInt(element, getXMLNS_WSC(), "Length"));
        this.credential.setLabel(getElementAsString(element, getXMLNS_WSC(), "Label"));
        if (this.credential.getLabel() == null) {
            this.credential.setLabel(WSCConstantsBase.DK_DEFAULT_LABEL_CORRECT);
        }
        String elementAsString = getElementAsString(element, getXMLNS_WSC(), "Nonce");
        if (elementAsString != null) {
            this.credential.setNonce(new Base64Encoding().decode(elementAsString));
        }
        return element;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityToken
    public Key getSecretKey() {
        return this.credential.getSecretKey();
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityToken
    public String getValueType() {
        return getDK_VALUE_TYPE();
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityToken
    public Object getCredential() {
        return this.credential;
    }

    public Key getSecretKey(MessageContext messageContext) {
        WSSecurityContext securityContext;
        SecurityTokenReference tokenReference;
        if (this.credential == null) {
            return null;
        }
        Key secretKey = this.credential.getSecretKey();
        if (secretKey != null) {
            return secretKey;
        }
        if ((this.credential.getAlgorithm() != null && !getURI_P_SHA1().equals(this.credential.getAlgorithm())) || (securityContext = WSSecurityContext.getSecurityContext(messageContext)) == null || (tokenReference = this.credential.getTokenReference()) == null) {
            return null;
        }
        SecurityToken securityToken = this.credential.getSecurityToken();
        if (securityToken == null) {
            try {
                securityToken = securityContext.getRequiredTokenHandler(tokenReference.getValueType()).getSecurityToken(tokenReference, messageContext);
                this.credential.setSecurityToken(securityToken);
            } catch (WSSecurityException e) {
                LOGGER.log(Level.FINE, "Could not resolve Referenced Token in Derived Key Token", (Throwable) e);
                WSTFaultUtil.raiseFault(newBadContextTokenException("Could not resolve Referenced Token in Derived Key Token"));
            }
        }
        if (securityToken == null) {
            LOGGER.log(Level.FINE, "Could not resolve Referenced Token in Derived Key Token");
            WSTFaultUtil.raiseFault(newBadContextTokenException("Could not resolve Referenced Token in Derived Key Token"));
        }
        Key secretKey2 = securityToken.getSecretKey();
        if (secretKey2 == null) {
            LOGGER.log(Level.FINE, "Context token does not have a shared secret that is required for deriving secret keys");
            WSTFaultUtil.raiseFault(newUnknownDerivationSourceException("Context token does not have a shared secret that is required for deriving secret keys"));
        }
        EncryptedKeyInfoBuilder.debugKey(secretKey2, "DK Token got sharedSecret from Referenced Token");
        if (securityToken instanceof SAMLToken) {
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Return with Symetric Key from SAML Token ");
            }
            return secretKey2;
        }
        int length = this.credential.getLength() != -1 ? this.credential.getLength() : 32;
        String label = this.credential.getLabel();
        if (label == null) {
            label = (String) messageContext.getProperty("weblogic.wsee.wssc.dk.label");
            if (label == null) {
                label = "WS-SecureConversation";
            }
        }
        try {
            byte[] P_SHA1 = KeyUtils.P_SHA1(secretKey2, concatenate(label.getBytes("UTF-8"), this.credential.getNonce()), length);
            String algorithm = secretKey2.getAlgorithm();
            SecretKeySpec secretKeySpec = (algorithm == null || algorithm.isEmpty()) ? new SecretKeySpec(P_SHA1, "AES") : new SecretKeySpec(P_SHA1, algorithm);
            this.credential.setSecretKey(secretKeySpec);
            if (LOGGER.isLoggable(Level.FINE)) {
            }
            EncryptedKeyInfoBuilder.debugKey(secretKeySpec, "DK Token set symetric Key onto new credential");
            return secretKeySpec;
        } catch (UnsupportedEncodingException e2) {
            WSTFaultUtil.raiseFault(newUnsupportedContextTokenException(e2.getMessage()));
            return null;
        } catch (InvalidKeyException e3) {
            WSTFaultUtil.raiseFault(newUnsupportedContextTokenException(e3.getMessage()));
            return null;
        } catch (NoSuchAlgorithmException e4) {
            WSTFaultUtil.raiseFault(newUnsupportedContextTokenException(e4.getMessage()));
            return null;
        }
    }

    private static Element getElement(Element element, String str, String str2) {
        try {
            return weblogic.xml.dom.DOMUtils.getOptionalElementByTagNameNS(element, str, str2);
        } catch (DOMProcessingException e) {
            return null;
        }
    }

    private static int getElementAsInt(Element element, String str, String str2) {
        Element element2 = getElement(element, str, str2);
        if (element2 != null) {
            return Integer.parseInt(weblogic.xml.dom.DOMUtils.getTextContent(element2, true));
        }
        return -1;
    }

    private static String getElementAsString(Element element, String str, String str2) {
        Element element2 = getElement(element, str, str2);
        if (element2 != null) {
            return weblogic.xml.dom.DOMUtils.getTextContent(element2, true);
        }
        return null;
    }

    private static final byte[] concatenate(byte[] bArr, byte[] bArr2) {
        if (bArr == null && bArr2 == null) {
            return null;
        }
        if (bArr == null && bArr2 != null) {
            return bArr2;
        }
        if (bArr != null && bArr2 == null) {
            return bArr;
        }
        byte[] bArr3 = new byte[bArr.length + bArr2.length];
        System.arraycopy(bArr, 0, bArr3, 0, bArr.length);
        System.arraycopy(bArr2, 0, bArr3, bArr.length, bArr2.length);
        return bArr3;
    }
}
