package weblogic.wsee.security.wss;

import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import org.w3c.dom.Node;
import weblogic.wsee.policy.framework.PolicyAlternative;
import weblogic.wsee.policy.framework.PolicyException;
import weblogic.wsee.security.policy.EncryptionPolicy;
import weblogic.wsee.security.policy.EncryptionTarget;
import weblogic.wsee.security.policy.IdentityPolicy;
import weblogic.wsee.security.policy.SecurityToken;
import weblogic.wsee.security.policy.SigningPolicy;
import weblogic.wsee.security.policy.SigningReferencesFactory;
import weblogic.wsee.security.policy.TimestampPolicy;
import weblogic.wsee.security.policy.assertions.ConfidentialityAssertion;
import weblogic.wsee.security.policy.assertions.IdentityAssertion;
import weblogic.wsee.security.policy.assertions.IntegrityAssertion;
import weblogic.wsee.security.policy.assertions.MessageAgeAssertion;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionFactory;
import weblogic.xml.crypto.wss.BSTUtils;
import weblogic.xml.crypto.wss.SecurityBuilder;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.Purpose;

/* loaded from: input_file:weblogic/wsee/security/wss/SecurityPolicyDriver.class */
public class SecurityPolicyDriver {
    private static final Logger LOGGER = Logger.getLogger(SecurityPolicyDriver.class.getName());
    private SecurityBuilder sbuilder;
    private SecurityTokenContextHandler ctxHandler;
    private SecurityToken policyIdToken;

    public SecurityPolicyDriver(SecurityBuilder securityBuilder, WSSecurityContext wSSecurityContext) {
        this.sbuilder = securityBuilder;
        this.ctxHandler = new SecurityTokenContextHandler(wSSecurityContext);
    }

    public void processOutbound(PolicyAlternative policyAlternative, SOAPMessageContext sOAPMessageContext) throws PolicyException, WSSecurityException, SecurityPolicyException, MarshalException, XMLEncryptionException {
        processOutbound(policyAlternative, null, sOAPMessageContext);
    }

    public void processOutbound(PolicyAlternative policyAlternative, PolicyAlternative policyAlternative2, SOAPMessageContext sOAPMessageContext) throws PolicyException, WSSecurityException, SecurityPolicyException, MarshalException, XMLEncryptionException {
        if (policyAlternative2 != null) {
            processConfidentialityTokens(policyAlternative2, sOAPMessageContext);
        }
        if (policyAlternative != null) {
            processMessageAge(policyAlternative);
            processIdentity(policyAlternative);
            processIntegrity(policyAlternative, sOAPMessageContext);
            processConfidentiality(policyAlternative, sOAPMessageContext);
        }
    }

    private void processConfidentialityTokens(PolicyAlternative policyAlternative, SOAPMessageContext sOAPMessageContext) throws PolicyException, WSSecurityException, MarshalException {
        Set assertions = policyAlternative.getAssertions(ConfidentialityAssertion.class);
        if (assertions == null || assertions.size() == 0) {
            return;
        }
        doConfidentialityTokens(assertions, sOAPMessageContext);
    }

    private void doConfidentialityTokens(Set<ConfidentialityAssertion> set, SOAPMessageContext sOAPMessageContext) throws PolicyException, WSSecurityException, MarshalException {
        XMLEncryptionFactory xMLEncryptionFactory = this.sbuilder.getXMLEncryptionFactory();
        Iterator<ConfidentialityAssertion> it = set.iterator();
        while (it.hasNext()) {
            for (SecurityToken securityToken : new EncryptionPolicy(xMLEncryptionFactory, sOAPMessageContext, it.next(), false).getValidEncryptionTokens()) {
                this.ctxHandler.addContextElement(SecurityTokenContextHandler.CLAIMS_MAP, securityToken.getClaims());
                if (this.sbuilder.addSecurityToken(securityToken.getTokenTypeUri(), securityToken.getTokenIssuer(), Purpose.ENCRYPT_RESPONSE, this.ctxHandler) != null) {
                    break;
                }
            }
        }
    }

    private void processMessageAge(PolicyAlternative policyAlternative) throws WSSecurityException, MarshalException, PolicyException {
        Set assertions = policyAlternative.getAssertions(MessageAgeAssertion.class);
        if (assertions.size() > 0) {
            doMessageAge(assertions);
        }
    }

    private void doMessageAge(Set<MessageAgeAssertion> set) throws WSSecurityException, MarshalException, PolicyException {
        if (set.size() > 1) {
            throw new PolicyException("Only one MessageAge specification is supported in a policy alternative");
        }
        short messageAgeSeconds = new TimestampPolicy(set.iterator().next()).getMessageAgeSeconds();
        if (!this.sbuilder.addTimestamp(messageAgeSeconds, this.ctxHandler)) {
            throw new WSSecurityException("Unable to add a Timestamp to the message");
        }
        if (LOGGER.isLoggable(Level.FINE)) {
            LOGGER.log(Level.FINE, "Added timestamp(maxAgesSecs=" + ((int) messageAgeSeconds) + ")...");
        }
    }

    private void processIdentity(PolicyAlternative policyAlternative) throws WSSecurityException, MarshalException {
        doIdentity(policyAlternative);
    }

    private void doIdentity(PolicyAlternative policyAlternative) throws WSSecurityException, MarshalException {
        Iterator it = policyAlternative.getAssertions(IdentityAssertion.class).iterator();
        while (it.hasNext()) {
            boolean z = false;
            Iterator it2 = new IdentityPolicy((IdentityAssertion) it.next()).getValidIdentityTokens().iterator();
            while (true) {
                if (!it2.hasNext()) {
                    break;
                }
                SecurityToken securityToken = (SecurityToken) it2.next();
                addClaimsToContextHandler(securityToken.getClaims());
                if (this.sbuilder.addSecurityToken(securityToken.getTokenTypeUri(), securityToken.getTokenIssuer(), Purpose.IDENTITY, this.ctxHandler) != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Added " + securityToken);
                    }
                    z = true;
                    this.policyIdToken = securityToken;
                } else if (LOGGER.isLoggable(Level.FINE)) {
                    LOGGER.log(Level.FINE, "Failed to add token: " + securityToken);
                }
            }
            if (!z) {
                throw new WSSecurityException("Unable to add security token for identity");
            }
        }
    }

    private void processIntegrity(PolicyAlternative policyAlternative, SOAPMessageContext sOAPMessageContext) throws SecurityPolicyException, WSSecurityException, MarshalException, PolicyException {
        Set assertions = policyAlternative.getAssertions(IntegrityAssertion.class);
        if (assertions == null || assertions.size() == 0) {
            return;
        }
        doIntegrity(assertions, sOAPMessageContext);
    }

    private void doIntegrity(Set<IntegrityAssertion> set, SOAPMessageContext sOAPMessageContext) throws SecurityPolicyException, WSSecurityException, MarshalException, PolicyException {
        XMLSignatureFactory xMLSignatureFactory = this.sbuilder.getXMLSignatureFactory();
        SigningReferencesFactory signingReferencesFactory = new SigningReferencesFactory(this.sbuilder);
        SigningPolicy signingPolicy = new SigningPolicy(xMLSignatureFactory, signingReferencesFactory, sOAPMessageContext, set);
        if (!signingPolicy.isX509AuthConditional() || (this.policyIdToken != null && BSTUtils.isX509Type(this.policyIdToken.getTokenTypeUri()))) {
            SignedInfo signedInfo = signingPolicy.getSignedInfo();
            List validSignatureTokens = signingPolicy.getValidSignatureTokens();
            Node node = null;
            boolean signedSecurityTokens = signingPolicy.signedSecurityTokens();
            Iterator it = validSignatureTokens.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                SecurityToken securityToken = (SecurityToken) it.next();
                addClaimsToContextHandler(securityToken.getClaims());
                addDerivedFromToken(securityToken);
                if (signedSecurityTokens) {
                    Reference newSigningTokenReference = signingReferencesFactory.newSigningTokenReference(securityToken, this.ctxHandler, signingPolicy.getDigestAlgorithm());
                    if (newSigningTokenReference == null) {
                        continue;
                    } else {
                        node = this.sbuilder.addSignature(signingPolicy.newSignedInfo(xMLSignatureFactory, newSigningTokenReference), newSigningTokenReference, this.ctxHandler);
                    }
                } else {
                    node = this.sbuilder.addSignature(signedInfo, securityToken.getTokenTypeUri(), securityToken.getTokenIssuer(), securityToken.isIncludeInMessage(), this.ctxHandler);
                }
                if (node != null) {
                    if (LOGGER.isLoggable(Level.FINE)) {
                        LOGGER.log(Level.FINE, "Added Signature using " + securityToken);
                    }
                }
            }
            if (node == null) {
                throw new WSSecurityException("Failed to add Signature.");
            }
        }
    }

    private void processConfidentiality(PolicyAlternative policyAlternative, SOAPMessageContext sOAPMessageContext) throws WSSecurityException, MarshalException, XMLEncryptionException, PolicyException {
        Set assertions = policyAlternative.getAssertions(ConfidentialityAssertion.class);
        if (assertions == null || assertions.size() == 0) {
            return;
        }
        doConfidentiality(assertions, sOAPMessageContext);
    }

    private void doConfidentiality(Set<ConfidentialityAssertion> set, SOAPMessageContext sOAPMessageContext) throws WSSecurityException, MarshalException, XMLEncryptionException, PolicyException {
        XMLEncryptionFactory xMLEncryptionFactory = this.sbuilder.getXMLEncryptionFactory();
        Iterator<ConfidentialityAssertion> it = set.iterator();
        while (it.hasNext()) {
            EncryptionPolicy encryptionPolicy = new EncryptionPolicy(xMLEncryptionFactory, sOAPMessageContext, it.next());
            List<SecurityToken> validEncryptionTokens = encryptionPolicy.getValidEncryptionTokens();
            List<EncryptionTarget> encryptionTargets = encryptionPolicy.getEncryptionTargets();
            EncryptionMethod keyWrapMethod = encryptionPolicy.getKeyWrapMethod();
            for (EncryptionTarget encryptionTarget : encryptionTargets) {
                boolean z = false;
                for (SecurityToken securityToken : validEncryptionTokens) {
                    addClaimsToContextHandler(securityToken.getClaims());
                    addDerivedFromToken(securityToken);
                    z = this.sbuilder.addEncryption(encryptionTarget.getTBEs(), keyWrapMethod, encryptionTarget.getEncryptionMethod(), securityToken.getTokenTypeUri(), securityToken.getTokenIssuer(), securityToken.isIncludeInMessage(), this.ctxHandler);
                    if (z) {
                        break;
                    }
                }
                if (!z) {
                    throw new WSSecurityException("Failed to add Encryption.");
                }
            }
        }
    }

    private void addClaimsToContextHandler(Node node) {
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.CLAIMS_MAP, node);
    }

    private void addDerivedFromToken(SecurityToken securityToken) throws MarshalException, WSSecurityException {
        String derivedFromTokenType = securityToken.getDerivedFromTokenType();
        if (derivedFromTokenType == null || this.ctxHandler.getValue(SecurityTokenContextHandler.DERIVED_FROM_TOKEN) != null) {
            return;
        }
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.SET_TO_FIRST_TOKEN, "true");
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.DERIVED_FROM_TOKEN, this.sbuilder.addSecurityToken(derivedFromTokenType, null, Purpose.SIGN, this.ctxHandler));
        this.ctxHandler.addContextElement(SecurityTokenContextHandler.SET_TO_FIRST_TOKEN, "false");
    }
}
