package weblogic.xml.crypto.wss;

import java.util.Iterator;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.rpc.soap.SOAPFaultException;
import org.w3c.dom.Node;
import weblogic.security.UsernameAndPassword;
import weblogic.security.service.ContextHandler;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.KeyProvider;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.api.NonceValidator;
import weblogic.xml.crypto.wss.api.UsernameToken;
import weblogic.xml.crypto.wss.nonce.NonceValidatorFactory;
import weblogic.xml.crypto.wss.policy.ClaimsBuilder;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.dom.Util;
import weblogic.xml.security.specs.SpecConstants;

/* loaded from: input_file:weblogic/xml/crypto/wss/UsernameTokenHandler.class */
public class UsernameTokenHandler implements SecurityTokenHandler {
    private static final String POLICY_URI = "http://www.bea.com/wls90/security/policy";
    private boolean passwordDigestSupported;
    public static final String OLD_USERNAME_TOKEN_URI = "http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0";
    private static final String OLD_PASSWORD_TYPE_TEXT = "http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    private static final String OLD_PASSWORD_TYPE_DIGEST = "http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
    private NonceValidator nonceChecker = null;
    private static final QName[] qnames = {WSSConstants.UNT_QNAME};
    private static final String[] valueTypes = {WSSConstants.VALUE_TYPE_UNT};
    private static final QName POLICY_SUBJECT_NAME = new QName("http://www.bea.com/wls90/security/policy", SpecConstants.ATTR_PASSWORDTYPE);

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public String[] getValueTypes() {
        return valueTypes;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public KeyProvider getKeyProvider(SecurityToken securityToken, MessageContext messageContext) {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(SecurityTokenReference securityTokenReference, MessageContext messageContext) {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateUnmarshalled(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        byte[] password;
        boolean z = true;
        UsernameToken usernameToken = (UsernameToken) securityToken;
        if (hasPassword(usernameToken)) {
            String passwordType = usernameToken.getPasswordType();
            if (passwordType.equals(WSSConstants.PASSWORD_TYPE_DIGEST)) {
                String passwordDigest = usernameToken.getPasswordDigest();
                String encodedNonce = usernameToken.getEncodedNonce();
                if (encodedNonce == null || encodedNonce.length() == 0 || passwordDigest == null || passwordDigest.length() == 0 || usernameToken.getCreated() == null) {
                    z = false;
                }
            } else if (passwordType.equals(WSSConstants.PASSWORD_TYPE_TEXT) && ((password = usernameToken.getPassword()) == null || password.length == 0)) {
                z = false;
            }
            if (null == usernameToken.getEncodedNonce() || usernameToken.getEncodedNonce().length() <= 0) {
                if (null != usernameToken.getCreated()) {
                    try {
                        this.nonceChecker = NonceValidatorFactory.getInstance();
                        this.nonceChecker.checkNonceAndTime(null, usernameToken.getCreated());
                    } catch (SOAPFaultException e) {
                        return new SecurityTokenValidateResult(false, "UNT Error:" + e.getMessage());
                    }
                }
            } else if (null == usernameToken.getCreated()) {
                z = false;
            } else {
                try {
                    this.nonceChecker = NonceValidatorFactory.getInstance();
                    this.nonceChecker.checkNonceAndTime(usernameToken.getEncodedNonce(), usernameToken.getCreated());
                } catch (SOAPFaultException e2) {
                    return new SecurityTokenValidateResult(false, "UNT Error:" + e2.getMessage());
                }
            }
        }
        return new SecurityTokenValidateResult(z, usernameToken.toString());
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateProcessed(SecurityToken securityToken, MessageContext messageContext) {
        if (hasPassword((UsernameToken) securityToken)) {
            return new SecurityTokenValidateResult(true);
        }
        WSSecurityContext securityContext = WSSecurityContext.getSecurityContext(messageContext);
        Node node = securityContext.getNode(securityToken);
        Iterator it = securityContext.getSignatures().iterator();
        while (it.hasNext()) {
            if (((SignatureInfo) it.next()).containsNode(node)) {
                return new SecurityTokenValidateResult(true);
            }
        }
        return new SecurityTokenValidateResult(false);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public boolean matches(SecurityToken securityToken, String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        return securityToken != null && Purpose.IDENTITY.equals(purpose) && (securityToken instanceof UsernameToken) && matches((UsernameToken) securityToken, contextHandler);
    }

    private boolean matches(UsernameToken usernameToken, ContextHandler contextHandler) {
        Object value = contextHandler.getValue(SecurityTokenContextHandler.CLAIMS_MAP);
        if (value == null) {
            return true;
        }
        Node node = (Node) value;
        LogUtils.logWss("Trying to match UsernameToken to assertion " + Util.printNode(node));
        String claimFromAttr = ClaimsBuilder.getClaimFromAttr(node, WSSConstants.POLICY_USE_PASSWD_QNAME, WSSConstants.POLICY_USE_PASSWD_TYPE_QNAME);
        if (claimFromAttr != null && !isSamePasswordType(claimFromAttr, usernameToken.getPasswordType())) {
            LogUtils.logWss("Password type " + usernameToken.getPasswordType() + " does not match.");
            return false;
        }
        String claimFromAttr2 = ClaimsBuilder.getClaimFromAttr(node, WSSConstants.POLICY_USE_PASSWD_QNAME, UsernameTokenImpl.POLICY_PASSWD_ATTR);
        if (null != claimFromAttr2) {
            LogUtils.logWss("Trying to match UsernameToken to Nonce and Created assertions");
            if (WSSConstants.PASSWORD_TYPE_NONCE_CREATE.equals(claimFromAttr2)) {
                if (usernameToken.getCreated() == null) {
                    LogUtils.logWss("Missing Created element in UNT");
                    return false;
                }
                if (usernameToken.getEncodedNonce() == null) {
                    LogUtils.logWss("Missing Nonce element in UNT");
                    return false;
                }
            } else {
                if (WSSConstants.PASSWORD_TYPE_NONCE.equals(claimFromAttr2) && usernameToken.getEncodedNonce() == null) {
                    LogUtils.logWss("Missing Encoded Nonce in UNT");
                    return false;
                }
                if (WSSConstants.PASSWORD_TYPE_CREATE.equals(claimFromAttr2) && usernameToken.getCreated() == null) {
                    LogUtils.logWss("Missing Created in UNT");
                    return false;
                }
            }
        }
        if (claimFromAttr == null || isSamePasswordType(claimFromAttr, usernameToken.getPasswordType())) {
            return true;
        }
        LogUtils.logWss("Password type " + usernameToken.getPasswordType() + " does not match.");
        return false;
    }

    private boolean isSamePasswordType(String str, String str2) {
        if (str.equals(str2)) {
            return true;
        }
        if (str2.equals(WSSConstants.PASSWORD_TYPE_TEXT) && str.equals(OLD_PASSWORD_TYPE_TEXT)) {
            return true;
        }
        return str2.equals(WSSConstants.PASSWORD_TYPE_DIGEST) && str.equals(OLD_PASSWORD_TYPE_DIGEST);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public Subject getSubject(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        UsernameToken usernameToken = (UsernameToken) securityToken;
        if (hasPassword(usernameToken)) {
            return SecurityUtils.assertIdentity(usernameToken, "weblogicDEFAULT");
        }
        return null;
    }

    private static boolean hasPassword(UsernameToken usernameToken) {
        return (usernameToken.getPassword() == null && usernameToken.getPasswordDigest() == null) ? false : true;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, Object obj, ContextHandler contextHandler) throws WSSecurityException {
        if (obj != null) {
            return new UsernameTokenImpl((UsernameAndPassword) obj, contextHandler);
        }
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, String str2, Purpose purpose, ContextHandler contextHandler) throws WSSecurityException {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken newSecurityToken(Node node) throws MarshalException {
        UsernameTokenImpl usernameTokenImpl = new UsernameTokenImpl();
        try {
            usernameTokenImpl.unmarshal(node);
            return usernameTokenImpl;
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException("Failed to unmarshal UserNameToken.", e);
        }
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public QName[] getQNames() {
        return qnames;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference getSTR(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        return new UsernameTokenReference(qName, str, securityToken);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference newSecurityTokenReference(Node node) {
        return new UsernameTokenReference();
    }

    public void setPasswordDigestSupported(boolean z) {
        this.passwordDigestSupported = z;
    }

    public boolean isPasswordDigestSupported() {
        return this.passwordDigestSupported;
    }
}
