package weblogic.xml.crypto.wss;

import com.oracle.webservices.oracle_internal_api.interceptors.NamespaceConstants;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPException;
import javax.xml.stream.XMLStreamException;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.security.saml.SAML2Constants;
import weblogic.wsee.security.saml.SAMLConstants;
import weblogic.xml.crypto.NodeURIDereferencer;
import weblogic.xml.crypto.api.KeySelector;
import weblogic.xml.crypto.api.KeySelectorResult;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.api.URIDereferencer;
import weblogic.xml.crypto.api.XMLCryptoContext;
import weblogic.xml.crypto.api.XMLStructure;
import weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider;
import weblogic.xml.crypto.common.keyinfo.KeyProvider;
import weblogic.xml.crypto.common.keyinfo.KeyResolver;
import weblogic.xml.crypto.dom.WLDOMSignContextImpl;
import weblogic.xml.crypto.dom.WLDOMValidateContextImpl;
import weblogic.xml.crypto.dsig.DsigConstants;
import weblogic.xml.crypto.dsig.XMLSignatureImpl;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.XMLSignature;
import weblogic.xml.crypto.dsig.api.XMLSignatureException;
import weblogic.xml.crypto.encrypt.ReferenceList;
import weblogic.xml.crypto.encrypt.WLEncryptedData;
import weblogic.xml.crypto.encrypt.api.DataReference;
import weblogic.xml.crypto.encrypt.api.EncryptedData;
import weblogic.xml.crypto.encrypt.api.KeyReference;
import weblogic.xml.crypto.encrypt.api.ReferenceType;
import weblogic.xml.crypto.encrypt.api.XMLEncryptContext;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionFactory;
import weblogic.xml.crypto.encrypt.api.dom.DOMDecryptContext;
import weblogic.xml.crypto.encrypt.api.dom.DOMEncryptContext;
import weblogic.xml.crypto.encrypt.api.keyinfo.EncryptedKey;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.api.Security;
import weblogic.xml.crypto.wss.api.Timestamp;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.enckey.EncryptedKeyToken;
import weblogic.xml.dom.DOMStreamReader;
import weblogic.xml.dom.DOMStreamWriter;
import weblogic.xml.dom.marshal.WLDOMStructure;

/* loaded from: input_file:weblogic/xml/crypto/wss/SecurityImpl.class */
public class SecurityImpl implements Security, WLDOMStructure {
    private static final String TRUE = "1";
    private static final String LOCAL_URI_PREFIX = "#";
    private static final String SIGNATURE_LOCALNAME = "Signature";
    private WSSecurityContext securityCtx;
    protected Element security;
    protected Map namespaces;
    protected Map elementHandlers = new HashMap();
    public static final String VERBOSE_PROPERTY = "weblogic.xml.crypto.wss.verbose";
    public static final QName ENCRYPTED_KEY_QNAME = new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
    public static final QName ENCRYPTED_DATA_QNAME = new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedData");
    public static final QName REFERENCE_LIST_QNAME = new QName("http://www.w3.org/2001/04/xmlenc#", "ReferenceList");
    public static final boolean VERBOSE = Boolean.getBoolean("weblogic.xml.crypto.wss.verbose");

    /* loaded from: input_file:weblogic/xml/crypto/wss/SecurityImpl$SecurityHeaderElementHandler.class */
    public interface SecurityHeaderElementHandler {
        QName getQName();

        void process(Node node, WSSecurityContext wSSecurityContext) throws MarshalException;

        void validate(WSSecurityContext wSSecurityContext) throws WSSecurityException;
    }

    public SecurityImpl() {
    }

    public SecurityImpl(WSSecurityContext wSSecurityContext) {
        this.securityCtx = wSSecurityContext;
    }

    public QName getActor() {
        return null;
    }

    private void processAndMarshal(ContextHandler contextHandler) throws MarshalException {
        if (this.securityCtx == null) {
            this.securityCtx = (WSSecurityContext) contextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO);
        }
        try {
            marshal((Element) this.securityCtx.getNode(), this.securityCtx.getNextSibling(), this.securityCtx.getNamespaces());
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    @Override // weblogic.xml.crypto.wss.api.Security
    public void add(XMLStructure xMLStructure, XMLCryptoContext xMLCryptoContext, ContextHandler contextHandler) throws WSSecurityException, MarshalException {
        if (this.security == null) {
            processAndMarshal(contextHandler);
        }
        processAndMarshal(xMLStructure, xMLCryptoContext, contextHandler);
    }

    @Override // weblogic.xml.crypto.wss.api.Security
    public Node add(XMLSignature xMLSignature, KeyProvider keyProvider, ContextHandler contextHandler) throws WSSecurityException, MarshalException {
        if (this.security == null) {
            processAndMarshal(contextHandler);
        }
        Node processAndMarshalSignature = processAndMarshalSignature(xMLSignature, keyProvider, contextHandler);
        if (isEndoringEncryptSignature(contextHandler)) {
            DOMUtils.assignId((Element) processAndMarshalSignature, new QName("", "Id"), "", this.securityCtx.getIdQNames());
            ((SecurityTokenContextHandler) contextHandler).addContextElement(SecurityTokenContextHandler.SIGNATURE_NODE, processAndMarshalSignature);
        }
        return processAndMarshalSignature;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processAndMarshal(XMLStructure xMLStructure, XMLCryptoContext xMLCryptoContext, ContextHandler contextHandler) throws WSSecurityException, MarshalException {
        if (xMLStructure instanceof Timestamp) {
            processAndMarshalTimestamp((Timestamp) xMLStructure, contextHandler);
            return;
        }
        if (xMLStructure instanceof EncryptedKeyToken) {
            EncryptedKeyToken encryptedKeyToken = (EncryptedKeyToken) xMLStructure;
            XMLEncryptContext dOMEncryptContext = encryptedKeyToken.getDOMEncryptContext();
            if (dOMEncryptContext != null) {
                processAndMarshalEncryptedKey(encryptedKeyToken.getEncryptedKey(), dOMEncryptContext, contextHandler);
                return;
            } else {
                processAndMarshalSecurityToken(encryptedKeyToken, contextHandler);
                return;
            }
        }
        if (xMLStructure instanceof SecurityToken) {
            processAndMarshalSecurityToken((SecurityToken) xMLStructure, contextHandler);
            return;
        }
        if (xMLStructure instanceof EncryptedKey) {
            processAndMarshalEncryptedKey((EncryptedKey) xMLStructure, (XMLEncryptContext) xMLCryptoContext, contextHandler);
        } else if (xMLStructure instanceof SecurityTokenReference) {
            processAndMarshalSTR((SecurityTokenReference) xMLStructure, contextHandler);
        } else if (xMLStructure instanceof ReferenceList) {
            processAndMarshalReferenceList((ReferenceList) xMLStructure, contextHandler);
        }
    }

    private void processAndMarshalReferenceList(ReferenceList referenceList, ContextHandler contextHandler) throws MarshalException {
        Node findReferenceInsertBeforeNode = findReferenceInsertBeforeNode(this.security, contextHandler);
        DOMStreamWriter dOMStreamWriter = new DOMStreamWriter(this.security.getOwnerDocument(), this.security);
        List references = referenceList.getReferences();
        if (references != null && references.size() > 0) {
            ReferenceList.write(dOMStreamWriter, references);
        }
        Node lastChild = this.security.getLastChild();
        if (findReferenceInsertBeforeNode != null) {
            this.security.removeChild(lastChild);
            this.security.insertBefore(lastChild, findReferenceInsertBeforeNode);
        }
    }

    private void processAndMarshalSTR(SecurityTokenReference securityTokenReference, ContextHandler contextHandler) throws MarshalException {
        try {
            Node findInsertBeforeNode = findInsertBeforeNode(this.security, contextHandler, false);
            securityTokenReference.marshal(this.security, findInsertBeforeNode, this.namespaces);
            getInsertedNode(this.security, contextHandler, findInsertBeforeNode, false);
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    public void marshal(Element element, Node node, Map map) throws weblogic.xml.dom.marshal.MarshalException {
        if (element == null) {
            throw new weblogic.xml.dom.marshal.MarshalException("Can't process a null parent");
        }
        this.namespaces = map;
        boolean equals = "http://www.w3.org/2003/05/soap-envelope".equals(element.getNamespaceURI());
        String str = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        if (str == null) {
            str = "wsse";
        }
        try {
            this.security = getSecurityHeader(element, getRoleAttrName(null), getRole(null));
            if (this.security == null) {
                this.security = DOMUtils.createAndAddElement(element, WSSConstants.SECURITY_QNAME, str);
                declareNamespaces(this.security, map);
                setMustUnderstand(this.security, map, equals);
            }
            if (node != null) {
                element.insertBefore(this.security, node);
            } else {
                element.appendChild(this.security);
            }
            if (this.securityCtx == null) {
                this.securityCtx = new WSSecurityContext(element, null, null, null);
            }
            this.securityCtx.setSecurityElement(this.security);
        } catch (WSSecurityException e) {
            throw new weblogic.xml.dom.marshal.MarshalException(e);
        }
    }

    public static void setMustUnderstand(Element element, Map map, boolean z) {
        if (z) {
            DOMUtils.addPrefixedAttribute(element, new QName("http://www.w3.org/2003/05/soap-envelope", "mustUnderstand"), (String) map.get("http://www.w3.org/2003/05/soap-envelope"), "true");
        } else {
            DOMUtils.addPrefixedAttribute(element, WSSConstants.MUST_UNDERSTAND_QNAME, (String) map.get("http://schemas.xmlsoap.org/soap/envelope/"), TRUE);
        }
    }

    private void processAndMarshalTimestamp(Timestamp timestamp, ContextHandler contextHandler) throws MarshalException {
        try {
            timestamp.marshal(this.security, isTimestampFirst(contextHandler) ? this.security.getFirstChild() : this.security.getLastChild(), this.namespaces);
            if (isTimestampFirst(contextHandler)) {
                setFirstTokenNode(contextHandler, this.security.getFirstChild());
            }
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    private void processAndMarshalSecurityToken(SecurityToken securityToken, ContextHandler contextHandler) throws MarshalException, WSSecurityException {
        KeyProvider keyProvider = this.securityCtx.getRequiredTokenHandler(securityToken.getValueType()).getKeyProvider(securityToken, this.securityCtx.getMessageContext());
        if (keyProvider != null) {
            this.securityCtx.addKeyProvider(keyProvider);
        }
        LogUtils.logWss("Adding KeyProvider (outbound) to WSSecurityContext: " + keyProvider + "\nfor token (type: " + securityToken.getValueType() + ") ", securityToken);
        try {
            Node findInsertBeforeNode = findInsertBeforeNode(this.security, contextHandler, true);
            securityToken.marshal(this.security, findInsertBeforeNode, this.namespaces);
            Element element = (Element) getInsertedNode(this.security, contextHandler, findInsertBeforeNode, true);
            this.securityCtx.addSecurityToken(securityToken);
            this.securityCtx.addToken(securityToken, element);
        } catch (weblogic.xml.dom.marshal.MarshalException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    private Node processAndMarshalSignature(XMLSignature xMLSignature, KeyProvider keyProvider, ContextHandler contextHandler) throws WSSecurityException, MarshalException {
        Element element;
        Node findSignatureInsertBeforeNode = findSignatureInsertBeforeNode(this.security, xMLSignature, contextHandler);
        WLDOMSignContextImpl wLDOMSignContextImpl = new WLDOMSignContextImpl(null, this.security, findSignatureInsertBeforeNode);
        wLDOMSignContextImpl.setKeySelector(new KeyResolver(new KeyProvider[]{keyProvider}));
        try {
            wLDOMSignContextImpl.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, this.securityCtx);
            if (isEndoringEncryptSignature(contextHandler) && null != (element = (Element) contextHandler.getValue(SecurityTokenContextHandler.SIGNATURE_NODE))) {
                wLDOMSignContextImpl.setProperty(SecurityTokenContextHandler.SIGNATURE_NODE, element);
            }
            xMLSignature.sign(wLDOMSignContextImpl);
            this.securityCtx.addSignature(xMLSignature);
            return (Element) getInsertedNode(this.security, contextHandler, findSignatureInsertBeforeNode, false);
        } catch (XMLSignatureException e) {
            throw new WSSecurityException("Failed to process signature." + e.getMessage(), (Exception) e);
        }
    }

    private void processAndMarshalEncryptedKey(EncryptedKey encryptedKey, XMLEncryptContext xMLEncryptContext, ContextHandler contextHandler) throws WSSecurityException, MarshalException {
        try {
            Node findInsertBeforeNode = findInsertBeforeNode(this.security, contextHandler, true);
            ((DOMEncryptContext) xMLEncryptContext).setParent(this.security);
            ((DOMEncryptContext) xMLEncryptContext).setNextSibling(findInsertBeforeNode);
            encryptedKey.encrypt(xMLEncryptContext);
            getInsertedNode(this.security, contextHandler, findInsertBeforeNode, true);
        } catch (XMLEncryptionException e) {
            throw new WSSecurityException(e);
        }
    }

    public void unmarshal(Node node) throws weblogic.xml.dom.marshal.MarshalException {
        if (node == null) {
            throw new weblogic.xml.dom.marshal.MarshalException("Node to unmarshal security object from must not be null.");
        }
        if (this.securityCtx == null) {
            this.securityCtx = new WSSecurityContext(node);
        }
        unmarshalInternal(node);
    }

    public void unmarshal(WSSecurityContext wSSecurityContext) throws weblogic.xml.dom.marshal.MarshalException {
        if (wSSecurityContext == null) {
            throw new weblogic.xml.dom.marshal.MarshalException("Context to unmarshal security object from must not be null.");
        }
        this.securityCtx = wSSecurityContext;
        Element securityHeader = getSecurityHeader(wSSecurityContext);
        if (securityHeader != null) {
            unmarshalInternal(securityHeader);
        }
    }

    public void unmarshal(SOAPMessageContext sOAPMessageContext) throws weblogic.xml.dom.marshal.MarshalException {
        if (sOAPMessageContext == null) {
            throw new weblogic.xml.dom.marshal.MarshalException("Context to unmarshal security object from must not be null.");
        }
        this.securityCtx = WSSecurityContext.getSecurityContext(sOAPMessageContext);
        WSSecurityContext.pushContext(this.securityCtx);
        try {
            try {
                Element securityHeader = getSecurityHeader(sOAPMessageContext);
                if (securityHeader != null) {
                    SOAPElement parentNode = securityHeader.getParentNode();
                    if (parentNode instanceof SOAPElement) {
                        parentNode.getChildElements();
                    }
                    unmarshalInternal(securityHeader);
                }
            } catch (SOAPException e) {
                throw new weblogic.xml.dom.marshal.MarshalException(e);
            } catch (WSSecurityException e2) {
                throw new weblogic.xml.dom.marshal.MarshalException(e2);
            }
        } finally {
            WSSecurityContext.popContext();
        }
    }

    private void unmarshalInternal(Node node) throws weblogic.xml.dom.marshal.MarshalException {
        QName qName = DOMUtils.getQName(node);
        if (!qName.equals(WSSConstants.SECURITY_QNAME)) {
            throw new weblogic.xml.dom.marshal.MarshalException("QName " + qName + " of node to unmarshal Security object from does not match " + WSSConstants.SECURITY_QNAME);
        }
        this.securityCtx.setSecurityElement((Element) node);
        try {
            unmarshalChildren(DOMUtils.getFirstElement(node), node);
            validateSecurityTokens(this.securityCtx);
            validateHandlers(this.securityCtx);
            if (node.getParentNode() != null) {
                node.getParentNode().removeChild(node);
            }
        } catch (MarshalException e) {
            throw new weblogic.xml.dom.marshal.MarshalException(e);
        } catch (WSSecurityException e2) {
            throw new weblogic.xml.dom.marshal.MarshalException(e2);
        }
    }

    protected void unmarshalChildren(Element element, Node node) throws weblogic.xml.dom.marshal.MarshalException, WSSecurityException, MarshalException {
        Element element2 = null;
        for (Element element3 = element; element3 != null; element3 = DOMUtils.getNextElement(element3)) {
            QName qName = DOMUtils.getQName(element3);
            if (qName.equals(WSSConstants.BST_QNAME)) {
                unmarshalAndProcessSecurityToken(element3, qName, this.securityCtx);
            } else if (isSAMLQName(qName)) {
                Element firstElement = DOMUtils.getFirstElement(element3);
                if (firstElement != null && !DOMUtils.getQName(firstElement).equals(ENCRYPTED_DATA_QNAME)) {
                    unmarshalAndProcessSecurityToken(element3, qName, this.securityCtx);
                }
            } else if (qName.equals(ENCRYPTED_KEY_QNAME) && 0 == 0) {
            }
        }
        Element element4 = element;
        while (element4 != null) {
            QName qName2 = DOMUtils.getQName(element4);
            if (qName2.equals(WSSConstants.TIMESTAMP_QNAME)) {
                unmarshalAndProcessTimestamp(element4, this.securityCtx);
            } else if (qName2.equals(WSSConstants.UNT_QNAME)) {
                unmarshalAndProcessSecurityToken(element4, qName2, this.securityCtx);
            } else if (qName2.equals(DsigConstants.SIGNATURE_QNAME)) {
                try {
                    unmarshalAndProcessSignature(element4, this.securityCtx);
                } catch (WSSecurityException e) {
                    if (0 == 0) {
                        throw e;
                    }
                    LogUtils.logDsig("Got error on " + e.getMessage() + "Try again with Encrypted Key!");
                    unmarshalAndProcessSignature(element4, this.securityCtx, null);
                }
            } else if (qName2.equals(REFERENCE_LIST_QNAME)) {
                processReferenceList(unmarshalReferenceList(element4), this.securityCtx);
            } else if (qName2.equals(ENCRYPTED_KEY_QNAME)) {
                unmarshalAndProcessEncryptedKey(element4, this.securityCtx);
            } else if (qName2.equals(ENCRYPTED_DATA_QNAME)) {
                unmarshalAndProcessEncryptedData(element4, this.securityCtx);
                element4 = element2 != null ? (Element) element2.getNextSibling() : DOMUtils.getFirstElement(node);
            } else if (!qName2.equals(WSSConstants.STR_QNAME)) {
                if (this.elementHandlers.containsKey(qName2)) {
                    ((SecurityHeaderElementHandler) this.elementHandlers.get(qName2)).process(element4, this.securityCtx);
                } else {
                    unmarshalAndProcessSecurityToken(element4, qName2, this.securityCtx);
                }
            }
            element2 = element4;
            element4 = DOMUtils.getNextElement(element4);
        }
    }

    private boolean isSAMLQName(QName qName) {
        for (int i = 0; i < SAMLConstants.SAML_ASST_QNAMES.length; i++) {
            if (qName.equals(SAMLConstants.SAML_ASST_QNAMES[i])) {
                return true;
            }
        }
        for (int i2 = 0; i2 < SAML2Constants.SAML2_ASST_QNAMES.length; i2++) {
            if (qName.equals(SAML2Constants.SAML2_ASST_QNAMES[i2])) {
                return true;
            }
        }
        return false;
    }

    private void validateSecurityTokens(WSSecurityContext wSSecurityContext) throws WSSecurityException {
        for (SecurityToken securityToken : wSSecurityContext.getCurrentTokens()) {
            SecurityTokenValidateResult validateProcessed = wSSecurityContext.getRequiredTokenHandler(securityToken.getValueType()).validateProcessed(securityToken, wSSecurityContext.getMessageContext());
            if (!validateProcessed.status()) {
                throw new WSSecurityException("Security token failed to validate.", validateProcessed, WSSConstants.FAILURE_TOKEN_INVALID);
            }
        }
    }

    private Timestamp unmarshalAndProcessTimestamp(Element element, WSSecurityContext wSSecurityContext) throws weblogic.xml.dom.marshal.MarshalException {
        TimestampImpl timestampImpl = new TimestampImpl();
        timestampImpl.unmarshal(element);
        wSSecurityContext.setTimestamp(timestampImpl);
        return timestampImpl;
    }

    private SecurityToken unmarshalAndProcessSecurityToken(Node node, QName qName, WSSecurityContext wSSecurityContext) throws weblogic.xml.dom.marshal.MarshalException, WSSecurityException {
        SecurityTokenHandler requiredTokenHandler = wSSecurityContext.getRequiredTokenHandler(qName);
        if (requiredTokenHandler == null) {
            throw new weblogic.xml.dom.marshal.MarshalException("Unsupported security token " + qName);
        }
        try {
            SecurityToken newSecurityToken = requiredTokenHandler.newSecurityToken(node);
            SecurityTokenValidateResult validateUnmarshalled = requiredTokenHandler.validateUnmarshalled(newSecurityToken, wSSecurityContext.getMessageContext());
            if (!validateUnmarshalled.status()) {
                throw new WSSecurityException("Security token failed to validate.", validateUnmarshalled, WSSConstants.FAILURE_TOKEN_INVALID);
            }
            wSSecurityContext.addSecurityToken(newSecurityToken);
            wSSecurityContext.addToken(newSecurityToken, (Element) node);
            LogUtils.logWss("Adding token to WSSecurityContext: ", newSecurityToken);
            KeyProvider keyProvider = requiredTokenHandler.getKeyProvider(newSecurityToken, wSSecurityContext.getMessageContext());
            if (keyProvider != null) {
                wSSecurityContext.addKeyProvider(keyProvider);
            }
            LogUtils.logWss("Adding KeyProvider (inbound) to WSSecurityContext : " + keyProvider + "\nfor token (type: " + newSecurityToken.getValueType() + ") ", newSecurityToken);
            return newSecurityToken;
        } catch (MarshalException e) {
            MarshalException marshalException = e;
            if (e.getCause() instanceof WSSecurityException) {
                marshalException = e.getCause();
            }
            throw new weblogic.xml.dom.marshal.MarshalException("Failed to unmarshal " + qName, marshalException);
        }
    }

    private XMLSignature unmarshalAndProcessSignature(Node node, WSSecurityContext wSSecurityContext) throws WSSecurityException {
        return unmarshalAndProcessSignature(node, wSSecurityContext, wSSecurityContext.getKeySelector());
    }

    private void p(String str) {
    }

    private XMLSignature unmarshalAndProcessSignature(Node node, WSSecurityContext wSSecurityContext, KeySelector keySelector) throws WSSecurityException {
        if (null == keySelector) {
            keySelector = wSSecurityContext.getKeySelector();
        }
        WLDOMValidateContextImpl wLDOMValidateContextImpl = new WLDOMValidateContextImpl(keySelector, node);
        URIDereferencer uRIDereferencer = wSSecurityContext.getURIDereferencer();
        if (uRIDereferencer != null) {
            wLDOMValidateContextImpl.setURIDereferencer(uRIDereferencer);
        }
        Set idQNames = wSSecurityContext.getIdQNames();
        if (idQNames != null) {
            wLDOMValidateContextImpl.setProperty("weblogic.xml.crypto.idqnames", idQNames);
        }
        wLDOMValidateContextImpl.setProperty(WSSecurityContext.MESSAGE_CONTEXT, wSSecurityContext.getMessageContext());
        wLDOMValidateContextImpl.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, wSSecurityContext);
        try {
            XMLSignature unmarshalXMLSignature = wSSecurityContext.getSignatureFactory().unmarshalXMLSignature(wLDOMValidateContextImpl);
            if (!unmarshalXMLSignature.validate(wLDOMValidateContextImpl)) {
                throw new WSSecurityException("Signature failed to validate.", ((XMLSignatureImpl) unmarshalXMLSignature).getSignatureValidateResult().toFaultString(), WSSConstants.FAILURE_VERIFY_OR_DECRYPT);
            }
            p("\n\n +++ ADD Signature to SecurityCOntext");
            wSSecurityContext.addSignature(unmarshalXMLSignature);
            p("\n\n +++ ADD Signature to SecurityCOntext DONE");
            return unmarshalXMLSignature;
        } catch (MarshalException e) {
            throw new WSSecurityException("Failed to unmarshal signature.", (Exception) e);
        } catch (XMLSignatureException e2) {
            throw new WSSecurityException("Failed to validate signature.", (Exception) e2);
        } catch (Throwable th) {
            throw new WSSecurityException(th.getMessage());
        }
    }

    private void processReferenceList(List list, WSSecurityContext wSSecurityContext) throws WSSecurityException, MarshalException {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            ReferenceType referenceType = (ReferenceType) it.next();
            String uri = referenceType.getURI();
            String type = referenceType.getType();
            Element elementById = wSSecurityContext.getElementById(uri.substring(1));
            if (elementById == null) {
                throw new WSSecurityException("Failed to resolve DataReference.", WSSConstants.FAILURE_INVALID);
            }
            if ("DataReference".equals(type) || (referenceType instanceof DataReference)) {
                DOMDecryptContext dOMDecryptContext = new DOMDecryptContext(wSSecurityContext.getKeySelector(), elementById);
                dOMDecryptContext.setProperty(WLEncryptedData.XML_CRYPTO_CONTEXT_PROPERTY, wSSecurityContext);
                try {
                    EncryptedData encryptedData = (EncryptedData) wSSecurityContext.getEncryptionFactory().unmarshalEncryptedType(dOMDecryptContext);
                    Element element = (Element) elementById.getParentNode();
                    Node nextSibling = elementById.getNextSibling();
                    Node previousSibling = elementById.getPreviousSibling();
                    decrypt(encryptedData, elementById, dOMDecryptContext);
                    wSSecurityContext.addEncryption(new Encryption(encryptedData, null, getInsertedNodes(element, previousSibling, nextSibling), (KeySelectorResult) dOMDecryptContext.getProperty(WSSConstants.KEY_SELECTOR_RESULT)));
                } catch (XMLEncryptionException e) {
                    throw new WSSecurityException(e, WSSConstants.FAILURE_VERIFY_OR_DECRYPT);
                }
            } else if ("KeyReference".equals(type) || (referenceType instanceof KeyReference)) {
                unmarshalAndProcessEncryptedKey(elementById, wSSecurityContext);
            }
        }
    }

    protected boolean isHeader(Node node) {
        return false;
    }

    protected void handleEncryptedHeader(Node node) {
    }

    private KeyResolver unmarshalEncryptedKeyOnly(Element element, WSSecurityContext wSSecurityContext) throws WSSecurityException, MarshalException {
        DOMDecryptContext dOMDecryptContext = new DOMDecryptContext(wSSecurityContext.getKeySelector(), element);
        dOMDecryptContext.setProperty(WSSecurityContext.MESSAGE_CONTEXT, wSSecurityContext.getMessageContext());
        dOMDecryptContext.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, wSSecurityContext);
        EncryptedKeyProvider handleEncryptedKey = handleEncryptedKey((EncryptedKey) wSSecurityContext.getEncryptionFactory().unmarshalEncryptedType(dOMDecryptContext), dOMDecryptContext, wSSecurityContext);
        KeyResolver keyResolver = new KeyResolver();
        keyResolver.addKeyProvider(handleEncryptedKey);
        return keyResolver;
    }

    private void unmarshalAndProcessEncryptedKey(Element element, WSSecurityContext wSSecurityContext) throws WSSecurityException, MarshalException {
        DOMDecryptContext dOMDecryptContext = new DOMDecryptContext(wSSecurityContext.getKeySelector(), element);
        MessageContext messageContext = wSSecurityContext.getMessageContext();
        dOMDecryptContext.setProperty(WSSecurityContext.MESSAGE_CONTEXT, messageContext);
        dOMDecryptContext.setProperty(WSSecurityContext.WS_SECURITY_CONTEXT, wSSecurityContext);
        XMLEncryptionFactory encryptionFactory = wSSecurityContext.getEncryptionFactory();
        EncryptedKey encryptedKey = (EncryptedKey) encryptionFactory.unmarshalEncryptedType(dOMDecryptContext);
        EncryptedKeyProvider handleEncryptedKey = handleEncryptedKey(encryptedKey, dOMDecryptContext, wSSecurityContext);
        KeyResolver keyResolver = new KeyResolver();
        keyResolver.addKeyProvider(handleEncryptedKey);
        List referenceList = encryptedKey.getReferenceList();
        if (referenceList != null) {
            Iterator it = referenceList.iterator();
            while (it.hasNext()) {
                try {
                    Element elementById = wSSecurityContext.getElementById(((DataReference) it.next()).getURI().substring(1));
                    if (elementById == null) {
                        throw new WSSecurityException("Failed to resolve DataReference.", WSSConstants.FAILURE_INVALID);
                    }
                    DOMDecryptContext dOMDecryptContext2 = new DOMDecryptContext(keyResolver, elementById);
                    dOMDecryptContext2.setProperty(WSSecurityContext.MESSAGE_CONTEXT, messageContext);
                    dOMDecryptContext2.setProperty(WLEncryptedData.XML_CRYPTO_CONTEXT_PROPERTY, wSSecurityContext);
                    EncryptedData encryptedData = (EncryptedData) encryptionFactory.unmarshalEncryptedType(dOMDecryptContext2);
                    Element element2 = (Element) elementById.getParentNode();
                    Node nextSibling = elementById.getNextSibling();
                    Node previousSibling = elementById.getPreviousSibling();
                    decrypt(encryptedData, elementById, dOMDecryptContext2);
                    wSSecurityContext.addEncryption(new Encryption(encryptedData, encryptedKey, getInsertedNodes(element2, previousSibling, nextSibling), (KeySelectorResult) dOMDecryptContext2.getProperty(WSSConstants.KEY_SELECTOR_RESULT)));
                } catch (XMLEncryptionException e) {
                    throw new WSSecurityException(e, WSSConstants.FAILURE_VERIFY_OR_DECRYPT);
                }
            }
        }
    }

    private void decrypt(EncryptedData encryptedData, Element element, DOMDecryptContext dOMDecryptContext) throws XMLEncryptionException {
        if (isHeader(element)) {
            handleEncryptedHeader(element);
        }
        encryptedData.decryptAndReplace(dOMDecryptContext);
        NodeURIDereferencer.resetParsedFlag(this.securityCtx);
    }

    protected EncryptedKeyProvider handleEncryptedKey(EncryptedKey encryptedKey, DOMDecryptContext dOMDecryptContext, WSSecurityContext wSSecurityContext) throws WSSecurityException {
        try {
            EncryptedKeyProvider encryptedKeyProvider = new EncryptedKeyProvider(encryptedKey, dOMDecryptContext);
            wSSecurityContext.addKeyProvider(encryptedKeyProvider);
            return encryptedKeyProvider;
        } catch (XMLEncryptionException e) {
            throw new WSSecurityException(e, WSSConstants.FAILURE_INVALID);
        }
    }

    private void unmarshalAndProcessEncryptedData(Element element, WSSecurityContext wSSecurityContext) throws WSSecurityException {
        DOMDecryptContext dOMDecryptContext = new DOMDecryptContext(wSSecurityContext.getKeySelector(), element);
        dOMDecryptContext.setProperty(WLEncryptedData.XML_CRYPTO_CONTEXT_PROPERTY, wSSecurityContext);
        try {
            ((EncryptedData) wSSecurityContext.getEncryptionFactory().unmarshalEncryptedType(dOMDecryptContext)).decryptAndReplace(dOMDecryptContext);
        } catch (MarshalException e) {
            throw new WSSecurityException("Failed to unmarsahl encrypted data.", (Exception) e, WSSConstants.FAILURE_INVALID);
        } catch (XMLEncryptionException e2) {
            throw new WSSecurityException("Failed to decrypt encrypted data.", (Exception) e2, WSSConstants.FAILURE_VERIFY_OR_DECRYPT);
        }
    }

    private List unmarshalReferenceList(Node node) throws MarshalException {
        try {
            return ReferenceList.read(new DOMStreamReader(node), false);
        } catch (XMLStreamException e) {
            throw new MarshalException((Throwable) e);
        }
    }

    private static void declareNamespaces(Element element, Map map) {
        declareNamespace(element, map, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "wsse");
        declareNamespace(element, map, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "wsu");
    }

    private static void declareNamespace(Element element, Map map, String str, String str2) {
        if (map.get(str) == null) {
            map.put(str, str2);
            DOMUtils.declareNamespace(element, str, str2);
        }
    }

    private static Element getSecurityHeader(SOAPMessageContext sOAPMessageContext) throws SOAPException, WSSecurityException {
        String role = getRole(sOAPMessageContext);
        return getSecurityHeader(sOAPMessageContext.getMessage().getSOAPHeader(), getRoleAttrName(sOAPMessageContext), role);
    }

    private Element getSecurityHeader(WSSecurityContext wSSecurityContext) {
        return (Element) wSSecurityContext.getNode();
    }

    private static Element getSecurityHeader(Element element, String str, String str2) throws WSSecurityException {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
        Element element2 = null;
        for (int i = 0; elementsByTagNameNS.getLength() > i; i++) {
            Element element3 = (Element) elementsByTagNameNS.item(i);
            if (isForRole(element3, str, str2)) {
                if (element2 != null) {
                    throw new WSSecurityException("Found more than one Security header for role " + str2, WSSConstants.FAILURE_INVALID);
                }
                element2 = element3;
            }
        }
        return element2;
    }

    private static boolean isForRole(Element element, String str, String str2) {
        Attr attributeNodeNS = element.getAttributeNodeNS(NamespaceConstants.NSPREFIX_SOAP_ENVELOPE, str);
        if ((isNext(str2) && attributeNodeNS == null) || isNext(attributeNodeNS.getValue())) {
            return true;
        }
        return attributeNodeNS.getValue() != null && attributeNodeNS.getValue().equals(str2);
    }

    private static String getRole(SOAPMessageContext sOAPMessageContext) {
        return null;
    }

    private static String getRoleAttrName(SOAPMessageContext sOAPMessageContext) {
        return "actor";
    }

    private static boolean isNext(String str) {
        return str == null || str.length() == 0 || str.equals(NamespaceConstants.NSURI_SOAP_NEXT_ACTOR);
    }

    private List getInsertedNodes(Element element, Node node, Node node2) {
        ArrayList arrayList = new ArrayList();
        Node nextSibling = node != null ? node.getNextSibling() : element.getFirstChild();
        while (true) {
            Node node3 = nextSibling;
            if (node3 == null || node3 == node2) {
                break;
            }
            arrayList.add(node3);
            nextSibling = node3.getNextSibling();
        }
        return arrayList;
    }

    private static boolean isTimestampFirst(ContextHandler contextHandler) {
        return Boolean.parseBoolean((String) contextHandler.getValue(SecurityTokenContextHandler.TIMESTAMP_FIRST)) || isStrictLayout(contextHandler);
    }

    private static Node getLastTokenNode(ContextHandler contextHandler) {
        return (Node) contextHandler.getValue(SecurityTokenContextHandler.LAST_TOKEN_NODE);
    }

    private static void setLastTokenNode(ContextHandler contextHandler, Node node) {
        ((SecurityTokenContextHandler) contextHandler).addContextElement(SecurityTokenContextHandler.LAST_TOKEN_NODE, node);
    }

    private static Node getFirstTokenNode(ContextHandler contextHandler) {
        return (Node) contextHandler.getValue(SecurityTokenContextHandler.FRIST_TOKEN_NODE);
    }

    private static void setFirstTokenNode(ContextHandler contextHandler, Node node) {
        ((SecurityTokenContextHandler) contextHandler).addContextElement(SecurityTokenContextHandler.FRIST_TOKEN_NODE, node);
    }

    private static boolean needToSetAsFirstToken(ContextHandler contextHandler) {
        String str = (String) contextHandler.getValue(SecurityTokenContextHandler.SET_TO_FIRST_TOKEN);
        if (str != null) {
            return Boolean.parseBoolean(str);
        }
        return false;
    }

    private static boolean isStrictLayout(ContextHandler contextHandler) {
        Boolean bool = (Boolean) contextHandler.getValue(SecurityTokenContextHandler.STRICT_LAYOUT);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public static boolean isEndoringEncryptSignature(ContextHandler contextHandler) {
        Boolean bool = (Boolean) contextHandler.getValue(SecurityTokenContextHandler.ENDORSE_SIGNATURE_ENCRYPT_SIGNATURE);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    public static boolean isEncryptBeforeSign(ContextHandler contextHandler) {
        Boolean bool = (Boolean) contextHandler.getValue(SecurityTokenContextHandler.ENCRYPT_THEN_SIGN);
        if (bool != null) {
            return bool.booleanValue();
        }
        return false;
    }

    private static Node getInsertedNode(Element element, ContextHandler contextHandler, Node node, boolean z) {
        Node previousSibling;
        if (node == null) {
            Node firstTokenNode = getFirstTokenNode(contextHandler);
            previousSibling = firstTokenNode == null ? element.getFirstChild() : firstTokenNode.getNextSibling();
        } else {
            previousSibling = node.getPreviousSibling();
        }
        if (z) {
            setLastTokenNode(contextHandler, previousSibling);
        }
        if (needToSetAsFirstToken(contextHandler)) {
            setFirstTokenNode(contextHandler, previousSibling);
        }
        return previousSibling;
    }

    protected Node findSignatureInsertBeforeNode(Element element, XMLSignature xMLSignature, ContextHandler contextHandler) {
        Node lastTokenNode;
        Node node;
        Node findInsertBeforeNode = findInsertBeforeNode(element, contextHandler, false);
        if (isStrictLayout(contextHandler)) {
            List<Reference> references = xMLSignature.getSignedInfo().getReferences();
            ArrayList arrayList = new ArrayList();
            for (Reference reference : references) {
                if (reference.getURI().startsWith("#")) {
                    arrayList.add(reference.getURI().substring(1));
                }
            }
            Node findLastChildNodeById = findLastChildNodeById(arrayList, this.securityCtx.getIdQNames(), element, findInsertBeforeNode);
            if (findLastChildNodeById != null) {
                findInsertBeforeNode = findLastChildNodeById.getNextSibling();
            }
        }
        if (isEncryptBeforeSign(contextHandler)) {
            Node lastChild = findInsertBeforeNode == null ? element.getLastChild() : findInsertBeforeNode;
            while (true) {
                node = lastChild;
                if (null == node) {
                    break;
                }
                if (ENCRYPTED_KEY_QNAME.getLocalPart().equals(node.getLocalName()) || REFERENCE_LIST_QNAME.getLocalPart().equals(node.getLocalName())) {
                    break;
                }
                lastChild = node.getPreviousSibling();
            }
            return node;
        }
        if (isEndoringEncryptSignature(contextHandler)) {
            if (null == findInsertBeforeNode) {
                lastTokenNode = getLastTokenNode(contextHandler);
            } else {
                if (!ENCRYPTED_KEY_QNAME.getLocalPart().equals(findInsertBeforeNode.getLocalName()) && !REFERENCE_LIST_QNAME.getLocalPart().equals(findInsertBeforeNode.getLocalName())) {
                    return findInsertBeforeNode;
                }
                lastTokenNode = findInsertBeforeNode.getNextSibling();
            }
            while (true) {
                Node node2 = lastTokenNode;
                if (null == node2) {
                    break;
                }
                if (!ENCRYPTED_KEY_QNAME.getLocalPart().equals(node2.getLocalName()) && !REFERENCE_LIST_QNAME.getLocalPart().equals(node2.getLocalName())) {
                    return node2;
                }
                lastTokenNode = node2.getNextSibling();
            }
        }
        return findInsertBeforeNode;
    }

    protected Node findReferenceInsertBeforeNode(Element element, ContextHandler contextHandler) {
        Node findInsertBeforeNode = findInsertBeforeNode(element, contextHandler, false);
        Node node = findInsertBeforeNode;
        if (!isEncryptBeforeSign(contextHandler)) {
            while (node != null && !node.getLocalName().equals("Signature")) {
                node = node.getPreviousSibling();
            }
        }
        if (node != null) {
            findInsertBeforeNode = node;
        }
        return findInsertBeforeNode;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Node findInsertBeforeNode(Element element, ContextHandler contextHandler, boolean z) {
        Node nextSibling;
        Node lastChild = element.getLastChild();
        if (lastChild == null) {
            return null;
        }
        if (needToSetAsFirstToken(contextHandler)) {
            return element.getFirstChild();
        }
        boolean isTimestampFirst = isTimestampFirst(contextHandler);
        Node lastTokenNode = getLastTokenNode(contextHandler);
        Node firstTokenNode = getFirstTokenNode(contextHandler);
        if (z) {
            if (lastTokenNode != null) {
                return firstTokenNode == null ? lastTokenNode : firstTokenNode.getNextSibling();
            }
            Node firstChild = element.getFirstChild();
            return (isTimestampFirst && firstChild != null && WSSConstants.TIMESTAMP_QNAME.getLocalPart().equals(firstChild.getLocalName())) ? firstChild.getNextSibling() : firstChild;
        }
        if (lastTokenNode != null) {
            nextSibling = lastTokenNode.getNextSibling();
        } else {
            if (isTimestampFirst && WSSConstants.TIMESTAMP_QNAME.getLocalPart().equals(lastChild.getLocalName())) {
                return null;
            }
            nextSibling = lastChild;
        }
        return nextSibling;
    }

    private Node findLastChildNodeById(List list, Set set, Node node, Node node2) {
        Node lastChild = node.getLastChild();
        while (true) {
            Node node3 = lastChild;
            if (node3 == null) {
                return null;
            }
            if (matchesId(list, set, node3)) {
                return node3;
            }
            if (node3 == node2) {
                return null;
            }
            lastChild = node3.getPreviousSibling();
        }
    }

    private boolean matchesId(List list, Set set, Node node) {
        if (!node.hasAttributes()) {
            return false;
        }
        NamedNodeMap attributes = node.getAttributes();
        int length = attributes.getLength();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            for (int i = 0; i < length; i++) {
                Node item = attributes.item(i);
                if (str.equals(item.getNodeValue())) {
                    Iterator it2 = set.iterator();
                    while (it2.hasNext()) {
                        QName qName = (QName) it2.next();
                        if (namespacesMatch(item, qName) && item.getLocalName().equals(qName.getLocalPart())) {
                            return true;
                        }
                    }
                }
            }
        }
        return false;
    }

    private boolean namespacesMatch(Node node, QName qName) {
        String namespaceURI = node.getNamespaceURI();
        String namespaceURI2 = qName.getNamespaceURI();
        if (isEmptyNamespace(namespaceURI) && isEmptyNamespace(namespaceURI2)) {
            return true;
        }
        return namespaceURI != null && namespaceURI.equals(namespaceURI2);
    }

    private boolean isEmptyNamespace(String str) {
        return str == null || "".equals(str);
    }

    public void register(SecurityHeaderElementHandler securityHeaderElementHandler) {
        this.elementHandlers.put(securityHeaderElementHandler.getQName(), securityHeaderElementHandler);
    }

    private void validateHandlers(WSSecurityContext wSSecurityContext) throws WSSecurityException {
        Iterator it = this.elementHandlers.keySet().iterator();
        while (it.hasNext()) {
            ((SecurityHeaderElementHandler) this.elementHandlers.get((QName) it.next())).validate(wSSecurityContext);
        }
    }
}
