package weblogic.xml.crypto.wss11.internal.enckey;

import java.security.Key;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.Subject;
import javax.xml.namespace.QName;
import javax.xml.rpc.handler.MessageContext;
import org.w3c.dom.Node;
import weblogic.security.service.ContextHandler;
import weblogic.xml.crypto.api.KeySelector;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.EncryptedKeyProvider;
import weblogic.xml.crypto.common.keyinfo.KeyProvider;
import weblogic.xml.crypto.common.keyinfo.SecretKeyProvider;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.TBEKey;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.encrypt.api.dom.DOMEncryptContext;
import weblogic.xml.crypto.encrypt.api.keyinfo.EncryptedKey;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.utils.EncryptedKeyUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.SecurityTokenValidateResult;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.WSSecurityInfo;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.STRType;
import weblogic.xml.crypto.wss11.internal.WSS11Constants;
import weblogic.xml.security.wsse.internal.SigningPreprocessor;

/* loaded from: input_file:weblogic/xml/crypto/wss11/internal/enckey/EncryptedKeyTokenHandler.class */
public class EncryptedKeyTokenHandler implements SecurityTokenHandler {
    private static final SecurityTokenValidateResult TRUE = new SecurityTokenValidateResult(true);

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, Object obj, ContextHandler contextHandler) throws WSSecurityException {
        SecurityTokenReference str2;
        if (obj instanceof EncryptedKeyProvider) {
            return new EncryptedKeyToken((EncryptedKeyProvider) obj, "");
        }
        try {
            Object obj2 = null;
            String str3 = WSSConstants.VALUE_TYPE_X509V3;
            Key key = (Key) obj;
            WSSecurityContext wSSecurityContext = (WSSecurityContext) contextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO);
            CredentialProvider credentialProvider = wSSecurityContext.getCredentialProvider(str3);
            if (credentialProvider != null) {
                obj2 = credentialProvider.getCredential(str3, null, contextHandler, Purpose.ENCRYPT);
            }
            if (obj2 == null) {
                str3 = WSSConstants.VALUE_TYPE_X509V1;
                credentialProvider = wSSecurityContext.getCredentialProvider(str3);
                if (credentialProvider != null) {
                    obj2 = credentialProvider.getCredential(str3, null, contextHandler, Purpose.ENCRYPT);
                } else {
                    credentialProvider = credentialProvider;
                }
            }
            if (credentialProvider == null) {
                throw new WSSecurityException("EncryptedKeyTokenHandler does not know how to handle: " + obj + " when the x509 CredProvider not found");
            }
            if (obj2 == null) {
                return getSecurityToken(str, null, Purpose.ENCRYPT, contextHandler);
            }
            SecurityTokenHandler tokenHandler = wSSecurityContext.getTokenHandler(str3);
            SecurityToken securityToken = tokenHandler.getSecurityToken(str3, obj2, contextHandler);
            if (contextHandler.getValue(SecurityTokenContextHandler.DK_BASE_TOKEN_REFERENCE_TYPE) != null) {
                str2 = tokenHandler.getSTR(WSSConstants.KEY_IDENTIFIER_QNAME, ((STRType) contextHandler.getValue(SecurityTokenContextHandler.DK_BASE_TOKEN_REFERENCE_TYPE)).getValueType(), securityToken);
            } else {
                str2 = tokenHandler.getSTR(WSSConstants.KEY_IDENTIFIER_QNAME, str3, securityToken);
            }
            String generateId = DOMUtils.generateId("encKey");
            EncryptedKeyToken encryptedKeyToken = new EncryptedKeyToken(key, generateId);
            wSSecurityContext.addSecurityToken(encryptedKeyToken);
            KeyProvider keyProvider = tokenHandler.getKeyProvider(securityToken, wSSecurityContext.getMessageContext());
            if (keyProvider != null) {
                wSSecurityContext.addKeyProvider(keyProvider);
            }
            KeySelector keySelector = wSSecurityContext.getKeySelector();
            EncryptionMethod encryptionMethod = (EncryptionMethod) contextHandler.getValue(SecurityTokenContextHandler.EK_KEYWRAP_METHOD);
            Key key2 = EncryptedKeyUtils.getKey(keySelector, keyProvider, encryptionMethod);
            EncryptedKey newEncryptedKey = wSSecurityContext.getEncryptionFactory().newEncryptedKey(new TBEKey(key), encryptionMethod, EncryptedKeyUtils.getKeyInfo(wSSecurityContext, str2), null, new ArrayList(), generateId, null, null, null);
            encryptedKeyToken.setDOMEncryptContext(new DOMEncryptContext(key2));
            try {
                encryptedKeyToken.setEncryptedKey(newEncryptedKey);
            } catch (XMLEncryptionException e) {
            }
            return encryptedKeyToken;
        } catch (ClassCastException e2) {
            throw new WSSecurityException("EncryptedKeyTokenHandler does not know how to handle the class of: " + obj);
        }
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(String str, String str2, Purpose purpose, ContextHandler contextHandler) throws WSSecurityException {
        if (!WSS11Constants.ENC_KEY_VALUE_TYPE.equals(str) && !WSS11Constants.ENC_KEY_TOKEN_TYPE.equals(str)) {
            return null;
        }
        List securityTokens = ((WSSecurityInfo) contextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO)).getSecurityTokens(WSS11Constants.ENC_KEY_TOKEN_TYPE);
        if (securityTokens.size() == 1) {
            return (SecurityToken) securityTokens.get(0);
        }
        if (securityTokens.size() > 1) {
            throw new WSSecurityException("Failed to get EncryptedKey token, more than one in context.");
        }
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference getSTR(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        return new EncryptedKeySTR(qName, (EncryptedKeyToken) securityToken);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public QName[] getQNames() {
        return new QName[0];
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public String[] getValueTypes() {
        return WSS11Constants.getEncryptedKeyValueTypes();
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken newSecurityToken(Node node) throws MarshalException {
        return null;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenReference newSecurityTokenReference(Node node) throws weblogic.xml.dom.marshal.MarshalException {
        EncryptedKeySTR encryptedKeySTR = new EncryptedKeySTR();
        encryptedKeySTR.unmarshal(node);
        return encryptedKeySTR;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public KeyProvider getKeyProvider(SecurityToken securityToken, MessageContext messageContext) {
        KeyProvider keyProvider = null;
        if (securityToken instanceof EncryptedKeyToken) {
            keyProvider = ((EncryptedKeyToken) securityToken).getKeyProvider();
        }
        if (keyProvider == null && securityToken.getSecretKey() != null) {
            keyProvider = new SecretKeyProvider(securityToken.getSecretKey(), (String) null, (byte[]) null, SigningPreprocessor.FRAGMENT_URI + securityToken.getId(), securityToken);
        }
        return keyProvider;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityToken getSecurityToken(SecurityTokenReference securityTokenReference, MessageContext messageContext) throws WSSecurityException {
        List securityTokens = WSSecurityContext.getSecurityContext(messageContext).getSecurityTokens();
        String referenceURI = securityTokenReference.getReferenceURI();
        if (referenceURI != null) {
            return getTokenByURI(referenceURI, securityTokens);
        }
        byte[] identifier = securityTokenReference.getKeyIdentifier().getIdentifier();
        if (identifier != null) {
            return getTokenByKeyId(identifier, securityTokens);
        }
        throw new WSSecurityException("Failed to resolve EncryptedKey STR.", WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
    }

    private SecurityToken getTokenByKeyId(byte[] bArr, List list) throws WSSecurityException {
        Iterator it = list.iterator();
        while (it.hasNext()) {
            SecurityToken securityToken = (SecurityToken) it.next();
            try {
                if (securityToken instanceof EncryptedKeyToken) {
                    Iterator<byte[]> it2 = ((EncryptedKeyToken) securityToken).getKeyIdentifiers().iterator();
                    while (it2.hasNext()) {
                        if (Arrays.equals(bArr, it2.next())) {
                            return securityToken;
                        }
                    }
                }
            } catch (XMLEncryptionException e) {
                throw new WSSecurityException("Failed to retrieve token for key identifier " + bArr, WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
            }
        }
        throw new WSSecurityException("Failed to retrieve token for key identifier " + bArr, WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateUnmarshalled(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        return TRUE;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public SecurityTokenValidateResult validateProcessed(SecurityToken securityToken, MessageContext messageContext) {
        return TRUE;
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public boolean matches(SecurityToken securityToken, String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        return str.equals(securityToken.getValueType());
    }

    @Override // weblogic.xml.crypto.wss.provider.SecurityTokenHandler
    public Subject getSubject(SecurityToken securityToken, MessageContext messageContext) throws WSSecurityException {
        return null;
    }

    private SecurityToken getTokenByURI(String str, List list) throws WSSecurityException {
        String substring = str.substring(1);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            SecurityToken securityToken = (SecurityToken) it.next();
            if ((securityToken instanceof EncryptedKeyToken) && substring.equals(securityToken.getId())) {
                return securityToken;
            }
        }
        throw new WSSecurityException("Failed to retrieve token for reference URI " + str, WSSConstants.FAILURE_TOKEN_UNAVAILABLE);
    }
}
