package com.ghc.a3.a3utils.wsplugins.wssecurity;

import com.ghc.a3.a3utils.fieldactions.validate.ValidateAction;
import com.ghc.a3.a3utils.nodeprocessing.NodeProcessorSession;
import com.ghc.a3.a3utils.wsplugins.WSExtension;
import com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.UserToken;
import com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityAction;
import com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityActionConstants;
import com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityActionExtensionRegistry;
import com.ghc.config.Config;
import com.ghc.identity.IdentityStoreResource;
import com.ghc.schema.AssocDef;
import com.ghc.security.utils.KeyStoreType;
import com.ghc.tags.context.TagReplacingProcessingContext;
import com.ghc.utils.password.Password;
import com.ghc.utils.xml.XMLUtils;
import com.ghc.wsSecurity.SecurityInfo;
import com.ghc.wsSecurity.WSSecurityActionProcessor;
import com.ghc.wsSecurity.action.SecurityAction;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.dom.DOMSource;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.token.Timestamp;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension.class */
public class WSSecurityExtension implements WSExtension {
    public static final String WS_SECURITY_MILLISECOND_PRECISION = "MSOption";
    public static final String WS_SECURITY_TIMETOLIVE = "TimeToLive";
    public static final String WS_SECURITY_ENABLED_PREF = "wsplugin.enable.ws.security";
    public static final String WS_MILLI_ENABLED_PREF = "ws.security.milli";
    private boolean m_emtpiedConfig;

    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$BinaryHandler.class */
    private class BinaryHandler implements TokenHandler {
        private BinaryHandler() {
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public NodeList getNodes(Element element) {
            NodeList nodes = XMLUtils.getNodes(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "BinarySecurityToken");
            NodeList nodes2 = XMLUtils.getNodes(element, "http://www.w3.org/2001/04/xmlenc#", "EncryptedKey");
            return nodes2.getLength() == 0 ? nodes : X_getFilteredTokenList(nodes, nodes2);
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getDisplayName() {
            return "Binary Token";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getType() {
            return "binary";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public void populateInnerConfig(String str, Element element, Config config, List<String> list) {
            list.add(String.valueOf(getDisplayName()) + " - Cannot read information for '" + str + "'.");
        }

        private NodeList X_getFilteredTokenList(NodeList nodeList, NodeList nodeList2) {
            Set<String> X_getEncryptedReferences = X_getEncryptedReferences(nodeList2);
            final ArrayList arrayList = new ArrayList();
            for (int i = 0; i < nodeList.getLength(); i++) {
                Element element = (Element) nodeList.item(i);
                String X_getAttribute = WSSecurityExtension.this.X_getAttribute(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
                if (X_getAttribute != null && !X_getEncryptedReferences.contains(AssocDef.PRIMITIVE_ESCAPE_CHAR + X_getAttribute)) {
                    arrayList.add(element);
                }
            }
            return new NodeList() { // from class: com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.BinaryHandler.1
                @Override // org.w3c.dom.NodeList
                public int getLength() {
                    return arrayList.size();
                }

                @Override // org.w3c.dom.NodeList
                public Node item(int i2) {
                    return (Node) arrayList.get(i2);
                }
            };
        }

        private Set<String> X_getEncryptedReferences(NodeList nodeList) {
            HashSet hashSet = new HashSet();
            for (int i = 0; i < nodeList.getLength(); i++) {
                String X_getAttribute = WSSecurityExtension.this.X_getAttribute(XMLUtils.getNode(XMLUtils.getNode(XMLUtils.getNode((Element) nodeList.item(i), "http://www.w3.org/2000/09/xmldsig#", "KeyInfo"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference"), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Reference"), null, "URI");
                if (!X_getAttribute.isEmpty()) {
                    hashSet.add(X_getAttribute);
                }
            }
            return hashSet;
        }

        /* synthetic */ BinaryHandler(WSSecurityExtension wSSecurityExtension, BinaryHandler binaryHandler) {
            this();
        }
    }

    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$SignBodyHandler.class */
    private class SignBodyHandler implements TokenHandler {
        private SignBodyHandler() {
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public NodeList getNodes(Element element) {
            return XMLUtils.getNodes(element, "http://www.w3.org/2000/09/xmldsig#", "Signature");
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getDisplayName() {
            return "Signature";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getType() {
            return WSSecurityActionExtensionRegistry.SIGN_BODY_TYPE;
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public void populateInnerConfig(String str, Element element, Config config, List<String> list) {
            list.add(String.valueOf(getDisplayName()) + " - Cannot read information for '" + str + "'.");
        }

        /* synthetic */ SignBodyHandler(WSSecurityExtension wSSecurityExtension, SignBodyHandler signBodyHandler) {
            this();
        }
    }

    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$TimeStampHandler.class */
    private class TimeStampHandler implements TokenHandler {
        private TimeStampHandler() {
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public NodeList getNodes(Element element) {
            return XMLUtils.getNodes(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Timestamp");
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getDisplayName() {
            return "Timestamp Token";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getType() {
            return "timeStamp";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public void populateInnerConfig(String str, Element element, Config config, List<String> list) {
            config.set(WSSecurityActionConstants.MILLIS, WSSecurityExtension.this.X_getUseMillis(element));
            config.set("timeToLive", X_getTimeToLive(str, element, list));
        }

        private String X_getTimeToLive(String str, Element element, List<String> list) {
            long j = -1;
            try {
                Timestamp timestamp = new Timestamp(element);
                long timeInMillis = timestamp.getCreated().getTimeInMillis();
                if (timestamp.getExpires() != null) {
                    j = (timestamp.getExpires().getTimeInMillis() - timeInMillis) / 1000;
                }
            } catch (WSSecurityException e) {
                list.add(String.valueOf(getDisplayName()) + " - An error occured while processing '" + str + "'. " + e.getMessage());
            }
            return j != -1 ? Long.toString(j) : "";
        }

        /* synthetic */ TimeStampHandler(WSSecurityExtension wSSecurityExtension, TimeStampHandler timeStampHandler) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$TokenHandler.class */
    public interface TokenHandler {
        NodeList getNodes(Element element);

        String getDisplayName();

        String getType();

        void populateInnerConfig(String str, Element element, Config config, List<String> list);
    }

    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$UserHandler.class */
    private class UserHandler implements TokenHandler {
        private UserHandler() {
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public NodeList getNodes(Element element) {
            return XMLUtils.getNodes(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "UsernameToken");
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getDisplayName() {
            return "User Token";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public String getType() {
            return "user";
        }

        @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.TokenHandler
        public void populateInnerConfig(String str, Element element, Config config, List<String> list) {
            config.set(WSSecurityActionConstants.MILLIS, WSSecurityExtension.this.X_getUseMillis(element));
            config.set(UserToken.USERNAME, X_getUsername(element));
            config.set(WSSecurityActionConstants.PASSWORD, X_getPassword(str, element, list));
            config.set(UserToken.DIGESTED, X_isDigested(element));
            config.set(UserToken.NONCED, X_isNonced(element));
            config.set(UserToken.CREATED, X_isCreated(element));
        }

        private String X_getPassword(String str, Element element, List<String> list) {
            Element node = XMLUtils.getNode(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Password");
            if (node == null) {
                return "";
            }
            String attribute = node.getAttribute(ValidateAction.TYPE_STRING);
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(attribute)) {
                Password password = new Password();
                password.setPassword(node.getTextContent().trim());
                return password.getEncryptedPassword();
            }
            if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest".equals(attribute)) {
                return "";
            }
            list.add(String.valueOf(getDisplayName()) + " - Cannot read the password of '" + str + "' as it is in digest format.");
            return "";
        }

        private String X_getUsername(Element element) {
            Element node = XMLUtils.getNode(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Username");
            return node != null ? node.getTextContent().trim() : "";
        }

        private boolean X_isDigested(Element element) {
            Element node = XMLUtils.getNode(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Password");
            if (node == null) {
                return false;
            }
            String attribute = node.getAttribute(ValidateAction.TYPE_STRING);
            return !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(attribute) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest".equals(attribute);
        }

        private boolean X_isNonced(Element element) {
            return XMLUtils.getNode(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Nonce") != null;
        }

        private boolean X_isCreated(Element element) {
            return XMLUtils.getNode(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created") != null;
        }

        /* synthetic */ UserHandler(WSSecurityExtension wSSecurityExtension, UserHandler userHandler) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/WSSecurityExtension$WSSecurityActionVisitor.class */
    public interface WSSecurityActionVisitor {
        void visit(WSSecurityAction wSSecurityAction, String str, String str2, Config config);
    }

    @Override // com.ghc.a3.a3utils.wsplugins.WSExtension
    public int getPriority() {
        return 1;
    }

    @Override // com.ghc.a3.a3utils.wsplugins.WSExtension
    public boolean overrideConfig(Element element, Config config, List<String> list) {
        this.m_emtpiedConfig = false;
        NodeList nodes = XMLUtils.getNodes(element, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Security");
        if (nodes != null) {
            try {
                LinkedHashMap linkedHashMap = new LinkedHashMap();
                linkedHashMap.put(new UserHandler(this, null), 0);
                linkedHashMap.put(new TimeStampHandler(this, null), 0);
                linkedHashMap.put(new BinaryHandler(this, null), 0);
                linkedHashMap.put(new SignBodyHandler(this, null), 0);
                for (int i = 0; i < nodes.getLength(); i++) {
                    Element element2 = (Element) nodes.item(i);
                    String X_getAttribute = X_getAttribute(element2, element.getNamespaceURI(), WSSecurityActionConstants.ACTOR);
                    boolean z = X_getAttribute(element2, element.getNamespaceURI(), WSSecurityActionConstants.MUSTUNDERSTAND).equals("1");
                    for (Map.Entry entry : linkedHashMap.entrySet()) {
                        entry.setValue(Integer.valueOf(((Integer) entry.getValue()).intValue() + X_processElements(((Integer) entry.getValue()).intValue(), X_getAttribute, z, element2, config, (TokenHandler) entry.getKey(), list)));
                    }
                }
            } finally {
                this.m_emtpiedConfig = false;
            }
        }
        return this.m_emtpiedConfig;
    }

    @Override // com.ghc.a3.a3utils.wsplugins.WSExtension
    public void compileSOAPMessage(SOAPFactory sOAPFactory, SOAPMessage sOAPMessage, NodeProcessorSession nodeProcessorSession, Config config) {
        WSSecurityActionExtensionRegistry wSSecurityActionExtensionRegistry = new WSSecurityActionExtensionRegistry();
        ArrayList arrayList = new ArrayList();
        iterateSecurityActions(new WSSecurityActionVisitor(nodeProcessorSession, arrayList) { // from class: com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.1
            private final TagReplacingProcessingContext processingContext;
            private final /* synthetic */ ArrayList val$actions;

            {
                this.val$actions = arrayList;
                this.processingContext = new TagReplacingProcessingContext(nodeProcessorSession.getTagDataStore());
            }

            @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.WSSecurityActionVisitor
            public void visit(WSSecurityAction wSSecurityAction, String str, String str2, Config config2) {
                this.val$actions.add(wSSecurityAction.getAction(this.processingContext, str, str2, config2, this.val$actions));
            }
        }, config, wSSecurityActionExtensionRegistry);
        try {
            X_forceNSResolution(sOAPMessage);
            WSSecurityActionProcessor wSSecurityActionProcessor = new WSSecurityActionProcessor(sOAPMessage.getSOAPPart());
            ArrayList arrayList2 = new ArrayList();
            Iterator types = nodeProcessorSession.getAuthManager().getTypes();
            while (types.hasNext()) {
                Iterator identityStores = nodeProcessorSession.getAuthManager().getIdentityManager((String) types.next()).getIdentityStores();
                while (identityStores.hasNext()) {
                    IdentityStoreResource identityStoreResource = (IdentityStoreResource) identityStores.next();
                    arrayList2.add(new SecurityInfo(identityStoreResource.getName(), new File(identityStoreResource.getName()), KeyStoreType.JKS, identityStoreResource.getPassword()));
                }
            }
            wSSecurityActionProcessor.applyActionList((SecurityAction[]) arrayList.toArray(new SecurityAction[arrayList.size()]), (SecurityInfo[]) arrayList2.toArray(new SecurityInfo[arrayList2.size()]));
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private void X_forceNSResolution(SOAPMessage sOAPMessage) throws SOAPException, IOException, UnsupportedEncodingException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        sOAPMessage.setProperty("javax.xml.soap.character-set-encoding", "UTF-8");
        sOAPMessage.writeTo(byteArrayOutputStream);
        sOAPMessage.getSOAPPart().setContent(new DOMSource(MessageFactory.newInstance().createMessage((MimeHeaders) null, new ByteArrayInputStream(byteArrayOutputStream.toString("UTF-8").getBytes())).getSOAPPart()));
    }

    @Override // com.ghc.a3.a3utils.wsplugins.WSExtension
    public Set<String> getTags(Config config) {
        WSSecurityActionExtensionRegistry wSSecurityActionExtensionRegistry = new WSSecurityActionExtensionRegistry();
        final HashSet hashSet = new HashSet();
        iterateSecurityActions(new WSSecurityActionVisitor() { // from class: com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.2
            @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.WSSecurityExtension.WSSecurityActionVisitor
            public void visit(WSSecurityAction wSSecurityAction, String str, String str2, Config config2) {
                hashSet.addAll(wSSecurityAction.getTags(config2));
            }
        }, config, wSSecurityActionExtensionRegistry);
        return hashSet;
    }

    private void iterateSecurityActions(WSSecurityActionVisitor wSSecurityActionVisitor, Config config, WSSecurityActionExtensionRegistry wSSecurityActionExtensionRegistry) {
        Iterator children_iterator = config.getChildren_iterator();
        while (children_iterator.hasNext()) {
            Config config2 = (Config) children_iterator.next();
            String string = config2.getString("name");
            String string2 = config2.getString("type");
            Config config3 = null;
            Iterator children_iterator2 = config2.getChildren_iterator();
            if (children_iterator2.hasNext()) {
                config3 = (Config) children_iterator2.next();
            }
            WSSecurityAction securityActionInstance = wSSecurityActionExtensionRegistry.getSecurityActionInstance(string2);
            if (securityActionInstance != null) {
                wSSecurityActionVisitor.visit(securityActionInstance, string, string2, config3);
            }
        }
    }

    private int X_processElements(int i, String str, boolean z, Element element, Config config, TokenHandler tokenHandler, List<String> list) {
        NodeList nodes = tokenHandler.getNodes(element);
        if (nodes == null) {
            return 0;
        }
        int length = nodes.getLength();
        for (int i2 = 0; i2 < length; i2++) {
            if (!this.m_emtpiedConfig) {
                config.clear();
                this.m_emtpiedConfig = true;
            }
            Element element2 = (Element) nodes.item(i2);
            String str2 = "Discovered " + tokenHandler.getDisplayName() + " " + (i + i2 + 1);
            Config createNew = config.createNew();
            createNew.set("name", str2);
            createNew.set("type", tokenHandler.getType());
            Config createNew2 = createNew.createNew();
            createNew2.set("name", str2);
            createNew2.set(WSSecurityActionConstants.ACTOR, str);
            createNew2.set(WSSecurityActionConstants.MUSTUNDERSTAND, z);
            tokenHandler.populateInnerConfig(str2, element2, createNew2, list);
            createNew.addChild(createNew2);
            config.addChild(createNew);
        }
        return length;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String X_getAttribute(Element element, String str, String str2) {
        Attr attributeNodeNS;
        String str3 = "";
        if (element != null && (attributeNodeNS = element.getAttributeNodeNS(str, str2)) != null) {
            str3 = attributeNodeNS.getValue();
        }
        return str3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean X_getUseMillis(Element element) {
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Created");
        if (elementsByTagNameNS == null || elementsByTagNameNS.getLength() == 0) {
            return true;
        }
        return elementsByTagNameNS.item(0).getTextContent().trim().matches(".*\\.[0-9]{3}Z$");
    }
}
