package com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions;

import com.ghc.a3.a3utils.wsplugins.wssecurity.SignatureKeySourceType;
import com.ghc.a3.nls.GHMessages;
import com.ghc.config.Config;
import com.ghc.tags.TagUtils;
import com.ghc.tags.context.TagReplacingProcessingContext;
import com.ghc.utils.PairValue;
import com.ghc.utils.password.InvalidPasswordException;
import com.ghc.utils.password.Password;
import com.ghc.utils.password.UnknownAlgorithmException;
import com.ghc.wsSecurity.SecurityUtils;
import com.ghc.wsSecurity.action.SAMLAssertionTokenAction;
import com.ghc.wsSecurity.action.SecurityAction;
import com.ghc.wsSecurity.action.SignBodyAction;
import com.ghc.wsSecurity.action.UserNameTokenAction;
import com.ghc.wsSecurity.action.saml.SAMLUtils;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;

/* loaded from: input_file:com/ghc/a3/a3utils/wsplugins/wssecurity/securityactions/SignatureToken.class */
public class SignatureToken implements WSSecurityAction, WSSecurityActionConstants {
    @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityAction
    public SecurityAction getAction(TagReplacingProcessingContext tagReplacingProcessingContext, String str, String str2, Config config, ArrayList<SecurityAction> arrayList) {
        Password password;
        Password password2;
        SignBodyAction signBodyAction = new SignBodyAction();
        signBodyAction.setName(config.getString("name"));
        signBodyAction.setActor(WSSTagUtils.safeReplace(tagReplacingProcessingContext, config.getString(WSSecurityActionConstants.ACTOR)));
        signBodyAction.setMustUnderstand(config.getBoolean(WSSecurityActionConstants.MUSTUNDERSTAND, true));
        SignatureKeySourceType fromExternalName = SignatureKeySourceType.getFromExternalName(config.getString(WSSecurityActionConstants.SIGNATURE_KEY_SOURCE_TYPE));
        if (fromExternalName == SignatureKeySourceType.USERNAME) {
            int i = -1;
            String string = config.getString(WSSecurityActionConstants.SIGNATURE_KEY_SOURCE_USERNAME);
            if (string == null || string.trim().length() == 0) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException1, str));
            }
            int i2 = 0;
            while (true) {
                if (i2 >= arrayList.size()) {
                    break;
                }
                if (string.equals(arrayList.get(i2).getName())) {
                    try {
                        UserNameTokenAction userNameTokenAction = arrayList.get(i2);
                        if (!userNameTokenAction.isCreated() || !userNameTokenAction.isNonced()) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_userTokenActionException, string, str));
                        }
                        i = i2;
                    } catch (ClassCastException unused) {
                        throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException2, str, string));
                    }
                } else {
                    i2++;
                }
            }
            if (i == -1) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException3, str, string));
            }
            signBodyAction.setKeyIdentifierReferenceIndex(i);
            signBodyAction.setKeyIdentifierType(7);
        } else if (fromExternalName == SignatureKeySourceType.KEYSTORE) {
            try {
                password = new Password(config.getString(WSSecurityActionConstants.PASSWORD));
            } catch (InvalidPasswordException unused2) {
                password = new Password();
            } catch (UnknownAlgorithmException unused3) {
                password = new Password();
            }
            signBodyAction.setPassword(password.getPassword());
            signBodyAction.setKeyStoreName(config.getString(WSSecurityActionConstants.KEYS_STORE));
            signBodyAction.setCertificateAlias(config.getString(WSSecurityActionConstants.CERTIFICATE_ALIAS));
            signBodyAction.setKeyIdentifierType(config.getInt(WSSecurityActionConstants.KEY_IDENTIFIER_TYPE, SecurityUtils.KEY_IDENTIFIER_TYPE_VALUES[0]));
        } else {
            if (fromExternalName != SignatureKeySourceType.SAML) {
                throw new UnsupportedOperationException(GHMessages.SignatureToken_signTypeUnSupport);
            }
            int i3 = -1;
            String string2 = config.getString(WSSecurityActionConstants.SIGNATURE_KEY_SOURCE_SAML);
            if (string2 == null || string2.trim().length() == 0) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException4, str));
            }
            int i4 = 0;
            while (true) {
                if (i4 >= arrayList.size()) {
                    break;
                }
                if (string2.equals(arrayList.get(i4).getName())) {
                    try {
                        SAMLAssertionTokenAction sAMLAssertionTokenAction = arrayList.get(i4);
                        if (sAMLAssertionTokenAction.getAssertion().getKeystoreName() == null) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException1, string2, str));
                        }
                        if (!SAMLUtils.isSenderVouches(sAMLAssertionTokenAction.getAssertion())) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException2, string2, str));
                        }
                        if (!SAMLUtils.subjectHoldsKey(sAMLAssertionTokenAction.getAssertion())) {
                            throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_samlTokenActionException3, string2, str));
                        }
                        try {
                            password2 = new Password(config.getString(WSSecurityActionConstants.PASSWORD));
                        } catch (InvalidPasswordException unused4) {
                            password2 = new Password();
                        } catch (UnknownAlgorithmException unused5) {
                            password2 = new Password();
                        }
                        signBodyAction.setPassword(password2.getPassword());
                        signBodyAction.setKeyStoreName(config.getString(WSSecurityActionConstants.KEYS_STORE));
                        signBodyAction.setCertificateAlias(config.getString(WSSecurityActionConstants.CERTIFICATE_ALIAS));
                        i3 = i4;
                    } catch (ClassCastException unused6) {
                        throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException5, str, string2));
                    }
                } else {
                    i4++;
                }
            }
            if (i3 == -1) {
                throw new RuntimeException(MessageFormat.format(GHMessages.SignatureToken_signActionException6, str, string2));
            }
            signBodyAction.setKeyIdentifierReferenceIndex(i3);
            signBodyAction.setKeyIdentifierType(123456789);
        }
        signBodyAction.setAlgorithm(config.getInt(WSSecurityActionConstants.ALGORITHM, SecurityUtils.SIGNATURE_ALGORITHM_VALUES[0]));
        signBodyAction.setUseCertChains(config.getBoolean(WSSecurityActionConstants.USE_CERT_CHAINS, false));
        Config child = config.getChild(WSSecurityActionConstants.TARGETS_CONFIG);
        if (child == null) {
            signBodyAction.setSignBody(true);
        } else {
            signBodyAction.setSignBody(child.getBoolean(WSSecurityActionConstants.BODY, false));
            Config child2 = child.getChild(WSSecurityActionConstants.TOKENS);
            if (child2 != null) {
                Iterator childrenWithName_iterator = child2.getChildrenWithName_iterator(WSSecurityActionConstants.TOKEN);
                ArrayList arrayList2 = new ArrayList();
                while (childrenWithName_iterator.hasNext()) {
                    Config config2 = (Config) childrenWithName_iterator.next();
                    String string3 = config2.getString("name", (String) null);
                    String string4 = config2.getString("type", (String) null);
                    if (string3 != null && string4 != null) {
                        arrayList2.add(PairValue.of(string3, string4));
                    }
                }
                signBodyAction.setTokensToSign(arrayList2);
            }
            Config child3 = child.getChild(WSSecurityActionConstants.ADDRESSING);
            if (child3 != null) {
                Iterator childrenWithName_iterator2 = child3.getChildrenWithName_iterator(WSSecurityActionConstants.ENDPOINT);
                ArrayList arrayList3 = new ArrayList();
                while (childrenWithName_iterator2.hasNext()) {
                    String string5 = ((Config) childrenWithName_iterator2.next()).getString(WSSecurityActionConstants.URL, (String) null);
                    if (string5 != null) {
                        arrayList3.add(string5);
                    }
                }
                signBodyAction.setAddressesToSign(arrayList3);
            }
        }
        return signBodyAction;
    }

    @Override // com.ghc.a3.a3utils.wsplugins.wssecurity.securityactions.WSSecurityAction
    public Set<String> getTags(Config config) {
        HashSet hashSet = new HashSet();
        TagUtils.extractTagNames(config.getString(WSSecurityActionConstants.ACTOR), hashSet);
        return hashSet;
    }
}
