package org.apache.cxf.ws.security.wss4j.policyhandlers;

import java.util.Iterator;
import java.util.Vector;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.ws.policy.AssertionInfo;
import org.apache.cxf.ws.policy.AssertionInfoMap;
import org.apache.cxf.ws.security.policy.SPConstants;
import org.apache.cxf.ws.security.policy.model.AlgorithmSuite;
import org.apache.cxf.ws.security.policy.model.AsymmetricBinding;
import org.apache.cxf.ws.security.policy.model.Token;
import org.apache.cxf.ws.security.policy.model.TokenWrapper;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecBase;
import org.apache.ws.security.message.WSSecDKEncrypt;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/policyhandlers/AsymmetricBindingHandler.class */
public class AsymmetricBindingHandler extends AbstractBindingBuilder {
    AsymmetricBinding abinding;
    private WSSecEncryptedKey encrKey;
    private String encryptedKeyId;
    private byte[] encryptedKeyValue;

    public AsymmetricBindingHandler(AsymmetricBinding asymmetricBinding, SOAPMessage sOAPMessage, WSSecHeader wSSecHeader, AssertionInfoMap assertionInfoMap, SoapMessage soapMessage) {
        super(asymmetricBinding, sOAPMessage, wSSecHeader, assertionInfoMap, soapMessage);
        this.abinding = asymmetricBinding;
        this.protectionOrder = asymmetricBinding.getProtectionOrder();
    }

    public void handleBinding() {
        handleLayout(createTimestamp());
        if (this.abinding.getProtectionOrder() == SPConstants.ProtectionOrder.EncryptBeforeSigning) {
            doEncryptBeforeSign();
        } else {
            doSignBeforeEncrypt();
        }
    }

    private void doSignBeforeEncrypt() {
        try {
            Vector<WSEncryptionPart> signedParts = getSignedParts();
            if (isRequestor()) {
                if (this.timestampEl != null) {
                    signedParts.add(new WSEncryptionPart(addWsuIdToElement(this.timestampEl.getElement())));
                }
                addSupportingTokens(signedParts);
                doSignature(signedParts);
                doEndorse();
            } else {
                assertSupportingTokens(signedParts);
                if (this.timestampEl != null) {
                    signedParts.add(new WSEncryptionPart(addWsuIdToElement(this.timestampEl.getElement())));
                }
                addSignatureConfirmation(signedParts);
                doSignature(signedParts);
            }
            Vector<WSEncryptionPart> encryptedParts = getEncryptedParts();
            if (this.abinding.isSignatureProtection() && this.mainSigId != null) {
                encryptedParts.add(new WSEncryptionPart(this.mainSigId, "Element"));
            }
            if (isRequestor()) {
                Iterator<String> it = this.encryptedTokensIdList.iterator();
                while (it.hasNext()) {
                    encryptedParts.add(new WSEncryptionPart(it.next(), "Element"));
                }
            }
            doEncryption(this.abinding.getRecipientToken(), encryptedParts, false);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void doEncryptBeforeSign() {
        TokenWrapper recipientToken = isRequestor() ? this.abinding.getRecipientToken() : this.abinding.getInitiatorToken();
        Token token = recipientToken.getToken();
        Vector<WSEncryptionPart> vector = null;
        Vector<WSEncryptionPart> vector2 = null;
        try {
            vector = getEncryptedParts();
            vector2 = getSignedParts();
        } catch (SOAPException e) {
            e.printStackTrace();
        }
        if (token != null || vector.size() > 0) {
        }
        if (token == null || vector.size() <= 0) {
            return;
        }
        WSSecEncrypt doEncryption = doEncryption(recipientToken, vector, true);
        handleEncryptedSignedHeaders(vector, vector2);
        if (this.timestampEl != null) {
            vector2.add(new WSEncryptionPart(addWsuIdToElement(this.timestampEl.getElement())));
        }
        if (isRequestor()) {
            addSupportingTokens(vector2);
        } else {
            addSignatureConfirmation(vector2);
        }
        if ((vector2.size() > 0 && isRequestor() && this.abinding.getInitiatorToken() != null) || (!isRequestor() && this.abinding.getRecipientToken() != null)) {
            try {
                doSignature(vector2);
            } catch (WSSecurityException e2) {
                e2.printStackTrace();
            }
        }
        if (isRequestor()) {
            doEndorse();
        }
        if (!this.abinding.isSignatureProtection() || this.mainSigId == null) {
            return;
        }
        Vector vector3 = new Vector();
        vector3.add(new WSEncryptionPart(this.mainSigId, "Element"));
        if (isRequestor()) {
            Iterator<String> it = this.encryptedTokensIdList.iterator();
            while (it.hasNext()) {
                vector3.add(new WSEncryptionPart(it.next(), "Element"));
            }
        }
        if (token.isDerivedKeys()) {
            try {
                ((WSSecDKEncrypt) doEncryption).addExternalRefElement(((WSSecDKEncrypt) doEncryption).encryptForExternalRef((Element) null, vector3), this.secHeader);
                return;
            } catch (WSSecurityException e3) {
                e3.printStackTrace();
                return;
            }
        }
        try {
            Element createElementNS = this.saaj.getSOAPPart().createElementNS("http://www.w3.org/2001/04/xmlenc#", "xenc:ReferenceList");
            insertBeforeBottomUp(createElementNS);
            doEncryption.encryptForExternalRef(createElementNS, vector3);
        } catch (WSSecurityException e4) {
            e4.printStackTrace();
        }
    }

    private WSSecBase doEncryption(TokenWrapper tokenWrapper, Vector<WSEncryptionPart> vector, boolean z) {
        if (tokenWrapper == null || tokenWrapper.getToken() == null || vector.size() <= 0) {
            return null;
        }
        Token token = tokenWrapper.getToken();
        policyAsserted(tokenWrapper);
        policyAsserted(token);
        AlgorithmSuite algorithmSuite = this.abinding.getAlgorithmSuite();
        if (token.isDerivedKeys()) {
            try {
                WSSecDKEncrypt wSSecDKEncrypt = new WSSecDKEncrypt();
                if (this.encrKey == null) {
                    setupEncryptedKey(tokenWrapper, token);
                }
                wSSecDKEncrypt.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
                wSSecDKEncrypt.setParts(vector);
                wSSecDKEncrypt.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                wSSecDKEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
                wSSecDKEncrypt.setDerivedKeyLength(algorithmSuite.getEncryptionDerivedKeyLength() / 8);
                wSSecDKEncrypt.prepare(this.saaj.getSOAPPart());
                addDerivedKeyElement(wSSecDKEncrypt.getdktElement());
                insertBeforeBottomUp(wSSecDKEncrypt.encryptForExternalRef((Element) null, vector));
                return wSSecDKEncrypt;
            } catch (Exception e) {
                policyNotAsserted(tokenWrapper, e);
                return null;
            }
        }
        try {
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
            setKeyIdentifierType(wSSecEncrypt, tokenWrapper, token);
            wSSecEncrypt.setDocument(this.saaj.getSOAPPart());
            Crypto encryptionCrypto = getEncryptionCrypto(tokenWrapper);
            setEncryptionUser(wSSecEncrypt, tokenWrapper, false, encryptionCrypto);
            wSSecEncrypt.setSymmetricEncAlgorithm(algorithmSuite.getEncryption());
            wSSecEncrypt.setKeyEncAlgo(algorithmSuite.getAsymmetricKeyWrap());
            wSSecEncrypt.prepare(this.saaj.getSOAPPart(), encryptionCrypto);
            if (wSSecEncrypt.getBSTTokenId() != null) {
                wSSecEncrypt.prependBSTElementToHeader(this.secHeader);
            }
            Element encryptedKeyElement = wSSecEncrypt.getEncryptedKeyElement();
            if (z) {
                insertBeforeBottomUp(wSSecEncrypt.encryptForExternalRef((Element) null, vector));
            } else {
                encryptedKeyElement.appendChild(wSSecEncrypt.encryptForInternalRef((Element) null, vector));
            }
            addEncyptedKeyElement(encryptedKeyElement);
            return wSSecEncrypt;
        } catch (WSSecurityException e2) {
            policyNotAsserted(tokenWrapper, e2.getMessage());
            return null;
        }
    }

    private void assertUnusedTokens(TokenWrapper tokenWrapper) {
        for (AssertionInfo assertionInfo : this.aim.getAssertionInfo(tokenWrapper.getName())) {
            if (assertionInfo.getAssertion() == tokenWrapper) {
                assertionInfo.setAsserted(true);
            }
        }
        for (AssertionInfo assertionInfo2 : this.aim.getAssertionInfo(tokenWrapper.getToken().getName())) {
            if (assertionInfo2.getAssertion() == tokenWrapper.getToken()) {
                assertionInfo2.setAsserted(true);
            }
        }
    }

    private void doSignature(Vector<WSEncryptionPart> vector) throws WSSecurityException {
        TokenWrapper recipientToken;
        if (isRequestor()) {
            recipientToken = this.abinding.getInitiatorToken();
        } else {
            recipientToken = this.abinding.getRecipientToken();
            assertUnusedTokens(this.abinding.getInitiatorToken());
        }
        Token token = recipientToken.getToken();
        if (!token.isDerivedKeys()) {
            WSSecSignature signatureBuider = getSignatureBuider(recipientToken, token, false);
            signatureBuider.prependBSTElementToHeader(this.secHeader);
            if (this.abinding.isTokenProtection() && signatureBuider.getBSTTokenId() != null) {
                vector.add(new WSEncryptionPart(signatureBuider.getBSTTokenId()));
            }
            signatureBuider.addReferencesToSign(vector, this.secHeader);
            signatureBuider.computeSignature();
            insertBeforeBottomUp(signatureBuider.getSignatureElement());
            this.mainSigId = addWsuIdToElement(signatureBuider.getSignatureElement());
            return;
        }
        setupEncryptedKey(recipientToken, token);
        WSSecDKSign wSSecDKSign = new WSSecDKSign();
        wSSecDKSign.setExternalKey(this.encryptedKeyValue, this.encryptedKeyId);
        wSSecDKSign.setSignatureAlgorithm(this.abinding.getAlgorithmSuite().getSymmetricSignature());
        wSSecDKSign.setDerivedKeyLength(this.abinding.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
        wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
        try {
            wSSecDKSign.prepare(this.saaj.getSOAPPart(), this.secHeader);
            if (this.abinding.isTokenProtection()) {
                vector.add(new WSEncryptionPart(this.encrKey.getId()));
            }
            wSSecDKSign.setParts(vector);
            wSSecDKSign.addReferencesToSign(vector, this.secHeader);
            wSSecDKSign.computeSignature();
            addDerivedKeyElement(wSSecDKSign.getdktElement());
            insertBeforeBottomUp(wSSecDKSign.getSignatureElement());
            this.mainSigId = addWsuIdToElement(wSSecDKSign.getSignatureElement());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }

    private void setupEncryptedKey(TokenWrapper tokenWrapper, Token token) throws WSSecurityException {
        if (isRequestor() || !token.isDerivedKeys()) {
            createEncryptedKey(tokenWrapper, token);
            return;
        }
        if (this.encryptedKeyId == null || this.encryptedKeyValue == null) {
            Object obj = this.message.getExchange().getInMessage().get("RECV_RESULTS");
            if (obj == null) {
                policyNotAsserted(token, "No security results found");
                return;
            }
            this.encryptedKeyId = getRequestEncryptedKeyId((Vector) obj);
            this.encryptedKeyValue = getRequestEncryptedKeyValue((Vector) obj);
            if (this.encryptedKeyId == null && this.encryptedKeyValue == null) {
                createEncryptedKey(tokenWrapper, token);
            }
        }
    }

    public static String getRequestEncryptedKeyId(Vector vector) {
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                String str = (String) wSSecurityEngineResult.get("encrypted-key-id");
                if (num.intValue() == 4 && str != null) {
                    return str;
                }
            }
        }
        return null;
    }

    public static byte[] getRequestEncryptedKeyValue(Vector vector) {
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                Integer num = (Integer) wSSecurityEngineResult.get("action");
                byte[] bArr = (byte[]) wSSecurityEngineResult.get("decrypted-key");
                if (num.intValue() == 4 && bArr != null) {
                    return bArr;
                }
            }
        }
        return null;
    }

    private void createEncryptedKey(TokenWrapper tokenWrapper, Token token) throws WSSecurityException {
        this.encrKey = getEncryptedKeyBuilder(tokenWrapper, token);
        if (this.encrKey.getBinarySecurityTokenElement() != null) {
            this.encrKey.prependBSTElementToHeader(this.secHeader);
        }
        addEncyptedKeyElement(this.encrKey.getEncryptedKeyElement());
        this.encryptedKeyValue = this.encrKey.getEphemeralKey();
        this.encryptedKeyId = this.encrKey.getId();
        this.message.put(WSSecEncryptedKey.class.getName(), (Object) this.encrKey);
    }
}
