package wss4j.examples.other.hack;

import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.xml.namespace.QName;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.str.BSPEnforcer;
import org.apache.ws.security.str.SecurityTokenRefSTRParser;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import ru.cprocsp.ACSP.tools.common.ACSPConstants;

/* loaded from: classes4.dex */
public class MySecurityTokenRefSTRParser extends SecurityTokenRefSTRParser {
    private byte[] secretKey;

    private byte[] getSecretKeyFromAssertion(AssertionWrapper assertionWrapper, SecurityTokenReference securityTokenReference, RequestData requestData, WSDocInfo wSDocInfo, boolean z) throws WSSecurityException {
        if (z) {
            BSPEnforcer.checkSamlTokenBSPCompliance(securityTokenReference, assertionWrapper);
        }
        SAMLKeyInfo credentialFromSubject = SAMLUtil.getCredentialFromSubject(assertionWrapper, requestData, wSDocInfo, z);
        if (credentialFromSubject != null) {
            return credentialFromSubject.getSecret();
        }
        throw new WSSecurityException(6, "invalidSAMLToken", new Object[]{"No Secret Key"});
    }

    private byte[] getSecretKeyFromToken(String str, String str2, RequestData requestData) throws WSSecurityException {
        if (str.charAt(0) == '#') {
            str = str.substring(1);
        }
        Callback wSPasswordCallback = new WSPasswordCallback(str, (String) null, str2, 9, requestData);
        try {
            Callback[] callbackArr = {wSPasswordCallback};
            if (requestData.getCallbackHandler() == null) {
                return null;
            }
            requestData.getCallbackHandler().handle(callbackArr);
            return wSPasswordCallback.getKey();
        } catch (Exception e) {
            throw new WSSecurityException(0, "noPassword", new Object[]{str}, e);
        }
    }

    private void processPreviousResult(WSSecurityEngineResult wSSecurityEngineResult, SecurityTokenReference securityTokenReference, RequestData requestData, Map<String, Object> map, WSDocInfo wSDocInfo, boolean z) throws WSSecurityException {
        int intValue = ((Integer) wSSecurityEngineResult.get(ACSPConstants.INTENT_EXTRA_OUT_ACTION)).intValue();
        if (4 == intValue) {
            if (z) {
                BSPEnforcer.checkEncryptedKeyBSPCompliance(securityTokenReference);
            }
            this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
        } else {
            if (2048 == intValue) {
                byte[] bArr = (byte[]) wSSecurityEngineResult.get("secret");
                this.secretKey = bArr;
                return;
            }
            if (8 == intValue || 16 == intValue) {
                this.secretKey = getSecretKeyFromAssertion((AssertionWrapper) wSSecurityEngineResult.get("saml-assertion"), securityTokenReference, requestData, wSDocInfo, z);
            } else if (1024 == intValue || 4096 == intValue) {
                this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
            }
        }
    }

    public byte[] getSecretKey() {
        return this.secretKey;
    }

    public void parseSecurityTokenReference(Element element, RequestData requestData, WSDocInfo wSDocInfo, Map<String, Object> map) throws WSSecurityException {
        WSSConfig wssConfig = requestData.getWssConfig();
        boolean isWsiBSPCompliant = wssConfig != null ? wssConfig.isWsiBSPCompliant() : true;
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(element, isWsiBSPCompliant);
        String str = null;
        if (securityTokenReference.containsReference()) {
            str = securityTokenReference.getReference().getURI();
            if (str.charAt(0) == '#') {
                str = str.substring(1);
            }
        } else if (securityTokenReference.containsKeyIdentifier()) {
            str = securityTokenReference.getKeyIdentifierValue();
        }
        WSSecurityEngineResult result = wSDocInfo.getResult(str);
        if (result != null) {
            processPreviousResult(result, securityTokenReference, requestData, map, wSDocInfo, isWsiBSPCompliant);
            return;
        }
        if (securityTokenReference.containsReference()) {
            byte[] secretKeyFromToken = getSecretKeyFromToken(str, securityTokenReference.getReference().getValueType(), requestData);
            this.secretKey = secretKeyFromToken;
            if (secretKeyFromToken == null) {
                Element tokenElement = securityTokenReference.getTokenElement(element.getOwnerDocument(), wSDocInfo, requestData.getCallbackHandler());
                if (new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName()).equals(WSSecurityEngine.BINARY_TOKEN)) {
                    List handleToken = requestData.getWssConfig().getProcessor(WSSecurityEngine.BINARY_TOKEN).handleToken(tokenElement, requestData, wSDocInfo);
                    BinarySecurity binarySecurity = (BinarySecurity) ((WSSecurityEngineResult) handleToken.get(0)).get("binary-security-token");
                    if (isWsiBSPCompliant) {
                        BSPEnforcer.checkBinarySecurityBSPCompliance(securityTokenReference, binarySecurity);
                    }
                    this.secretKey = (byte[]) ((WSSecurityEngineResult) handleToken.get(0)).get("secret");
                }
            }
            if (this.secretKey == null) {
                throw new WSSecurityException(6, "unsupportedKeyId", new Object[]{str});
            }
            return;
        }
        if (!securityTokenReference.containsKeyIdentifier()) {
            throw new WSSecurityException(6, "noReference");
        }
        String keyIdentifierValueType = securityTokenReference.getKeyIdentifierValueType();
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(keyIdentifierValueType) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(keyIdentifierValueType)) {
            this.secretKey = getSecretKeyFromAssertion(SAMLUtil.getAssertionFromKeyIdentifier(securityTokenReference, element, requestData, wSDocInfo), securityTokenReference, requestData, wSDocInfo, isWsiBSPCompliant);
            return;
        }
        if (!"http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1".equals(keyIdentifierValueType)) {
            if (isWsiBSPCompliant && "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(keyIdentifierValueType)) {
                BSPEnforcer.checkEncryptedKeyBSPCompliance(securityTokenReference);
            }
            byte[] secretKeyFromToken2 = getSecretKeyFromToken(securityTokenReference.getKeyIdentifierValue(), securityTokenReference.getKeyIdentifierValueType(), requestData);
            this.secretKey = secretKeyFromToken2;
            if (secretKeyFromToken2 == null) {
                throw new WSSecurityException(6, "unsupportedKeyId", new Object[]{str});
            }
            return;
        }
        byte[] secretKeyFromToken3 = getSecretKeyFromToken(securityTokenReference.getKeyIdentifierValue(), keyIdentifierValueType, requestData);
        this.secretKey = secretKeyFromToken3;
        if (secretKeyFromToken3 == null) {
            byte[] sKIBytes = securityTokenReference.getSKIBytes();
            Iterator it = wSDocInfo.getResultsByTag(4096).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) it.next();
                if (Arrays.equals(WSSecurityUtil.generateDigest(((BinarySecurity) wSSecurityEngineResult.get("binary-security-token")).getToken()), sKIBytes)) {
                    this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
                    break;
                }
            }
        }
        if (this.secretKey == null) {
            throw new WSSecurityException(6, "unsupportedKeyId", new Object[]{str});
        }
    }
}
