package wss4j.examples.other.hack;

import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import javax.xml.namespace.QName;
import org.apache.ws.security.CustomTokenPrincipal;
import org.apache.ws.security.SAMLTokenPrincipal;
import org.apache.ws.security.WSDerivedKeyTokenPrincipal;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.SecurityContextToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.processor.Processor;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;
import org.apache.ws.security.str.BSPEnforcer;
import org.apache.ws.security.str.SignatureSTRParser;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Element;
import ru.CryptoPro.XAdES.cl_61;
import ru.cprocsp.ACSP.tools.common.ACSPConstants;

/* loaded from: classes5.dex */
public class MySignatureSTRParser extends SignatureSTRParser {
    private X509Certificate[] certs;
    private Principal principal;
    private PublicKey publicKey;
    private byte[] secretKey;
    private boolean trustedCredential;

    private Principal createPrincipalFromSAML(AssertionWrapper assertionWrapper) {
        SAMLTokenPrincipal sAMLTokenPrincipal = new SAMLTokenPrincipal(assertionWrapper);
        List confirmationMethods = assertionWrapper.getConfirmationMethods();
        if (OpenSAMLUtil.isMethodHolderOfKey((confirmationMethods == null || confirmationMethods.size() <= 0) ? null : (String) confirmationMethods.get(0)) && assertionWrapper.isSigned()) {
            this.trustedCredential = true;
        }
        return sAMLTokenPrincipal;
    }

    private byte[] getSecretKeyFromToken(String str, String str2, RequestData requestData) throws WSSecurityException {
        if (str.charAt(0) == '#') {
            str = str.substring(1);
        }
        Callback wSPasswordCallback = new WSPasswordCallback(str, (String) null, str2, 9, requestData);
        try {
            Callback[] callbackArr = {wSPasswordCallback};
            if (requestData.getCallbackHandler() == null) {
                return null;
            }
            requestData.getCallbackHandler().handle(callbackArr);
            return wSPasswordCallback.getKey();
        } catch (Exception e) {
            throw new WSSecurityException(0, "noPassword", new Object[]{str}, e);
        }
    }

    private void parseBSTKeyIdentifier(SecurityTokenReference securityTokenReference, Crypto crypto, WSDocInfo wSDocInfo, RequestData requestData, boolean z) throws WSSecurityException {
        if (z) {
            BSPEnforcer.checkBinarySecurityBSPCompliance(securityTokenReference, (BinarySecurity) null);
        }
        String keyIdentifierValueType = securityTokenReference.getKeyIdentifierValueType();
        if (!"http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1".equals(keyIdentifierValueType)) {
            X509Certificate[] keyIdentifier = securityTokenReference.getKeyIdentifier(crypto);
            if (keyIdentifier != null) {
                this.certs = new X509Certificate[]{keyIdentifier[0]};
                return;
            }
            return;
        }
        byte[] secretKeyFromToken = getSecretKeyFromToken(securityTokenReference.getKeyIdentifierValue(), keyIdentifierValueType, requestData);
        this.secretKey = secretKeyFromToken;
        if (secretKeyFromToken != null) {
            this.principal = new CustomTokenPrincipal(securityTokenReference.getKeyIdentifierValue());
            return;
        }
        byte[] sKIBytes = securityTokenReference.getSKIBytes();
        for (WSSecurityEngineResult wSSecurityEngineResult : wSDocInfo.getResultsByTag(4096)) {
            if (Arrays.equals(WSSecurityUtil.generateDigest(((BinarySecurity) wSSecurityEngineResult.get("binary-security-token")).getToken()), sKIBytes)) {
                this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
                this.principal = (Principal) wSSecurityEngineResult.get("principal");
                return;
            }
        }
    }

    private void processPreviousResult(WSSecurityEngineResult wSSecurityEngineResult, SecurityTokenReference securityTokenReference, RequestData requestData, Map<String, Object> map, boolean z) throws WSSecurityException {
        int intValue = ((Integer) wSSecurityEngineResult.get(ACSPConstants.INTENT_EXTRA_OUT_ACTION)).intValue();
        if (8192 == intValue || 1 == intValue) {
            if (z) {
                BSPEnforcer.checkUsernameTokenBSPCompliance(securityTokenReference);
            }
            UsernameToken usernameToken = (UsernameToken) wSSecurityEngineResult.get("username-token");
            usernameToken.setRawPassword(requestData);
            if (usernameToken.isDerivedKey()) {
                this.secretKey = usernameToken.getDerivedKey();
            } else {
                this.secretKey = usernameToken.getSecretKey(((Integer) map.get("secret_key_length")).intValue());
            }
            this.principal = usernameToken.createPrincipal();
            return;
        }
        if (4096 == intValue) {
            if (z) {
                BSPEnforcer.checkBinarySecurityBSPCompliance(securityTokenReference, (BinarySecurity) wSSecurityEngineResult.get("binary-security-token"));
            }
            this.certs = (X509Certificate[]) wSSecurityEngineResult.get("x509-certificates");
            this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
            if (((Boolean) wSSecurityEngineResult.get("validated-token")).booleanValue()) {
                this.trustedCredential = true;
                return;
            }
            return;
        }
        if (4 == intValue) {
            if (z) {
                BSPEnforcer.checkEncryptedKeyBSPCompliance(securityTokenReference);
            }
            this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
            this.principal = new CustomTokenPrincipal((String) wSSecurityEngineResult.get("id"));
            return;
        }
        if (1024 == intValue) {
            this.secretKey = (byte[]) wSSecurityEngineResult.get("secret");
            this.principal = new CustomTokenPrincipal(((SecurityContextToken) wSSecurityEngineResult.get("security-context-token")).getIdentifier());
            return;
        }
        if (2048 == intValue) {
            DerivedKeyToken derivedKeyToken = (DerivedKeyToken) wSSecurityEngineResult.get("derived-key-token");
            if (derivedKeyToken.getLength() <= 0) {
                WSSecurityUtil.getKeyLength((String) map.get("signature_method"));
            }
            byte[] bArr = (byte[]) wSSecurityEngineResult.get("secret");
            this.secretKey = bArr;
            WSDerivedKeyTokenPrincipal createPrincipal = derivedKeyToken.createPrincipal();
            this.principal = createPrincipal;
            createPrincipal.setSecret(bArr);
            return;
        }
        if (8 == intValue || 16 == intValue) {
            AssertionWrapper assertionWrapper = (AssertionWrapper) wSSecurityEngineResult.get("saml-assertion");
            if (z) {
                BSPEnforcer.checkSamlTokenBSPCompliance(securityTokenReference, assertionWrapper);
            }
            SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
            if (subjectKeyInfo == null) {
                throw new WSSecurityException(0, "invalidSAMLsecurity");
            }
            X509Certificate[] certs = subjectKeyInfo.getCerts();
            if (certs != null) {
                this.certs = new X509Certificate[]{certs[0]};
            }
            this.secretKey = subjectKeyInfo.getSecret();
            this.publicKey = subjectKeyInfo.getPublicKey();
            this.principal = createPrincipalFromSAML(assertionWrapper);
        }
    }

    public X509Certificate[] getCertificates() {
        return this.certs;
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    public PublicKey getPublicKey() {
        return this.publicKey;
    }

    public byte[] getSecretKey() {
        return this.secretKey;
    }

    public boolean isTrustedCredential() {
        return this.trustedCredential;
    }

    public void parseSecurityTokenReference(Element element, RequestData requestData, WSDocInfo wSDocInfo, Map<String, Object> map) throws WSSecurityException {
        AssertionWrapper assertionWrapper;
        Crypto sigCrypto = requestData.getSigCrypto();
        boolean isWsiBSPCompliant = requestData.getWssConfig() != null ? requestData.getWssConfig().isWsiBSPCompliant() : true;
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(element, isWsiBSPCompliant);
        String str = null;
        if (securityTokenReference.containsReference()) {
            str = securityTokenReference.getReference().getURI();
            if (str.charAt(0) == '#') {
                str = str.substring(1);
            }
        } else if (securityTokenReference.containsKeyIdentifier()) {
            str = securityTokenReference.getKeyIdentifierValue();
        }
        String str2 = str;
        WSSecurityEngineResult result = wSDocInfo.getResult(str2);
        if (result != null) {
            processPreviousResult(result, securityTokenReference, requestData, map, isWsiBSPCompliant);
        } else if (securityTokenReference.containsReference()) {
            this.secretKey = getSecretKeyFromToken(str2, securityTokenReference.getReference().getValueType(), requestData);
            this.principal = new CustomTokenPrincipal(str2);
            if (this.secretKey == null) {
                Element tokenElement = securityTokenReference.getTokenElement(element.getOwnerDocument(), wSDocInfo, requestData.getCallbackHandler());
                QName qName = new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName());
                if (qName.equals(WSSecurityEngine.BINARY_TOKEN)) {
                    List handleToken = requestData.getWssConfig().getProcessor(WSSecurityEngine.BINARY_TOKEN).handleToken(tokenElement, requestData, wSDocInfo);
                    BinarySecurity binarySecurity = (BinarySecurity) ((WSSecurityEngineResult) handleToken.get(0)).get("binary-security-token");
                    if (isWsiBSPCompliant) {
                        BSPEnforcer.checkBinarySecurityBSPCompliance(securityTokenReference, binarySecurity);
                    }
                    this.certs = (X509Certificate[]) ((WSSecurityEngineResult) handleToken.get(0)).get("x509-certificates");
                    this.secretKey = (byte[]) ((WSSecurityEngineResult) handleToken.get(0)).get("secret");
                    this.principal = (Principal) ((WSSecurityEngineResult) handleToken.get(0)).get("principal");
                } else if (qName.equals(WSSecurityEngine.SAML_TOKEN) || qName.equals(WSSecurityEngine.SAML2_TOKEN)) {
                    Processor processor = requestData.getWssConfig().getProcessor(WSSecurityEngine.SAML_TOKEN);
                    Element findProcessedTokenElement = securityTokenReference.findProcessedTokenElement(element.getOwnerDocument(), wSDocInfo, requestData.getCallbackHandler(), str2, securityTokenReference.getReference().getValueType());
                    if (findProcessedTokenElement == null) {
                        assertionWrapper = (AssertionWrapper) ((WSSecurityEngineResult) processor.handleToken(tokenElement, requestData, wSDocInfo).get(0)).get("saml-assertion");
                    } else {
                        AssertionWrapper assertionWrapper2 = new AssertionWrapper(findProcessedTokenElement);
                        assertionWrapper2.parseHOKSubject(requestData, wSDocInfo);
                        assertionWrapper = assertionWrapper2;
                    }
                    if (isWsiBSPCompliant) {
                        BSPEnforcer.checkSamlTokenBSPCompliance(securityTokenReference, assertionWrapper);
                    }
                    SAMLKeyInfo subjectKeyInfo = assertionWrapper.getSubjectKeyInfo();
                    X509Certificate[] certs = subjectKeyInfo.getCerts();
                    if (certs != null) {
                        this.certs = new X509Certificate[]{certs[0]};
                    }
                    this.secretKey = subjectKeyInfo.getSecret();
                    this.principal = createPrincipalFromSAML(assertionWrapper);
                } else if (qName.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
                    if (isWsiBSPCompliant) {
                        BSPEnforcer.checkEncryptedKeyBSPCompliance(securityTokenReference);
                    }
                    this.secretKey = (byte[]) ((WSSecurityEngineResult) requestData.getWssConfig().getProcessor(WSSecurityEngine.ENCRYPTED_KEY).handleToken(tokenElement, requestData, wSDocInfo).get(0)).get("secret");
                    this.principal = new CustomTokenPrincipal(tokenElement.getAttribute(cl_61.b));
                }
            }
        } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
            X509Certificate[] x509IssuerSerial = securityTokenReference.getX509IssuerSerial(sigCrypto);
            if (x509IssuerSerial != null) {
                this.certs = new X509Certificate[]{x509IssuerSerial[0]};
            }
        } else {
            if (!securityTokenReference.containsKeyIdentifier()) {
                throw new WSSecurityException(3, "unsupportedKeyInfo", new Object[]{element.toString()});
            }
            if (securityTokenReference.getKeyIdentifierValueType().equals("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1")) {
                if (isWsiBSPCompliant) {
                    BSPEnforcer.checkEncryptedKeyBSPCompliance(securityTokenReference);
                }
                String keyIdentifierValue = securityTokenReference.getKeyIdentifierValue();
                this.secretKey = getSecretKeyFromToken(keyIdentifierValue, "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1", requestData);
                this.principal = new CustomTokenPrincipal(keyIdentifierValue);
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(securityTokenReference.getKeyIdentifierValueType())) {
                AssertionWrapper assertionFromKeyIdentifier = SAMLUtil.getAssertionFromKeyIdentifier(securityTokenReference, element, requestData, wSDocInfo);
                if (isWsiBSPCompliant) {
                    BSPEnforcer.checkSamlTokenBSPCompliance(securityTokenReference, assertionFromKeyIdentifier);
                }
                SAMLKeyInfo credentialFromSubject = SAMLUtil.getCredentialFromSubject(assertionFromKeyIdentifier, requestData, wSDocInfo, isWsiBSPCompliant);
                X509Certificate[] certs2 = credentialFromSubject.getCerts();
                if (certs2 != null) {
                    this.certs = new X509Certificate[]{certs2[0]};
                }
                this.secretKey = credentialFromSubject.getSecret();
                this.publicKey = credentialFromSubject.getPublicKey();
                this.principal = createPrincipalFromSAML(assertionFromKeyIdentifier);
            } else {
                parseBSTKeyIdentifier(securityTokenReference, sigCrypto, wSDocInfo, requestData, isWsiBSPCompliant);
            }
        }
        X509Certificate[] x509CertificateArr = this.certs;
        if (x509CertificateArr == null || this.principal != null) {
            return;
        }
        this.principal = x509CertificateArr[0].getSubjectX500Principal();
    }
}
