package weblogic.xml.security.wsse;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.SortedSet;
import javax.xml.rpc.soap.SOAPFaultException;
import weblogic.xml.security.SecurityAssertion;
import weblogic.xml.security.assertion.ElementConfidentialityAssertion;
import weblogic.xml.security.assertion.ElementIntegrityAssertion;
import weblogic.xml.security.assertion.IdentityAssertion;
import weblogic.xml.security.assertion.IntegrityAssertion;
import weblogic.xml.security.keyinfo.KeyResolver;
import weblogic.xml.security.keyinfo.KeyResult;
import weblogic.xml.security.keyinfo.KeypairProvider;
import weblogic.xml.security.keyinfo.X509KeyResult;
import weblogic.xml.security.signature.Reference;
import weblogic.xml.security.signature.Signature;
import weblogic.xml.security.signature.XMLSignatureException;
import weblogic.xml.security.utils.ObservedXMLInputStream;
import weblogic.xml.security.utils.Utils;
import weblogic.xml.security.utils.XMLInputStreamBase;
import weblogic.xml.security.wsse.internal.MappingObserver;
import weblogic.xml.security.wsse.v200207.SecureInputStreamInternal;
import weblogic.xml.stream.BufferedXMLInputStream;
import weblogic.xml.stream.XMLEvent;
import weblogic.xml.stream.XMLInputStream;
import weblogic.xml.stream.XMLName;
import weblogic.xml.stream.XMLStreamException;

/* loaded from: input_file:weblogic/xml/security/wsse/SecureSoapInputStream.class */
public class SecureSoapInputStream extends XMLInputStreamBase {
    private final MappingObserver beforeMapper;
    private final MappingObserver afterMapper;
    private final SecureInputStream delegate;
    private final String role;
    private SecurityAssertion[] assertions;
    private boolean processingComplete;

    public SecureSoapInputStream(XMLInputStream xMLInputStream, String str, PrivateKey privateKey) throws XMLStreamException {
        this(xMLInputStream, str, new KeyResolver());
        if (privateKey != null) {
            this.delegate.getKeyResolver().addKeyProvider(new KeypairProvider(null, privateKey, null, null, null));
        }
    }

    public SecureSoapInputStream(XMLInputStream xMLInputStream, String str, KeyResolver keyResolver) throws XMLStreamException {
        this.processingComplete = false;
        this.role = str;
        this.beforeMapper = new MappingObserver();
        SecureInputStreamInternal secureInputStreamInternal = new SecureInputStreamInternal(new ObservedXMLInputStream(xMLInputStream, this.beforeMapper), str, keyResolver);
        this.delegate = secureInputStreamInternal;
        this.afterMapper = new MappingObserver();
        this.source = new ObservedXMLInputStream(secureInputStreamInternal, this.afterMapper);
    }

    public SecurityAssertion[] getSecurityAssertions() throws XMLStreamException {
        if (this.assertions != null) {
            return this.assertions;
        }
        if (!this.processingComplete) {
            bufferRemaining();
        }
        if (this.delegate.getSecurityElement() == null) {
            return new SecurityAssertion[0];
        }
        if (this.afterMapper.duplicateIds()) {
            throw new SOAPFaultException(Utils.getQName(weblogic.xml.security.wsse.v200207.WSSEConstants.QNAME_FAULT_FAILEDCHECK), "Invalid message: duplicate IDs found", this.role, null);
        }
        ArrayList arrayList = new ArrayList();
        addUsernameAssertions(arrayList);
        addSignatureAssertions(arrayList);
        addEncryptionAssertions(arrayList);
        this.assertions = new SecurityAssertion[arrayList.size()];
        arrayList.toArray(this.assertions);
        return this.assertions;
    }

    public KeyResolver getKeyResolver() {
        return this.delegate.getKeyResolver();
    }

    public void setKeyResolver(KeyResolver keyResolver) {
        this.delegate.setKeyResolver(keyResolver);
    }

    private void addUsernameAssertions(List list) {
        Iterator usernameTokens = this.delegate.getSecurityElement().getUsernameTokens();
        while (usernameTokens.hasNext()) {
            list.add(new IdentityAssertion(((UsernameToken) usernameTokens.next()).getUserInfo()));
        }
    }

    private void addSignatureAssertions(List list) {
        Iterator signatures = this.delegate.getSecurityElement().getSignatures();
        while (signatures.hasNext()) {
            Signature signature = (Signature) signatures.next();
            try {
                signature.validateReferences();
                String signatureMethod = signature.getSignatureMethod();
                KeyResult validatingKey = signature.getValidatingKey();
                X509Certificate certificate = validatingKey instanceof X509KeyResult ? ((X509KeyResult) validatingKey).getCertificate() : null;
                HashMap hashMap = new HashMap();
                HashSet<XMLName> hashSet = new HashSet();
                Iterator references = signature.getReferences();
                while (references.hasNext()) {
                    Reference reference = (Reference) references.next();
                    if (weblogic.xml.security.wsse.internal.Utils.validReference(reference)) {
                        String uri = reference.getURI();
                        String substring = uri.substring(uri.indexOf(35) + 1);
                        list.add(new IntegrityAssertion(signatureMethod, substring, certificate));
                        XMLName elementById = this.afterMapper.getElementById(substring);
                        if (elementById == null) {
                            elementById = this.beforeMapper.getElementById(substring);
                        }
                        if (elementById != null) {
                            weblogic.xml.security.wsse.internal.Utils.addElement(hashMap, elementById, substring);
                            hashSet.add(elementById);
                        }
                    } else {
                        System.out.println("Ignoring " + reference + " because it contains an unacceptable transform");
                    }
                }
                for (XMLName xMLName : hashSet) {
                    SortedSet sortedSet = (SortedSet) hashMap.get(xMLName);
                    if (weblogic.xml.security.wsse.internal.Utils.equivalent(sortedSet, this.afterMapper.getElementIds(xMLName))) {
                        list.add(new ElementIntegrityAssertion(signatureMethod, certificate, xMLName, null));
                        SortedSet elementBodyIds = this.afterMapper.getElementBodyIds(xMLName);
                        if (elementBodyIds != null && !elementBodyIds.isEmpty()) {
                            list.add(new ElementIntegrityAssertion(signatureMethod, certificate, xMLName, "body"));
                        }
                        SortedSet elementHeaderIds = this.afterMapper.getElementHeaderIds(xMLName);
                        if (elementHeaderIds != null && !elementHeaderIds.isEmpty()) {
                            list.add(new ElementIntegrityAssertion(signatureMethod, certificate, xMLName, "header"));
                        }
                    } else {
                        if (weblogic.xml.security.wsse.internal.Utils.isSuperset(sortedSet, this.afterMapper.getElementHeaderIds(xMLName))) {
                            list.add(new ElementIntegrityAssertion(signatureMethod, certificate, xMLName, "header"));
                        }
                        if (weblogic.xml.security.wsse.internal.Utils.isSuperset(sortedSet, this.afterMapper.getElementBodyIds(xMLName))) {
                            list.add(new ElementIntegrityAssertion(signatureMethod, certificate, xMLName, "body"));
                        }
                    }
                }
            } catch (XMLSignatureException e) {
                weblogic.xml.security.wsse.internal.Utils.handleException(e, this.role);
            }
        }
    }

    private void addEncryptionAssertions(List list) {
        createEncryptionAssertions(weblogic.xml.security.wsse.internal.Utils.diffTypes(this.beforeMapper.getHeaderElements().keySet(), this.afterMapper.getHeaderElements().keySet()), "header", list);
        createEncryptionAssertions(weblogic.xml.security.wsse.internal.Utils.diffTypes(this.beforeMapper.getBodyElements().keySet(), this.afterMapper.getBodyElements().keySet()), "body", list);
        createEncryptionAssertions(weblogic.xml.security.wsse.internal.Utils.diffTypes(this.beforeMapper.getElements().keySet(), this.afterMapper.getElements().keySet()), null, list);
    }

    private void createEncryptionAssertions(Set set, String str, List list) {
        Iterator it = set.iterator();
        while (it.hasNext()) {
            XMLName xMLName = (XMLName) it.next();
            list.add(new ElementConfidentialityAssertion(xMLName.getLocalName(), xMLName.getNamespaceUri(), str));
        }
    }

    private void bufferRemaining() throws XMLStreamException {
        BufferedXMLInputStream bufferedXMLInputStream;
        if (!hasNext() || this.processingComplete) {
            return;
        }
        if (this.source instanceof BufferedXMLInputStream) {
            bufferedXMLInputStream = (BufferedXMLInputStream) this.source;
        } else {
            BufferedXMLInputStream newBufferedInputStream = factory.newBufferedInputStream(this.source);
            bufferedXMLInputStream = newBufferedInputStream;
            this.source = newBufferedInputStream;
        }
        bufferedXMLInputStream.mark();
        while (hasNext()) {
            next();
        }
        bufferedXMLInputStream.reset();
        this.processingComplete = true;
    }

    public Set getBodyElementNames() throws XMLStreamException {
        if (!this.processingComplete) {
            bufferRemaining();
        }
        return this.afterMapper.getBodyElements().keySet();
    }

    public Set getHeaderElementNames() throws XMLStreamException {
        if (!this.processingComplete) {
            bufferRemaining();
        }
        return this.afterMapper.getHeaderElements().keySet();
    }

    public Set getAllElementNames() throws XMLStreamException {
        if (!this.processingComplete) {
            bufferRemaining();
        }
        return this.afterMapper.getElements().keySet();
    }

    public Security getSecurityElement() {
        return this.delegate.getSecurityElement();
    }

    public Throwable getCreationException() {
        return null;
    }

    @Override // weblogic.xml.security.utils.XMLInputStreamBase, weblogic.xml.stream.XMLInputStream
    public XMLEvent next() throws XMLStreamException {
        return this.source.next();
    }
}
