package weblogic.xml.crypto.wss;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.wsee.security.saml.SAMLUtils;
import weblogic.xml.crypto.api.MarshalException;
import weblogic.xml.crypto.common.keyinfo.KeySelectorResultImpl;
import weblogic.xml.crypto.dsig.ReferenceUtils;
import weblogic.xml.crypto.dsig.XMLSignatureImpl;
import weblogic.xml.crypto.dsig.api.DigestMethod;
import weblogic.xml.crypto.dsig.api.Reference;
import weblogic.xml.crypto.dsig.api.SignedInfo;
import weblogic.xml.crypto.dsig.api.Transform;
import weblogic.xml.crypto.dsig.api.XMLSignature;
import weblogic.xml.crypto.dsig.api.XMLSignatureException;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.dsig.api.XMLValidateContext;
import weblogic.xml.crypto.encrypt.api.EncryptedData;
import weblogic.xml.crypto.encrypt.api.EncryptionMethod;
import weblogic.xml.crypto.encrypt.api.TBE;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionException;
import weblogic.xml.crypto.encrypt.api.XMLEncryptionFactory;
import weblogic.xml.crypto.encrypt.api.dom.DOMTBEXML;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.api.Timestamp;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.enckey.EncryptedKeyToken;

/* loaded from: input_file:weblogic/xml/crypto/wss/SecurityValidatorImpl.class */
public class SecurityValidatorImpl implements SecurityValidator {
    protected WSSecurityContext securityCtx;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:weblogic/xml/crypto/wss/SecurityValidatorImpl$CombinedReference.class */
    public class CombinedReference implements Reference {
        public Reference refOnSTR;
        public Reference refOnToken;

        public CombinedReference(Reference reference, Reference reference2) {
            this.refOnSTR = reference;
            this.refOnToken = reference2;
        }

        @Override // weblogic.xml.crypto.dsig.api.Reference
        public DigestMethod getDigestMethod() {
            return this.refOnSTR.getDigestMethod();
        }

        @Override // weblogic.xml.crypto.dsig.api.Reference
        public Reference.DigestValue getDigestValue() {
            return this.refOnSTR.getDigestValue();
        }

        @Override // weblogic.xml.crypto.dsig.api.Reference
        public String getId() {
            return this.refOnSTR.getId();
        }

        @Override // weblogic.xml.crypto.dsig.api.Reference
        public List getTransforms() {
            return this.refOnSTR.getTransforms();
        }

        @Override // weblogic.xml.crypto.dsig.api.Reference
        public Reference.ValidateResult validate(XMLValidateContext xMLValidateContext) throws XMLSignatureException {
            return this.refOnSTR.validate(xMLValidateContext);
        }

        @Override // weblogic.xml.crypto.api.URIReference
        public String getType() {
            return this.refOnSTR.getType();
        }

        @Override // weblogic.xml.crypto.api.URIReference
        public String getURI() {
            return this.refOnSTR.getURI();
        }

        @Override // weblogic.xml.crypto.api.XMLStructure
        public boolean isFeatureSupported(String str) {
            return this.refOnSTR.isFeatureSupported(str);
        }
    }

    public SecurityValidatorImpl(WSSecurityContext wSSecurityContext) {
        this.securityCtx = wSSecurityContext;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public XMLSignatureFactory getXMLSignatureFactory() {
        return this.securityCtx.getSignatureFactory();
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public XMLEncryptionFactory getXMLEncryptionFactory() {
        return this.securityCtx.getEncryptionFactory();
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public String getUri(Element element) throws WSSecurityException {
        String existingId = DOMUtils.getExistingId(element, this.securityCtx.getIdQNames());
        if (existingId != null && existingId.length() != 0) {
            return "#" + existingId;
        }
        if (element.isSameNode(element.getOwnerDocument().getDocumentElement())) {
            return "";
        }
        throw new WSSecurityException("No id attribute on element " + element.getNamespaceURI() + DOMUtils.QNAME_SEPARATOR + element.getLocalName(), WSSConstants.FAILURE_INVALID);
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public Reference getReference(Element element, DigestMethod digestMethod, List list) throws WSSecurityException, MarshalException {
        SecurityToken token = this.securityCtx.getToken(element);
        return token != null ? getReference(token, digestMethod, ReferenceUtils.getTransforms(list), true) : getReference(getUri(element), digestMethod, ReferenceUtils.getTransforms(list));
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public Reference getReference(String str, String str2, Node node, DigestMethod digestMethod, List list) throws WSSecurityException {
        return getReference(str, str2, node, digestMethod, list, true);
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public Reference getReference(String str, String str2, Node node, DigestMethod digestMethod, List list, boolean z) throws WSSecurityException {
        SecurityTokenContextHandler securityTokenContextHandler = new SecurityTokenContextHandler();
        securityTokenContextHandler.addContextElement(SecurityTokenContextHandler.CLAIMS_MAP, node);
        securityTokenContextHandler.addContextElement("com.bea.contextelement.xml.SecurityInfo", this.securityCtx);
        SecurityTokenHandler requiredTokenHandler = this.securityCtx.getRequiredTokenHandler(str);
        SecurityToken securityToken = null;
        List equivalentSecurityTokens = getEquivalentSecurityTokens(str);
        if ((equivalentSecurityTokens == null || equivalentSecurityTokens.size() == 0) && (WSSConstants.VALUE_TYPE_X509PKI.equals(str) || WSSConstants.VALUE_TYPE_PKCS7.equals(str))) {
            equivalentSecurityTokens = this.securityCtx.getSecurityTokens(WSSConstants.VALUE_TYPE_X509V3);
            equivalentSecurityTokens.addAll(this.securityCtx.getSecurityTokens(WSSConstants.VALUE_TYPE_X509V1));
        }
        Iterator it = equivalentSecurityTokens.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            SecurityToken securityToken2 = (SecurityToken) it.next();
            this.securityCtx.getNode(securityToken2);
            List signatures = this.securityCtx.getSignatures(securityToken2);
            if (signatures != null && signatures.size() > 0 && requiredTokenHandler.matches(securityToken2, str, str2, securityTokenContextHandler, Purpose.VERIFY)) {
                securityToken = securityToken2;
                break;
            }
        }
        if (securityToken == null) {
            throw new WSSecurityException("Failed to create Reference for token of type " + str + ", token handler did not return a token for claims " + node, WSSConstants.FAILURE_INVALID);
        }
        return getReference(securityToken, digestMethod, list, z);
    }

    public Reference getReference(SecurityToken securityToken, DigestMethod digestMethod, List list, boolean z) {
        String uri;
        String id = securityToken.getId();
        String valueType = securityToken.getValueType();
        boolean z2 = valueType != null && (valueType.startsWith("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile") || valueType.startsWith("http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile"));
        boolean z3 = false;
        Object str = this.securityCtx.getSTR(securityToken);
        if (!z || id == null || (z2 && str != null)) {
            z3 = true;
            if (str == null) {
                return null;
            }
            String str2 = null;
            if (str instanceof String) {
                str2 = (String) str;
            } else if (str instanceof SecurityTokenReference) {
                str2 = getSTRId((SecurityTokenReference) str);
            }
            uri = getUri(str2);
            list.add(0, STRTransform.getInstance());
        } else {
            uri = getUri(id);
        }
        Reference reference = getReference(uri, digestMethod, list);
        if (z2 && z3 && z && id != null) {
            String uri2 = getUri(id);
            list.remove(0);
            reference = new CombinedReference(reference, getReference(uri2, digestMethod, list));
        }
        return reference;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public Reference getReference(String str, DigestMethod digestMethod, List list, boolean z) {
        String str2 = null;
        if (z && str != null) {
            str2 = getUri(str);
        }
        return getReference(str2, digestMethod, list);
    }

    private Reference getReference(String str, DigestMethod digestMethod, List list) {
        return getXMLSignatureFactory().newReference(str, digestMethod, ReferenceUtils.getTransforms(list), null, null);
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public boolean validateTimestamp(short s) throws WSSecurityException {
        Timestamp timestamp = this.securityCtx.getTimestamp();
        if (timestamp == null) {
            return false;
        }
        this.securityCtx.getTimestampHandler().validate(timestamp, s);
        return true;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public boolean validateSecurityToken(String str, String str2, Node node) throws WSSecurityException {
        return validateSecurityToken(str, str2, node, Purpose.IDENTITY);
    }

    private boolean validateSecurityToken(String str, String str2, Node node, Purpose purpose) throws WSSecurityException {
        for (SecurityToken securityToken : this.securityCtx.getSecurityTokens()) {
            if (validateSecurityToken(securityToken, str, str2, node, purpose) && validateIncludedInMessage(securityToken)) {
                this.securityCtx.addIdToken(securityToken);
                return true;
            }
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateSecurityToken(SecurityToken securityToken, String str, String str2, Node node, Purpose purpose) throws WSSecurityException {
        if (!isEquivalentTokenType(securityToken.getValueType(), str)) {
            return false;
        }
        SecurityTokenHandler requiredTokenHandler = this.securityCtx.getRequiredTokenHandler(str);
        SecurityTokenContextHandler securityTokenContextHandler = new SecurityTokenContextHandler(node, this.securityCtx);
        if (!(securityToken instanceof BinarySecurityToken) || ((BinarySecurityToken) securityToken).isValidated() || requiredTokenHandler.validateProcessed(securityToken, this.securityCtx.getMessageContext()).status()) {
            return requiredTokenHandler.matches(securityToken, securityToken.getValueType(), str2, securityTokenContextHandler, purpose);
        }
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean validateIncludedInMessage(SecurityToken securityToken) {
        Object property = this.securityCtx.getProperty(SecurityValidator.SECURITY_TOKEN_INCLUDED_IN_MESSAGE);
        if (!(property instanceof Boolean)) {
            return true;
        }
        boolean booleanValue = ((Boolean) property).booleanValue();
        if (securityToken instanceof EncryptedKeyToken) {
            return true;
        }
        return (booleanValue && null != this.securityCtx.getNode(securityToken)) || (!booleanValue && null == this.securityCtx.getNode(securityToken));
    }

    private boolean isSameKindOfX509ValueType(String str, String str2) {
        if (null == str || null == str2) {
            return false;
        }
        int indexOf = str.indexOf("#");
        int indexOf2 = str2.indexOf("#");
        if (indexOf == -1 || indexOf2 == -1 || !str.endsWith("#EncryptedKey") || !str2.endsWith("#X509v3")) {
            return indexOf != -1 && indexOf2 != -1 && indexOf == indexOf2 && str.length() >= indexOf + 6 && str.substring(0, indexOf - 1).equals(str2.substring(0, indexOf2 - 1)) && str.indexOf("x509-token") != -1 && "#X509".equals(str.substring(indexOf, indexOf + 5));
        }
        return true;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public boolean validateSignature(SignedInfo signedInfo, String str, String str2, Node node) throws WSSecurityException {
        for (XMLSignature xMLSignature : this.securityCtx.getSignatures()) {
            SecurityToken securityToken = ((KeySelectorResultImpl) ((XMLSignatureImpl) xMLSignature).getSignatureValidateResult().getKeySelectorResult()).getSecurityToken();
            if (match(xMLSignature.getSignedInfo(), signedInfo) && validateSecurityToken(securityToken, str, str2, node, Purpose.SIGN)) {
                return true;
            }
        }
        return false;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public boolean validateEncryption(List list, EncryptionMethod encryptionMethod, EncryptionMethod encryptionMethod2, String str, String str2, Node node) throws WSSecurityException, XMLEncryptionException {
        List<Encryption> encryptions = this.securityCtx.getEncryptions();
        Iterator it = list.iterator();
        while (it.hasNext()) {
            TBE tbe = (TBE) it.next();
            for (Encryption encryption : encryptions) {
                EncryptedData encryptedData = encryption.getEncryptedData();
                List nodes = encryption.getNodes();
                KeySelectorResultImpl keySelectorResultImpl = (KeySelectorResultImpl) encryption.getKeySelectorResult();
                if (encryptedData.getEncryptionMethod().getAlgorithm().equals(encryptionMethod2.getAlgorithm()) && matchNodes(nodes, tbe) && validateSecurityToken(keySelectorResultImpl.getSecurityToken(), str, str2, node, Purpose.DECRYPT)) {
                    return true;
                }
            }
        }
        return false;
    }

    @Override // weblogic.xml.crypto.wss.SecurityValidator
    public boolean hasSecurity() {
        return this.securityCtx.getSecurityElement() != null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean match(SignedInfo signedInfo, SignedInfo signedInfo2) throws WSSecurityException {
        return signedInfo.getCanonicalizationMethod().getAlgorithm().equals(signedInfo2.getCanonicalizationMethod().getAlgorithm()) && signedInfo.getSignatureMethod().getAlgorithm().equals(signedInfo2.getSignatureMethod().getAlgorithm()) && matchReferences(signedInfo.getReferences(), signedInfo2.getReferences());
    }

    private static boolean matchReferences(List list, List list2) throws WSSecurityException {
        for (int i = 0; i < list2.size(); i++) {
            boolean z = false;
            Reference reference = (Reference) list2.get(i);
            int i2 = 0;
            while (true) {
                if (i2 >= list.size()) {
                    break;
                }
                if (matchReference((Reference) list.get(i2), reference)) {
                    z = true;
                    break;
                }
                i2++;
            }
            if (!z) {
                return false;
            }
        }
        return true;
    }

    protected static boolean matchReference(Reference reference, Reference reference2) throws WSSecurityException {
        if (!(reference2 instanceof CombinedReference)) {
            return matchReferenceInternal(reference, reference2);
        }
        CombinedReference combinedReference = (CombinedReference) reference2;
        if (matchReferenceInternal(reference, combinedReference.refOnSTR)) {
            return true;
        }
        return matchReferenceInternal(reference, combinedReference.refOnToken);
    }

    private static boolean matchReferenceInternal(Reference reference, Reference reference2) throws WSSecurityException {
        String uri = reference.getURI();
        String uri2 = reference2.getURI();
        if (uri == null || uri2 == null) {
            throw new WSSecurityException("Can not validate Reference without URI.", WSSConstants.FAILURE_INVALID);
        }
        return uri.equals(uri2) && reference.getDigestMethod().getAlgorithm().equals(reference2.getDigestMethod().getAlgorithm()) && matchTransforms(reference.getTransforms(), reference2.getTransforms());
    }

    private static boolean matchTransforms(List list, List list2) {
        if (list.size() == 0 && list2.size() == 1 && ((Transform) list2.get(0)).getAlgorithm().equals("http://www.w3.org/2001/10/xml-exc-c14n#")) {
            return true;
        }
        if (list.size() != list2.size()) {
            return false;
        }
        for (int i = 0; i < list.size(); i++) {
            if (!((Transform) list.get(i)).getAlgorithm().equals(((Transform) list2.get(i)).getAlgorithm())) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean matchNodes(List list, TBE tbe) {
        if (!(tbe instanceof DOMTBEXML)) {
            return false;
        }
        NodeList nodeList = ((DOMTBEXML) tbe).getNodeList();
        for (int i = 0; i < list.size(); i++) {
            Node node = (Node) list.get(i);
            Node item = nodeList.item(i);
            if (node != item && (node == null || item == null || !isEquals(node.getNamespaceURI(), item.getNamespaceURI()) || !isEquals(node.getLocalName(), item.getLocalName()))) {
                return false;
            }
        }
        return true;
    }

    private boolean isEquals(String str, String str2) {
        return str == null ? str2 == null : str.equals(str2);
    }

    private String getUri(String str) {
        return "#" + str;
    }

    private String getSTRId(SecurityTokenReference securityTokenReference) {
        return securityTokenReference.getId();
    }

    private boolean isEquivalentTokenType(String str, String str2) {
        if ((str == null || !str.equals(str2)) && !isSameKindOfX509ValueType(str, str2)) {
            return SAMLUtils.isEquivalentSamlTokenType(str, str2);
        }
        return true;
    }

    private List getEquivalentSecurityTokens(String str) {
        ArrayList arrayList = new ArrayList();
        for (SecurityToken securityToken : this.securityCtx.getSecurityTokens()) {
            if (isEquivalentTokenType(securityToken.getValueType(), str)) {
                arrayList.add(securityToken);
            }
        }
        return arrayList;
    }
}
