package org.apache.cxf.ws.security.trust;

import java.io.IOException;
import java.io.StringReader;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.ZoneOffset;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.wsdl.Definition;
import javax.wsdl.Types;
import javax.wsdl.extensions.schema.Schema;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamWriter;
import javax.xml.transform.dom.DOMSource;
import org.apache.cxf.Bus;
import org.apache.cxf.BusException;
import org.apache.cxf.binding.soap.SoapBindingConstants;
import org.apache.cxf.binding.soap.model.SoapOperationInfo;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.common.util.ModCountCopyOnWriteArrayList;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.configuration.Configurable;
import org.apache.cxf.configuration.jsse.TLSClientParameters;
import org.apache.cxf.databinding.source.SourceDataBinding;
import org.apache.cxf.endpoint.Client;
import org.apache.cxf.endpoint.ClientImpl;
import org.apache.cxf.endpoint.EndpointException;
import org.apache.cxf.endpoint.EndpointImpl;
import org.apache.cxf.feature.Feature;
import org.apache.cxf.helpers.CastUtils;
import org.apache.cxf.helpers.DOMUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.interceptor.Interceptor;
import org.apache.cxf.interceptor.InterceptorProvider;
import org.apache.cxf.jaxws.JaxWsProxyFactoryBean;
import org.apache.cxf.message.Attachment;
import org.apache.cxf.message.Message;
import org.apache.cxf.phase.PhaseInterceptorChain;
import org.apache.cxf.rs.security.jose.jwk.JsonWebKey;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.claims.ClaimCollection;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.cxf.service.Service;
import org.apache.cxf.service.model.BindingInfo;
import org.apache.cxf.service.model.BindingOperationInfo;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.service.model.ServiceInfo;
import org.apache.cxf.staxutils.StaxUtils;
import org.apache.cxf.staxutils.W3CDOMStreamWriter;
import org.apache.cxf.transport.http.HTTPConduit;
import org.apache.cxf.ws.addressing.EndpointReferenceType;
import org.apache.cxf.ws.addressing.EndpointReferenceUtils;
import org.apache.cxf.ws.addressing.JAXWSAConstants;
import org.apache.cxf.ws.addressing.Names;
import org.apache.cxf.ws.addressing.VersionTransformer;
import org.apache.cxf.ws.addressing.policy.MetadataConstants;
import org.apache.cxf.ws.mex.MetadataExchange;
import org.apache.cxf.ws.mex.model._2004_09.Metadata;
import org.apache.cxf.ws.mex.model._2004_09.MetadataSection;
import org.apache.cxf.ws.policy.PolicyBuilder;
import org.apache.cxf.ws.policy.PolicyConstants;
import org.apache.cxf.ws.policy.PolicyEngine;
import org.apache.cxf.ws.policy.attachment.reference.RemoteReferenceResolver;
import org.apache.cxf.ws.policy.builder.primitive.PrimitiveAssertion;
import org.apache.cxf.ws.security.tokenstore.SecurityToken;
import org.apache.cxf.ws.security.trust.claims.ClaimsCallback;
import org.apache.cxf.ws.security.trust.delegation.DelegationCallback;
import org.apache.cxf.ws.security.wss4j.WSS4JUtils;
import org.apache.cxf.wsdl.WSDLConstants;
import org.apache.cxf.wsdl.WSDLManager;
import org.apache.cxf.wsdl11.WSDLServiceFactory;
import org.apache.neethi.All;
import org.apache.neethi.ExactlyOne;
import org.apache.neethi.Policy;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.derivedKey.P_SHA1;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.util.DateUtil;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.processor.EncryptedKeyProcessor;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.wss4j.dom.util.X509Util;
import org.apache.wss4j.policy.SPConstants;
import org.apache.wss4j.policy.model.AbstractBinding;
import org.apache.wss4j.policy.model.AlgorithmSuite;
import org.apache.wss4j.policy.model.Attachments;
import org.apache.wss4j.policy.model.Header;
import org.apache.wss4j.policy.model.ProtectionToken;
import org.apache.wss4j.policy.model.SecureConversationToken;
import org.apache.wss4j.policy.model.SignedParts;
import org.apache.wss4j.policy.model.Trust10;
import org.apache.wss4j.policy.model.Trust13;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/cxf/ws/security/trust/AbstractSTSClient.class */
public abstract class AbstractSTSClient implements Configurable, InterceptorProvider {
    private static final Logger LOG = LogUtils.getL7dLogger(AbstractSTSClient.class);
    protected Bus bus;
    protected Client client;
    protected String location;
    protected String wsdlLocation;
    protected QName serviceName;
    protected QName endpointName;
    protected Policy policy;
    protected Element template;
    protected Object customContent;
    protected Object claims;
    protected CallbackHandler claimsCallbackHandler;
    protected AlgorithmSuite algorithmSuite;
    protected Object onBehalfOf;
    protected boolean useCertificateForConfirmationKeyInfo;
    protected boolean isSecureConv;
    protected boolean isSpnego;
    protected boolean enableLifetime;
    protected boolean allowRenewingAfterExpiry;
    protected Object actAs;
    protected String tokenType;
    protected String keyType;
    protected Message message;
    protected String context;
    protected X509Certificate useKeyCertificate;
    protected List<Feature> features;
    protected TLSClientParameters tlsClientParameters;
    protected String name = "default.sts-client";
    protected String soapVersion = "http://schemas.xmlsoap.org/soap/";
    protected int keySize = 256;
    protected boolean requiresEntropy = true;
    protected String namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    protected String addressingNamespace = "http://www.w3.org/2005/08/addressing";
    protected String wspNamespace = "http://www.w3.org/ns/ws-policy";
    protected boolean enableAppliesTo = true;
    protected int ttl = 300;
    protected boolean sendRenewing = true;
    protected boolean allowRenewing = true;
    protected boolean sendKeyType = true;
    protected Map<String, Object> ctx = new HashMap();
    protected List<Interceptor<? extends Message>> in = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> out = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> outFault = new ModCountCopyOnWriteArrayList();
    protected List<Interceptor<? extends Message>> inFault = new ModCountCopyOnWriteArrayList();

    /* loaded from: input_file:org/apache/cxf/ws/security/trust/AbstractSTSClient$STSResponse.class */
    protected static class STSResponse {
        private final DOMSource response;
        private final byte[] entropy;
        private final X509Certificate cert;
        private final Crypto crypto;
        private final Collection<Attachment> attachments;

        public STSResponse(DOMSource dOMSource, byte[] bArr) {
            this(dOMSource, bArr, null, null);
        }

        public STSResponse(DOMSource dOMSource, byte[] bArr, X509Certificate x509Certificate, Crypto crypto) {
            this(dOMSource, bArr, x509Certificate, crypto, null);
        }

        public STSResponse(DOMSource dOMSource, byte[] bArr, X509Certificate x509Certificate, Crypto crypto, Collection<Attachment> collection) {
            this.response = dOMSource;
            this.entropy = bArr;
            this.cert = x509Certificate;
            this.crypto = crypto;
            this.attachments = collection;
        }

        public DOMSource getResponse() {
            return this.response;
        }

        public byte[] getEntropy() {
            return this.entropy;
        }

        public X509Certificate getCert() {
            return this.cert;
        }

        public Crypto getCrypto() {
            return this.crypto;
        }

        public Collection<Attachment> getAttachments() {
            return this.attachments;
        }
    }

    public AbstractSTSClient(Bus bus) {
        this.bus = bus;
    }

    @Override // org.apache.cxf.configuration.Configurable
    public String getBeanName() {
        return this.name;
    }

    public void setBeanName(String str) {
        this.name = str;
    }

    public String getLocation() {
        return this.location;
    }

    public void setLocation(String str) {
        this.location = str;
    }

    public void setMessage(Message message) {
        this.message = message;
    }

    public void setTtl(int i) {
        this.ttl = i;
    }

    public void setEnableLifetime(boolean z) {
        this.enableLifetime = z;
    }

    public void setSendRenewing(boolean z) {
        this.sendRenewing = z;
    }

    public void setTlsClientParameters(TLSClientParameters tLSClientParameters) {
        this.tlsClientParameters = tLSClientParameters;
    }

    public void setPolicy(Object obj) {
        if (obj instanceof Policy) {
            setPolicyInternal((Policy) obj);
        } else if (obj instanceof Element) {
            setPolicyInternal((Element) obj);
        } else {
            if (!(obj instanceof String)) {
                throw new IllegalArgumentException("Unsupported policy object.  Type must be org.apache.neethi.Policy or org.w3c.dom.Element.");
            }
            setPolicyInternal((String) obj);
        }
    }

    public void setSoap12() {
        this.soapVersion = "http://schemas.xmlsoap.org/wsdl/soap12/";
    }

    public void setSoap11() {
        this.soapVersion = "http://schemas.xmlsoap.org/soap/";
    }

    public void setSoap11(boolean z) {
        if (z) {
            setSoap11();
        } else {
            setSoap12();
        }
    }

    public void setAddressingNamespace(String str) {
        this.addressingNamespace = str;
    }

    public void setTrust(Trust10 trust10) {
        if (trust10 != null) {
            if (trust10 instanceof Trust13) {
                this.namespace = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
            } else {
                this.namespace = STSUtils.WST_NS_05_02;
            }
            this.requiresEntropy = trust10.isRequireClientEntropy();
        }
    }

    public boolean isRequiresEntropy() {
        return this.requiresEntropy;
    }

    public void setRequiresEntropy(boolean z) {
        this.requiresEntropy = z;
    }

    public boolean isSecureConv() {
        return this.isSecureConv;
    }

    public void setSecureConv(boolean z) {
        this.isSecureConv = z;
    }

    public boolean isSpnego() {
        return this.isSpnego;
    }

    public void setSpnego(boolean z) {
        this.isSpnego = z;
    }

    public boolean isAllowRenewing() {
        return this.allowRenewing;
    }

    public void setAllowRenewing(boolean z) {
        this.allowRenewing = z;
    }

    public boolean isAllowRenewingAfterExpiry() {
        return this.allowRenewingAfterExpiry;
    }

    public void setAllowRenewingAfterExpiry(boolean z) {
        this.allowRenewingAfterExpiry = z;
    }

    public boolean isEnableAppliesTo() {
        return this.enableAppliesTo;
    }

    public void setEnableAppliesTo(boolean z) {
        this.enableAppliesTo = z;
    }

    public String getContext() {
        return this.context;
    }

    public void setContext(String str) {
        this.context = str;
    }

    public void setAlgorithmSuite(AlgorithmSuite algorithmSuite) {
        this.algorithmSuite = algorithmSuite;
    }

    public Map<String, Object> getRequestContext() {
        return this.ctx;
    }

    public void setProperties(Map<String, Object> map) {
        this.ctx.putAll(map);
    }

    public Map<String, Object> getProperties() {
        return this.ctx;
    }

    public void setWsdlLocation(String str) {
        this.wsdlLocation = str;
    }

    public String getWsdlLocation() {
        return this.wsdlLocation;
    }

    public void setServiceName(String str) {
        this.serviceName = QName.valueOf(str);
    }

    public void setEndpointName(String str) {
        this.endpointName = QName.valueOf(str);
    }

    public void setServiceQName(QName qName) {
        this.serviceName = qName;
    }

    public QName getServiceQName() {
        return this.serviceName;
    }

    public void setEndpointQName(QName qName) {
        this.endpointName = qName;
    }

    public QName getEndpointQName() {
        return this.endpointName;
    }

    public void setActAs(Object obj) {
        this.actAs = obj;
    }

    public void setCustomContent(Object obj) {
        this.customContent = obj;
    }

    public void setKeySize(int i) {
        this.keySize = i;
    }

    public int getKeySize() {
        return this.keySize;
    }

    public void setTokenType(String str) {
        this.tokenType = str;
    }

    public String getTokenType() {
        return this.tokenType;
    }

    public void setSendKeyType(boolean z) {
        this.sendKeyType = z;
    }

    public void setKeyType(String str) {
        this.keyType = str;
    }

    public void setOnBehalfOf(Object obj) {
        this.onBehalfOf = obj;
    }

    public void setUseCertificateForConfirmationKeyInfo(boolean z) {
        this.useCertificateForConfirmationKeyInfo = z;
    }

    public boolean isUseCertificateForConfirmationKeyInfo() {
        return this.useCertificateForConfirmationKeyInfo;
    }

    protected void setPolicyInternal(Policy policy) {
        this.policy = policy;
        if (this.algorithmSuite == null) {
            Iterator alternatives = this.policy.getAlternatives();
            while (alternatives.hasNext() && this.algorithmSuite == null) {
                for (AbstractBinding abstractBinding : CastUtils.cast((List<?>) alternatives.next())) {
                    if (abstractBinding instanceof AbstractBinding) {
                        this.algorithmSuite = abstractBinding.getAlgorithmSuite();
                    }
                }
            }
        }
    }

    protected void setPolicyInternal(Element element) {
        setPolicyInternal(((PolicyBuilder) this.bus.getExtension(PolicyBuilder.class)).getPolicy(element));
    }

    protected void setPolicyInternal(String str) {
        RemoteReferenceResolver remoteReferenceResolver = new RemoteReferenceResolver(null, (PolicyBuilder) this.bus.getExtension(PolicyBuilder.class));
        Policy lookup = ((PolicyEngine) this.bus.getExtension(PolicyEngine.class)).getRegistry().lookup(str);
        if (null != lookup) {
            setPolicyInternal(lookup);
        } else {
            setPolicyInternal(remoteReferenceResolver.resolveReference(str));
        }
    }

    public Client getClient() throws BusException, EndpointException {
        if (this.client == null) {
            createClient();
        }
        return this.client;
    }

    public void configureViaEPR(EndpointReferenceType endpointReferenceType, boolean z) {
        if (this.client != null) {
            return;
        }
        this.location = EndpointReferenceUtils.getAddress(endpointReferenceType);
        if (this.location != null) {
            this.location = this.location.trim();
        }
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("EPR address: " + this.location);
        }
        QName serviceName = EndpointReferenceUtils.getServiceName(endpointReferenceType, this.bus);
        if (serviceName != null) {
            this.serviceName = serviceName;
            QName portQName = EndpointReferenceUtils.getPortQName(endpointReferenceType, this.bus);
            if (portQName != null) {
                this.endpointName = portQName;
            }
            if (LOG.isLoggable(Level.FINE)) {
                LOG.fine("EPR endpoint: " + this.serviceName + " " + this.endpointName);
            }
        }
        String wSDLLocation = EndpointReferenceUtils.getWSDLLocation(endpointReferenceType);
        if (wSDLLocation != null) {
            this.wsdlLocation = wSDLLocation;
        }
        String findMEXLocation = findMEXLocation(endpointReferenceType, z);
        if (LOG.isLoggable(Level.FINE)) {
            LOG.fine("WS-MEX location: " + findMEXLocation);
        }
        if (findMEXLocation != null) {
            try {
                JaxWsProxyFactoryBean jaxWsProxyFactoryBean = new JaxWsProxyFactoryBean();
                jaxWsProxyFactoryBean.setBindingId(this.soapVersion);
                jaxWsProxyFactoryBean.setAddress(findMEXLocation);
                Metadata metadata = ((MetadataExchange) jaxWsProxyFactoryBean.create(MetadataExchange.class)).get2004();
                Definition definition = null;
                ArrayList arrayList = new ArrayList();
                for (MetadataSection metadataSection : metadata.getMetadataSection()) {
                    if (WSDLConstants.NS_WSDL11.equals(metadataSection.getDialect())) {
                        definition = ((WSDLManager) this.bus.getExtension(WSDLManager.class)).getDefinition((Element) metadataSection.getAny());
                    } else if (WSDLConstants.NS_SCHEMA_XSD.equals(metadataSection.getDialect())) {
                        Element element = (Element) metadataSection.getAny();
                        if (element == null) {
                            String location = metadataSection.getLocation();
                            LOG.info("XSD schema location: " + location);
                            element = downloadSchema(location);
                        }
                        Schema createExtension = ((WSDLManager) this.bus.getExtension(WSDLManager.class)).getExtensionRegistry().createExtension(Types.class, new QName(element.getNamespaceURI(), element.getLocalName()));
                        createExtension.setElement(element);
                        arrayList.add(createExtension);
                    }
                }
                if (definition != null) {
                    Iterator it = arrayList.iterator();
                    while (it.hasNext()) {
                        definition.getTypes().addExtensibilityElement((Schema) it.next());
                    }
                    WSDLServiceFactory wSDLServiceFactory = new WSDLServiceFactory(this.bus, definition);
                    SourceDataBinding sourceDataBinding = new SourceDataBinding();
                    wSDLServiceFactory.setDataBinding(sourceDataBinding);
                    Service create = wSDLServiceFactory.create();
                    create.setDataBinding(sourceDataBinding);
                    List<ServiceInfo> serviceInfos = create.getServiceInfos();
                    if (!"http://www.w3.org/2005/08/addressing/anonymous".equals(this.location)) {
                        for (ServiceInfo serviceInfo : serviceInfos) {
                            for (EndpointInfo endpointInfo : serviceInfo.getEndpoints()) {
                                if (endpointInfo.getAddress().equals(this.location)) {
                                    this.endpointName = endpointInfo.getName();
                                    this.serviceName = serviceInfo.getName();
                                    LOG.fine("Matched endpoint to location");
                                }
                            }
                        }
                    }
                    EndpointInfo endpointInfo2 = create.getEndpointInfo(this.endpointName);
                    if (endpointInfo2 == null && "http://www.w3.org/2005/08/addressing/anonymous".equals(this.location) && !serviceInfos.isEmpty() && !serviceInfos.get(0).getEndpoints().isEmpty()) {
                        LOG.fine("Anonymous location so taking first endpoint");
                        this.serviceName = serviceInfos.get(0).getName();
                        this.endpointName = serviceInfos.get(0).getEndpoints().iterator().next().getName();
                        endpointInfo2 = create.getEndpointInfo(this.endpointName);
                    }
                    if (endpointInfo2 == null) {
                        throw new TrustException(LOG, "ADDRESS_NOT_MATCHED", this.location);
                    }
                    if (this.location != null && !"http://www.w3.org/2005/08/addressing/anonymous".equals(this.location)) {
                        endpointInfo2.setAddress(this.location);
                    }
                    this.client = new ClientImpl(this.bus, new EndpointImpl(this.bus, create, endpointInfo2));
                }
            } catch (Exception e) {
                throw new TrustException("WS_MEX_ERROR", e, LOG);
            }
        }
    }

    private Element downloadSchema(String str) throws Exception {
        DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
        newInstance.setNamespaceAware(true);
        newInstance.setFeature("http://javax.xml.XMLConstants/feature/secure-processing", Boolean.TRUE.booleanValue());
        newInstance.setFeature("http://apache.org/xml/features/disallow-doctype-decl", true);
        return newInstance.newDocumentBuilder().parse(str).getDocumentElement();
    }

    protected String findMEXLocation(EndpointReferenceType endpointReferenceType, boolean z) {
        String findMEXLocation;
        if (endpointReferenceType.getMetadata() != null && endpointReferenceType.getMetadata().getAny() != null) {
            for (Object obj : endpointReferenceType.getMetadata().getAny()) {
                if ((obj instanceof Element) && (findMEXLocation = findMEXLocation((Element) obj)) != null) {
                    return findMEXLocation;
                }
            }
        }
        if (z) {
            return EndpointReferenceUtils.getAddress(endpointReferenceType);
        }
        return null;
    }

    protected String findMEXLocation(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        while (true) {
            Element element2 = firstElement;
            if (element2 == null) {
                return null;
            }
            if ("Address".equals(element2.getLocalName()) && VersionTransformer.isSupported(element2.getNamespaceURI()) && "MetadataReference".equals(element.getLocalName())) {
                return DOMUtils.getContent(element2);
            }
            String findMEXLocation = findMEXLocation(element2);
            if (findMEXLocation != null) {
                return findMEXLocation;
            }
            firstElement = DOMUtils.getNextElement(element2);
        }
    }

    protected void createClient() throws BusException, EndpointException {
        if (this.client != null) {
            return;
        }
        if (this.wsdlLocation != null) {
            WSDLServiceFactory wSDLServiceFactory = new WSDLServiceFactory(this.bus, this.wsdlLocation, this.serviceName);
            SourceDataBinding sourceDataBinding = new SourceDataBinding();
            wSDLServiceFactory.setDataBinding(sourceDataBinding);
            Service create = wSDLServiceFactory.create();
            create.setDataBinding(sourceDataBinding);
            this.client = new ClientImpl(this.bus, new EndpointImpl(this.bus, create, create.getEndpointInfo(this.endpointName)));
        } else {
            if (this.location == null) {
                throw new TrustException(LOG, "NO_LOCATION", new Object[0]);
            }
            this.client = new ClientImpl(this.bus, STSUtils.createSTSEndpoint(this.bus, this.namespace, null, this.location, this.soapVersion, this.policy, this.endpointName));
        }
        this.client.getInFaultInterceptors().addAll(this.inFault);
        this.client.getInInterceptors().addAll(this.in);
        this.client.getOutInterceptors().addAll(this.out);
        this.client.getOutFaultInterceptors().addAll(this.outFault);
        if (this.tlsClientParameters != null) {
            ((HTTPConduit) this.client.getConduit()).setTlsClientParameters(this.tlsClientParameters);
        }
        this.in = null;
        this.out = null;
        this.inFault = null;
        this.outFault = null;
        if (this.features != null) {
            Iterator<Feature> it = this.features.iterator();
            while (it.hasNext()) {
                it.next().initialize(this.client, this.bus);
            }
        }
    }

    protected BindingOperationInfo findOperation(String str) {
        BindingInfo bindingInfo = this.client.getEndpoint().getBinding().getBindingInfo();
        for (BindingOperationInfo bindingOperationInfo : bindingInfo.getOperations()) {
            SoapOperationInfo soapOperationInfo = (SoapOperationInfo) bindingOperationInfo.getExtensor(SoapOperationInfo.class);
            String action = soapOperationInfo != null ? soapOperationInfo.getAction() : null;
            Object extensionAttribute = bindingOperationInfo.getOperationInfo().getInput().getExtensionAttribute(new QName("http://www.w3.org/2007/05/addressing/metadata", "Action"));
            if (extensionAttribute instanceof QName) {
                extensionAttribute = ((QName) extensionAttribute).getLocalPart();
            }
            String obj = extensionAttribute == null ? null : extensionAttribute.toString();
            if ((action != null && action.endsWith(str)) || (obj != null && obj.endsWith(str))) {
                setPolicyInternal(((PolicyEngine) this.bus.getExtension(PolicyEngine.class)).getEffectiveClientRequestPolicy(this.client.getEndpoint().getEndpointInfo(), bindingOperationInfo, this.client.getConduit(), PhaseInterceptorChain.getCurrentMessage()).getPolicy());
                return bindingOperationInfo;
            }
        }
        for (BindingOperationInfo bindingOperationInfo2 : bindingInfo.getOperations()) {
            if (str.endsWith(bindingOperationInfo2.getName().getLocalPart())) {
                return bindingOperationInfo2;
            }
        }
        for (BindingOperationInfo bindingOperationInfo3 : bindingInfo.getOperations()) {
            if (bindingOperationInfo3.getInput().getMessageInfo().getMessagePartsNumber() > 0 && "RequestSecurityToken".equals(bindingOperationInfo3.getInput().getMessageInfo().getFirstMessagePart().getConcreteName().getLocalPart())) {
                return bindingOperationInfo3;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public STSResponse issue(String str, String str2, String str3, String str4) throws Exception {
        createClient();
        BindingOperationInfo findOperation = findOperation("/RST/Issue");
        this.client.getRequestContext().putAll(this.ctx);
        if (str2 != null) {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, str2);
        } else if (this.isSecureConv) {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/SCT");
        } else {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/Issue");
        }
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", "RequestSecurityToken", this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        if (this.context != null) {
            w3CDOMStreamWriter.writeAttribute(null, "Context", this.context);
        }
        boolean z = false;
        String str5 = null;
        String str6 = null;
        if (this.template != null && DOMUtils.getFirstElement(this.template) != null) {
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeStartElement("wst", "SecondaryParameters", this.namespace);
            }
            Element firstElement = DOMUtils.getFirstElement(this.template);
            while (true) {
                Element element = firstElement;
                if (element == null) {
                    break;
                }
                StaxUtils.copy(element, w3CDOMStreamWriter);
                if ("KeyType".equals(element.getLocalName())) {
                    str5 = DOMUtils.getContent(element);
                } else if ("KeySize".equals(element.getLocalName())) {
                    z = true;
                    this.keySize = Integer.parseInt(DOMUtils.getContent(element));
                } else if ("TokenType".equals(element.getLocalName())) {
                    str6 = DOMUtils.getContent(element);
                }
                firstElement = DOMUtils.getNextElement(element);
            }
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeEndElement();
            }
        }
        if (this.isSpnego) {
            this.tokenType = STSUtils.getTokenTypeSCT(this.namespace);
            this.sendKeyType = false;
        }
        if (str6 == null) {
            addTokenType(w3CDOMStreamWriter);
        }
        addRequestType(str3, w3CDOMStreamWriter);
        if (this.enableAppliesTo) {
            addAppliesTo(w3CDOMStreamWriter, str);
        }
        addClaims(w3CDOMStreamWriter);
        if (this.isSecureConv || this.enableLifetime) {
            addLifetime(w3CDOMStreamWriter);
        }
        writeRenewalSemantics(w3CDOMStreamWriter);
        Element onBehalfOfToken = getOnBehalfOfToken();
        if (onBehalfOfToken != null) {
            w3CDOMStreamWriter.writeStartElement("wst", "OnBehalfOf", this.namespace);
            StaxUtils.copy(onBehalfOfToken, w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeEndElement();
        }
        if (str5 == null) {
            str5 = writeKeyType(w3CDOMStreamWriter, this.keyType);
        }
        byte[] bArr = null;
        X509Certificate x509Certificate = null;
        Crypto crypto = null;
        if (this.keySize <= 0) {
            this.keySize = 256;
        }
        if (str5 != null && str5.endsWith("SymmetricKey")) {
            bArr = writeElementsForRSTSymmetricKey(w3CDOMStreamWriter, z);
        } else if (str5 != null && str5.endsWith("PublicKey")) {
            if (this.useKeyCertificate != null) {
                x509Certificate = this.useKeyCertificate;
            } else {
                crypto = createCrypto(false);
                x509Certificate = getCert(crypto);
            }
            writeElementsForRSTPublicKey(w3CDOMStreamWriter, x509Certificate);
        } else if (this.isSpnego || this.isSecureConv) {
            addKeySize(this.keySize, w3CDOMStreamWriter);
        }
        if (str4 != null) {
            addBinaryExchange(str4, w3CDOMStreamWriter);
        }
        Element actAsToken = getActAsToken();
        if (actAsToken != null) {
            w3CDOMStreamWriter.writeStartElement(STSUtils.WST_NS_08_02, "ActAs");
            StaxUtils.copy(actAsToken, w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeEndElement();
        }
        Element customContent = getCustomContent();
        if (customContent != null) {
            StaxUtils.copy(customContent, w3CDOMStreamWriter);
        }
        w3CDOMStreamWriter.writeEndElement();
        return new STSResponse((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0], bArr, x509Certificate, crypto, (Collection) this.client.getResponseContext().get(Message.ATTACHMENTS));
    }

    public Element getOnBehalfOfToken() throws Exception {
        return getDelegationSecurityToken(this.onBehalfOf);
    }

    public Element getActAsToken() throws Exception {
        return getDelegationSecurityToken(this.actAs);
    }

    public Element getCustomContent() throws Exception {
        if (this.customContent == null) {
            return null;
        }
        boolean z = this.customContent instanceof String;
        boolean z2 = this.customContent instanceof Element;
        if (z) {
            return StaxUtils.read(new StringReader((String) this.customContent)).getDocumentElement();
        }
        if (z2) {
            return (Element) this.customContent;
        }
        return null;
    }

    protected Element getDelegationSecurityToken(Object obj) throws Exception {
        if (obj == null) {
            return null;
        }
        boolean z = obj instanceof Element;
        boolean z2 = obj instanceof CallbackHandler;
        if (obj instanceof String) {
            return StaxUtils.read(new StringReader((String) obj)).getDocumentElement();
        }
        if (z) {
            return (Element) obj;
        }
        if (!z2) {
            return null;
        }
        DelegationCallback delegationCallback = new DelegationCallback(this.message);
        ((CallbackHandler) obj).handle(new Callback[]{delegationCallback});
        return delegationCallback.getToken();
    }

    protected byte[] writeElementsForRSTSymmetricKey(W3CDOMStreamWriter w3CDOMStreamWriter, boolean z) throws Exception {
        byte[] bArr = null;
        if (!z) {
            addKeySize(this.keySize, w3CDOMStreamWriter);
        }
        if (this.requiresEntropy) {
            w3CDOMStreamWriter.writeStartElement("wst", "Entropy", this.namespace);
            w3CDOMStreamWriter.writeStartElement("wst", "BinarySecret", this.namespace);
            w3CDOMStreamWriter.writeAttribute("Type", this.namespace + "/Nonce");
            bArr = this.algorithmSuite == null ? WSSecurityUtil.generateNonce(this.keySize / 8) : WSSecurityUtil.generateNonce(this.algorithmSuite.getAlgorithmSuiteType().getMaximumSymmetricKeyLength() / 8);
            w3CDOMStreamWriter.writeCharacters(XMLUtils.encodeToString(bArr));
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeStartElement("wst", "ComputedKeyAlgorithm", this.namespace);
            w3CDOMStreamWriter.writeCharacters(this.namespace + "/CK/PSHA1");
            w3CDOMStreamWriter.writeEndElement();
        }
        return bArr;
    }

    protected void writeElementsForRSTPublicKey(W3CDOMStreamWriter w3CDOMStreamWriter, X509Certificate x509Certificate) throws Exception {
        w3CDOMStreamWriter.writeStartElement("wst", "UseKey", this.namespace);
        w3CDOMStreamWriter.writeStartElement("ds", "KeyInfo", "http://www.w3.org/2000/09/xmldsig#");
        w3CDOMStreamWriter.writeNamespace("ds", "http://www.w3.org/2000/09/xmldsig#");
        boolean z = this.useCertificateForConfirmationKeyInfo;
        String str = (String) getProperty(SecurityConstants.STS_TOKEN_USE_CERT_FOR_KEYINFO);
        if (str != null) {
            z = Boolean.parseBoolean(str);
        }
        if (z) {
            X509Data x509Data = new X509Data(w3CDOMStreamWriter.getDocument());
            x509Data.addCertificate(x509Certificate);
            w3CDOMStreamWriter.getCurrentNode().appendChild(x509Data.getElement());
        } else {
            w3CDOMStreamWriter.writeStartElement("ds", "KeyValue", "http://www.w3.org/2000/09/xmldsig#");
            PublicKey publicKey = x509Certificate.getPublicKey();
            String algorithm = publicKey.getAlgorithm();
            if ("DSA".equalsIgnoreCase(algorithm)) {
                w3CDOMStreamWriter.getCurrentNode().appendChild(new DSAKeyValue(w3CDOMStreamWriter.getDocument(), publicKey).getElement());
            } else if (JsonWebKey.KEY_TYPE_RSA.equalsIgnoreCase(algorithm)) {
                w3CDOMStreamWriter.getCurrentNode().appendChild(new RSAKeyValue(w3CDOMStreamWriter.getDocument(), publicKey).getElement());
            }
            w3CDOMStreamWriter.writeEndElement();
        }
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addBinaryExchange(String str, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", "BinaryExchange", this.namespace);
        w3CDOMStreamWriter.writeAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
        w3CDOMStreamWriter.writeAttribute("ValueType", this.namespace + "/spnego");
        w3CDOMStreamWriter.writeCharacters(str);
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addKeySize(int i, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", "KeySize", this.namespace);
        w3CDOMStreamWriter.writeCharacters(Integer.toString(i));
        w3CDOMStreamWriter.writeEndElement();
    }

    protected void addRequestType(String str, W3CDOMStreamWriter w3CDOMStreamWriter) throws XMLStreamException {
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + str);
        w3CDOMStreamWriter.writeEndElement();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Element getDocumentElement(DOMSource dOMSource) {
        Node node = dOMSource.getNode();
        if (node instanceof Document) {
            node = ((Document) node).getDocumentElement();
        }
        return (Element) node;
    }

    public STSResponse renew(SecurityToken securityToken) throws Exception {
        createClient();
        BindingOperationInfo findOperation = findOperation("/RST/Renew");
        this.client.getRequestContext().putAll(this.ctx);
        this.client.getRequestContext().remove(org.apache.cxf.ws.security.SecurityConstants.TOKEN_ID);
        if (this.isSecureConv) {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/SCT/Renew");
        } else {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/Renew");
        }
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", "RequestSecurityToken", this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        if (this.context != null) {
            w3CDOMStreamWriter.writeAttribute(null, "Context", this.context);
        }
        String str = null;
        if (this.template != null && DOMUtils.getFirstElement(this.template) != null) {
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeStartElement("wst", "SecondaryParameters", this.namespace);
            }
            Element firstElement = DOMUtils.getFirstElement(this.template);
            while (true) {
                Element element = firstElement;
                if (element == null) {
                    break;
                }
                StaxUtils.copy(element, w3CDOMStreamWriter);
                if ("TokenType".equals(element.getLocalName())) {
                    str = DOMUtils.getContent(element);
                }
                firstElement = DOMUtils.getNextElement(element);
            }
            if (useSecondaryParameters()) {
                w3CDOMStreamWriter.writeEndElement();
            }
        }
        if (this.isSpnego) {
            this.tokenType = STSUtils.getTokenTypeSCT(this.namespace);
        }
        if (str == null) {
            addTokenType(w3CDOMStreamWriter);
        }
        addRequestType("/Renew", w3CDOMStreamWriter);
        if (this.enableAppliesTo) {
            addAppliesTo(w3CDOMStreamWriter, securityToken.getIssuerAddress());
        }
        if (this.isSecureConv || this.enableLifetime) {
            addLifetime(w3CDOMStreamWriter);
        }
        w3CDOMStreamWriter.writeStartElement("wst", "RenewTarget", this.namespace);
        StaxUtils.copy(securityToken.getToken(), w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        writeRenewalSemantics(w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        return new STSResponse((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0], null, null, null, (Collection) this.client.getResponseContext().get(Message.ATTACHMENTS));
    }

    protected PrimitiveAssertion getAddressingAssertion() {
        String str = MetadataConstants.ADDR_POLICY_2004_NAMESPACE_URI;
        String str2 = "UsingAddressing";
        if ("http://www.w3.org/2005/08/addressing".equals(this.addressingNamespace)) {
            str = MetadataConstants.NAMESPACE_URI;
            str2 = MetadataConstants.ADDRESSING_ELEM_NAME;
        }
        return new PrimitiveAssertion(new QName(str, str2), true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public STSResponse validate(SecurityToken securityToken, String str) throws Exception {
        createClient();
        if (str == null) {
            str = this.tokenType;
        }
        if (str == null) {
            str = this.namespace + "/RSTR/Status";
        }
        Policy policy = new Policy();
        ExactlyOne exactlyOne = new ExactlyOne();
        policy.addPolicyComponent(exactlyOne);
        All all = new All();
        exactlyOne.addPolicyComponent(all);
        all.addAssertion(getAddressingAssertion());
        this.client.getRequestContext().clear();
        this.client.getRequestContext().putAll(this.ctx);
        this.client.getRequestContext().put(org.apache.cxf.ws.security.SecurityConstants.TOKEN, securityToken);
        BindingOperationInfo findOperation = findOperation("/RST/Validate");
        if (findOperation == null) {
            findOperation = findOperation("/RST/Issue");
            this.client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, policy);
        }
        this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/Validate");
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", "RequestSecurityToken", this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        w3CDOMStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(str);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + "/Validate");
        w3CDOMStreamWriter.writeEndElement();
        if (str.endsWith("/RSTR/Status")) {
            addClaims(w3CDOMStreamWriter);
            w3CDOMStreamWriter.writeStartElement("wst", "ValidateTarget", this.namespace);
            Element token = securityToken.getToken();
            if (token != null) {
                StaxUtils.copy(token, w3CDOMStreamWriter);
            }
            w3CDOMStreamWriter.writeEndElement();
            w3CDOMStreamWriter.writeEndElement();
            return new STSResponse((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0], null, null, null, (Collection) this.client.getResponseContext().get(Message.ATTACHMENTS));
        }
        if (this.enableLifetime) {
            addLifetime(w3CDOMStreamWriter);
        }
        String str2 = this.keyType;
        if (str2 == null) {
            str2 = this.namespace + "/Bearer";
        }
        String writeKeyType = writeKeyType(w3CDOMStreamWriter, str2);
        byte[] bArr = null;
        X509Certificate x509Certificate = null;
        Crypto crypto = null;
        if (this.keySize <= 0) {
            this.keySize = 256;
        }
        if (writeKeyType != null && writeKeyType.endsWith("SymmetricKey")) {
            bArr = writeElementsForRSTSymmetricKey(w3CDOMStreamWriter, false);
        } else if (writeKeyType != null && writeKeyType.endsWith("PublicKey")) {
            if (this.useKeyCertificate != null) {
                x509Certificate = this.useKeyCertificate;
            } else {
                crypto = createCrypto(false);
                x509Certificate = getCert(crypto);
            }
            writeElementsForRSTPublicKey(w3CDOMStreamWriter, x509Certificate);
        }
        writeRenewalSemantics(w3CDOMStreamWriter);
        addClaims(w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeStartElement("wst", "ValidateTarget", this.namespace);
        StaxUtils.copy(securityToken.getToken(), w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
        return new STSResponse((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0], bArr, x509Certificate, crypto, (Collection) this.client.getResponseContext().get(Message.ATTACHMENTS));
    }

    private void writeRenewalSemantics(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        if (this.sendRenewing) {
            xMLStreamWriter.writeStartElement("wst", "Renewing", this.namespace);
            if (!this.allowRenewing) {
                xMLStreamWriter.writeAttribute((String) null, "Allow", "false");
            }
            if (this.allowRenewing && this.allowRenewingAfterExpiry) {
                xMLStreamWriter.writeAttribute((String) null, "OK", "true");
            }
            xMLStreamWriter.writeEndElement();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public STSResponse cancel(SecurityToken securityToken) throws Exception {
        Element unattachedReference;
        createClient();
        this.client.getRequestContext().clear();
        this.client.getRequestContext().putAll(this.ctx);
        this.client.getRequestContext().put(org.apache.cxf.ws.security.SecurityConstants.TOKEN, securityToken);
        BindingOperationInfo findOperation = findOperation("/RST/Cancel");
        boolean z = true;
        if (findOperation == null) {
            z = false;
            findOperation = findOperation("/RST/Issue");
            Policy policy = new Policy();
            ExactlyOne exactlyOne = new ExactlyOne();
            policy.addPolicyComponent(exactlyOne);
            All all = new All();
            exactlyOne.addPolicyComponent(all);
            all.addAssertion(getAddressingAssertion());
            final SecureConversationToken secureConversationToken = new SecureConversationToken(SPConstants.SPVersion.SP12, SPConstants.IncludeTokenType.INCLUDE_TOKEN_ALWAYS_TO_RECIPIENT, (Element) null, (String) null, (Element) null, (Policy) null);
            secureConversationToken.setOptional(true);
            DefaultSymmetricBinding defaultSymmetricBinding = new DefaultSymmetricBinding(SPConstants.SPVersion.SP12, new Policy());
            all.addAssertion(defaultSymmetricBinding);
            all.addAssertion(getAddressingAssertion());
            defaultSymmetricBinding.setProtectionToken(new ProtectionToken(SPConstants.SPVersion.SP12, new Policy()) { // from class: org.apache.cxf.ws.security.trust.AbstractSTSClient.1InternalProtectionToken
                {
                    super.setToken(secureConversationToken);
                }
            });
            defaultSymmetricBinding.setIncludeTimestamp(true);
            defaultSymmetricBinding.setOnlySignEntireHeadersAndBody(true);
            defaultSymmetricBinding.setProtectTokens(false);
            String str = this.addressingNamespace;
            if (str == null) {
                str = "http://www.w3.org/2005/08/addressing";
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(new Header(Names.WSA_TO_NAME, str));
            arrayList.add(new Header(Names.WSA_FROM_NAME, str));
            arrayList.add(new Header(Names.WSA_FAULTTO_NAME, str));
            arrayList.add(new Header(Names.WSA_REPLYTO_NAME, str));
            arrayList.add(new Header("Action", str));
            arrayList.add(new Header(Names.WSA_MESSAGEID_NAME, str));
            arrayList.add(new Header(Names.WSA_RELATESTO_NAME, str));
            SignedParts signedParts = new SignedParts(SPConstants.SPVersion.SP12, true, (Attachments) null, arrayList, false);
            signedParts.setOptional(true);
            all.addPolicyComponent(signedParts);
            this.client.getRequestContext().put(PolicyConstants.POLICY_OVERRIDE, policy);
        }
        if (this.isSecureConv) {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/SCT/Cancel");
        } else {
            this.client.getRequestContext().put(SoapBindingConstants.SOAP_ACTION, this.namespace + "/RST/Cancel");
        }
        W3CDOMStreamWriter w3CDOMStreamWriter = new W3CDOMStreamWriter();
        w3CDOMStreamWriter.writeStartElement("wst", "RequestSecurityToken", this.namespace);
        w3CDOMStreamWriter.writeNamespace("wst", this.namespace);
        w3CDOMStreamWriter.writeStartElement("wst", "RequestType", this.namespace);
        w3CDOMStreamWriter.writeCharacters(this.namespace + "/Cancel");
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeStartElement("wst", "CancelTarget", this.namespace);
        if (z) {
            unattachedReference = securityToken.getToken();
        } else {
            unattachedReference = securityToken.getUnattachedReference();
            if (unattachedReference == null) {
                unattachedReference = securityToken.getAttachedReference();
            }
        }
        StaxUtils.copy(unattachedReference, w3CDOMStreamWriter);
        w3CDOMStreamWriter.writeEndElement();
        w3CDOMStreamWriter.writeEndElement();
        return new STSResponse((DOMSource) this.client.invoke(findOperation, new DOMSource(w3CDOMStreamWriter.getDocument().getDocumentElement()))[0], null);
    }

    protected boolean useSecondaryParameters() {
        return !STSUtils.WST_NS_05_02.equals(this.namespace);
    }

    protected String writeKeyType(W3CDOMStreamWriter w3CDOMStreamWriter, String str) throws XMLStreamException {
        if (this.isSecureConv) {
            if (str == null) {
                w3CDOMStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
                w3CDOMStreamWriter.writeCharacters(STSUtils.getTokenTypeSCT(this.namespace));
                w3CDOMStreamWriter.writeEndElement();
                str = this.namespace + "/SymmetricKey";
            }
        } else if (str == null && this.sendKeyType) {
            w3CDOMStreamWriter.writeStartElement("wst", "KeyType", this.namespace);
            w3CDOMStreamWriter.writeCharacters(this.namespace + "/SymmetricKey");
            w3CDOMStreamWriter.writeEndElement();
            str = this.namespace + "/SymmetricKey";
        } else if (str != null) {
            w3CDOMStreamWriter.writeStartElement("wst", "KeyType", this.namespace);
            w3CDOMStreamWriter.writeCharacters(str);
            w3CDOMStreamWriter.writeEndElement();
        }
        return str;
    }

    protected X509Certificate getCert(Crypto crypto) throws Exception {
        if (crypto == null) {
            throw new Fault("No Crypto token properties are available to retrieve a certificate", LOG);
        }
        String str = (String) getProperty(SecurityConstants.STS_TOKEN_USERNAME);
        if (str == null) {
            str = crypto.getDefaultX509Identifier();
        }
        if (str == null) {
            throw new Fault("No alias specified for retrieving PublicKey", LOG);
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
        if (x509Certificates == null || x509Certificates.length == 0) {
            throw new Fault("Could not get X509Certificate for alias " + str, LOG);
        }
        return x509Certificates[0];
    }

    protected void addLifetime(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        Instant now = Instant.now();
        Instant plusSeconds = now.plusSeconds(this.ttl);
        xMLStreamWriter.writeStartElement("wst", "Lifetime", this.namespace);
        xMLStreamWriter.writeNamespace("wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeStartElement("wsu", "Created", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeCharacters(now.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeStartElement("wsu", "Expires", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        xMLStreamWriter.writeCharacters(plusSeconds.atZone(ZoneOffset.UTC).format(DateUtil.getDateTimeFormatter(true)));
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
    }

    protected void addAppliesTo(XMLStreamWriter xMLStreamWriter, String str) throws XMLStreamException {
        if (str == null || this.addressingNamespace == null) {
            return;
        }
        String str2 = this.wspNamespace;
        if (str2 == null) {
            str2 = "http://schemas.xmlsoap.org/ws/2004/09/policy";
        }
        xMLStreamWriter.writeStartElement("wsp", "AppliesTo", str2);
        xMLStreamWriter.writeNamespace("wsp", str2);
        xMLStreamWriter.writeStartElement(JAXWSAConstants.WSA_PREFIX, JAXWSAConstants.WSA_ERF_NAME, this.addressingNamespace);
        xMLStreamWriter.writeNamespace(JAXWSAConstants.WSA_PREFIX, this.addressingNamespace);
        xMLStreamWriter.writeStartElement(JAXWSAConstants.WSA_PREFIX, "Address", this.addressingNamespace);
        xMLStreamWriter.writeCharacters(str);
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
        xMLStreamWriter.writeEndElement();
    }

    protected void addTokenType(XMLStreamWriter xMLStreamWriter) throws XMLStreamException {
        if (this.tokenType != null) {
            xMLStreamWriter.writeStartElement("wst", "TokenType", this.namespace);
            xMLStreamWriter.writeCharacters(this.tokenType);
            xMLStreamWriter.writeEndElement();
        }
    }

    protected void addClaims(XMLStreamWriter xMLStreamWriter) throws Exception {
        Object obj = this.claims;
        if (obj == null && this.claimsCallbackHandler != null) {
            ClaimsCallback claimsCallback = new ClaimsCallback(this.message);
            this.claimsCallbackHandler.handle(new Callback[]{claimsCallback});
            obj = claimsCallback.getClaims();
        }
        if (obj instanceof Element) {
            StaxUtils.copy((Element) obj, xMLStreamWriter);
        } else if (obj instanceof ClaimCollection) {
            ((ClaimCollection) obj).serialize(xMLStreamWriter, "wst", this.namespace);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityToken createSecurityToken(Element element, byte[] bArr) throws WSSecurityException, Base64DecodingException {
        if ("RequestSecurityTokenResponseCollection".equals(element.getLocalName())) {
            element = DOMUtils.getFirstElement(element);
        }
        if (!"RequestSecurityTokenResponse".equals(element.getLocalName())) {
            throw new Fault("Unexpected element " + element.getLocalName(), LOG);
        }
        Element element2 = null;
        Element element3 = null;
        Element element4 = null;
        Element element5 = null;
        Element element6 = null;
        Element element7 = null;
        String str = null;
        String str2 = null;
        for (Element firstElement = DOMUtils.getFirstElement(element); firstElement != null; firstElement = DOMUtils.getNextElement(firstElement)) {
            String localName = firstElement.getLocalName();
            if (this.namespace.equals(firstElement.getNamespaceURI())) {
                if ("Lifetime".equals(localName)) {
                    element6 = firstElement;
                } else if ("RequestedSecurityToken".equals(localName)) {
                    element2 = DOMUtils.getFirstElement(firstElement);
                } else if ("RequestedAttachedReference".equals(localName)) {
                    element3 = DOMUtils.getFirstElement(firstElement);
                } else if ("RequestedUnattachedReference".equals(localName)) {
                    element4 = DOMUtils.getFirstElement(firstElement);
                } else if ("RequestedProofToken".equals(localName)) {
                    element5 = firstElement;
                } else if ("Entropy".equals(localName)) {
                    element7 = firstElement;
                } else if ("TokenType".equals(localName)) {
                    str = DOMUtils.getContent(firstElement);
                } else if ("KeySize".equals(localName)) {
                    str2 = DOMUtils.getContent(firstElement);
                }
            }
        }
        Element element8 = element2;
        String findID = findID(element3, element4, element8);
        if (StringUtils.isEmpty(findID)) {
            LOG.fine("No ID extracted from token, so just making one up");
            findID = WSSConfig.getNewInstance().getIdAllocator().createSecureId("_", (Object) null);
        }
        SecurityToken securityToken = new SecurityToken(findID, element8, element6);
        securityToken.setAttachedReference(element3);
        securityToken.setUnattachedReference(element4);
        securityToken.setIssuerAddress(this.location);
        securityToken.setTokenType(str);
        byte[] bArr2 = null;
        if (element5 != null) {
            Element firstElement2 = DOMUtils.getFirstElement(element5);
            QName elementQName = DOMUtils.getElementQName(firstElement2);
            if (elementQName.equals(new QName(this.namespace, "BinarySecret"))) {
                bArr2 = XMLUtils.decode(DOMUtils.getContent(firstElement2));
            } else if (elementQName.equals(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"))) {
                bArr2 = decryptKey(firstElement2);
            } else if (elementQName.equals(new QName(this.namespace, "ComputedKey"))) {
                Element firstElement3 = element7 == null ? null : DOMUtils.getFirstElement(element7);
                byte[] bArr3 = null;
                if (firstElement3 != null) {
                    QName elementQName2 = DOMUtils.getElementQName(firstElement3);
                    if (elementQName2.equals(new QName("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey"))) {
                        bArr3 = decryptKey(firstElement3);
                    } else if (elementQName2.equals(new QName(this.namespace, "BinarySecret"))) {
                        bArr3 = XMLUtils.decode(DOMUtils.getContent(firstElement3));
                    }
                }
                if (bArr3 == null) {
                    throw new TrustException("NO_ENTROPY", LOG);
                }
                P_SHA1 p_sha1 = new P_SHA1();
                int i = 0;
                if (str2 != null) {
                    try {
                        i = Integer.parseInt(str2);
                    } catch (NumberFormatException e) {
                    }
                } else {
                    i = this.keySize;
                }
                if (i <= 0) {
                    i = 256;
                }
                try {
                    bArr2 = p_sha1.createKey(bArr, bArr3, 0, i / 8);
                } catch (WSSecurityException e2) {
                    throw new TrustException("DERIVED_KEY_ERROR", (Throwable) e2, LOG);
                }
            }
        } else if (bArr != null) {
            bArr2 = bArr;
        }
        securityToken.setSecret(bArr2);
        return securityToken;
    }

    protected byte[] decryptKey(Element element) throws TrustException, WSSecurityException, Base64DecodingException {
        Element directChildElement;
        String encAlgo = X509Util.getEncAlgo(element);
        if (encAlgo != null && encAlgo.endsWith("spnego#GSS_Wrap")) {
            Element directChildElement2 = org.apache.wss4j.common.util.XMLUtils.getDirectChildElement(element, "CipherData", "http://www.w3.org/2001/04/xmlenc#");
            byte[] bArr = null;
            if (directChildElement2 != null && (directChildElement = org.apache.wss4j.common.util.XMLUtils.getDirectChildElement(directChildElement2, "CipherValue", "http://www.w3.org/2001/04/xmlenc#")) != null) {
                bArr = XMLUtils.decode(DOMUtils.getContent(directChildElement));
            }
            if (bArr == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noCipher");
            }
            return bArr;
        }
        try {
            EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
            WSDocInfo wSDocInfo = new WSDocInfo(element.getOwnerDocument());
            RequestData requestData = new RequestData();
            requestData.setWssConfig(WSSConfig.getNewInstance());
            requestData.setDecCrypto(createCrypto(true));
            requestData.setCallbackHandler(createHandler());
            requestData.setWsDocInfo(wSDocInfo);
            return (byte[]) ((WSSecurityEngineResult) encryptedKeyProcessor.handleToken(element, requestData).get(0)).get(OAuthConstants.HAWK_TOKEN_KEY);
        } catch (IOException e) {
            throw new TrustException("ENCRYPTED_KEY_ERROR", e, LOG);
        }
    }

    protected CallbackHandler createHandler() {
        try {
            return SecurityUtils.getCallbackHandler(getProperty(SecurityConstants.CALLBACK_HANDLER));
        } catch (Exception e) {
            throw new Fault(e);
        }
    }

    protected Object getProperty(String str) {
        Object obj = this.ctx.get(str);
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getProperty(str);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getBinding().getProperty(str);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getService().get(str);
        }
        String str2 = "ws-" + str;
        if (obj == null) {
            obj = this.ctx.get(str2);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getProperty(str2);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getEndpointInfo().getBinding().getProperty(str2);
        }
        if (obj == null) {
            obj = this.client.getEndpoint().getService().get(str2);
        }
        return obj;
    }

    protected Crypto createCrypto(boolean z) throws IOException, WSSecurityException {
        Crypto crypto = (Crypto) getProperty(SecurityConstants.STS_TOKEN_CRYPTO + (z ? ".decrypt" : ""));
        if (crypto != null) {
            return crypto;
        }
        Object property = getProperty(SecurityConstants.STS_TOKEN_PROPERTIES + (z ? ".decrypt" : ""));
        Properties props = WSS4JUtils.getProps(property, SecurityUtils.loadResource(this.message, property));
        if (props != null) {
            return CryptoFactory.getInstance(props, getClass().getClassLoader(), WSS4JUtils.getPasswordEncryptor(this.message));
        }
        if (z) {
            return createCrypto(false);
        }
        return null;
    }

    protected String findID(Element element, Element element2, Element element3) {
        Element firstElement;
        String str = null;
        if (element3 != null) {
            QName elementQName = DOMUtils.getElementQName(element3);
            if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:1.0:assertion", "Assertion")) && element3.hasAttributeNS(null, "AssertionID")) {
                str = element3.getAttributeNS(null, "AssertionID");
            } else if (elementQName.equals(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "Assertion")) && element3.hasAttributeNS(null, "ID")) {
                str = element3.getAttributeNS(null, "ID");
            }
            if (str == null || "".equals(str)) {
                str = getIDFromSTR(element3);
            }
        }
        if ((str == null || "".equals(str)) && element != null) {
            str = getIDFromSTR(element);
        }
        if ((str == null || "".equals(str)) && element2 != null) {
            str = getIDFromSTR(element2);
        }
        if ((str == null || "".equals(str)) && element3 != null) {
            str = element3.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", PolicyConstants.WSU_ID_ATTR_NAME);
            if ((str == null || "".equals(str)) && DOMUtils.getElementQName(element3).equals(new QName("urn:oasis:names:tc:SAML:2.0:assertion", "EncryptedAssertion")) && (firstElement = DOMUtils.getFirstElement(element3)) != null) {
                str = firstElement.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", PolicyConstants.WSU_ID_ATTR_NAME);
            }
        }
        return str;
    }

    protected String getIDFromSTR(Element element) {
        Element firstElement = DOMUtils.getFirstElement(element);
        if (firstElement == null) {
            return null;
        }
        QName elementQName = DOMUtils.getElementQName(firstElement);
        if (elementQName.equals(new QName("http://www.w3.org/2000/09/xmldsig#", "KeyInfo")) || elementQName.equals(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "KeyIdentifier"))) {
            return DOMUtils.getContent(firstElement);
        }
        if (elementQName.equals(Reference.TOKEN)) {
            return firstElement.getAttributeNS(null, "URI");
        }
        if (elementQName.equals(new QName(STSUtils.SCT_NS_05_02, "Identifier")) || elementQName.equals(new QName(STSUtils.SCT_NS_05_12, "Identifier"))) {
            return DOMUtils.getContent(firstElement);
        }
        return null;
    }

    public void setTemplate(Element element) {
        this.template = element;
    }

    public void setClaims(Object obj) {
        this.claims = obj;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getOutFaultInterceptors() {
        return this.client != null ? this.client.getOutFaultInterceptors() : this.outFault;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getInFaultInterceptors() {
        return this.client != null ? this.client.getInFaultInterceptors() : this.inFault;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getInInterceptors() {
        return this.client != null ? this.client.getInInterceptors() : this.in;
    }

    @Override // org.apache.cxf.interceptor.InterceptorProvider
    public List<Interceptor<? extends Message>> getOutInterceptors() {
        return this.client != null ? this.client.getOutInterceptors() : this.out;
    }

    public void setInInterceptors(List<Interceptor<? extends Message>> list) {
        getInInterceptors().addAll(list);
    }

    public void setInFaultInterceptors(List<Interceptor<? extends Message>> list) {
        getInFaultInterceptors().addAll(list);
    }

    public void setOutInterceptors(List<Interceptor<? extends Message>> list) {
        getOutInterceptors().addAll(list);
    }

    public void setOutFaultInterceptors(List<Interceptor<? extends Message>> list) {
        getOutFaultInterceptors().addAll(list);
    }

    public void setFeatures(List<? extends Feature> list) {
        this.features = CastUtils.cast((List<?>) list);
    }

    public List<Feature> getFeatures() {
        return this.features;
    }

    public CallbackHandler getClaimsCallbackHandler() {
        return this.claimsCallbackHandler;
    }

    public void setClaimsCallbackHandler(CallbackHandler callbackHandler) {
        this.claimsCallbackHandler = callbackHandler;
    }

    public String getWspNamespace() {
        return this.wspNamespace;
    }

    public void setWspNamespace(String str) {
        this.wspNamespace = str;
    }

    public X509Certificate getUseKeyCertificate() {
        return this.useKeyCertificate;
    }

    public void setUseKeyCertificate(X509Certificate x509Certificate) {
        this.useKeyCertificate = x509Certificate;
    }

    public void setNamespace(String str) {
        this.namespace = str;
    }
}
