package org.apache.ws.axis.security.trust.secconv.interop;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.Hashtable;
import java.util.Properties;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.saml.SAMLIssuer;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.keys.content.x509.XMLX509SKI;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAudienceRestrictionCondition;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Text;
import sun.security.util.DerValue;

/* loaded from: input_file:org/apache/ws/axis/security/trust/secconv/interop/InteropSAMLIssuerImpl.class */
public class InteropSAMLIssuerImpl implements SAMLIssuer {
    private static Log log;
    private SAMLAssertion sa;
    private Document instanceDoc;
    private Properties properties;
    private Crypto issuerCrypto;
    private Crypto userCrypto;
    private String issuerKeyPassword;
    private String issuerKeyName;
    private boolean senderVouches;
    private String[] confirmationMethods;
    private String username;
    private String epr;
    private byte[] sx;
    private Hashtable trustedCertsTable;
    static Class class$org$apache$ws$axis$security$trust$secconv$interop$InteropSAMLIssuerImpl;

    public void setEpr(String str) {
        this.epr = str;
    }

    public void setSx(byte[] bArr) {
        this.sx = bArr;
    }

    public InteropSAMLIssuerImpl() {
        this.sa = null;
        this.instanceDoc = null;
        this.properties = null;
        this.issuerCrypto = null;
        this.userCrypto = null;
        this.issuerKeyPassword = null;
        this.issuerKeyName = null;
        this.senderVouches = true;
        this.confirmationMethods = new String[1];
        this.username = null;
        this.epr = null;
        this.trustedCertsTable = null;
    }

    public InteropSAMLIssuerImpl(Properties properties) {
        this.sa = null;
        this.instanceDoc = null;
        this.properties = null;
        this.issuerCrypto = null;
        this.userCrypto = null;
        this.issuerKeyPassword = null;
        this.issuerKeyName = null;
        this.senderVouches = true;
        this.confirmationMethods = new String[1];
        this.username = null;
        this.epr = null;
        this.trustedCertsTable = null;
        if (properties == null) {
            return;
        }
        this.properties = properties;
        String property = this.properties.getProperty("org.apache.ws.security.saml.issuer.cryptoProp.file");
        if (property != null) {
            this.issuerCrypto = CryptoFactory.getInstance(property);
            this.issuerKeyName = this.properties.getProperty("org.apache.ws.security.saml.issuer.key.name");
            this.issuerKeyPassword = this.properties.getProperty("org.apache.ws.security.saml.issuer.key.password");
        }
        if ("senderVouches".equals(this.properties.getProperty("org.apache.ws.security.saml.confirmationMethod"))) {
            this.confirmationMethods[0] = SAMLSubject.CONF_SENDER_VOUCHES;
        } else if ("keyHolder".equals(this.properties.getProperty("org.apache.ws.security.saml.confirmationMethod"))) {
            this.confirmationMethods[0] = SAMLSubject.CONF_HOLDER_KEY;
            this.senderVouches = false;
        }
        initializeTrustedServicesList(this.properties.getProperty("org.apache.ws.security.saml.certPath"));
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public SAMLAssertion newAssertion() {
        String property = this.properties.getProperty("org.apache.ws.security.saml.issuer");
        this.properties.getProperty("org.apache.ws.security.saml.subjectNameId.format");
        try {
            SAMLNameIdentifier sAMLNameIdentifier = new SAMLNameIdentifier(this.username, "", SAMLNameIdentifier.FORMAT_EMAIL);
            String str = null;
            if ("password".equals(this.properties.getProperty("org.apache.ws.security.saml.authenticationMethod"))) {
                str = SAMLAuthenticationStatement.AuthenticationMethod_Password;
            }
            Date date = new Date();
            SAMLSubject sAMLSubject = new SAMLSubject(sAMLNameIdentifier, Arrays.asList(this.confirmationMethods), null, null);
            SAMLStatement[] sAMLStatementArr = {new SAMLAuthenticationStatement(sAMLSubject, str, date, null, null, null)};
            SAMLAudienceRestrictionCondition sAMLAudienceRestrictionCondition = new SAMLAudienceRestrictionCondition();
            sAMLAudienceRestrictionCondition.addAudience(this.epr);
            this.sa = new SAMLAssertion(property, null, null, Arrays.asList(sAMLAudienceRestrictionCondition), null, Arrays.asList(sAMLStatementArr));
            Date date2 = new Date();
            this.sa.setNotBefore(date2);
            this.sa.setNotOnOrAfter(new Date(date2.getTime() + 43200000));
            if (!this.senderVouches) {
                ((Element) this.instanceDoc.getFirstChild()).setAttribute("xmlns:wsse", WSConstants.WSSE_NS);
                KeyInfo keyInfo = new KeyInfo(this.instanceDoc);
                try {
                    try {
                        try {
                            WSSecurityUtil.appendChildElement(this.instanceDoc, keyInfo.getElement(), encryptSx(this.instanceDoc, getCertificate(this.epr)));
                            sAMLSubject.setKeyInfo(keyInfo);
                        } catch (CertificateException e) {
                            e.printStackTrace();
                        }
                    } catch (FileNotFoundException e2) {
                        e2.printStackTrace();
                    }
                } catch (WSSecurityException e3) {
                    e3.printStackTrace();
                }
                try {
                    try {
                        X509Certificate[] certificates = this.issuerCrypto.getCertificates(this.issuerKeyName);
                        String algorithm = certificates[0].getPublicKey().getAlgorithm();
                        log.debug(new StringBuffer().append("automatic sig algo detection: ").append(algorithm).toString());
                        this.sa.sign(algorithm.equalsIgnoreCase("DSA") ? "http://www.w3.org/2000/09/xmldsig#dsa-sha1" : "http://www.w3.org/2000/09/xmldsig#rsa-sha1", this.issuerCrypto.getPrivateKey(this.issuerKeyName, this.issuerKeyPassword), Arrays.asList(certificates));
                    } catch (Exception e4) {
                        e4.printStackTrace();
                        return null;
                    }
                } catch (WSSecurityException e5) {
                    e5.printStackTrace();
                    return null;
                }
            }
            return this.sa;
        } catch (SAMLException e6) {
            e6.printStackTrace();
            throw new RuntimeException(e6.toString());
        }
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public void setUserCrypto(Crypto crypto) {
        this.userCrypto = crypto;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public void setUsername(String str) {
        this.username = str;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public Crypto getIssuerCrypto() {
        return this.issuerCrypto;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public String getIssuerKeyName() {
        return this.issuerKeyName;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public String getIssuerKeyPassword() {
        return this.issuerKeyPassword;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public boolean isSenderVouches() {
        return this.senderVouches;
    }

    @Override // org.apache.ws.security.saml.SAMLIssuer
    public void setInstanceDoc(Document document) {
        this.instanceDoc = document;
    }

    private X509Certificate getCertificate(String str) throws CertificateException, FileNotFoundException {
        String str2 = (String) this.trustedCertsTable.get(str);
        CertificateFactory certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        System.out.println(new StringBuffer().append(str2).append(" : ").append(str).toString());
        return (X509Certificate) certificateFactory.generateCertificate(new FileInputStream(str2));
    }

    private void initializeTrustedServicesList(String str) {
        this.trustedCertsTable = new Hashtable();
        System.out.println("***** If you are getting trouble, change the seravices *****\nFIND ANOTHER WAY TO STORE THE TRUSTED LIST OF SERVICES WITH THE RELAVENT CERTIFICATES");
        this.trustedCertsTable.put("http://127.0.0.1:9080/axis/services/EchoInterop", new StringBuffer().append(str).append("/WSETEST.cer").toString());
        this.trustedCertsTable.put("http://192.168.1.106/Service/Service.ashx", new StringBuffer().append(str).append("TrustSecConvinterop/ms1/cert1.cer").toString());
        this.trustedCertsTable.put("http://192.168.1.50:8080/sct/Service", new StringBuffer().append(str).append("TrustSecConvinterop/ibm/ibm-sp.cer").toString());
        this.trustedCertsTable.put("http://192.35.232.216:8080/sct/Service", new StringBuffer().append(str).append("TrustSecConvinterop/ibm/ibm-sp2.cer").toString());
        this.trustedCertsTable.put("http://192.168.1.104:7070/Service", new StringBuffer().append(str).append("TrustSecConvinterop/systinet/Systinet-S.crt").toString());
    }

    public Element encryptSx(Document document, X509Certificate x509Certificate) throws WSSecurityException {
        log.debug("Beginning Encryption...");
        document.getDocumentElement().setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:xenc", "http://www.w3.org/2001/04/xmlenc#");
        SecretKeySpec secretKeySpec = new SecretKeySpec(this.sx, "http://www.w3.org/2001/04/xmlenc#aes128-cbc");
        new StringBuffer().append("EncCertId-").append(x509Certificate.hashCode()).toString();
        Cipher cipherInstance = WSSecurityUtil.getCipherInstance("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        try {
            cipherInstance.init(1, x509Certificate);
            try {
                Text createBase64EncodedTextNode = WSSecurityUtil.createBase64EncodedTextNode(document, cipherInstance.doFinal(secretKeySpec.getEncoded()));
                Element createEnrcyptedKey = WSEncryptBody.createEnrcyptedKey(document, "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
                X509Data x509Data = new X509Data(document);
                x509Data.addSKI(this.issuerCrypto.getSKIBytesFromCert(x509Certificate));
                KeyInfo keyInfo = new KeyInfo(document);
                keyInfo.addUnknownElement(x509Data.getElement());
                WSSecurityUtil.appendChildElement(document, createEnrcyptedKey, keyInfo.getElement());
                WSEncryptBody.createCipherValue(document, createEnrcyptedKey).appendChild(createBase64EncodedTextNode);
                log.debug("Encryption complete.");
                return createEnrcyptedKey;
            } catch (IllegalStateException e) {
                throw new WSSecurityException(8, null, null, e);
            } catch (BadPaddingException e2) {
                throw new WSSecurityException(8, null, null, e2);
            } catch (IllegalBlockSizeException e3) {
                throw new WSSecurityException(8, null, null, e3);
            }
        } catch (InvalidKeyException e4) {
            throw new WSSecurityException(8, null, null, e4);
        }
    }

    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
        if (x509Certificate.getVersion() < 3) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Wrong certificate version (<3)"});
        }
        byte[] extensionValue = x509Certificate.getExtensionValue(XMLX509SKI.SKI_OID);
        if (extensionValue == null) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"No extension data"});
        }
        try {
            DerValue derValue = new DerValue(extensionValue);
            if (derValue == null) {
                throw new WSSecurityException(1, "noSKIHandling", new Object[]{"No DER value"});
            }
            if (derValue.tag != 4) {
                throw new WSSecurityException(1, "noSKIHandling", new Object[]{"No octet string"});
            }
            try {
                byte[] octetString = derValue.getOctetString();
                byte[] bArr = new byte[octetString.length - 2];
                System.arraycopy(octetString, 2, bArr, 0, bArr.length);
                return bArr;
            } catch (IOException e) {
                throw new WSSecurityException(1, "noSKIHandling", new Object[]{"cannot read SKI value as octet data"});
            }
        } catch (IOException e2) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"cannot read SKI value"});
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$axis$security$trust$secconv$interop$InteropSAMLIssuerImpl == null) {
            cls = class$("org.apache.ws.axis.security.trust.secconv.interop.InteropSAMLIssuerImpl");
            class$org$apache$ws$axis$security$trust$secconv$interop$InteropSAMLIssuerImpl = cls;
        } else {
            cls = class$org$apache$ws$axis$security$trust$secconv$interop$InteropSAMLIssuerImpl;
        }
        log = LogFactory.getLog(cls.getName());
    }
}
