package org.apache.ws.security.handler;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.io.StringWriter;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.TimeZone;
import java.util.Vector;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.rpc.JAXRPCException;
import javax.xml.rpc.handler.Handler;
import javax.xml.rpc.handler.HandlerInfo;
import javax.xml.rpc.handler.MessageContext;
import javax.xml.rpc.handler.soap.SOAPMessageContext;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
import org.apache.axis.utils.XMLUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSAddTimestamp;
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.message.WSSAddSAMLToken;
import org.apache.ws.security.message.WSSAddUsernameToken;
import org.apache.ws.security.message.WSSignEnvelope;
import org.apache.ws.security.message.token.Timestamp;
import org.apache.ws.security.saml.SAMLIssuer;
import org.apache.ws.security.saml.SAMLIssuerFactory;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/ws/security/handler/WSS4JHandler.class */
public class WSS4JHandler implements Handler {
    private HandlerInfo handlerInfo;
    static Log log;
    static final WSSecurityEngine secEngine;
    private static Hashtable cryptos;
    static final String DEPLOYMENT = "deployment";
    static final String CLIENT_DEPLOYMENT = "client";
    static final String SERVER_DEPLOYMENT = "server";
    static final String FLOW = "flow";
    static final String REQUEST_ONLY = "request-only";
    static final String RESPONSE_ONLY = "response-only";
    static Class class$org$apache$ws$security$handler$WSS4JHandler;
    private boolean doDebug = false;
    private SOAPMessageContext msgContext = null;
    Crypto sigCrypto = null;
    String sigPropFile = null;
    Crypto decCrypto = null;
    String decPropFile = null;
    protected int timeToLive = 300;
    private boolean noSerialization = false;
    private SOAPConstants soapConstants = null;
    String actor = null;
    String username = null;
    String pwType = null;
    String[] utElements = null;
    int sigKeyId = 0;
    String sigAlgorithm = null;
    Vector signatureParts = new Vector();
    Crypto encCrypto = null;
    int encKeyId = 0;
    String encSymmAlgo = null;
    String encKeyTransport = null;
    String encUser = null;
    Vector encryptParts = new Vector();
    X509Certificate encCert = null;

    public void init(HandlerInfo handlerInfo) {
        this.handlerInfo = handlerInfo;
    }

    public void destroy() {
    }

    public QName[] getHeaders() {
        return this.handlerInfo.getHeaders();
    }

    private void initialize() {
        this.signatureParts.removeAllElements();
        this.encryptParts.removeAllElements();
    }

    public boolean handleRequest(MessageContext messageContext) {
        messageContext.setProperty("axis.form.optimization", Boolean.TRUE);
        return processMessage(messageContext, true);
    }

    public boolean handleResponse(MessageContext messageContext) {
        messageContext.setProperty("axis.form.optimization", Boolean.TRUE);
        return processMessage(messageContext, false);
    }

    public boolean processMessage(MessageContext messageContext, boolean z) {
        this.doDebug = log.isDebugEnabled();
        this.msgContext = (SOAPMessageContext) messageContext;
        String str = (String) this.handlerInfo.getHandlerConfig().get(DEPLOYMENT);
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty(DEPLOYMENT);
        }
        if (str2 == null) {
            throw new JAXRPCException("WSS4JHandler.processMessage: No deployment defined");
        }
        String str3 = (String) this.handlerInfo.getHandlerConfig().get(FLOW);
        String str4 = str3;
        if (str3 == null) {
            str4 = (String) this.msgContext.getProperty(FLOW);
        }
        if (str4 == null) {
            str4 = "";
        }
        boolean z2 = (z && !str4.equals(RESPONSE_ONLY)) || !(z || str4.equals(REQUEST_ONLY));
        if (str2.equals(CLIENT_DEPLOYMENT) ^ z) {
            if (z2) {
                return doReceiver(messageContext);
            }
            return true;
        }
        if (z2) {
            return doSender(messageContext);
        }
        return true;
    }

    public boolean doSender(MessageContext messageContext) {
        String byteArrayOutputStream;
        initialize();
        this.noSerialization = false;
        Vector vector = new Vector();
        String str = (String) this.handlerInfo.getHandlerConfig().get("send.action");
        if (str == null) {
            String str2 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ACTION);
            str = str2;
            if (str2 == null) {
                str = (String) this.msgContext.getProperty(WSHandlerConstants.ACTION);
            }
        }
        if (str == null) {
            throw new JAXRPCException("WSS4JHandler: No action defined");
        }
        int decodeAction = decodeAction(str, vector);
        if (decodeAction == 0) {
            return true;
        }
        boolean decodeMustUnderstand = decodeMustUnderstand();
        String str3 = (String) this.handlerInfo.getHandlerConfig().get("actor");
        this.actor = str3;
        if (str3 == null) {
            this.actor = (String) this.msgContext.getProperty("actor");
        }
        this.username = (String) this.handlerInfo.getHandlerConfig().get("user");
        if (this.username == null || this.username.equals("")) {
            this.username = (String) this.msgContext.getProperty("user");
            this.msgContext.setProperty("user", (Object) null);
        }
        if ((decodeAction & 67) != 0 && (this.username == null || this.username.equals(""))) {
            throw new JAXRPCException("WSS4JHandler: Empty username for specified action");
        }
        if (this.doDebug) {
            log.debug(new StringBuffer().append("Action: ").append(decodeAction).toString());
            log.debug(new StringBuffer().append("Actor: ").append(this.actor).append(", mu: ").append(decodeMustUnderstand).toString());
        }
        SOAPMessage message = this.msgContext.getMessage();
        log.debug(new StringBuffer().append("Form optimzation: ").append((Boolean) this.msgContext.getProperty("axis.form.optimization")).toString());
        SOAPPart sOAPPart = message.getSOAPPart();
        Document document = (Document) this.msgContext.getProperty(WSHandlerConstants.SND_SECURITY);
        Document document2 = document;
        if (document == null) {
            try {
                document2 = messageToDocument(message);
            } catch (Exception e) {
                throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: cannot get SOAP envlope from message").append(e).toString());
            }
        }
        if (this.doDebug) {
            log.debug("WSS4JHandler: orginal SOAP request: ");
            log.debug(XMLUtils.PrettyDocumentToString(document2));
        }
        this.soapConstants = WSSecurityUtil.getSOAPConstants(document2.getDocumentElement());
        if ((decodeAction & 1) == 1) {
            decodeUTParameter();
        }
        if ((decodeAction & 64) == 64) {
            decodeUTParameter();
            decodeSignatureParameter();
        }
        if ((decodeAction & 2) == 2) {
            decodeSignatureParameter();
        }
        if ((decodeAction & 16) == 16) {
            decodeSignatureParameter();
        }
        if ((decodeAction & 4) == 4) {
            this.encCrypto = loadEncryptionCrypto();
            decodeEncryptionParameter();
        }
        for (int i = 0; i < vector.size(); i++) {
            int intValue = ((Integer) vector.get(i)).intValue();
            if (this.doDebug) {
                log.debug(new StringBuffer().append("Performing Action: ").append(intValue).toString());
            }
            switch (intValue) {
                case 1:
                    performUTAction(intValue, decodeMustUnderstand, document2);
                    break;
                case 2:
                    performSIGNAction(intValue, decodeMustUnderstand, document2);
                    break;
                case 4:
                    performENCRAction(decodeMustUnderstand, intValue, document2);
                    break;
                case 8:
                    performSTAction(decodeMustUnderstand, document2);
                    break;
                case 16:
                    performST_SIGNAction(intValue, decodeMustUnderstand, document2);
                    break;
                case WSConstants.TS /* 32 */:
                    performTSAction(decodeMustUnderstand, document2);
                    break;
                case WSConstants.UT_SIGN /* 64 */:
                    performUT_SIGNAction(intValue, decodeMustUnderstand, document2);
                    break;
                case WSConstants.NO_SERIALIZE /* 256 */:
                    this.noSerialization = true;
                    break;
            }
        }
        if (this.noSerialization) {
            this.msgContext.setProperty(WSHandlerConstants.SND_SECURITY, document2);
        } else {
            ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
            org.apache.xml.security.utils.XMLUtils.outputDOM(document2, byteArrayOutputStream2, true);
            if (this.doDebug) {
                try {
                    byteArrayOutputStream = byteArrayOutputStream2.toString("UTF-8");
                } catch (UnsupportedEncodingException e2) {
                    byteArrayOutputStream = byteArrayOutputStream2.toString();
                }
                log.debug("Send request:");
                log.debug(byteArrayOutputStream);
            }
            try {
                sOAPPart.setContent(new StreamSource(new ByteArrayInputStream(byteArrayOutputStream2.toByteArray())));
                this.msgContext.setProperty(WSHandlerConstants.SND_SECURITY, (Object) null);
            } catch (SOAPException e3) {
                throw new JAXRPCException(new StringBuffer().append("Couldn't set content on SOAPPart").append(e3.getMessage()).toString());
            }
        }
        if (!this.doDebug) {
            return true;
        }
        log.debug("WSS4JHandler: exit invoke()");
        return true;
    }

    /* JADX WARN: Type inference failed for: r19v0, types: [java.lang.Throwable, org.apache.ws.security.WSSecurityException] */
    public boolean doReceiver(MessageContext messageContext) {
        Timestamp timestamp;
        X509Certificate certificate;
        Vector vector = new Vector();
        String str = (String) this.handlerInfo.getHandlerConfig().get("receive.action");
        if (str == null) {
            String str2 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ACTION);
            str = str2;
            if (str2 == null) {
                str = (String) this.msgContext.getProperty(WSHandlerConstants.ACTION);
            }
        }
        if (str == null) {
            throw new JAXRPCException("WSS4JHandler: No action defined");
        }
        int decodeAction = decodeAction(str, vector);
        String str3 = (String) this.handlerInfo.getHandlerConfig().get("actor");
        SOAPMessage message = this.msgContext.getMessage();
        SOAPPart sOAPPart = message.getSOAPPart();
        try {
            Document messageToDocument = messageToDocument(message);
            if (WSSecurityUtil.findElement(messageToDocument.getDocumentElement(), "Fault", WSSecurityUtil.getSOAPConstants(messageToDocument.getDocumentElement()).getEnvelopeURI()) != null) {
                return false;
            }
            CallbackHandler passwordCB = (decodeAction & 5) != 0 ? getPasswordCB() : null;
            if ((decodeAction & 2) == 2) {
                decodeSignatureParameter();
            }
            if ((decodeAction & 4) == 4) {
                decodeDecryptionParameter();
            }
            try {
                Vector processSecurityHeader = secEngine.processSecurityHeader(messageToDocument, str3, passwordCB, this.sigCrypto, this.decCrypto);
                if (processSecurityHeader == null) {
                    if (decodeAction == 0) {
                        return true;
                    }
                    throw new JAXRPCException("WSS4JHandler: Request does not contain required Security header");
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                org.apache.xml.security.utils.XMLUtils.outputDOM(messageToDocument, byteArrayOutputStream, true);
                try {
                    sOAPPart.setContent(new StreamSource(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
                    if (this.doDebug) {
                        log.debug("Processed received SOAP request");
                    }
                    try {
                        Iterator examineHeaderElements = message.getSOAPPart().getEnvelope().getHeader().examineHeaderElements(str3);
                        SOAPHeaderElement sOAPHeaderElement = null;
                        while (true) {
                            if (!examineHeaderElements.hasNext()) {
                                break;
                            }
                            SOAPHeaderElement sOAPHeaderElement2 = (SOAPHeaderElement) examineHeaderElements.next();
                            if (sOAPHeaderElement2.getElementName().getLocalName().equals(WSConstants.WSSE_LN) && sOAPHeaderElement2.getNamespaceURI().equals(WSConstants.WSSE_NS)) {
                                sOAPHeaderElement = sOAPHeaderElement2;
                                break;
                            }
                        }
                        sOAPHeaderElement.setMustUnderstand(false);
                        WSSecurityEngineResult fetchActionResult = WSSecurityUtil.fetchActionResult(processSecurityHeader, 2);
                        if (fetchActionResult != null && (certificate = fetchActionResult.getCertificate()) != null && !verifyTrust(certificate)) {
                            throw new JAXRPCException("WSS4JHandler: The certificate used for the signature is not trusted");
                        }
                        WSSecurityEngineResult fetchActionResult2 = WSSecurityUtil.fetchActionResult(processSecurityHeader, 32);
                        if (fetchActionResult2 != null && (timestamp = fetchActionResult2.getTimestamp()) != null) {
                            String str4 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.TTL_TIMESTAMP);
                            String str5 = str4;
                            if (str4 == null) {
                                str5 = (String) this.msgContext.getProperty(WSHandlerConstants.TTL_TIMESTAMP);
                            }
                            int i = 0;
                            if (str5 != null) {
                                try {
                                    i = Integer.parseInt(str5);
                                } catch (NumberFormatException e) {
                                    i = this.timeToLive;
                                }
                            }
                            if (i <= 0) {
                                int i2 = this.timeToLive;
                            }
                            if (!verifyTimestamp(timestamp, this.timeToLive)) {
                                throw new JAXRPCException("WSS4JHandler: The timestamp could not be validated");
                            }
                        }
                        int size = processSecurityHeader.size();
                        int size2 = vector.size();
                        if (size2 != size) {
                            throw new JAXRPCException("WSS4JHandler: security processing failed (actions number mismatch)");
                        }
                        for (int i3 = 0; i3 < size2; i3++) {
                            if (((Integer) vector.get(i3)).intValue() != ((WSSecurityEngineResult) processSecurityHeader.get(i3)).getAction()) {
                                throw new JAXRPCException("WSS4JHandler: security processing failed (actions mismatch)");
                            }
                        }
                        Vector vector2 = (Vector) messageContext.getProperty(WSHandlerConstants.RECV_RESULTS);
                        Vector vector3 = vector2;
                        if (vector2 == null) {
                            vector3 = new Vector();
                            messageContext.setProperty(WSHandlerConstants.RECV_RESULTS, vector3);
                        }
                        vector3.add(0, new WSHandlerResult(str3, processSecurityHeader));
                        if (!this.doDebug) {
                            return true;
                        }
                        log.debug("WSS4JHandler: exit invoke()");
                        return true;
                    } catch (Exception e2) {
                        throw new JAXRPCException("WSS4JHandler: cannot get SOAP header after security processing", e2);
                    }
                } catch (SOAPException e3) {
                    throw new JAXRPCException(new StringBuffer().append("Couldn't set content on SOAPPart").append(e3.getMessage()).toString());
                }
            } catch (WSSecurityException e4) {
                e4.printStackTrace();
                throw new JAXRPCException("WSS4JHandler: security processing failed", (Throwable) e4);
            }
        } catch (Exception e5) {
            throw new JAXRPCException("WSS4JHandler: cannot convert into document", e5);
        }
    }

    private void performSIGNAction(int i, boolean z, Document document) throws JAXRPCException {
        String password = getPassword(this.username, i, "passwordCallbackClass", WSHandlerConstants.PW_CALLBACK_REF).getPassword();
        WSSignEnvelope wSSignEnvelope = new WSSignEnvelope(this.actor, z);
        if (this.sigKeyId != 0) {
            wSSignEnvelope.setKeyIdentifierType(this.sigKeyId);
        }
        if (this.sigAlgorithm != null) {
            wSSignEnvelope.setSignatureAlgorithm(this.sigAlgorithm);
        }
        wSSignEnvelope.setUserInfo(this.username, password);
        if (this.signatureParts.size() > 0) {
            wSSignEnvelope.setParts(this.signatureParts);
        }
        try {
            wSSignEnvelope.build(document, this.sigCrypto);
        } catch (WSSecurityException e) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Signature: error during message procesing").append(e).toString());
        }
    }

    public static String parseToString(Node node) throws JAXRPCException {
        new StringBuffer();
        try {
            Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
            StringWriter stringWriter = new StringWriter(128);
            newTransformer.transform(new DOMSource(node), new StreamResult(stringWriter));
            return stringWriter.getBuffer().toString();
        } catch (TransformerException e) {
            throw new JAXRPCException("WSS4JHandler: couldn't convert Node into String: ", e);
        }
    }

    private CallbackHandler getPasswordCB() throws JAXRPCException {
        CallbackHandler callbackHandler;
        String str = (String) this.handlerInfo.getHandlerConfig().get("passwordCallbackClass");
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty("passwordCallbackClass");
        }
        if (str2 != null) {
            try {
                try {
                    callbackHandler = (CallbackHandler) Class.forName(str2).newInstance();
                } catch (Exception e) {
                    throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: cannot create instance of password callback: ").append(str2).toString(), e);
                }
            } catch (ClassNotFoundException e2) {
                throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: cannot load password callback class: ").append(str2).toString(), e2);
            }
        } else {
            callbackHandler = (CallbackHandler) this.msgContext.getProperty(WSHandlerConstants.PW_CALLBACK_REF);
            if (callbackHandler == null) {
                throw new JAXRPCException("WSS4JHandler: no reference in callback property");
            }
        }
        return callbackHandler;
    }

    private boolean verifyTrust(X509Certificate x509Certificate) throws JAXRPCException {
        if (x509Certificate == null) {
            return false;
        }
        String name = x509Certificate.getSubjectDN().getName();
        String name2 = x509Certificate.getIssuerDN().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (this.doDebug) {
            log.debug(new StringBuffer().append("WSS4JHandler: Transmitted certificate has subject ").append(name).toString());
            log.debug(new StringBuffer().append("WSS4JHandler: Transmitted certificate has issuer ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
        }
        try {
            String aliasForX509Cert = this.sigCrypto.getAliasForX509Cert(name2, serialNumber);
            if (aliasForX509Cert != null) {
                try {
                    X509Certificate[] certificates = this.sigCrypto.getCertificates(aliasForX509Cert);
                    if (certificates != null && certificates.length > 0 && x509Certificate.equals(certificates[0])) {
                        if (!this.doDebug) {
                            return true;
                        }
                        log.debug(new StringBuffer().append("Direct trust for certificate with ").append(name).toString());
                        return true;
                    }
                } catch (WSSecurityException e) {
                    throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Could not get certificates for alias ").append(aliasForX509Cert).toString(), e);
                }
            } else if (this.doDebug) {
                log.debug(new StringBuffer().append("No alias found for subject from issuer with ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
            }
            try {
                String[] aliasesForDN = this.sigCrypto.getAliasesForDN(name2);
                if (aliasesForDN == null || aliasesForDN.length < 1) {
                    if (!this.doDebug) {
                        return false;
                    }
                    log.debug(new StringBuffer().append("No aliases found in keystore for issuer ").append(name2).append(" of certificate for ").append(name).toString());
                    return false;
                }
                for (int i = 0; i < aliasesForDN.length; i++) {
                    String str = aliasesForDN[i];
                    if (this.doDebug) {
                        log.debug(new StringBuffer().append("Preparing to validate certificate path with alias ").append(str).append(" for issuer ").append(name2).toString());
                    }
                    try {
                        X509Certificate[] certificates2 = this.sigCrypto.getCertificates(str);
                        if ((certificates2 == null) || (certificates2.length < 1)) {
                            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Could not get certificates for alias ").append(str).toString());
                        }
                        X509Certificate[] x509CertificateArr = new X509Certificate[certificates2.length + 1];
                        x509CertificateArr[0] = x509Certificate;
                        for (int i2 = 0; i2 < certificates2.length; i2++) {
                            x509Certificate = certificates2[i];
                            x509CertificateArr[certificates2.length + i2] = x509Certificate;
                        }
                        try {
                            if (this.sigCrypto.validateCertPath(x509CertificateArr)) {
                                if (!this.doDebug) {
                                    return true;
                                }
                                log.debug(new StringBuffer().append("WSS4JHandler: Certificate path has been verified for certificate with subject ").append(name).toString());
                                return true;
                            }
                        } catch (WSSecurityException e2) {
                            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Certificate path verification failed for certificate with subject ").append(name).toString(), e2);
                        }
                    } catch (WSSecurityException e3) {
                        throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Could not get certificates for alias ").append(str).toString(), e3);
                    }
                }
                log.debug(new StringBuffer().append("WSS4JHandler: Certificate path could not be verified for certificate with subject ").append(name).toString());
                return false;
            } catch (WSSecurityException e4) {
                throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Could not get alias for certificate with ").append(name2).toString(), e4);
            }
        } catch (WSSecurityException e5) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Could not get alias for certificate with ").append(name).toString(), e5);
        }
    }

    protected boolean verifyTimestamp(Timestamp timestamp, int i) throws JAXRPCException {
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(calendar.getTimeInMillis() - (i * 1000));
        if (this.doDebug) {
            log.debug("Preparing to verify the timestamp");
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
            simpleDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
            log.debug(new StringBuffer().append("Validation of Timestamp: Current time is ").append(simpleDateFormat.format(Calendar.getInstance().getTime())).toString());
            log.debug(new StringBuffer().append("Validation of Timestamp: Valid creation is ").append(simpleDateFormat.format(calendar.getTime())).toString());
            log.debug(new StringBuffer().append("Validation of Timestamp: Timestamp created is ").append(simpleDateFormat.format(timestamp.getCreated().getTime())).toString());
        }
        if (timestamp.getCreated().after(calendar)) {
            log.debug("Validation of Timestamp: Everything is ok");
            return true;
        }
        if (!this.doDebug) {
            return false;
        }
        log.debug("Validation of Timestamp: The message was created too long ago");
        return false;
    }

    protected Crypto loadSignatureCrypto() throws JAXRPCException {
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.SIG_PROP_FILE);
        this.sigPropFile = str;
        if (str == null) {
            this.sigPropFile = (String) this.msgContext.getProperty(WSHandlerConstants.SIG_PROP_FILE);
        }
        if (this.sigPropFile == null) {
            throw new JAXRPCException("WSS4JHandler: Signature: no crypto property file");
        }
        Crypto crypto = (Crypto) cryptos.get(this.sigPropFile);
        Crypto crypto2 = crypto;
        if (crypto == null) {
            crypto2 = CryptoFactory.getInstance(this.sigPropFile);
            cryptos.put(this.sigPropFile, crypto2);
        }
        return crypto2;
    }

    protected Crypto loadDecryptionCrypto() throws JAXRPCException {
        Crypto crypto;
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.DEC_PROP_FILE);
        this.decPropFile = str;
        if (str == null) {
            this.decPropFile = (String) this.msgContext.getProperty(WSHandlerConstants.DEC_PROP_FILE);
        }
        if (this.decPropFile != null) {
            Crypto crypto2 = (Crypto) cryptos.get(this.decPropFile);
            crypto = crypto2;
            if (crypto2 == null) {
                crypto = CryptoFactory.getInstance(this.decPropFile);
                cryptos.put(this.decPropFile, crypto);
            }
        } else {
            Crypto crypto3 = this.sigCrypto;
            crypto = crypto3;
            if (crypto3 == null) {
                throw new JAXRPCException("WSS4JHandler: Encryption: no crypto property file");
            }
        }
        return crypto;
    }

    protected SAMLIssuer loadSamlIssuer() throws JAXRPCException {
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.SAML_PROP_FILE);
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty(WSHandlerConstants.SAML_PROP_FILE);
        }
        return SAMLIssuerFactory.getInstance(str2);
    }

    private void decodeSignatureParameter() throws JAXRPCException {
        this.sigCrypto = loadSignatureCrypto();
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.SIG_KEY_ID);
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty(WSHandlerConstants.SIG_KEY_ID);
        }
        if (str2 != null) {
            Integer num = (Integer) WSHandlerConstants.keyIdentifier.get(str2);
            if (num == null) {
                throw new JAXRPCException("WSS4JHandler: Signature: unknown key identification");
            }
            this.sigKeyId = num.intValue();
            if (this.sigKeyId != 2 && this.sigKeyId != 1 && this.sigKeyId != 3 && this.sigKeyId != 4) {
                throw new JAXRPCException("WSS4JHandler: Signature: illegal key identification");
            }
        }
        String str3 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.SIG_ALGO);
        this.sigAlgorithm = str3;
        if (str3 == null) {
        }
        String str4 = (String) this.handlerInfo.getHandlerConfig().get("signatureParts");
        String str5 = str4;
        if (str4 == null) {
            str5 = (String) this.msgContext.getProperty("signatureParts");
        }
        if (str5 != null) {
            splitEncParts(str5, this.signatureParts);
        }
    }

    private void decodeDecryptionParameter() throws JAXRPCException {
        this.decCrypto = loadDecryptionCrypto();
    }

    public boolean handleFault(MessageContext messageContext) {
        if (!this.doDebug) {
            return true;
        }
        log.debug("Entered handleFault");
        return true;
    }

    private void performENCRAction(boolean z, int i, Document document) throws JAXRPCException {
        WSEncryptBody wSEncryptBody = new WSEncryptBody(this.actor, z);
        if (this.encKeyId != 0) {
            wSEncryptBody.setKeyIdentifierType(this.encKeyId);
        }
        if (this.encKeyId == 5) {
            String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENC_KEY_NAME);
            String str2 = str;
            if (str == null) {
                str2 = (String) this.msgContext.getProperty(WSHandlerConstants.ENC_KEY_NAME);
            }
            wSEncryptBody.setEmbeddedKeyName(str2);
            wSEncryptBody.setKey(getPassword(this.encUser, i, WSHandlerConstants.ENC_CALLBACK_CLASS, WSHandlerConstants.ENC_CALLBACK_REF).getKey());
        }
        if (this.encSymmAlgo != null) {
            wSEncryptBody.setSymmetricEncAlgorithm(this.encSymmAlgo);
        }
        if (this.encKeyTransport != null) {
            wSEncryptBody.setKeyEnc(this.encKeyTransport);
        }
        wSEncryptBody.setUserInfo(this.encUser);
        wSEncryptBody.setUseThisCert(this.encCert);
        if (this.encryptParts.size() > 0) {
            wSEncryptBody.setParts(this.encryptParts);
        }
        try {
            wSEncryptBody.build(document, this.encCrypto);
        } catch (WSSecurityException e) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Encryption: error during message processing").append(e).toString());
        }
    }

    private void performUTAction(int i, boolean z, Document document) throws JAXRPCException {
        String password = getPassword(this.username, i, "passwordCallbackClass", WSHandlerConstants.PW_CALLBACK_REF).getPassword();
        WSSAddUsernameToken wSSAddUsernameToken = new WSSAddUsernameToken(this.actor, z);
        wSSAddUsernameToken.setPasswordType(this.pwType);
        wSSAddUsernameToken.build(document, this.username, password);
        if (this.utElements == null || this.utElements.length <= 0) {
            return;
        }
        for (int i2 = 0; i2 < this.utElements.length; i2++) {
            this.utElements[i2].trim();
            if (this.utElements[i2].equals("Nonce")) {
                wSSAddUsernameToken.addNonce(document);
            }
            if (this.utElements[i2].equals("Created")) {
                wSSAddUsernameToken.addCreated(document);
            }
        }
    }

    private void performUT_SIGNAction(int i, boolean z, Document document) throws JAXRPCException {
        String password = getPassword(this.username, i, "passwordCallbackClass", WSHandlerConstants.PW_CALLBACK_REF).getPassword();
        WSSAddUsernameToken wSSAddUsernameToken = new WSSAddUsernameToken(this.actor, z);
        wSSAddUsernameToken.setPasswordType(WSConstants.PASSWORD_TEXT);
        wSSAddUsernameToken.preSetUsernameToken(document, this.username, password);
        wSSAddUsernameToken.addCreated(document);
        wSSAddUsernameToken.addNonce(document);
        WSSignEnvelope wSSignEnvelope = new WSSignEnvelope(this.actor, z);
        wSSignEnvelope.setUsernameToken(wSSAddUsernameToken);
        if (this.signatureParts.size() > 0) {
            wSSignEnvelope.setParts(this.signatureParts);
        }
        wSSignEnvelope.setKeyIdentifierType(7);
        wSSignEnvelope.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        try {
            wSSignEnvelope.build(document, null);
            wSSAddUsernameToken.build(document, null, null);
        } catch (WSSecurityException e) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Error during Signatur with UsernameToken secret").append(e).toString());
        }
    }

    private void performSTAction(boolean z, Document document) throws JAXRPCException {
        WSSAddSAMLToken wSSAddSAMLToken = new WSSAddSAMLToken(this.actor, z);
        SAMLIssuer loadSamlIssuer = loadSamlIssuer();
        loadSamlIssuer.setUsername(this.username);
        wSSAddSAMLToken.build(document, loadSamlIssuer.newAssertion());
    }

    private void performST_SIGNAction(int i, boolean z, Document document) throws JAXRPCException {
        Crypto loadSignatureCrypto = loadSignatureCrypto();
        SAMLIssuer loadSamlIssuer = loadSamlIssuer();
        loadSamlIssuer.setUsername(this.username);
        loadSamlIssuer.setUserCrypto(loadSignatureCrypto);
        loadSamlIssuer.setInstanceDoc(document);
        SAMLAssertion newAssertion = loadSamlIssuer.newAssertion();
        if (newAssertion == null) {
            throw new JAXRPCException("WSS4JHandler: Signed SAML: no SAML token received");
        }
        String str = null;
        String str2 = null;
        Crypto crypto = null;
        WSSignEnvelope wSSignEnvelope = new WSSignEnvelope(this.actor, z);
        if (loadSamlIssuer.isSenderVouches()) {
            str = loadSamlIssuer.getIssuerKeyName();
            str2 = loadSamlIssuer.getIssuerKeyPassword();
            crypto = loadSamlIssuer.getIssuerCrypto();
        } else {
            wSSignEnvelope.setUserInfo(this.username, getPassword(this.username, i, "passwordCallbackClass", WSHandlerConstants.PW_CALLBACK_REF).getPassword());
        }
        if (this.sigKeyId != 0) {
            wSSignEnvelope.setKeyIdentifierType(this.sigKeyId);
        }
        try {
            wSSignEnvelope.build(document, loadSignatureCrypto, newAssertion, crypto, str, str2);
        } catch (WSSecurityException e) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Signed SAML: error during message processing").append(e).toString());
        }
    }

    private void performTSAction(boolean z, Document document) throws JAXRPCException {
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.TTL_TIMESTAMP);
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty(WSHandlerConstants.TTL_TIMESTAMP);
        }
        int i = 0;
        if (str2 != null) {
            try {
                i = Integer.parseInt(str2);
            } catch (NumberFormatException e) {
                i = this.timeToLive;
            }
        }
        if (i <= 0) {
            i = this.timeToLive;
        }
        new WSAddTimestamp(this.actor, z).build(document, i);
    }

    public static int decodeAction(String str, Vector vector) throws JAXRPCException {
        int i = 0;
        if (str == null) {
            return 0;
        }
        String[] split = StringUtil.split(str, ' ');
        for (int i2 = 0; i2 < split.length; i2++) {
            if (split[i2].equals(WSHandlerConstants.NO_SECURITY)) {
                return 0;
            }
            if (split[i2].equals("UsernameToken")) {
                i |= 1;
                vector.add(new Integer(1));
            } else if (split[i2].equals("Signature")) {
                i |= 2;
                vector.add(new Integer(2));
            } else if (split[i2].equals(WSHandlerConstants.ENCRYPT)) {
                i |= 4;
                vector.add(new Integer(4));
            } else if (split[i2].equals(WSHandlerConstants.SAML_TOKEN_UNSIGNED)) {
                i |= 8;
                vector.add(new Integer(8));
            } else if (split[i2].equals(WSHandlerConstants.SAML_TOKEN_SIGNED)) {
                i |= 16;
                vector.add(new Integer(16));
            } else if (split[i2].equals("Timestamp")) {
                i |= 32;
                vector.add(new Integer(32));
            } else if (split[i2].equals(WSHandlerConstants.NO_SERIALIZATION)) {
                i |= WSConstants.NO_SERIALIZE;
                vector.add(new Integer(WSConstants.NO_SERIALIZE));
            } else {
                if (!split[i2].equals(WSHandlerConstants.SIGN_WITH_UT_KEY)) {
                    throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: Unknown action defined").append(split[i2]).toString());
                }
                i |= 64;
                vector.add(new Integer(64));
            }
        }
        return i;
    }

    private boolean decodeMustUnderstand() throws JAXRPCException {
        boolean z = true;
        String str = (String) this.handlerInfo.getHandlerConfig().get("mustUnderstand");
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty("mustUnderstand");
        }
        if (str2 != null) {
            if (str2.equals("0") || str2.equals("false")) {
                z = false;
            } else {
                if (!str2.equals("1") && !str2.equals("true")) {
                    throw new JAXRPCException("WSS4JHandler: illegal mustUnderstand parameter");
                }
                z = true;
            }
        }
        return z;
    }

    private void decodeUTParameter() throws JAXRPCException {
        String str = (String) this.handlerInfo.getHandlerConfig().get("passwordType");
        this.pwType = str;
        if (str == null) {
            this.pwType = (String) this.msgContext.getProperty("passwordType");
        }
        if (this.pwType != null) {
            this.pwType = this.pwType.equals(WSConstants.PW_TEXT) ? WSConstants.PASSWORD_TEXT : WSConstants.PASSWORD_DIGEST;
        }
        String str2 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ADD_UT_ELEMENTS);
        String str3 = str2;
        if (str2 == null) {
            str3 = (String) this.msgContext.getProperty(WSHandlerConstants.ADD_UT_ELEMENTS);
        }
        if (str3 != null) {
            this.utElements = StringUtil.split(str3, ' ');
        }
    }

    protected Crypto loadEncryptionCrypto() throws JAXRPCException {
        Crypto crypto;
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENC_PROP_FILE);
        String str2 = str;
        if (str == null) {
            str2 = (String) this.msgContext.getProperty(WSHandlerConstants.ENC_PROP_FILE);
        }
        if (str2 != null) {
            Crypto crypto2 = (Crypto) cryptos.get(str2);
            crypto = crypto2;
            if (crypto2 == null) {
                crypto = CryptoFactory.getInstance(str2);
                cryptos.put(str2, crypto);
            }
        } else {
            Crypto crypto3 = this.sigCrypto;
            crypto = crypto3;
            if (crypto3 == null) {
                throw new JAXRPCException("WSS4JHandler: Encryption: no crypto property file");
            }
        }
        return crypto;
    }

    private void decodeEncryptionParameter() throws JAXRPCException {
        String str = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENCRYPTION_USER);
        this.encUser = str;
        if (str == null) {
            this.encUser = (String) this.msgContext.getProperty(WSHandlerConstants.ENCRYPTION_USER);
        }
        if (this.encUser == null) {
            String str2 = this.username;
            this.encUser = str2;
            if (str2 == null) {
                throw new JAXRPCException("WSS4JHandler: Encryption: no username");
            }
        }
        handleSpecialUser(this.encUser);
        String str3 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENC_KEY_ID);
        String str4 = str3;
        if (str3 == null) {
            str4 = (String) this.msgContext.getProperty(WSHandlerConstants.ENC_KEY_ID);
        }
        if (str4 != null) {
            Integer num = (Integer) WSHandlerConstants.keyIdentifier.get(str4);
            if (num == null) {
                throw new JAXRPCException("WSS4JHandler: Encryption: unknown key identification");
            }
            this.encKeyId = num.intValue();
            if (this.encKeyId != 2 && this.encKeyId != 3 && this.encKeyId != 4 && this.encKeyId != 1 && this.encKeyId != 5) {
                throw new JAXRPCException("WSS4JHandler: Encryption: illegal key identification");
            }
        }
        String str5 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENC_SYM_ALGO);
        this.encSymmAlgo = str5;
        if (str5 == null) {
            this.encSymmAlgo = (String) this.msgContext.getProperty(WSHandlerConstants.ENC_SYM_ALGO);
        }
        String str6 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENC_KEY_TRANSPORT);
        this.encKeyTransport = str6;
        if (str6 == null) {
            this.encKeyTransport = (String) this.msgContext.getProperty(WSHandlerConstants.ENC_KEY_TRANSPORT);
        }
        String str7 = (String) this.handlerInfo.getHandlerConfig().get(WSHandlerConstants.ENCRYPTION_PARTS);
        String str8 = str7;
        if (str7 == null) {
            str8 = (String) this.msgContext.getProperty(WSHandlerConstants.ENCRYPTION_PARTS);
        }
        if (str8 != null) {
            splitEncParts(str8, this.encryptParts);
        }
    }

    private void handleSpecialUser(String str) {
        Vector vector;
        if (WSHandlerConstants.USE_REQ_SIG_CERT.equals(str) && (vector = (Vector) this.msgContext.getProperty(WSHandlerConstants.RECV_RESULTS)) != null) {
            for (int i = 0; i < vector.size(); i++) {
                WSHandlerResult wSHandlerResult = (WSHandlerResult) vector.get(i);
                if (WSSecurityUtil.isActorEqual(this.actor, wSHandlerResult.getActor())) {
                    Vector results = wSHandlerResult.getResults();
                    for (int i2 = 0; i2 < results.size(); i2++) {
                        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                        if (wSSecurityEngineResult.getAction() == 2) {
                            this.encCert = wSSecurityEngineResult.getCertificate();
                            return;
                        }
                    }
                }
            }
        }
    }

    private void splitEncParts(String str, Vector vector) throws JAXRPCException {
        WSEncryptionPart wSEncryptionPart;
        for (String str2 : StringUtil.split(str, ';')) {
            String[] split = StringUtil.split(str2, '}');
            if (split.length == 1) {
                if (this.doDebug) {
                    log.debug(new StringBuffer().append("single partDef: '").append(split[0]).append("'").toString());
                }
                wSEncryptionPart = new WSEncryptionPart(split[0].trim(), this.soapConstants.getEnvelopeURI(), "Content");
            } else {
                if (split.length != 3) {
                    throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: wrong part definition: ").append(str).toString());
                }
                String trim = split[0].trim();
                String substring = trim.length() <= 1 ? "Content" : trim.substring(1);
                String trim2 = split[1].trim();
                String envelopeURI = trim2.length() <= 1 ? this.soapConstants.getEnvelopeURI() : trim2.substring(1);
                String trim3 = split[2].trim();
                if (this.doDebug) {
                    log.debug(new StringBuffer().append("partDefs: '").append(substring).append("' ,'").append(envelopeURI).append("' ,'").append(trim3).append("'").toString());
                }
                wSEncryptionPart = new WSEncryptionPart(trim3, envelopeURI, substring);
            }
            vector.add(wSEncryptionPart);
        }
    }

    private WSPasswordCallback getPassword(String str, int i, String str2, String str3) throws JAXRPCException {
        WSPasswordCallback wSPasswordCallback;
        String str4 = (String) this.handlerInfo.getHandlerConfig().get(str2);
        String str5 = str4;
        if (str4 == null) {
            str5 = (String) this.msgContext.getProperty(str2);
        }
        if (str5 != null) {
            wSPasswordCallback = readPwViaCallbackClass(str5, str, i);
            if (wSPasswordCallback.getPassword() == null && wSPasswordCallback.getKey() == null) {
                throw new JAXRPCException("WSS4JHandler: password callback class provided null or empty password");
            }
        } else {
            CallbackHandler callbackHandler = (CallbackHandler) this.msgContext.getProperty(str3);
            if (callbackHandler != null) {
                wSPasswordCallback = performCallback(callbackHandler, str, i);
                if (wSPasswordCallback.getPassword() == null && wSPasswordCallback.getKey() == null) {
                    throw new JAXRPCException("WSS4JHandler: password callback provided null or empty password");
                }
            } else {
                String str6 = (String) this.msgContext.getProperty("javax.xml.rpc.security.auth.password");
                if (str6 == null) {
                    throw new JAXRPCException("WSS4JHandler: application provided null or empty password");
                }
                this.msgContext.setProperty("javax.xml.rpc.security.auth.password", (Object) null);
                wSPasswordCallback = new WSPasswordCallback("", 0);
                wSPasswordCallback.setPassword(str6);
            }
        }
        return wSPasswordCallback;
    }

    private WSPasswordCallback readPwViaCallbackClass(String str, String str2, int i) throws JAXRPCException {
        try {
            try {
                return performCallback((CallbackHandler) Class.forName(str).newInstance(), str2, i);
            } catch (Exception e) {
                throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: cannot create instance of password callback: ").append(str).toString(), e);
            }
        } catch (ClassNotFoundException e2) {
            throw new JAXRPCException(new StringBuffer().append("WSS4JHandler: cannot load password callback class: ").append(str).toString(), e2);
        }
    }

    private WSPasswordCallback performCallback(CallbackHandler callbackHandler, String str, int i) throws JAXRPCException {
        int i2 = 0;
        switch (i) {
            case 1:
            case WSConstants.UT_SIGN /* 64 */:
                i2 = 2;
                break;
            case 2:
                i2 = 3;
                break;
            case 4:
                i2 = 4;
                break;
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, i2);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback;
        } catch (Exception e) {
            throw new JAXRPCException("WSS4JHandler: password callback failed", e);
        }
    }

    public static Document messageToDocument(SOAPMessage sOAPMessage) {
        try {
            Source content = sOAPMessage.getSOAPPart().getContent();
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setNamespaceAware(true);
            return newInstance.newDocumentBuilder().parse(XMLUtils.sourceToInputSource(content));
        } catch (Exception e) {
            throw new JAXRPCException("messageToDocument: cannot convert SOAPMessage into Document", e);
        }
    }

    public static void documentToStream(Document document, OutputStream outputStream) {
        try {
            TransformerFactory.newInstance().newTransformer().transform(new DOMSource(document), new StreamResult(outputStream));
        } catch (Exception e) {
            throw new JAXRPCException("documentToStream : cannot convert document into stream", e);
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$handler$WSS4JHandler == null) {
            cls = class$("org.apache.ws.security.handler.WSS4JHandler");
            class$org$apache$ws$security$handler$WSS4JHandler = cls;
        } else {
            cls = class$org$apache$ws$security$handler$WSS4JHandler;
        }
        log = LogFactory.getLog(cls.getName());
        secEngine = new WSSecurityEngine();
        cryptos = new Hashtable(5);
    }
}
