package org.apache.cxf.ws.security.wss4j;

import java.io.IOException;
import java.net.URL;
import java.security.Key;
import java.util.Date;
import java.util.Iterator;
import javax.crypto.SecretKey;
import org.apache.cxf.Bus;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.endpoint.Endpoint;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.resource.ResourceManager;
import org.apache.cxf.service.model.EndpointInfo;
import org.apache.cxf.ws.security.SecurityConstants;
import org.apache.cxf.ws.security.cache.CXFEHCacheReplayCache;
import org.apache.cxf.ws.security.tokenstore.TokenStore;
import org.apache.cxf.ws.security.tokenstore.TokenStoreFactory;
import org.apache.cxf.ws.security.trust.STSUtils;
import org.apache.wss4j.common.cache.ReplayCache;
import org.apache.wss4j.common.cache.ReplayCacheFactory;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityToken.SecurityToken;

/* loaded from: input_file:org/apache/cxf/ws/security/wss4j/WSS4JUtils.class */
public final class WSS4JUtils {
    private WSS4JUtils() {
    }

    public static ReplayCache getReplayCache(SoapMessage soapMessage, String str, String str2) {
        Endpoint endpoint;
        ReplayCache replayCache;
        boolean z = false;
        Object contextualProperty = soapMessage.getContextualProperty(str);
        if (contextualProperty != null) {
            if (!MessageUtils.isTrue(contextualProperty)) {
                return null;
            }
            z = true;
        }
        if ((!z && MessageUtils.isRequestor(soapMessage)) || (endpoint = (Endpoint) soapMessage.getExchange().get(Endpoint.class)) == null || endpoint.getEndpointInfo() == null) {
            return null;
        }
        EndpointInfo endpointInfo = endpoint.getEndpointInfo();
        synchronized (endpointInfo) {
            ReplayCache replayCache2 = (ReplayCache) soapMessage.getContextualProperty(str2);
            if (replayCache2 == null) {
                replayCache2 = (ReplayCache) endpointInfo.getProperty(str2);
            }
            if (replayCache2 == null) {
                String str3 = str2;
                if (endpointInfo.getName() != null) {
                    str3 = str3 + "-" + endpointInfo.getName().toString();
                }
                URL configFileURL = getConfigFileURL(soapMessage);
                replayCache2 = ReplayCacheFactory.isEhCacheInstalled() ? new CXFEHCacheReplayCache(str3, soapMessage.getExchange().getBus(), configFileURL) : ReplayCacheFactory.newInstance().newReplayCache(str3, configFileURL);
                endpointInfo.setProperty(str2, replayCache2);
            }
            replayCache = replayCache2;
        }
        return replayCache;
    }

    private static URL getConfigFileURL(Message message) {
        Object contextualProperty = message.getContextualProperty(SecurityConstants.CACHE_CONFIG_FILE);
        if (contextualProperty == null) {
            contextualProperty = "cxf-ehcache.xml";
        }
        if (!(contextualProperty instanceof String)) {
            if (contextualProperty instanceof URL) {
                return (URL) contextualProperty;
            }
            return null;
        }
        URL url = (URL) ((ResourceManager) ((Bus) message.getExchange().get(Bus.class)).getExtension(ResourceManager.class)).resolveResource((String) contextualProperty, URL.class);
        if (url == null) {
            try {
                url = ClassLoaderUtils.getResource((String) contextualProperty, ReplayCacheFactory.class);
            } catch (IOException e) {
                return null;
            }
        }
        if (url == null) {
            url = new URL((String) contextualProperty);
        }
        return url;
    }

    public static TokenStore getTokenStore(Message message) {
        return getTokenStore(message, true);
    }

    public static TokenStore getTokenStore(Message message, boolean z) {
        TokenStore tokenStore;
        EndpointInfo endpointInfo = ((Endpoint) message.getExchange().get(Endpoint.class)).getEndpointInfo();
        synchronized (endpointInfo) {
            TokenStore tokenStore2 = (TokenStore) message.getContextualProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            if (tokenStore2 == null) {
                tokenStore2 = (TokenStore) endpointInfo.getProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE);
            }
            if (z && tokenStore2 == null) {
                TokenStoreFactory newInstance = TokenStoreFactory.newInstance();
                String str = SecurityConstants.TOKEN_STORE_CACHE_INSTANCE;
                String str2 = (String) message.getContextualProperty(SecurityConstants.CACHE_IDENTIFIER);
                if (str2 != null) {
                    str = str + "-" + str2;
                } else if (endpointInfo.getName() != null) {
                    str = str + "-" + endpointInfo.getName().toString();
                }
                tokenStore2 = newInstance.newTokenStore(str, message);
                endpointInfo.setProperty(SecurityConstants.TOKEN_STORE_CACHE_INSTANCE, tokenStore2);
            }
            tokenStore = tokenStore2;
        }
        return tokenStore;
    }

    public static String parseAndStoreStreamingSecurityToken(SecurityToken securityToken, Message message) throws XMLSecurityException {
        if (securityToken == null) {
            return null;
        }
        org.apache.cxf.ws.security.tokenstore.SecurityToken token = getTokenStore(message).getToken(securityToken.getId());
        if (token != null && !token.isExpired()) {
            return token.getId();
        }
        Date date = new Date();
        Date date2 = new Date();
        date2.setTime(date.getTime() + 300000);
        org.apache.cxf.ws.security.tokenstore.SecurityToken securityToken2 = new org.apache.cxf.ws.security.tokenstore.SecurityToken(securityToken.getId(), date, date2);
        securityToken2.setSHA1(securityToken.getSha1Identifier());
        if (securityToken.getTokenType() != null) {
            if (securityToken.getTokenType() == WSSecurityTokenConstants.EncryptedKeyToken) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.KerberosToken) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml11Token) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.Saml20Token) {
                securityToken2.setTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
            } else if (securityToken.getTokenType() == WSSecurityTokenConstants.SecureConversationToken || securityToken.getTokenType() == WSSecurityTokenConstants.SecurityContextToken) {
                securityToken2.setTokenType(STSUtils.SCT_NS_05_02);
            }
        }
        Iterator it = securityToken.getSecretKey().keySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Key key = (Key) securityToken.getSecretKey().get((String) it.next());
            if (key != null) {
                securityToken2.setKey(key);
                if (key instanceof SecretKey) {
                    securityToken2.setSecret(key.getEncoded());
                }
            }
        }
        getTokenStore(message).add(securityToken2);
        return securityToken2.getId();
    }
}
