package com.sun.xml.ws.security.opt.impl.incoming;

import com.sun.xml.ws.api.security.trust.WSTrustException;
import com.sun.xml.ws.api.security.trust.client.IssuedTokenManager;
import com.sun.xml.ws.runtime.dev.SessionManager;
import com.sun.xml.ws.security.IssuedTokenContext;
import com.sun.xml.ws.security.SecurityContextTokenInfo;
import com.sun.xml.ws.security.impl.PasswordDerivedKey;
import com.sun.xml.ws.security.impl.kerberos.KerberosContext;
import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.api.keyinfo.BinarySecurityToken;
import com.sun.xml.ws.security.opt.api.reference.DirectReference;
import com.sun.xml.ws.security.opt.api.reference.KeyIdentifier;
import com.sun.xml.ws.security.opt.crypto.jaxb.JAXBStructure;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.crypto.SSEData;
import com.sun.xml.ws.security.opt.impl.keyinfo.SecurityTokenReference;
import com.sun.xml.ws.security.opt.impl.reference.X509IssuerSerial;
import com.sun.xml.ws.security.opt.impl.tokens.UsernameToken;
import com.sun.xml.ws.security.opt.impl.util.SOAPUtil;
import com.sun.xml.ws.security.opt.impl.util.WSSElementFactory;
import com.sun.xml.ws.security.secconv.impl.client.DefaultSCTokenConfiguration;
import com.sun.xml.ws.security.trust.WSTrustElementFactory;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.PolicyTypeUtil;
import com.sun.xml.wss.impl.XMLUtil;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.MLSPolicy;
import com.sun.xml.wss.impl.policy.SecurityPolicy;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.impl.policy.mls.DerivedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.MessagePolicy;
import com.sun.xml.wss.impl.policy.mls.SecureConversationTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.SymmetricKeyBinding;
import com.sun.xml.wss.impl.policy.mls.WSSPolicy;
import com.sun.xml.wss.logging.LogDomainConstants;
import com.sun.xml.wss.logging.impl.dsig.LogStringsMessages;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.URI;
import java.security.Key;
import java.security.KeyException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.Subject;
import javax.xml.bind.JAXBElement;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.URIReference;
import javax.xml.crypto.URIReferenceException;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.RFC2253Parser;
import org.ietf.jgss.GSSException;
import org.opensaml.security.crypto.JCAConstants;

/* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.7.jar:com/sun/xml/ws/security/opt/impl/incoming/KeySelectorImpl.class */
public class KeySelectorImpl extends KeySelector {
    private static KeySelectorImpl keyResolver;
    private static final Logger logger = Logger.getLogger(LogDomainConstants.IMPL_SIGNATURE_DOMAIN, LogDomainConstants.IMPL_SIGNATURE_DOMAIN_BUNDLE);

    /* loaded from: input_file:BOOT-INF/lib/webservices-rt-2.4.7.jar:com/sun/xml/ws/security/opt/impl/incoming/KeySelectorImpl$SimpleKeySelectorResult.class */
    private static class SimpleKeySelectorResult implements KeySelectorResult {
        private Key pk;

        SimpleKeySelectorResult(Key key) {
            this.pk = key;
        }

        public Key getKey() {
            return this.pk;
        }
    }

    private KeySelectorImpl() {
    }

    public static KeySelector getInstance() {
        return keyResolver;
    }

    public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        if (keyInfo == null) {
            if (logger.getLevel() == Level.SEVERE) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1317_KEYINFO_NULL());
            }
            throw new KeySelectorException("Null KeyInfo object!");
        }
        try {
            SignatureMethod signatureMethod = (SignatureMethod) algorithmMethod;
            List content = keyInfo.getContent();
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
            SecurityPolicy securityPolicy = jAXBFilterProcessingContext.getSecurityPolicy();
            if ((securityPolicy != null ? PolicyTypeUtil.messagePolicy(securityPolicy) ? ((MessagePolicy) securityPolicy).isBSP() : ((WSSPolicy) securityPolicy).isBSP() : false) && content.size() > 1) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1350_ILLEGAL_BSP_VIOLATION_KEY_INFO());
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "BSP Violation of R5402: KeyInfo MUST have exactly one child", null);
            }
            for (int i = 0; i < content.size(); i++) {
                KeyValue keyValue = (XMLStructure) content.get(i);
                if (keyValue instanceof KeyValue) {
                    try {
                        PublicKey publicKey = keyValue.getPublicKey();
                        if (purpose == KeySelector.Purpose.VERIFY) {
                            jAXBFilterProcessingContext.getSecurityEnvironment().validateCertificate(jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), publicKey, false), jAXBFilterProcessingContext.getExtraneousProperties());
                        }
                        if (algEquals(signatureMethod.getAlgorithm(), publicKey.getAlgorithm())) {
                            return new SimpleKeySelectorResult(publicKey);
                        }
                    } catch (KeyException e) {
                        throw new KeySelectorException(e);
                    }
                } else if (keyValue instanceof JAXBStructure) {
                    JAXBElement jAXBElement = ((JAXBStructure) keyValue).getJAXBElement();
                    if (isSecurityTokenReference(jAXBElement)) {
                        final Key resolve = resolve(jAXBElement, xMLCryptoContext, purpose);
                        return new KeySelectorResult() { // from class: com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.1
                            public Key getKey() {
                                return resolve;
                            }
                        };
                    }
                } else if (keyValue instanceof KeyName) {
                    KeyName keyName = (KeyName) keyValue;
                    SecretKey secretKey = jAXBFilterProcessingContext.getSecurityEnvironment().getSecretKey(jAXBFilterProcessingContext.getExtraneousProperties(), keyName.getName(), false);
                    if (secretKey != null) {
                        return new SimpleKeySelectorResult(secretKey);
                    }
                    X509Certificate certificate = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), keyName.getName(), false);
                    if (certificate != null && algEquals(signatureMethod.getAlgorithm(), certificate.getPublicKey().getAlgorithm())) {
                        return new SimpleKeySelectorResult(certificate.getPublicKey());
                    }
                } else if (keyValue instanceof X509Data) {
                    return new SimpleKeySelectorResult(resolveX509Data(jAXBFilterProcessingContext, (X509Data) keyValue, purpose));
                }
            }
            throw new KeySelectorException("No KeyValue element found!");
        } catch (KeySelectorException e2) {
            throw e2;
        } catch (Exception e3) {
            logger.log(Level.FINEST, "Error occurred while resolving keyinformation" + e3.getMessage());
            throw new KeySelectorException(e3);
        }
    }

    private static Key resolve(JAXBElement jAXBElement, XMLCryptoContext xMLCryptoContext, KeySelector.Purpose purpose) throws KeySelectorException {
        try {
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
            boolean z = jAXBFilterProcessingContext.getMode() == 3;
            SecurityPolicy securityPolicy = jAXBFilterProcessingContext.getSecurityPolicy();
            boolean z2 = false;
            if (securityPolicy != null) {
                z2 = PolicyTypeUtil.messagePolicy(securityPolicy) ? ((MessagePolicy) securityPolicy).isBSP() : ((WSSPolicy) securityPolicy).isBSP();
            }
            Object reference = ((SecurityTokenReference) jAXBElement.getValue()).getReference();
            Key key = null;
            if (reference instanceof KeyIdentifier) {
                KeyIdentifier keyIdentifier = (KeyIdentifier) reference;
                key = resolveKeyIdentifier(xMLCryptoContext, keyIdentifier.getValueType(), keyIdentifier.getReferenceValue(), null, purpose);
            } else if (reference instanceof DirectReference) {
                DirectReference directReference = (DirectReference) reference;
                String uri = directReference.getURI();
                if (z2 && !uri.startsWith("#")) {
                    throw new XWSSecurityException("Violation of BSP R5204 : When a SECURITY_TOKEN_REFERENCE uses a Direct Reference to an INTERNAL_SECURITY_TOKEN, it MUST use a Shorthand XPointer Reference");
                }
                String valueType = directReference.getValueType();
                if ("http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(valueType) || MessageConstants.DKT_13_VALUETYPE.equals(valueType)) {
                    valueType = null;
                }
                key = resolveDirectReference(xMLCryptoContext, valueType, uri, purpose);
            } else {
                if (!(reference instanceof X509IssuerSerial)) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1308_UNSUPPORTED_REFERENCE_MECHANISM());
                    KeySelectorException keySelectorException = new KeySelectorException("Key reference mechanism not supported");
                    throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, keySelectorException.getMessage(), keySelectorException);
                }
                X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) reference;
                resolveIssuerSerial(xMLCryptoContext, x509IssuerSerial.getX509IssuerName(), x509IssuerSerial.getX509SerialNumber(), x509IssuerSerial.getId(), purpose);
            }
            return key;
        } catch (XWSSecurityException e) {
            logger.log(Level.FINEST, "Error occurred while resolvingkey information", (Throwable) e);
            throw new KeySelectorException(e);
        } catch (Exception e2) {
            logger.log(Level.FINEST, "Error occurred while resolvingkey information", (Throwable) e2);
            throw new KeySelectorException(e2);
        }
    }

    public static Key resolveIssuerSerial(XMLCryptoContext xMLCryptoContext, String str, BigInteger bigInteger, String str2, KeySelector.Purpose purpose) throws KeySelectorException {
        PublicKey publicKey = null;
        String normalize = RFC2253Parser.normalize(str);
        try {
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
            MLSPolicy inferredKB = jAXBFilterProcessingContext.getSecurityContext().getInferredKB();
            AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
            x509CertificateBinding.setReferenceType("IssuerSerialNumber");
            if (inferredKB == null) {
                jAXBFilterProcessingContext.getSecurityContext().setInferredKB(x509CertificateBinding);
            } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                ((SymmetricKeyBinding) inferredKB).setKeyBinding(x509CertificateBinding);
            } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                DerivedTokenKeyBinding derivedTokenKeyBinding = (DerivedTokenKeyBinding) inferredKB;
                if (derivedTokenKeyBinding.getOriginalKeyBinding() == null) {
                    derivedTokenKeyBinding.setOriginalKeyBinding(x509CertificateBinding);
                } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding.getOriginalKeyBinding())) {
                    derivedTokenKeyBinding.getOriginalKeyBinding().setKeyBinding(x509CertificateBinding);
                }
            }
            if (purpose == KeySelector.Purpose.VERIFY) {
                jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.REQUESTER_SERIAL, bigInteger);
                jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.REQUESTER_ISSUERNAME, normalize);
                publicKey = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), bigInteger, normalize).getPublicKey();
            } else if (purpose == KeySelector.Purpose.SIGN || purpose == KeySelector.Purpose.DECRYPT) {
                publicKey = jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), bigInteger, normalize);
            }
            if (str2 != null) {
                try {
                    jAXBFilterProcessingContext.getSTRTransformCache().put(str2, new SSEData(new WSSElementFactory(jAXBFilterProcessingContext.getSOAPVersion()).createBinarySecurityToken(null, jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), bigInteger, normalize).getEncoded()), false, jAXBFilterProcessingContext.getNamespaceContext()));
                } catch (XWSSecurityException e) {
                } catch (CertificateEncodingException e2) {
                } catch (Exception e3) {
                }
            }
            return publicKey;
        } catch (Exception e4) {
            logger.log(Level.FINEST, "Error occurred while resolvingkey information", (Throwable) e4);
            throw new KeySelectorException(e4);
        }
    }

    public static Key resolveDirectReference(XMLCryptoContext xMLCryptoContext, String str, String str2, KeySelector.Purpose purpose) throws KeySelectorException {
        Key key = null;
        try {
            JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
            MLSPolicy inferredKB = jAXBFilterProcessingContext.getSecurityContext().getInferredKB();
            String idFromFragmentRef = SOAPUtil.getIdFromFragmentRef(str2);
            boolean z = false;
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0".equals(str) || "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken".equals(str)) {
                UsernameTokenHeader usernameTokenHeader = (UsernameTokenHeader) resolveToken(idFromFragmentRef, xMLCryptoContext);
                if (usernameTokenHeader == null) {
                    throw new KeySelectorException("Token with Id " + idFromFragmentRef + " not found");
                }
                AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = new AuthenticationTokenPolicy.UsernameTokenBinding();
                usernameTokenBinding.setReferenceType("Direct");
                usernameTokenBinding.setValueType(str);
                usernameTokenBinding.setUseNonce(((AuthenticationTokenPolicy.UsernameTokenBinding) usernameTokenHeader.getPolicy()).getUseNonce());
                usernameTokenBinding.setUseCreated(((AuthenticationTokenPolicy.UsernameTokenBinding) usernameTokenHeader.getPolicy()).getUseCreated());
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(usernameTokenBinding);
                    if (jAXBFilterProcessingContext.getExtraneousProperty("EncryptedKey") != null) {
                        z = true;
                    }
                } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                    ((SymmetricKeyBinding) inferredKB).setKeyBinding(usernameTokenBinding);
                    z = true;
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    DerivedTokenKeyBinding derivedTokenKeyBinding = (DerivedTokenKeyBinding) inferredKB;
                    if (derivedTokenKeyBinding.getOriginalKeyBinding() == null) {
                        derivedTokenKeyBinding.setOriginalKeyBinding(usernameTokenBinding);
                    } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding.getOriginalKeyBinding())) {
                        derivedTokenKeyBinding.getOriginalKeyBinding().setKeyBinding(usernameTokenBinding);
                        z = true;
                    }
                }
                key = resolveUsernameToken(jAXBFilterProcessingContext, usernameTokenHeader, purpose, z);
            } else if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(str) || "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1".equals(str)) {
                X509BinarySecurityToken x509BinarySecurityToken = (X509BinarySecurityToken) resolveToken(idFromFragmentRef, xMLCryptoContext);
                if (x509BinarySecurityToken == null) {
                    throw new KeySelectorException("Token with Id " + idFromFragmentRef + "not found");
                }
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                x509CertificateBinding.setReferenceType("Direct");
                x509CertificateBinding.setValueType(str);
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(x509CertificateBinding);
                } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                    ((SymmetricKeyBinding) inferredKB).setKeyBinding(x509CertificateBinding);
                    z = true;
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    DerivedTokenKeyBinding derivedTokenKeyBinding2 = (DerivedTokenKeyBinding) inferredKB;
                    if (derivedTokenKeyBinding2.getOriginalKeyBinding() == null) {
                        derivedTokenKeyBinding2.setOriginalKeyBinding(x509CertificateBinding);
                    } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding2.getOriginalKeyBinding())) {
                        derivedTokenKeyBinding2.getOriginalKeyBinding().setKeyBinding(x509CertificateBinding);
                        z = true;
                    }
                }
                key = resolveX509Token(jAXBFilterProcessingContext, x509BinarySecurityToken, purpose, z);
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510".equals(str) || "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ".equals(str)) {
                KerberosBinarySecurityToken kerberosBinarySecurityToken = (KerberosBinarySecurityToken) resolveToken(idFromFragmentRef, xMLCryptoContext);
                if (kerberosBinarySecurityToken == null) {
                    throw new KeySelectorException("Token with Id " + idFromFragmentRef + "not found");
                }
                WSSPolicy symmetricKeyBinding = new SymmetricKeyBinding();
                AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = new AuthenticationTokenPolicy.KerberosTokenBinding();
                kerberosTokenBinding.setReferenceType("Direct");
                kerberosTokenBinding.setValueType(str);
                symmetricKeyBinding.setKeyBinding(kerberosTokenBinding);
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(symmetricKeyBinding);
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    DerivedTokenKeyBinding derivedTokenKeyBinding3 = (DerivedTokenKeyBinding) inferredKB;
                    if (derivedTokenKeyBinding3.getOriginalKeyBinding() == null) {
                        derivedTokenKeyBinding3.setOriginalKeyBinding(symmetricKeyBinding);
                    } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding3.getOriginalKeyBinding())) {
                        derivedTokenKeyBinding3.getOriginalKeyBinding().setKeyBinding(kerberosTokenBinding);
                    }
                }
                key = resolveKerberosToken(jAXBFilterProcessingContext, kerberosBinarySecurityToken);
            } else if (MessageConstants.EncryptedKey_NS.equals(str)) {
                EncryptedKey encryptedKey = (EncryptedKey) resolveToken(idFromFragmentRef, xMLCryptoContext);
                if (encryptedKey == null) {
                    throw new KeySelectorException("Token with Id " + idFromFragmentRef + "not found");
                }
                WSSPolicy sAMLAssertionBinding = jAXBFilterProcessingContext.getSecurityContext().getIsSAMLKeyBinding() ? new AuthenticationTokenPolicy.SAMLAssertionBinding() : new SymmetricKeyBinding();
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(sAMLAssertionBinding);
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                    ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(sAMLAssertionBinding);
                }
                key = encryptedKey.getKey(jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm());
                sAMLAssertionBinding.setKeyBinding(encryptedKey.getInferredKB());
            } else {
                if ("http://schemas.xmlsoap.org/ws/2005/02/sc/sct".equals(str) || MessageConstants.SCT_13_VALUETYPE.equals(str)) {
                    if (jAXBFilterProcessingContext.isClient()) {
                        key = resolveSCT(jAXBFilterProcessingContext, idFromFragmentRef, purpose);
                    }
                    if (key == null) {
                        SecurityContextToken securityContextToken = (SecurityContextToken) resolveToken(idFromFragmentRef, xMLCryptoContext);
                        if (securityContextToken != null) {
                            key = resolveSCT(jAXBFilterProcessingContext, securityContextToken.getSCId(), purpose);
                        } else {
                            if (jAXBFilterProcessingContext.isClient()) {
                                throw new KeySelectorException("Token with Id " + idFromFragmentRef + "not found");
                            }
                            key = resolveSCT(jAXBFilterProcessingContext, idFromFragmentRef, purpose);
                        }
                    }
                    SecureConversationTokenKeyBinding secureConversationTokenKeyBinding = new SecureConversationTokenKeyBinding();
                    if (inferredKB == null) {
                        jAXBFilterProcessingContext.getSecurityContext().setInferredKB(secureConversationTokenKeyBinding);
                    } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                        ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(secureConversationTokenKeyBinding);
                    }
                    return key;
                }
                if ("http://schemas.xmlsoap.org/ws/2005/02/sc/dk".equals(str) || MessageConstants.DKT_13_VALUETYPE.equals(str)) {
                    DerivedKeyToken derivedKeyToken = (DerivedKeyToken) resolveToken(idFromFragmentRef, xMLCryptoContext);
                    if (derivedKeyToken == null) {
                        throw new KeySelectorException("Token with Id " + idFromFragmentRef + "not found");
                    }
                    key = derivedKeyToken.getKey();
                    DerivedTokenKeyBinding derivedTokenKeyBinding4 = new DerivedTokenKeyBinding();
                    derivedTokenKeyBinding4.setOriginalKeyBinding(derivedKeyToken.getInferredKB());
                    if (inferredKB == null) {
                        jAXBFilterProcessingContext.getSecurityContext().setInferredKB(derivedTokenKeyBinding4);
                    } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    }
                } else {
                    if (null != str) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1307_UNSUPPORTED_DIRECTREF_MECHANISM(new Object[]{str}));
                        throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "unsupported directreference ValueType " + str, null);
                    }
                    SecurityHeaderElement resolveToken = resolveToken(idFromFragmentRef, xMLCryptoContext);
                    if (resolveToken == null) {
                        throw new KeySelectorException("Token with Id " + idFromFragmentRef + " not found");
                    }
                    if (resolveToken instanceof X509BinarySecurityToken) {
                        AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = new AuthenticationTokenPolicy.X509CertificateBinding();
                        x509CertificateBinding2.setReferenceType("Direct");
                        if (inferredKB == null) {
                            jAXBFilterProcessingContext.getSecurityContext().setInferredKB(x509CertificateBinding2);
                        } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                            ((SymmetricKeyBinding) inferredKB).setKeyBinding(x509CertificateBinding2);
                        } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                            DerivedTokenKeyBinding derivedTokenKeyBinding5 = (DerivedTokenKeyBinding) inferredKB;
                            if (derivedTokenKeyBinding5.getOriginalKeyBinding() == null) {
                                derivedTokenKeyBinding5.setOriginalKeyBinding(x509CertificateBinding2);
                            } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding5.getOriginalKeyBinding())) {
                                derivedTokenKeyBinding5.getOriginalKeyBinding().setKeyBinding(x509CertificateBinding2);
                            }
                        }
                        key = resolveX509Token(jAXBFilterProcessingContext, (X509BinarySecurityToken) resolveToken, purpose, false);
                    } else if (resolveToken instanceof EncryptedKey) {
                        SymmetricKeyBinding symmetricKeyBinding2 = new SymmetricKeyBinding();
                        symmetricKeyBinding2.setKeyBinding(new AuthenticationTokenPolicy.X509CertificateBinding());
                        if (inferredKB == null) {
                            jAXBFilterProcessingContext.getSecurityContext().setInferredKB(symmetricKeyBinding2);
                        } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                            ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(symmetricKeyBinding2);
                        }
                        key = ((EncryptedKey) resolveToken).getKey(jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm());
                    } else if (resolveToken instanceof DerivedKeyToken) {
                        key = ((DerivedKeyToken) resolveToken).getKey();
                        MLSPolicy inferredKB2 = jAXBFilterProcessingContext.getSecurityContext().getInferredKB();
                        DerivedTokenKeyBinding derivedTokenKeyBinding6 = new DerivedTokenKeyBinding();
                        derivedTokenKeyBinding6.setOriginalKeyBinding(((DerivedKeyToken) resolveToken).getInferredKB());
                        if (inferredKB2 == null) {
                            jAXBFilterProcessingContext.getSecurityContext().setInferredKB(derivedTokenKeyBinding6);
                        } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB2)) {
                        }
                    } else if (resolveToken instanceof SecurityContextToken) {
                        SecureConversationTokenKeyBinding secureConversationTokenKeyBinding2 = new SecureConversationTokenKeyBinding();
                        if (inferredKB == null) {
                            jAXBFilterProcessingContext.getSecurityContext().setInferredKB(secureConversationTokenKeyBinding2);
                        } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                            ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(secureConversationTokenKeyBinding2);
                        }
                        key = resolveSCT(jAXBFilterProcessingContext, ((SecurityContextToken) resolveToken).getSCId(), purpose);
                    } else if (resolveToken instanceof UsernameToken) {
                        AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding2 = new AuthenticationTokenPolicy.UsernameTokenBinding();
                        usernameTokenBinding2.setReferenceType("Direct");
                        if (((UsernameToken) resolveToken).getCreatedValue() != null) {
                            usernameTokenBinding2.setUseCreated(true);
                        }
                        if (((UsernameToken) resolveToken).getNonceValue() != null) {
                            usernameTokenBinding2.setUseNonce(true);
                        }
                        if (inferredKB == null) {
                            jAXBFilterProcessingContext.getSecurityContext().setInferredKB(usernameTokenBinding2);
                        } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                            ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(usernameTokenBinding2);
                        }
                        key = resolveUsernameToken(jAXBFilterProcessingContext, (UsernameTokenHeader) resolveToken, purpose, false);
                    }
                }
            }
            return key;
        } catch (URIReferenceException e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1377_ERROR_IN_RESOLVING_KEYINFO(), e);
            throw new KeySelectorException(e);
        } catch (XWSSecurityException e2) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1377_ERROR_IN_RESOLVING_KEYINFO(), (Throwable) e2);
            throw new KeySelectorException(e2);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v101, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v116, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v150, types: [java.security.Key] */
    public static Key resolveKeyIdentifier(XMLCryptoContext xMLCryptoContext, String str, String str2, String str3, KeySelector.Purpose purpose) throws KeySelectorException {
        JAXBFilterProcessingContext jAXBFilterProcessingContext = (JAXBFilterProcessingContext) xMLCryptoContext.get(MessageConstants.WSS_PROCESSING_CONTEXT);
        PrivateKey privateKey = null;
        MLSPolicy inferredKB = jAXBFilterProcessingContext.getSecurityContext().getInferredKB();
        boolean z = false;
        try {
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier".equals(str) || MessageConstants.X509v3SubjectKeyIdentifier_NS.equals(str)) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding = new AuthenticationTokenPolicy.X509CertificateBinding();
                x509CertificateBinding.setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");
                x509CertificateBinding.setReferenceType("Identifier");
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(x509CertificateBinding);
                } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                    ((SymmetricKeyBinding) inferredKB).setKeyBinding(x509CertificateBinding);
                    z = true;
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    DerivedTokenKeyBinding derivedTokenKeyBinding = (DerivedTokenKeyBinding) inferredKB;
                    if (derivedTokenKeyBinding.getOriginalKeyBinding() == null) {
                        ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(x509CertificateBinding);
                    } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding.getOriginalKeyBinding())) {
                        derivedTokenKeyBinding.getOriginalKeyBinding().setKeyBinding(x509CertificateBinding);
                        z = true;
                    }
                }
                byte[] decodedBase64EncodedData = XMLUtil.getDecodedBase64EncodedData(str2);
                if (purpose == KeySelector.Purpose.VERIFY || purpose == KeySelector.Purpose.ENCRYPT) {
                    jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.REQUESTER_KEYID, new String(decodedBase64EncodedData));
                    X509Certificate certificate = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData);
                    if (!z && !jAXBFilterProcessingContext.isSamlSignatureKey()) {
                        jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), certificate);
                    }
                    privateKey = certificate.getPublicKey();
                } else if (purpose == KeySelector.Purpose.SIGN || purpose == KeySelector.Purpose.DECRYPT) {
                    privateKey = jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData);
                }
                if (str3 != null) {
                    try {
                        jAXBFilterProcessingContext.getSTRTransformCache().put(str3, new SSEData(new WSSElementFactory(jAXBFilterProcessingContext.getSOAPVersion()).createBinarySecurityToken(null, jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData, "Identifier").getEncoded()), false, jAXBFilterProcessingContext.getNamespaceContext()));
                    } catch (XWSSecurityException e) {
                    } catch (CertificateEncodingException e2) {
                    } catch (Exception e3) {
                    }
                }
            } else if (MessageConstants.ThumbPrintIdentifier_NS.equals(str)) {
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding2 = new AuthenticationTokenPolicy.X509CertificateBinding();
                x509CertificateBinding2.setValueType(MessageConstants.ThumbPrintIdentifier_NS);
                x509CertificateBinding2.setReferenceType("Identifier");
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(x509CertificateBinding2);
                } else if (PolicyTypeUtil.symmetricKeyBinding(inferredKB)) {
                    ((SymmetricKeyBinding) inferredKB).setKeyBinding(x509CertificateBinding2);
                    z = true;
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB)) {
                    DerivedTokenKeyBinding derivedTokenKeyBinding2 = (DerivedTokenKeyBinding) inferredKB;
                    if (derivedTokenKeyBinding2.getOriginalKeyBinding() == null) {
                        ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(x509CertificateBinding2);
                    } else if (PolicyTypeUtil.symmetricKeyBinding(derivedTokenKeyBinding2.getOriginalKeyBinding())) {
                        derivedTokenKeyBinding2.getOriginalKeyBinding().setKeyBinding(x509CertificateBinding2);
                        z = true;
                    }
                }
                byte[] decodedBase64EncodedData2 = XMLUtil.getDecodedBase64EncodedData(str2);
                if (purpose == KeySelector.Purpose.VERIFY || purpose == KeySelector.Purpose.ENCRYPT) {
                    jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.REQUESTER_KEYID, new String(decodedBase64EncodedData2));
                    X509Certificate certificate2 = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData2, MessageConstants.THUMB_PRINT_TYPE);
                    if (!z) {
                        jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), certificate2);
                    }
                    privateKey = certificate2.getPublicKey();
                } else if (purpose == KeySelector.Purpose.SIGN || purpose == KeySelector.Purpose.DECRYPT) {
                    privateKey = jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData2, MessageConstants.THUMB_PRINT_TYPE);
                }
                if (str3 != null) {
                    try {
                        jAXBFilterProcessingContext.getSTRTransformCache().put(str3, new SSEData(new WSSElementFactory(jAXBFilterProcessingContext.getSOAPVersion()).createBinarySecurityToken(null, jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), decodedBase64EncodedData2, MessageConstants.THUMB_PRINT_TYPE).getEncoded()), false, jAXBFilterProcessingContext.getNamespaceContext()));
                    } catch (XWSSecurityException e4) {
                    } catch (CertificateEncodingException e5) {
                    } catch (Exception e6) {
                    }
                }
            } else if (MessageConstants.KERBEROS_v5_APREQ_IDENTIFIER.equals(str)) {
                WSSPolicy symmetricKeyBinding = new SymmetricKeyBinding();
                AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = new AuthenticationTokenPolicy.KerberosTokenBinding();
                kerberosTokenBinding.setReferenceType("Identifier");
                symmetricKeyBinding.setKeyBinding(kerberosTokenBinding);
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(symmetricKeyBinding);
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                    ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(symmetricKeyBinding);
                }
                String secretKeyAlgorithm = SecurityUtil.getSecretKeyAlgorithm(jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm());
                KerberosContext kerberosContext = jAXBFilterProcessingContext.getKerberosContext();
                if (kerberosContext == null) {
                    throw new XWSSecurityException("SecretKey could not be obtained, Kerberos Context not set");
                }
                if (!str2.equals((String) jAXBFilterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE))) {
                    throw new XWSSecurityException("SecretKey could not be obtained, Incorrect Kerberos Context found");
                }
                privateKey = kerberosContext.getSecretKey(secretKeyAlgorithm);
            } else if (MessageConstants.EncryptedKeyIdentifier_NS.equals(str)) {
                SymmetricKeyBinding symmetricKeyBinding2 = new SymmetricKeyBinding();
                AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding3 = new AuthenticationTokenPolicy.X509CertificateBinding();
                x509CertificateBinding3.setReferenceType("Identifier");
                symmetricKeyBinding2.setKeyBinding(x509CertificateBinding3);
                if (inferredKB == null) {
                    jAXBFilterProcessingContext.getSecurityContext().setInferredKB(symmetricKeyBinding2);
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                    ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(symmetricKeyBinding2);
                }
                String str4 = (String) jAXBFilterProcessingContext.getExtraneousProperty(MessageConstants.EK_SHA1_TYPE);
                ?? r0 = (Key) jAXBFilterProcessingContext.getExtraneousProperty("SecretKey");
                if (str4 == null || r0 == 0) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1306_UNSUPPORTED_KEY_IDENTIFIER_REFERENCE_TYPE(), new Object[]{"EncryptedKeySHA1 reference not correct"});
                    throw new KeySelectorException("EncryptedKeySHA1 reference not correct");
                }
                if (str4.equals(str2)) {
                    privateKey = r0;
                    symmetricKeyBinding2.usesEKSHA1KeyBinding(true);
                }
            } else if (MessageConstants.WSSE_SAML_KEY_IDENTIFIER_VALUE_TYPE.equals(str) || MessageConstants.WSSE_SAML_v2_0_KEY_IDENTIFIER_VALUE_TYPE.equals(str)) {
                IssuedTokenKeyBinding issuedTokenKeyBinding = new IssuedTokenKeyBinding();
                if (inferredKB == null) {
                    if (jAXBFilterProcessingContext.hasIssuedToken()) {
                        jAXBFilterProcessingContext.getSecurityContext().setInferredKB(issuedTokenKeyBinding);
                    } else {
                        jAXBFilterProcessingContext.getSecurityContext().setInferredKB(new AuthenticationTokenPolicy.SAMLAssertionBinding());
                    }
                } else if (PolicyTypeUtil.derivedTokenKeyBinding(inferredKB) && ((DerivedTokenKeyBinding) inferredKB).getOriginalKeyBinding() == null) {
                    ((DerivedTokenKeyBinding) inferredKB).setOriginalKeyBinding(issuedTokenKeyBinding);
                }
                SecurityHeaderElement resolveToken = resolveToken(str2, xMLCryptoContext);
                if (resolveToken == null || !(resolveToken instanceof SAMLAssertion)) {
                    HashMap hashMap = (HashMap) jAXBFilterProcessingContext.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
                    if (hashMap != null) {
                        jAXBFilterProcessingContext.getSecurityContext().setIsSAMLKeyBinding(true);
                        privateKey = (Key) hashMap.get(str2);
                    }
                } else {
                    SAMLAssertion sAMLAssertion = (SAMLAssertion) resolveToken;
                    privateKey = sAMLAssertion.getKey();
                    if (str3 != null && str3.length() > 0) {
                        jAXBFilterProcessingContext.getElementCache().put(str3, new SSEData(sAMLAssertion, false, jAXBFilterProcessingContext.getNamespaceContext()));
                    }
                }
                if (jAXBFilterProcessingContext.hasIssuedToken() && privateKey != null) {
                    SecurityTokenReference securityTokenReference = new SecurityTokenReference(jAXBFilterProcessingContext.getSOAPVersion());
                    com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier keyIdentifier = new com.sun.xml.ws.security.opt.impl.reference.KeyIdentifier(jAXBFilterProcessingContext.getSOAPVersion());
                    keyIdentifier.setValueType(str);
                    keyIdentifier.setReferenceValue(str2);
                    securityTokenReference.setReference(keyIdentifier);
                    SecurityUtil.initInferredIssuedTokenContext(jAXBFilterProcessingContext, securityTokenReference, privateKey);
                }
            } else {
                privateKey = null;
            }
            return privateKey;
        } catch (XWSSecurityException e7) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1377_ERROR_IN_RESOLVING_KEYINFO(), (Throwable) e7);
            throw new KeySelectorException(e7);
        } catch (URIReferenceException e8) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1377_ERROR_IN_RESOLVING_KEYINFO(), e8);
            throw new KeySelectorException(e8);
        }
    }

    private static boolean algEquals(String str, String str2) {
        if (str2.equalsIgnoreCase(JCAConstants.KEY_ALGO_DSA) && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            return true;
        }
        return str2.equalsIgnoreCase(JCAConstants.KEY_ALGO_RSA) && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }

    private static Key resolveUsernameToken(JAXBFilterProcessingContext jAXBFilterProcessingContext, UsernameTokenHeader usernameTokenHeader, KeySelector.Purpose purpose, boolean z) throws XWSSecurityException {
        SecretKey secretKey;
        String symmetricKeyAlgorithm = jAXBFilterProcessingContext.getAlgorithmSuite().getSymmetricKeyAlgorithm();
        AuthenticationTokenPolicy.UsernameTokenBinding usernameTokenBinding = new AuthenticationTokenPolicy.UsernameTokenBinding();
        String salt = usernameTokenHeader.getSalt();
        if (salt == null) {
            throw new XWSSecurityException("Salt retrieved from UsernameToken is null");
        }
        try {
            byte[] decode = Base64.decode(salt);
            try {
                String authenticateUser = jAXBFilterProcessingContext.getSecurityEnvironment().authenticateUser(jAXBFilterProcessingContext.getExtraneousProperties(), usernameTokenHeader.getUsernameValue());
                if (authenticateUser == null) {
                    throw new XWSSecurityException("Password retrieved from UsernameToken is null");
                }
                String iterations = usernameTokenHeader.getIterations();
                if (iterations == null) {
                    throw new XWSSecurityException("Value of Iterations  retrieved from UsernameToken is null");
                }
                int parseInt = Integer.parseInt(iterations);
                PasswordDerivedKey passwordDerivedKey = new PasswordDerivedKey();
                if (purpose == KeySelector.Purpose.DECRYPT) {
                    decode[0] = 2;
                    if (z) {
                        try {
                            usernameTokenBinding.setSecretKey(passwordDerivedKey.generate160BitKey(authenticateUser, parseInt, decode));
                            usernameTokenBinding.setSecretKey(usernameTokenBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(symmetricKeyAlgorithm)));
                            jAXBFilterProcessingContext.setUsernameTokenBinding(usernameTokenBinding);
                            secretKey = passwordDerivedKey.generate16ByteKeyforEncryption(usernameTokenBinding.getSecretKey().getEncoded());
                        } catch (UnsupportedEncodingException e) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), (Throwable) e);
                            throw new XWSSecurityException("error during generating 160 bit key ");
                        }
                    } else {
                        try {
                            byte[] generate160BitKey = passwordDerivedKey.generate160BitKey(authenticateUser, parseInt, decode);
                            byte[] bArr = new byte[16];
                            for (int i = 0; i < 16; i++) {
                                bArr[i] = generate160BitKey[i];
                            }
                            usernameTokenBinding.setSecretKey(bArr);
                            secretKey = usernameTokenBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(symmetricKeyAlgorithm));
                            usernameTokenBinding.setSecretKey(secretKey);
                        } catch (UnsupportedEncodingException e2) {
                            logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), (Throwable) e2);
                            throw new XWSSecurityException("error during generating 160 bit key ");
                        }
                    }
                } else if (purpose == KeySelector.Purpose.VERIFY) {
                    decode[0] = 1;
                    try {
                        usernameTokenBinding.setSecretKey(passwordDerivedKey.generate160BitKey(authenticateUser, parseInt, decode));
                        secretKey = usernameTokenBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(symmetricKeyAlgorithm));
                        usernameTokenBinding.setSecretKey(secretKey);
                    } catch (UnsupportedEncodingException e3) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), (Throwable) e3);
                        throw new XWSSecurityException("error during generating 160 bit key ");
                    }
                } else {
                    decode[0] = 2;
                    try {
                        byte[] generate160BitKey2 = passwordDerivedKey.generate160BitKey(authenticateUser, parseInt, decode);
                        byte[] bArr2 = new byte[16];
                        for (int i2 = 0; i2 < 16; i2++) {
                            bArr2[i2] = generate160BitKey2[i2];
                        }
                        usernameTokenBinding.setSecretKey(bArr2);
                        secretKey = usernameTokenBinding.getSecretKey(SecurityUtil.getSecretKeyAlgorithm(symmetricKeyAlgorithm));
                    } catch (UnsupportedEncodingException e4) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1381_ERROR_GENERATING_160_BITKEY(), (Throwable) e4);
                        throw new XWSSecurityException("error during generating 160 bit key ");
                    }
                }
                return secretKey;
            } catch (XWSSecurityException e5) {
                throw new XWSSecurityException("exception during retrieving the password using the username");
            }
        } catch (Base64DecodingException e6) {
            logger.log(Level.SEVERE, com.sun.xml.wss.logging.LogStringsMessages.WSS_0144_UNABLETO_DECODE_BASE_64_DATA(e6), (Throwable) e6);
            throw new XWSSecurityException("exception during decoding the salt ");
        }
    }

    private static Key resolveX509Token(JAXBFilterProcessingContext jAXBFilterProcessingContext, X509BinarySecurityToken x509BinarySecurityToken, KeySelector.Purpose purpose, boolean z) throws XWSSecurityException {
        X509Certificate certificate = x509BinarySecurityToken.getCertificate();
        if (certificate == null) {
            certificate = SOAPUtil.getCertificateFromToken(x509BinarySecurityToken);
        }
        if (purpose == KeySelector.Purpose.VERIFY) {
            if (!z) {
                jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), certificate);
            }
            return certificate.getPublicKey();
        }
        if (purpose == KeySelector.Purpose.SIGN || purpose == KeySelector.Purpose.DECRYPT) {
            return jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), certificate);
        }
        return null;
    }

    private static Key resolveX509Data(JAXBFilterProcessingContext jAXBFilterProcessingContext, X509Data x509Data, KeySelector.Purpose purpose) throws KeySelectorException {
        X509Certificate x509Certificate = null;
        try {
            for (Object obj : x509Data.getContent()) {
                if (obj instanceof X509Certificate) {
                    x509Certificate = (X509Certificate) obj;
                } else if (obj instanceof byte[]) {
                    byte[] bArr = (byte[]) obj;
                    if (purpose == KeySelector.Purpose.VERIFY) {
                        X509Certificate certificate = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), bArr);
                        jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), certificate);
                        return certificate.getPublicKey();
                    }
                    if (purpose == KeySelector.Purpose.SIGN) {
                        return jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), bArr);
                    }
                } else {
                    if (obj instanceof String) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1312_UNSUPPORTED_KEYINFO());
                        throw new KeySelectorException("X509SubjectName child element of X509Data is not yet supported by our implementation");
                    }
                    if (!(obj instanceof javax.xml.crypto.dsig.keyinfo.X509IssuerSerial)) {
                        logger.log(Level.SEVERE, LogStringsMessages.WSS_1312_UNSUPPORTED_KEYINFO());
                        throw new KeySelectorException("Unsupported child element of X509Data encountered");
                    }
                    javax.xml.crypto.dsig.keyinfo.X509IssuerSerial x509IssuerSerial = (javax.xml.crypto.dsig.keyinfo.X509IssuerSerial) obj;
                    if (purpose == KeySelector.Purpose.VERIFY) {
                        X509Certificate certificate2 = jAXBFilterProcessingContext.getSecurityEnvironment().getCertificate(jAXBFilterProcessingContext.getExtraneousProperties(), x509IssuerSerial.getSerialNumber(), x509IssuerSerial.getIssuerName());
                        jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), certificate2);
                        return certificate2.getPublicKey();
                    }
                    if (purpose == KeySelector.Purpose.SIGN) {
                        return jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), x509IssuerSerial.getSerialNumber(), x509IssuerSerial.getIssuerName());
                    }
                }
                if (purpose == KeySelector.Purpose.VERIFY) {
                    jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), x509Certificate);
                    return x509Certificate.getPublicKey();
                }
                if (purpose == KeySelector.Purpose.SIGN) {
                    return jAXBFilterProcessingContext.getSecurityEnvironment().getPrivateKey(jAXBFilterProcessingContext.getExtraneousProperties(), x509Certificate);
                }
            }
            return null;
        } catch (Exception e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1314_ILLEGAL_X_509_DATA(e.getMessage()), e.getMessage());
            throw new KeySelectorException(e);
        }
    }

    protected static SecurityHeaderElement resolveToken(final String str, XMLCryptoContext xMLCryptoContext) throws URIReferenceException, XWSSecurityException {
        try {
            StreamWriterData streamWriterData = (StreamWriterData) xMLCryptoContext.getURIDereferencer().dereference(new URIReference() { // from class: com.sun.xml.ws.security.opt.impl.incoming.KeySelectorImpl.2
                public String getURI() {
                    return str;
                }

                public String getType() {
                    return null;
                }
            }, xMLCryptoContext);
            if (streamWriterData == null) {
                return null;
            }
            Object dereferencedObject = streamWriterData.getDereferencedObject();
            SecurityHeaderElement securityHeaderElement = null;
            if (dereferencedObject instanceof SecurityHeaderElement) {
                securityHeaderElement = (SecurityHeaderElement) dereferencedObject;
            }
            if (securityHeaderElement == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1304_FC_SECURITY_TOKEN_UNAVAILABLE());
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, "Referenced Security Token could not be retrieved", null);
            }
            if ("BinarySecurityToken".equals(securityHeaderElement.getLocalPart())) {
                BinarySecurityToken binarySecurityToken = (BinarySecurityToken) securityHeaderElement;
                return ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510".equals(binarySecurityToken.getValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ".equals(binarySecurityToken.getValueType())) ? (KerberosBinarySecurityToken) binarySecurityToken : (X509BinarySecurityToken) binarySecurityToken;
            }
            if ("EncryptedKey".equals(securityHeaderElement.getLocalPart())) {
                return (EncryptedKey) securityHeaderElement;
            }
            if ("SecurityContextToken".equals(securityHeaderElement.getLocalPart())) {
                return (SecurityContextToken) securityHeaderElement;
            }
            if (MessageConstants.DERIVEDKEY_TOKEN_LNAME.equals(securityHeaderElement.getLocalPart())) {
                return (DerivedKeyToken) securityHeaderElement;
            }
            if (!"Assertion".equals(securityHeaderElement.getLocalPart()) && !"UsernameToken".equals(securityHeaderElement.getLocalPart())) {
                if (logger.isLoggable(Level.SEVERE)) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1305_UN_SUPPORTED_SECURITY_TOKEN());
                }
                throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, "A Unsupported token was provided ", null);
            }
            return securityHeaderElement;
        } catch (URIReferenceException e) {
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1304_FC_SECURITY_TOKEN_UNAVAILABLE(), e);
            throw SOAPUtil.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, "Referenced Security Token could not be retrieved", e);
        }
    }

    private static boolean isSecurityTokenReference(JAXBElement jAXBElement) {
        return "SecurityTokenReference".equals(jAXBElement.getName().getLocalPart()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(jAXBElement.getName().getNamespaceURI());
    }

    private static Key resolveSCT(JAXBFilterProcessingContext jAXBFilterProcessingContext, String str, KeySelector.Purpose purpose) throws XWSSecurityException {
        IssuedTokenContext securityContext;
        URI create;
        String securityContextTokenInfo;
        String externalId;
        String wSSCVersion = jAXBFilterProcessingContext.getWSSCVersion(jAXBFilterProcessingContext.getSecurityPolicyVersion());
        if (jAXBFilterProcessingContext.isClient()) {
            securityContext = IssuedTokenManager.getInstance().createIssuedTokenContext(new DefaultSCTokenConfiguration(wSSCVersion, str, !jAXBFilterProcessingContext.isExpired(), !jAXBFilterProcessingContext.isInboundMessage()), null);
            try {
                IssuedTokenManager.getInstance().getIssuedToken(securityContext);
                if (securityContext == null || securityContext.getSecurityPolicy().isEmpty()) {
                    return null;
                }
            } catch (WSTrustException e) {
                throw new XWSSecurityException(e);
            }
        } else {
            System.out.println("context.isExpired >>> " + jAXBFilterProcessingContext.isExpired());
            securityContext = ((SessionManager) jAXBFilterProcessingContext.getExtraneousProperty("SessionManager")).getSecurityContext(str, !jAXBFilterProcessingContext.isExpired());
            com.sun.xml.ws.security.SecurityContextToken securityContextToken = (com.sun.xml.ws.security.SecurityContextToken) securityContext.getSecurityToken();
            if (securityContextToken != null) {
                create = securityContextToken.getIdentifier();
                securityContextTokenInfo = securityContextToken.getInstance();
                externalId = securityContextToken.getWsuId();
            } else {
                SecurityContextTokenInfo securityContextTokenInfo2 = securityContext.getSecurityContextTokenInfo();
                create = URI.create(securityContextTokenInfo2.getIdentifier());
                securityContextTokenInfo = securityContextTokenInfo2.getInstance();
                externalId = securityContextTokenInfo2.getExternalId();
            }
            securityContext.setSecurityToken(WSTrustElementFactory.newInstance(wSSCVersion).createSecurityContextToken(create, securityContextTokenInfo, externalId));
        }
        Subject requestorSubject = securityContext.getRequestorSubject();
        if (requestorSubject != null && jAXBFilterProcessingContext.getExtraneousProperty(MessageConstants.SCBOOTSTRAP_CRED_IN_SUBJ) == null) {
            jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(SecurityUtil.getSubject(jAXBFilterProcessingContext.getExtraneousProperties()), requestorSubject);
            jAXBFilterProcessingContext.getExtraneousProperties().put(MessageConstants.SCBOOTSTRAP_CRED_IN_SUBJ, "true");
        }
        byte[] proofKey = jAXBFilterProcessingContext.getWSCInstance() != null ? jAXBFilterProcessingContext.isExpired() ? securityContext.getProofKey() : securityContext.getSecurityContextTokenInfo().getInstanceSecret(jAXBFilterProcessingContext.getWSCInstance()) : securityContext.getProofKey();
        jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.INCOMING_SCT, securityContext.getSecurityToken());
        if (proofKey == null) {
            throw new XWSSecurityException("Could not locate SecureConversation session for Id:" + str);
        }
        String str2 = JCAConstants.KEY_ALGO_AES;
        if (jAXBFilterProcessingContext.getAlgorithmSuite() != null) {
            str2 = SecurityUtil.getSecretKeyAlgorithm(jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm());
        }
        return new SecretKeySpec(proofKey, str2);
    }

    private static Key resolveKerberosToken(JAXBFilterProcessingContext jAXBFilterProcessingContext, KerberosBinarySecurityToken kerberosBinarySecurityToken) throws XWSSecurityException {
        String str = (String) jAXBFilterProcessingContext.getExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE);
        if (str == null) {
            try {
                str = Base64.encode(MessageDigest.getInstance("SHA-1").digest(kerberosBinarySecurityToken.getTokenValue()));
            } catch (NoSuchAlgorithmException e) {
                throw new XWSSecurityException(e);
            }
        }
        String secretKeyAlgorithm = SecurityUtil.getSecretKeyAlgorithm(jAXBFilterProcessingContext.getAlgorithmSuite().getEncryptionAlgorithm());
        KerberosContext kerberosContext = jAXBFilterProcessingContext.getKerberosContext();
        if (kerberosContext == null) {
            kerberosContext = jAXBFilterProcessingContext.getSecurityEnvironment().doKerberosLogin(kerberosBinarySecurityToken.getTokenValue());
            jAXBFilterProcessingContext.setKerberosContext(kerberosContext);
            try {
                jAXBFilterProcessingContext.getSecurityEnvironment().updateOtherPartySubject(DefaultSecurityEnvironmentImpl.getSubject(jAXBFilterProcessingContext), kerberosContext.getGSSContext().getSrcName(), kerberosContext.getDelegatedCredentials());
            } catch (GSSException e2) {
                throw new XWSSecurityException((Throwable) e2);
            }
        }
        jAXBFilterProcessingContext.setExtraneousProperty(MessageConstants.KERBEROS_SHA1_VALUE, str);
        return kerberosContext.getSecretKey(secretKeyAlgorithm);
    }

    static {
        keyResolver = null;
        keyResolver = new KeySelectorImpl();
    }
}
