package org.apache.rampart.builder;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.Vector;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.client.Options;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.EncryptedKeyToken;
import org.apache.rahas.SimpleTokenStore;
import org.apache.rahas.TrustException;
import org.apache.rahas.TrustUtil;
import org.apache.rampart.RampartConstants;
import org.apache.rampart.RampartException;
import org.apache.rampart.RampartMessageData;
import org.apache.rampart.handler.WSSHandlerConstants;
import org.apache.rampart.policy.RampartPolicyData;
import org.apache.rampart.policy.SupportingPolicyData;
import org.apache.rampart.policy.model.KerberosConfig;
import org.apache.rampart.util.RampartUtil;
import org.apache.ws.secpolicy.model.IssuedToken;
import org.apache.ws.secpolicy.model.SecureConversationToken;
import org.apache.ws.secpolicy.model.SupportingToken;
import org.apache.ws.secpolicy.model.Token;
import org.apache.ws.secpolicy.model.UsernameToken;
import org.apache.ws.secpolicy.model.X509Token;
import org.apache.ws.security.KerberosTokenPrincipal;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.conversation.ConversationException;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSSecDKSign;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.message.WSSecKerberosToken;
import org.apache.ws.security.message.WSSecSignature;
import org.apache.ws.security.message.WSSecSignatureConfirmation;
import org.apache.ws.security.message.WSSecTimestamp;
import org.apache.ws.security.message.WSSecUsernameToken;
import org.apache.ws.security.message.token.BinarySecurity;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/rampart/builder/BindingBuilder.class */
public abstract class BindingBuilder {
    private static Log log = LogFactory.getLog(BindingBuilder.class);
    private Element insertionLocation;
    protected String mainSigId = null;
    protected ArrayList encryptedTokensIdList = new ArrayList();
    protected Element timestampElement;
    protected Element mainRefListElement;

    /* JADX INFO: Access modifiers changed from: protected */
    public void addTimestamp(RampartMessageData rampartMessageData) {
        log.debug("Adding timestamp");
        WSSecTimestamp wSSecTimestamp = new WSSecTimestamp();
        wSSecTimestamp.setWsConfig(rampartMessageData.getConfig());
        wSSecTimestamp.setTimeToLive(RampartUtil.getTimeToLive(rampartMessageData));
        wSSecTimestamp.build(rampartMessageData.getDocument(), rampartMessageData.getSecHeader());
        if (log.isDebugEnabled()) {
            log.debug("Timestamp id: " + wSSecTimestamp.getId());
        }
        rampartMessageData.setTimestampId(wSSecTimestamp.getId());
        this.timestampElement = wSSecTimestamp.getElement();
        log.debug("Adding timestamp: DONE");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecUsernameToken addUsernameToken(RampartMessageData rampartMessageData, UsernameToken usernameToken) throws RampartException {
        log.debug("Adding a UsernameToken");
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Options options = rampartMessageData.getMsgContext().getOptions();
        String userName = options.getUserName();
        if ((userName == null || userName.length() == 0) && policyData.getRampartConfig() != null) {
            userName = policyData.getRampartConfig().getUser();
        }
        if (userName == null || "".equals(userName)) {
            log.debug("No user value specified in the configuration");
            throw new RampartException("userMissing");
        }
        if (log.isDebugEnabled()) {
            log.debug("User : " + userName);
        }
        if (usernameToken.isNoPassword()) {
            WSSecUsernameToken wSSecUsernameToken = new WSSecUsernameToken();
            wSSecUsernameToken.setUserInfo(userName, (String) null);
            wSSecUsernameToken.setPasswordType((String) null);
            if (rampartMessageData.getConfig() != null) {
                wSSecUsernameToken.setWsConfig(rampartMessageData.getConfig());
            }
            return wSSecUsernameToken;
        }
        String password = options.getPassword();
        if (password == null || password.length() == 0) {
            CallbackHandler passwordCB = RampartUtil.getPasswordCB(rampartMessageData);
            if (passwordCB == null) {
                throw new RampartException("cbHandlerMissing");
            }
            WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(userName, 2)};
            try {
                passwordCB.handle(wSPasswordCallbackArr);
                password = wSPasswordCallbackArr[0].getPassword();
            } catch (Exception e) {
                throw new RampartException("errorInGettingPasswordForUser", new String[]{userName}, e);
            }
        }
        if (log.isDebugEnabled()) {
            log.debug("Password : " + password);
        }
        if (password == null || "".equals(password)) {
            throw new RampartException("noPasswordForUser", new String[]{userName});
        }
        WSSecUsernameToken wSSecUsernameToken2 = new WSSecUsernameToken();
        if (rampartMessageData.getConfig() != null) {
            wSSecUsernameToken2.setWsConfig(rampartMessageData.getConfig());
        }
        if (usernameToken.isHashPassword()) {
            wSSecUsernameToken2.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest");
        } else {
            wSSecUsernameToken2.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        }
        wSSecUsernameToken2.setUserInfo(userName, password);
        return wSSecUsernameToken2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecEncryptedKey getEncryptedKeyBuilder(RampartMessageData rampartMessageData, Token token) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        Document document = rampartMessageData.getDocument();
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        try {
            RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecEncryptedKey, token);
            RampartUtil.setEncryptionUser(rampartMessageData, wSSecEncryptedKey);
            wSSecEncryptedKey.setKeySize(policyData.getAlgorithmSuite().getMaximumSymmetricKeyLength());
            wSSecEncryptedKey.setKeyEncAlgo(policyData.getAlgorithmSuite().getAsymmetricKeyWrap());
            wSSecEncryptedKey.prepare(document, RampartUtil.getEncryptionCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()));
            return wSSecEncryptedKey;
        } catch (WSSecurityException e) {
            throw new RampartException("errorCreatingEncryptedKey", (Throwable) e);
        }
    }

    @Deprecated
    protected WSSecSignature getSignatureBuider(RampartMessageData rampartMessageData, Token token) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, null);
    }

    @Deprecated
    protected WSSecSignature getSignatureBuider(RampartMessageData rampartMessageData, Token token, String str) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuilder(RampartMessageData rampartMessageData, Token token) throws RampartException {
        return getSignatureBuilder(rampartMessageData, token, null);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecSignature getSignatureBuilder(RampartMessageData rampartMessageData, Token token, String str) throws RampartException {
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        WSSecSignature wSSecSignature = new WSSecSignature();
        checkForX509PkiPath(wSSecSignature, token);
        wSSecSignature.setWsConfig(rampartMessageData.getConfig());
        if (log.isDebugEnabled()) {
            log.debug("Token inclusion: " + token.getInclusion());
        }
        RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecSignature, token);
        String str2 = null;
        if (str != null) {
            str2 = str;
        }
        if (str2 == null) {
            str2 = policyData.getRampartConfig().getUserCertAlias();
        }
        if (str2 == null) {
            str2 = policyData.getRampartConfig().getUser();
        }
        if (str2 == null || "".equals(str2)) {
            log.debug("No user value specified in the configuration");
            throw new RampartException("userMissing");
        }
        if (log.isDebugEnabled()) {
            log.debug("User : " + str2);
        }
        CallbackHandler passwordCB = RampartUtil.getPasswordCB(rampartMessageData);
        if (passwordCB == null) {
            throw new RampartException("cbHandlerMissing");
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str2, 3)};
        try {
            passwordCB.handle(wSPasswordCallbackArr);
            if (wSPasswordCallbackArr[0].getPassword() == null || "".equals(wSPasswordCallbackArr[0].getPassword())) {
                throw new RampartException("noPasswordForUser", new String[]{str2});
            }
            String password = wSPasswordCallbackArr[0].getPassword();
            if (log.isDebugEnabled()) {
                log.debug("Password : " + password);
            }
            wSSecSignature.setUserInfo(str2, password);
            wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getAsymmetricSignature());
            wSSecSignature.setSigCanonicalization(policyData.getAlgorithmSuite().getInclusiveC14n());
            try {
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                return wSSecSignature;
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithX509Token", (Throwable) e);
            }
        } catch (IOException e2) {
            throw new RampartException("errorInGettingPasswordForUser", new String[]{str2}, e2);
        } catch (UnsupportedCallbackException e3) {
            throw new RampartException("errorInGettingPasswordForUser", new String[]{str2}, e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HashMap handleSupportingTokens(RampartMessageData rampartMessageData, SupportingToken supportingToken) throws RampartException {
        HashMap hashMap = new HashMap();
        if (supportingToken != null && supportingToken.getTokens() != null && supportingToken.getTokens().size() > 0) {
            log.debug("Processing supporting tokens");
            Iterator it = supportingToken.getTokens().iterator();
            while (it.hasNext()) {
                IssuedToken issuedToken = (Token) it.next();
                if ((issuedToken instanceof IssuedToken) && rampartMessageData.isInitiator()) {
                    String issuedToken2 = RampartUtil.getIssuedToken(rampartMessageData, issuedToken);
                    try {
                        org.apache.rahas.Token token = rampartMessageData.getTokenStorage().getToken(issuedToken2);
                        if (token == null) {
                            throw new RampartException("errorInRetrievingTokenId", new String[]{issuedToken2});
                        }
                        Element insertSiblingAfter = RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), token.getToken());
                        setInsertionLocation(insertSiblingAfter);
                        if (supportingToken.isEncryptedToken()) {
                            this.encryptedTokensIdList.add(token.getId());
                        }
                        OMElement insertSiblingAfter2 = RampartUtil.insertSiblingAfter(rampartMessageData, insertSiblingAfter, TrustUtil.createSecurityTokenReference(rampartMessageData.getSecHeader().getSecurityHeader().getOwnerDocument(), issuedToken2, RampartConstants.SAML_ASSERTION_ID));
                        setInsertionLocation(insertSiblingAfter2);
                        hashMap.put(RampartUtil.addWsuIdToElement(insertSiblingAfter2), insertSiblingAfter2);
                    } catch (TrustException e) {
                        throw new RampartException("errorInRetrievingTokenId", new String[]{issuedToken2}, e);
                    }
                } else if (issuedToken instanceof X509Token) {
                    WSSecSignature signatureBuilder = getSignatureBuilder(rampartMessageData, issuedToken);
                    Element binarySecurityTokenElement = signatureBuilder.getBinarySecurityTokenElement();
                    if (binarySecurityTokenElement != null) {
                        setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), binarySecurityTokenElement));
                        SupportingPolicyData supportingPolicyData = new SupportingPolicyData();
                        supportingPolicyData.build(supportingToken);
                        supportingPolicyData.setSignatureToken(issuedToken);
                        supportingPolicyData.setEncryptionToken(issuedToken);
                        rampartMessageData.getPolicyData().addSupportingPolicyData(supportingPolicyData);
                        if (supportingToken.isEncryptedToken()) {
                            this.encryptedTokensIdList.add(signatureBuilder.getBSTTokenId());
                        }
                    }
                    hashMap.put(issuedToken, signatureBuilder);
                } else if (issuedToken instanceof UsernameToken) {
                    WSSecUsernameToken addUsernameToken = addUsernameToken(rampartMessageData, (UsernameToken) issuedToken);
                    addUsernameToken.prepare(rampartMessageData.getDocument());
                    OMElement insertSiblingAfter3 = RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), addUsernameToken.getUsernameTokenElement());
                    if (supportingToken.isEncryptedToken()) {
                        this.encryptedTokensIdList.add(addUsernameToken.getId());
                    }
                    setInsertionLocation(insertSiblingAfter3);
                    Date date = new Date();
                    try {
                        hashMap.put(issuedToken, new org.apache.rahas.Token(addUsernameToken.getId(), insertSiblingAfter3, date, new Date(date.getTime() + 300000)));
                    } catch (TrustException e2) {
                        throw new RampartException("errorCreatingRahasToken", (Throwable) e2);
                    }
                } else {
                    continue;
                }
            }
        }
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Vector addSignatureParts(HashMap hashMap, Vector vector) throws RampartException {
        Iterator it = hashMap.entrySet().iterator();
        while (it.hasNext()) {
            Object value = ((Map.Entry) it.next()).getValue();
            WSEncryptionPart wSEncryptionPart = null;
            if (value instanceof org.apache.rahas.Token) {
                wSEncryptionPart = new WSEncryptionPart(((org.apache.rahas.Token) value).getId());
            } else if (value instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) value;
                if (wSSecSignature.getBSTTokenId() != null) {
                    wSEncryptionPart = new WSEncryptionPart(wSSecSignature.getBSTTokenId());
                }
            } else {
                if (!(value instanceof OMElement) || !"SecurityTokenReference".equals(((OMElement) value).getLocalName())) {
                    throw new RampartException("UnsupportedTokenInSupportingToken");
                }
                String attributeValue = ((OMElement) value).getAttributeValue(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id", "wsu"));
                if (attributeValue != null) {
                    wSEncryptionPart = new WSEncryptionPart(attributeValue);
                    wSEncryptionPart.setName("SecurityTokenReference");
                }
            }
            vector.add(wSEncryptionPart);
        }
        return vector;
    }

    public Element getInsertionLocation() {
        return this.insertionLocation;
    }

    public void setInsertionLocation(Element element) {
        this.insertionLocation = element;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Vector doEndorsedSignatures(RampartMessageData rampartMessageData, HashMap hashMap) throws RampartException {
        Set<Token> keySet = hashMap.keySet();
        Vector vector = new Vector();
        for (Token token : keySet) {
            Object obj = hashMap.get(token);
            Vector vector2 = new Vector();
            vector2.add(new WSEncryptionPart(this.mainSigId));
            if (obj instanceof org.apache.rahas.Token) {
                org.apache.rahas.Token token2 = (org.apache.rahas.Token) obj;
                if (rampartMessageData.getPolicyData().isTokenProtection()) {
                    vector2.add(new WSEncryptionPart(token2.getId()));
                }
                doSymmSignature(rampartMessageData, token, (org.apache.rahas.Token) obj, vector2);
            } else if (obj instanceof WSSecSignature) {
                WSSecSignature wSSecSignature = (WSSecSignature) obj;
                if (rampartMessageData.getPolicyData().isTokenProtection() && wSSecSignature.getBSTTokenId() != null) {
                    vector2.add(new WSEncryptionPart(wSSecSignature.getBSTTokenId()));
                }
                try {
                    wSSecSignature.addReferencesToSign(vector2, rampartMessageData.getSecHeader());
                    wSSecSignature.computeSignature();
                    setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecSignature.getSignatureElement()));
                    vector.add(wSSecSignature.getSignatureValue());
                } catch (WSSecurityException e) {
                    throw new RampartException("errorInSignatureWithX509Token", (Throwable) e);
                }
            } else {
                continue;
            }
        }
        return vector;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public byte[] doSymmSignature(RampartMessageData rampartMessageData, Token token, org.apache.rahas.Token token2, Vector vector) throws RampartException {
        String id;
        Document document = rampartMessageData.getDocument();
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        if (!token.isDerivedKeys()) {
            try {
                WSSecSignature wSSecSignature = new WSSecSignature();
                wSSecSignature.setWsConfig(rampartMessageData.getConfig());
                if (token instanceof X509Token) {
                    if (rampartMessageData.isInitiator()) {
                        wSSecSignature.setCustomTokenValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
                        wSSecSignature.setKeyIdentifierType(9);
                    } else {
                        wSSecSignature.setEncrKeySha1value(((EncryptedKeyToken) token2).getSHA1());
                        wSSecSignature.setKeyIdentifierType(10);
                    }
                } else if (token instanceof IssuedToken) {
                    wSSecSignature.setCustomTokenValueType(RampartConstants.SAML_ASSERTION_ID);
                    wSSecSignature.setKeyIdentifierType(15);
                }
                if (token instanceof SecureConversationToken) {
                    wSSecSignature.setKeyIdentifierType(9);
                    OMElement attachedReference = token2.getAttachedReference();
                    if (attachedReference == null) {
                        attachedReference = token2.getUnattachedReference();
                    }
                    id = attachedReference != null ? SimpleTokenStore.getIdFromSTR(attachedReference) : token2.getId();
                } else {
                    id = token2.getId();
                }
                if (id.startsWith("#")) {
                    id = id.substring(1);
                }
                wSSecSignature.setCustomTokenId(id);
                wSSecSignature.setSecretKey(token2.getSecret());
                wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getAsymmetricSignature());
                wSSecSignature.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
                wSSecSignature.prepare(rampartMessageData.getDocument(), RampartUtil.getSignatureCrypto(policyData.getRampartConfig(), rampartMessageData.getCustomClassLoader()), rampartMessageData.getSecHeader());
                wSSecSignature.setParts(vector);
                wSSecSignature.addReferencesToSign(vector, rampartMessageData.getSecHeader());
                wSSecSignature.computeSignature();
                if (policyData.getProtectionOrder().equals("EncryptBeforeSigning") && getInsertionLocation() == null) {
                    setInsertionLocation(RampartUtil.insertSiblingBefore(rampartMessageData, this.mainRefListElement, wSSecSignature.getSignatureElement()));
                } else {
                    setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecSignature.getSignatureElement()));
                }
                return wSSecSignature.getSignatureValue();
            } catch (WSSecurityException e) {
                throw new RampartException("errorInSignatureWithACustomToken", (Throwable) e);
            }
        }
        try {
            WSSecDKSign wSSecDKSign = new WSSecDKSign();
            if (2 == token.getVersion()) {
                wSSecDKSign.setWscVersion(2);
            }
            boolean z = false;
            if (5 == token.getInclusion() || 2 == token.getInclusion() || (rampartMessageData.isInitiator() && 3 == token.getInclusion())) {
                z = true;
            }
            OMElement attachedReference2 = z ? token2.getAttachedReference() : token2.getUnattachedReference();
            if (attachedReference2 != null) {
                wSSecDKSign.setExternalKey(token2.getSecret(), (Element) document.importNode((Element) attachedReference2, true));
            } else if (rampartMessageData.isInitiator() || !token.isDerivedKeys()) {
                wSSecDKSign.setExternalKey(token2.getSecret(), token2.getId());
            } else {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(document);
                if (token2 instanceof EncryptedKeyToken) {
                    securityTokenReference.setKeyIdentifierEncKeySHA1(((EncryptedKeyToken) token2).getSHA1());
                }
                wSSecDKSign.setExternalKey(token2.getSecret(), securityTokenReference.getElement());
            }
            wSSecDKSign.setSignatureAlgorithm(policyData.getAlgorithmSuite().getSymmetricSignature());
            wSSecDKSign.setDerivedKeyLength(policyData.getAlgorithmSuite().getSignatureDerivedKeyLength() / 8);
            if (token2 instanceof EncryptedKeyToken) {
                wSSecDKSign.setCustomValueType("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey");
            }
            wSSecDKSign.prepare(document, rampartMessageData.getSecHeader());
            if (policyData.isTokenProtection()) {
                String id2 = token2.getId();
                if (id2.startsWith("#")) {
                    id2 = id2.substring(1);
                }
                vector.add(new WSEncryptionPart(id2));
            }
            wSSecDKSign.setParts(vector);
            wSSecDKSign.addReferencesToSign(vector, rampartMessageData.getSecHeader());
            wSSecDKSign.computeSignature();
            if (policyData.getProtectionOrder().equals("EncryptBeforeSigning") && getInsertionLocation() == null) {
                setInsertionLocation(RampartUtil.insertSiblingBefore(rampartMessageData, this.mainRefListElement, wSSecDKSign.getdktElement()));
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecDKSign.getSignatureElement()));
            } else {
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecDKSign.getdktElement()));
                setInsertionLocation(RampartUtil.insertSiblingAfter(rampartMessageData, getInsertionLocation(), wSSecDKSign.getSignatureElement()));
            }
            return wSSecDKSign.getSignatureValue();
        } catch (WSSecurityException e2) {
            throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e2);
        } catch (ConversationException e3) {
            throw new RampartException("errorInDerivedKeyTokenSignature", (Throwable) e3);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public org.apache.rahas.Token getToken(RampartMessageData rampartMessageData, String str) throws RampartException {
        try {
            org.apache.rahas.Token token = rampartMessageData.getTokenStorage().getToken(str);
            if (token == null) {
                throw new RampartException("errorInRetrievingTokenId", new String[]{str});
            }
            return token;
        } catch (TrustException e) {
            throw new RampartException("errorInRetrievingTokenId", new String[]{str}, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addSignatureConfirmation(RampartMessageData rampartMessageData, Vector vector) {
        if (rampartMessageData.getPolicyData().isSignatureConfirmation()) {
            Document document = rampartMessageData.getDocument();
            Vector vector2 = (Vector) rampartMessageData.getMsgContext().getProperty("RECV_RESULTS");
            Vector vector3 = new Vector();
            for (int i = 0; i < vector2.size(); i++) {
                WSHandlerResult wSHandlerResult = (WSHandlerResult) vector2.get(i);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 2, vector3);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 16, vector3);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 64, vector3);
                WSSecurityUtil.fetchAllActionResults(wSHandlerResult.getResults(), 5120, vector3);
            }
            WSSecSignatureConfirmation wSSecSignatureConfirmation = new WSSecSignatureConfirmation();
            if (vector3.size() <= 0) {
                wSSecSignatureConfirmation.prepare(document);
                RampartUtil.appendChildToSecHeader(rampartMessageData, wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (vector != null) {
                    vector.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                    return;
                }
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Signature Confirmation: number of Signature results: " + vector3.size());
            }
            for (int i2 = 0; i2 < vector3.size(); i2++) {
                wSSecSignatureConfirmation.setSignatureValue((byte[]) ((WSSecurityEngineResult) vector3.get(i2)).get("signature-value"));
                wSSecSignatureConfirmation.prepare(document);
                RampartUtil.appendChildToSecHeader(rampartMessageData, wSSecSignatureConfirmation.getSignatureConfirmationElement());
                if (vector != null) {
                    vector.add(new WSEncryptionPart(wSSecSignatureConfirmation.getId()));
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public WSSecKerberosToken getKerberosTokenBuilder(RampartMessageData rampartMessageData, Token token) throws RampartException {
        String property;
        String property2;
        RampartPolicyData policyData = rampartMessageData.getPolicyData();
        KerberosConfig kerberosConfig = policyData.getRampartConfig().getKerberosConfig();
        if (kerberosConfig == null || kerberosConfig.getProp() == null) {
            throw new RampartException("noKerberosConfigDefined");
        }
        WSSecKerberosToken wSSecKerberosToken = new WSSecKerberosToken();
        wSSecKerberosToken.setWsConfig(rampartMessageData.getConfig());
        log.debug("Token inclusion: " + token.getInclusion());
        RampartUtil.setKeyIdentifierType(rampartMessageData, wSSecKerberosToken, token);
        String str = null;
        String str2 = (String) rampartMessageData.getMsgContext().getProperty(KerberosConfig.CLIENT_PRINCIPLE_NAME);
        String str3 = (String) rampartMessageData.getMsgContext().getProperty(KerberosConfig.SERVICE_PRINCIPLE_NAME);
        if (str2 == null || str3 == null || rampartMessageData.isInitiator()) {
            property = kerberosConfig.getProp().getProperty(KerberosConfig.CLIENT_PRINCIPLE_NAME);
            String property3 = kerberosConfig.getProp().getProperty(KerberosConfig.CLIENT_PRINCIPLE_PASSWORD);
            if (property3 == null) {
                property3 = kerberosConfig.getProp().getProperty(KerberosConfig.SERVICE_PRINCIPLE_PASSWORD);
            }
            if (property == null) {
                property = policyData.getRampartConfig().getUser();
            }
            if (property != null && !"".equals(property)) {
                log.debug("User : " + property);
                CallbackHandler passwordCB = RampartUtil.getPasswordCB(rampartMessageData);
                if (passwordCB != null) {
                    WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(property, 9)};
                    try {
                        passwordCB.handle(wSPasswordCallbackArr);
                        if (wSPasswordCallbackArr[0].getPassword() == null || "".equals(wSPasswordCallbackArr[0].getPassword())) {
                            str = property3;
                        } else {
                            str = wSPasswordCallbackArr[0].getPassword();
                            log.debug("Password : " + str);
                        }
                    } catch (IOException e) {
                        throw new RampartException("errorInGettingPasswordForUser", new String[]{property}, e);
                    } catch (UnsupportedCallbackException e2) {
                        throw new RampartException("errorInGettingPasswordForUser", new String[]{property}, e2);
                    }
                } else {
                    str = property3;
                }
            }
            property2 = kerberosConfig.getProp().getProperty(KerberosConfig.SERVICE_PRINCIPLE_NAME);
        } else {
            property = str2;
            property2 = str3;
        }
        wSSecKerberosToken.setUserInfo(property, str);
        wSSecKerberosToken.setServicePrincipalName(property2);
        if (!rampartMessageData.isInitiator()) {
            wSSecKerberosToken.setReceiver(true);
        }
        try {
            wSSecKerberosToken.build(rampartMessageData.getDocument(), rampartMessageData.getSecHeader());
            if (!rampartMessageData.isInitiator()) {
                setKerberosToken(rampartMessageData, wSSecKerberosToken);
            }
            return wSSecKerberosToken;
        } catch (WSSecurityException e3) {
            throw new RampartException("errorInBuilingKereberosToken", (Throwable) e3);
        }
    }

    private void setKerberosToken(RampartMessageData rampartMessageData, WSSecKerberosToken wSSecKerberosToken) throws RampartException {
        Vector vector = (Vector) rampartMessageData.getMsgContext().getProperty("RECV_RESULTS");
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                if (((Integer) wSSecurityEngineResult.get(WSSHandlerConstants.ACTION)).intValue() == 5120) {
                    try {
                        wSSecKerberosToken.setBSTToken(new BinarySecurity(((KerberosTokenPrincipal) wSSecurityEngineResult.get("principal")).getTokenElement()));
                    } catch (WSSecurityException e) {
                        throw new RampartException("errorExtractingKereberosToken");
                    }
                }
            }
        }
    }

    private void checkForX509PkiPath(WSSecSignature wSSecSignature, Token token) {
        if (token instanceof X509Token) {
            X509Token x509Token = (X509Token) token;
            if (x509Token.getTokenVersionAndType().equals("WssX509PkiPathV1Token10") || x509Token.getTokenVersionAndType().equals("WssX509PkiPathV1Token11")) {
                wSSecSignature.setUseSingleCertificate(false);
            }
        }
    }
}
