package org.apache.rahas;

import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Vector;
import javax.xml.namespace.QName;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.impl.dom.factory.OMDOMFactory;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.context.MessageContext;
import org.apache.rahas.RahasConstants;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.opensaml.SAMLAssertion;

/* loaded from: input_file:org/apache/rahas/RahasData.class */
public class RahasData {
    private MessageContext inMessageContext;
    private OMElement rstElement;
    private int version;
    private String wstNs;
    private String requestType;
    private String tokenType;
    private String tokenId;
    private int keysize = -1;
    private String computedKeyAlgo;
    private String keyType;
    private String appliesToAddress;
    private OMElement appliesToEpr;
    private Principal principal;
    private X509Certificate clientCert;
    private byte[] ephmeralKey;
    private byte[] requestEntropy;
    private byte[] responseEntropy;
    private String addressingNs;
    private String soapNs;
    private OMElement claimElem;
    private String claimDialect;
    private SAMLAssertion assertion;
    private String actAs;

    public RahasData(MessageContext messageContext) throws TrustException {
        this.version = -1;
        this.inMessageContext = messageContext;
        processWSS4JSecurityResults();
        this.addressingNs = (String) this.inMessageContext.getProperty("WSAddressingVersion");
        OMElement oMElement = (OMElement) messageContext.getProperty(RahasConstants.PASSIVE_STS_RST);
        this.rstElement = oMElement;
        if (oMElement == null) {
            this.rstElement = this.inMessageContext.getEnvelope().getBody().getFirstElement();
        }
        this.soapNs = this.inMessageContext.getEnvelope().getNamespace().getNamespaceURI();
        this.wstNs = this.rstElement.getNamespace().getNamespaceURI();
        int wSTVersion = TrustUtil.getWSTVersion(this.wstNs);
        if (wSTVersion == -1) {
            throw new TrustException(TrustException.INVALID_REQUEST);
        }
        this.version = wSTVersion;
        processRequestType();
        processTokenType();
        processKeyType();
        processKeySize();
        processAppliesTo();
        processEntropy();
        processClaims();
        processValidateTarget();
        processRenewTarget();
        processActAs();
    }

    private void processWSS4JSecurityResults() throws TrustException {
        Vector vector = (Vector) this.inMessageContext.getProperty("RECV_RESULTS");
        if (vector == null) {
            throw new TrustException(TrustException.REQUEST_FAILED);
        }
        for (int i = 0; i < vector.size(); i++) {
            Vector results = ((WSHandlerResult) vector.get(i)).getResults();
            for (int i2 = 0; i2 < results.size(); i2++) {
                WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                Object obj = wSSecurityEngineResult.get("principal");
                int intValue = ((Integer) wSSecurityEngineResult.get("action")).intValue();
                if (intValue == 2 && obj != null) {
                    this.clientCert = (X509Certificate) wSSecurityEngineResult.get("x509-certificate");
                    this.principal = (Principal) obj;
                } else if (intValue == 1 && obj != null) {
                    this.principal = (Principal) obj;
                } else if (intValue == 4096) {
                    this.clientCert = ((X509Certificate[]) wSSecurityEngineResult.get("x509-certificates"))[0];
                    this.principal = this.clientCert.getSubjectDN();
                } else if (intValue == 8) {
                    this.assertion = (SAMLAssertion) wSSecurityEngineResult.get("saml-assertion");
                }
            }
        }
        if (this.principal == null && this.assertion == null) {
            throw new TrustException(TrustException.REQUEST_FAILED);
        }
    }

    private void processAppliesTo() throws TrustException {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(RahasConstants.WSP_NS, RahasConstants.IssuanceBindingLocalNames.APPLIES_TO));
        if (firstChildWithName != null) {
            OMElement firstElement = firstChildWithName.getFirstElement();
            this.appliesToEpr = firstElement;
            if (this.addressingNs == null) {
                this.addressingNs = firstElement.getNamespace().getNamespaceURI();
            }
            if (firstElement == null) {
                throw new TrustException("invalidAppliesToElem");
            }
            OMElement firstChildWithName2 = firstElement.getFirstChildWithName(new QName(this.addressingNs, "Address"));
            if (firstChildWithName2 == null || firstChildWithName2.getText() == null || "".equals(firstChildWithName2.getText().trim())) {
                return;
            }
            this.appliesToAddress = firstChildWithName2.getText().trim();
        }
    }

    private void processRequestType() throws TrustException {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.LocalNames.REQUEST_TYPE));
        if (firstChildWithName == null || firstChildWithName.getText() == null || firstChildWithName.getText().trim().length() == 0) {
            throw new TrustException(TrustException.INVALID_REQUEST);
        }
        this.requestType = firstChildWithName.getText().trim();
    }

    private void processTokenType() {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.LocalNames.TOKEN_TYPE));
        if (firstChildWithName == null || firstChildWithName.getText() == null || "".equals(firstChildWithName.getText().trim())) {
            return;
        }
        this.tokenType = firstChildWithName.getText().trim();
    }

    private void processKeyType() {
        String text;
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.IssuanceBindingLocalNames.KEY_TYPE));
        if (firstChildWithName == null || (text = firstChildWithName.getText()) == null || "".equals(text.trim())) {
            return;
        }
        this.keyType = text.trim();
    }

    private void processKeySize() throws TrustException {
        String text;
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.IssuanceBindingLocalNames.KEY_SIZE));
        if (firstChildWithName != null && (text = firstChildWithName.getText()) != null && !"".equals(text.trim())) {
            try {
                this.keysize = Integer.parseInt(text.trim());
                this.ephmeralKey = new byte[this.keysize / 8];
            } catch (NumberFormatException e) {
                throw new TrustException(TrustException.INVALID_REQUEST, new String[]{"invalid wst:Keysize value"}, e);
            }
        }
        this.keysize = -1;
    }

    private void processClaims() throws TrustException {
        this.claimElem = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.IssuanceBindingLocalNames.CLAIMS));
        if (this.claimElem != null) {
            this.claimDialect = this.claimElem.getAttributeValue(new QName(this.wstNs, RahasConstants.ATTR_CLAIMS_DIALECT));
        }
    }

    private void processValidateTarget() throws TrustException {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.LocalNames.VALIDATE_TARGET));
        if (firstChildWithName != null) {
            try {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(new StAXOMBuilder(new OMDOMFactory(), firstChildWithName.getFirstChildWithName(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference")).getXMLStreamReader()).getDocumentElement());
                if (securityTokenReference.containsReference()) {
                    this.tokenId = securityTokenReference.getReference().getURI();
                }
            } catch (WSSecurityException e) {
                throw new TrustException("errorExtractingTokenId", (Throwable) e);
            }
        }
    }

    private void processRenewTarget() throws TrustException {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.LocalNames.RENEW_TARGET));
        if (firstChildWithName != null) {
            try {
                SecurityTokenReference securityTokenReference = new SecurityTokenReference(new StAXOMBuilder(new OMDOMFactory(), firstChildWithName.getFirstChildWithName(new QName("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference")).getXMLStreamReader()).getDocumentElement());
                if (securityTokenReference.containsReference()) {
                    this.tokenId = securityTokenReference.getReference().getURI();
                }
            } catch (WSSecurityException e) {
                throw new TrustException("errorExtractingTokenId", (Throwable) e);
            }
        }
    }

    private void processEntropy() throws TrustException {
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.IssuanceBindingLocalNames.ENTROPY));
        if (firstChildWithName != null) {
            OMElement firstElement = firstChildWithName.getFirstElement();
            if (firstElement == null || firstElement.getText() == null || "".equals(firstElement.getText())) {
                throw new TrustException("malformedEntropyElement", new String[]{firstChildWithName.toString()});
            }
            this.requestEntropy = Base64.decode(firstElement.getText());
        }
    }

    private void processActAs() throws TrustException {
        if (this.version < 3) {
            return;
        }
        OMElement firstChildWithName = this.rstElement.getFirstChildWithName(new QName(this.wstNs, RahasConstants.LocalNames.ACTAS, RahasConstants.WST_PREFIX));
        String str = null;
        if (firstChildWithName == null) {
            return;
        }
        OMElement firstElement = firstChildWithName.getFirstElement();
        String namespaceURI = firstElement.getNamespace().getNamespaceURI();
        if (namespaceURI.equals(RahasConstants.NS_SAML_10)) {
            OMElement firstChildWithName2 = firstElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.SAML1_AUTH_STMT));
            if (firstChildWithName2 == null) {
                firstChildWithName2 = firstElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.ATTR_STMT));
            }
            OMElement oMElement = null;
            if (firstChildWithName2 != null) {
                oMElement = firstChildWithName2.getFirstChildWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.SUBJECT));
            }
            OMElement oMElement2 = null;
            if (oMElement != null) {
                oMElement2 = oMElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.SAML1_NAMEID));
            }
            if (oMElement2 != null) {
                str = oMElement2.getText();
            } else {
                OMElement firstChildWithName3 = firstElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.ATTR_STMT));
                if (firstChildWithName3 == null) {
                    throw new TrustException("To process an ActAs element, either the NameID of the SAML subject or an attribute with the Name should be present.");
                }
                Iterator childrenWithName = firstChildWithName3.getChildrenWithName(new QName(RahasConstants.NS_SAML_10, RahasConstants.LocalNames.ATTR));
                while (childrenWithName.hasNext()) {
                    OMElement oMElement3 = (OMElement) childrenWithName.next();
                    if (oMElement3.getAttribute(new QName(RahasConstants.LocalNames.NAME_ATTR)) != null && oMElement3.getAttribute(new QName(RahasConstants.LocalNames.NAME_ATTR)).getAttributeValue().toUpperCase().equals("NAME")) {
                        OMElement firstChildWithName4 = oMElement3.getFirstChildWithName(new QName(RahasConstants.LocalNames.ATTR_VALUE));
                        if (firstChildWithName4 == null) {
                            throw new TrustException("Empty AttributeValue element in the SAML Assertion");
                        }
                        str = firstChildWithName4.getText();
                    }
                }
            }
        } else {
            if (!namespaceURI.equals(RahasConstants.NS_SAML_20)) {
                throw new TrustException("Unsupported SAML version.");
            }
            OMElement firstChildWithName5 = firstElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_20, RahasConstants.LocalNames.SUBJECT, RahasConstants.SAML_PREFIX));
            OMElement oMElement4 = null;
            if (firstChildWithName5 != null) {
                oMElement4 = firstChildWithName5.getFirstChildWithName(new QName(RahasConstants.NS_SAML_20, RahasConstants.LocalNames.SAML2_NAMEID, RahasConstants.SAML_PREFIX));
            }
            if (oMElement4 != null) {
                str = oMElement4.getText();
            } else {
                OMElement firstChildWithName6 = firstElement.getFirstChildWithName(new QName(RahasConstants.NS_SAML_20, RahasConstants.LocalNames.ATTR_STMT, RahasConstants.SAML_PREFIX));
                if (firstChildWithName6 == null) {
                    throw new TrustException("To process an ActAs element, either the NameID of the SAML subject or an attribute with the Name should be present.");
                }
                Iterator childElements = firstChildWithName6.getChildElements();
                while (childElements.hasNext()) {
                    OMElement oMElement5 = (OMElement) childElements.next();
                    if (oMElement5.getAttribute(new QName(RahasConstants.LocalNames.NAME_ATTR)) != null && oMElement5.getAttribute(new QName(RahasConstants.LocalNames.NAME_ATTR)).getAttributeValue().toUpperCase().equals("NAME")) {
                        OMElement firstChildWithName7 = oMElement5.getFirstChildWithName(new QName(RahasConstants.NS_SAML_20, RahasConstants.LocalNames.ATTR_VALUE, RahasConstants.SAML_PREFIX));
                        if (firstChildWithName7 == null) {
                            throw new TrustException("Empty AttributeValue element in the SAML Assertion");
                        }
                        str = firstChildWithName7.getText();
                    }
                }
            }
        }
        if (str == null) {
            throw new TrustException("To process an ActAs element, either the NameID of the SAML subject oran attribute with the Name should be present.");
        }
        this.actAs = str;
    }

    public String getAppliesToAddress() {
        return this.appliesToAddress;
    }

    public X509Certificate getClientCert() {
        return this.clientCert;
    }

    public String getComputedKeyAlgo() {
        return this.computedKeyAlgo;
    }

    public byte[] getEphmeralKey() {
        return this.ephmeralKey;
    }

    public MessageContext getInMessageContext() {
        return this.inMessageContext;
    }

    public int getKeysize() {
        return this.keysize;
    }

    public String getKeyType() {
        return this.keyType;
    }

    public Principal getPrincipal() {
        return this.principal;
    }

    public byte[] getRequestEntropy() {
        return this.requestEntropy;
    }

    public String getRequestType() {
        return this.requestType;
    }

    public byte[] getResponseEntropy() {
        return this.responseEntropy;
    }

    public OMElement getRstElement() {
        return this.rstElement;
    }

    public String getTokenType() {
        return this.tokenType;
    }

    public int getVersion() {
        return this.version;
    }

    public String getAddressingNs() {
        return this.addressingNs;
    }

    public String getWstNs() {
        return this.wstNs;
    }

    public String getSoapNs() {
        return this.soapNs;
    }

    public String getTokenId() {
        return this.tokenId;
    }

    public void setResponseEntropy(byte[] bArr) {
        this.responseEntropy = bArr;
    }

    public void setEphmeralKey(byte[] bArr) {
        this.ephmeralKey = bArr;
    }

    public String getClaimDialect() {
        return this.claimDialect;
    }

    public OMElement getClaimElem() {
        return this.claimElem;
    }

    public OMElement getAppliesToEpr() {
        return this.appliesToEpr;
    }

    public String getActAs() {
        return this.actAs;
    }
}
