package com.sun.xml.wss.filter;

import com.sun.enterprise.management.support.WebModuleSupport;
import com.sun.org.apache.xml.security.encryption.XMLCipher;
import com.sun.org.apache.xml.security.encryption.XMLEncryptionException;
import com.sun.org.apache.xml.security.utils.EncryptionConstants;
import com.sun.org.apache.xpath.internal.XPathAPI;
import com.sun.xml.wss.EncryptedDataHeaderBlock;
import com.sun.xml.wss.ExtendedMessageFilter;
import com.sun.xml.wss.KeyInfoHeaderBlock;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.PolicyViolationException;
import com.sun.xml.wss.ReferenceListHeaderBlock;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.Target;
import com.sun.xml.wss.XMLUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.XWSSecurityRuntimeException;
import com.sun.xml.wss.configuration.AllowEncryption;
import com.sun.xml.wss.configuration.DecryptRequirement;
import com.sun.xml.wss.configuration.SecurityRequirement;
import com.sun.xml.wss.configuration.SecurityRequirements;
import com.sun.xml.wss.helpers.KeyResolver;
import java.security.Key;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.logging.Level;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import javax.xml.soap.SOAPElement;
import javax.xml.transform.TransformerException;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:119167-11/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/DecryptReferenceListFilter.class */
public class DecryptReferenceListFilter extends FilterBase implements ExtendedMessageFilter {
    String algorithm;
    boolean enableLogging;
    ArrayList optionalTargets;
    SecurityRequirement receiverRequirement;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:119167-11/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/filter/DecryptReferenceListFilter$EncryptedElement.class */
    public class EncryptedElement {
        private Element element;
        private boolean contentOnly;
        private final DecryptReferenceListFilter this$0;

        public EncryptedElement(DecryptReferenceListFilter decryptReferenceListFilter, Element element, boolean z) {
            this.this$0 = decryptReferenceListFilter;
            this.element = element;
            this.contentOnly = z;
        }

        public Element getElement() {
            return this.element;
        }

        public boolean getContentOnly() {
            return this.contentOnly;
        }

        public boolean equals(Object obj) {
            if (!(obj instanceof EncryptedElement)) {
                return false;
            }
            EncryptedElement encryptedElement = (EncryptedElement) obj;
            return encryptedElement.getElement() == this.element && encryptedElement.getContentOnly() == this.contentOnly;
        }
    }

    public DecryptReferenceListFilter() {
        this.algorithm = null;
        this.enableLogging = false;
        this.optionalTargets = null;
        this.receiverRequirement = null;
    }

    public DecryptReferenceListFilter(SecurityRequirement securityRequirement, ArrayList arrayList) {
        this.algorithm = null;
        this.enableLogging = false;
        this.optionalTargets = null;
        this.receiverRequirement = null;
        this.receiverRequirement = securityRequirement;
        this.optionalTargets = arrayList;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirement(SecurityRequirement securityRequirement) {
        this.receiverRequirement = securityRequirement;
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void setReceiverRequirements(SecurityRequirements securityRequirements) throws UnsupportedOperationException {
        throw new UnsupportedOperationException("Operation not supported");
    }

    @Override // com.sun.xml.wss.ExtendedMessageFilter
    public void enableOperationsLog(boolean z) {
        this.enableLogging = z;
    }

    @Override // com.sun.xml.wss.MessageFilter
    public void process(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        ReferenceListHeaderBlock referenceListHeaderBlock = (ReferenceListHeaderBlock) securableSoapMessage.getFilterParameter("ReferenceList");
        if (referenceListHeaderBlock == null) {
            log.log(Level.SEVERE, "WSS0182.referencelist.parameter.null");
            throw new XWSSecurityException("REFERENCE_LIST parameter has a null value");
        }
        decryptReferenceList(referenceListHeaderBlock, securableSoapMessage);
    }

    private void decryptReferenceList(ReferenceListHeaderBlock referenceListHeaderBlock, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        NodeList dataRefElements = referenceListHeaderBlock.getDataRefElements();
        int size = referenceListHeaderBlock.size();
        HashSet hashSet = new HashSet();
        boolean z = false;
        boolean z2 = this.receiverRequirement != null;
        ArrayList targets = z2 ? this.receiverRequirement instanceof DecryptRequirement ? ((DecryptRequirement) this.receiverRequirement).getTargets() : ((AllowEncryption) this.receiverRequirement).getTargets() : null;
        for (int i = 0; i < size; i++) {
            try {
                SOAPElement sOAPElement = (SOAPElement) XMLUtil.getElementById(securableSoapMessage.getSOAPPart(), ((SOAPElement) dataRefElements.item(i)).getAttribute("URI").substring(1));
                EncryptedDataHeaderBlock encryptedDataHeaderBlock = new EncryptedDataHeaderBlock(sOAPElement);
                KeyInfoHeaderBlock keyInfo = encryptedDataHeaderBlock.getKeyInfo();
                this.algorithm = encryptedDataHeaderBlock.getEncryptionMethodURI();
                if (!"http://www.w3.org/2001/04/xmlenc#tripledes-cbc".equals(this.algorithm)) {
                    log.log(Level.SEVERE, "WSS0189.unsupported.data.decryption.algorithm");
                    XWSSecurityException xWSSecurityException = new XWSSecurityException("Triple-des algorithm expected for data encryption");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_ALGORITHM, xWSSecurityException.getMessage(), xWSSecurityException);
                }
                SecretKey secretKey = keyInfo == null ? (SecretKey) securableSoapMessage.getFilterParameter("SymmetricKey") : (SecretKey) KeyResolver.getKey(keyInfo, false, securableSoapMessage);
                if (secretKey == null) {
                    log.log(Level.SEVERE, "WSS0183.couldnot.locate.symmetrickey");
                    throw new XWSSecurityException("Couldn't locate symmetricKey for decryption");
                }
                Node parentNode = sOAPElement.getParentNode();
                Node previousSibling = sOAPElement.getPreviousSibling();
                Node node = null;
                boolean z3 = false;
                decryptElementWithCipher(initXMLCipher(secretKey, securableSoapMessage), sOAPElement, securableSoapMessage);
                if (encryptedDataHeaderBlock.getType().equalsIgnoreCase(EncryptionConstants.TYPE_CONTENT)) {
                    node = resolveActualEncrypted(parentNode, previousSibling, true);
                    z3 = true;
                } else if (encryptedDataHeaderBlock.getType().equalsIgnoreCase(EncryptionConstants.TYPE_ELEMENT)) {
                    node = resolveActualEncrypted(parentNode, previousSibling, false);
                    z3 = false;
                }
                if (this.enableLogging) {
                    hashSet.add(node);
                }
                if (z2) {
                    z = verifyIfReferenceExists(securableSoapMessage, node, z3, targets, z);
                    if (!z) {
                        String localName = node.getLocalName();
                        String namespaceURI = node.getNamespaceURI();
                        try {
                            Node importNode = parentNode.getOwnerDocument().importNode(sOAPElement, true);
                            if (node != parentNode) {
                                parentNode.replaceChild(importNode, node);
                            } else if (z3) {
                                while (parentNode.hasChildNodes()) {
                                    parentNode.removeChild(parentNode.getFirstChild());
                                }
                                parentNode.appendChild(importNode);
                            } else {
                                parentNode.getParentNode().replaceChild(importNode, node);
                            }
                            throw new PolicyViolationException(new StringBuffer().append("Target of encryption: {").append(namespaceURI).append("}").append(localName).append(" does not meet the ").append("receiver requirement").toString());
                        } catch (DOMException e) {
                            throw new XWSSecurityRuntimeException(e);
                        }
                    }
                }
            } catch (TransformerException e2) {
                throw new XWSSecurityException(e2.getMessage(), e2);
            }
        }
        if (this.enableLogging) {
            securableSoapMessage.logEncryptionReferences(hashSet);
        }
        if (!z2 || size >= getAllTargetElements(securableSoapMessage, targets).size()) {
            return;
        }
        log.log(Level.SEVERE, "WSS0190.encryption.requirements.not.met");
        throw new PolicyViolationException("The number of elements encrypted is less than required/allowed");
    }

    private boolean verifyIfReferenceExists(SecurableSoapMessage securableSoapMessage, Node node, boolean z, ArrayList arrayList, boolean z2) throws XWSSecurityException {
        EncryptedElement encryptedElement = new EncryptedElement(this, (Element) node, z);
        boolean contains = getAllTargetElements(securableSoapMessage, arrayList).contains(encryptedElement);
        if (!contains) {
            if (this.optionalTargets != null && getAllTargetElements(securableSoapMessage, this.optionalTargets).contains(encryptedElement)) {
                return true;
            }
            if (z2) {
                throw new XWSSecurityException(new StringBuffer().append("Target of encryption: {").append(node.getNamespaceURI()).append("}").append(node.getLocalName()).append(" does not meet the ").append("receiver requirement").toString());
            }
        }
        if (contains) {
            z2 = true;
        }
        return z2;
    }

    private ArrayList getAllTargetElements(SecurableSoapMessage securableSoapMessage, ArrayList arrayList) throws XWSSecurityException {
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Target target = (Target) it.next();
            String type = target.getType();
            String value = target.getValue();
            boolean contentOnly = target.getContentOnly();
            if (Target.TARGET_TYPE_VALUE_QNAME.equals(type)) {
                try {
                    contribute(XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), XMLUtil.convertToXpath(value), securableSoapMessage.getNSContext()), arrayList2, contentOnly);
                } catch (Exception e) {
                    throw new XWSSecurityException(e);
                }
            } else if ("xpath".equals(type)) {
                try {
                    contribute(XPathAPI.selectNodeList(securableSoapMessage.getSOAPPart(), value, securableSoapMessage.getNSContext()), arrayList2, contentOnly);
                } catch (Exception e2) {
                    throw new XWSSecurityException(e2);
                }
            } else if ("uri".equals(type)) {
                try {
                    contribute(XMLUtil.getElementById(securableSoapMessage.getSOAPPart(), value), arrayList2, contentOnly);
                } catch (Exception e3) {
                    throw new XWSSecurityException(e3);
                }
            } else {
                continue;
            }
        }
        return arrayList2;
    }

    private void contribute(NodeList nodeList, ArrayList arrayList, boolean z) {
        for (int i = 0; i < nodeList.getLength(); i++) {
            arrayList.add(new EncryptedElement(this, (Element) nodeList.item(i), z));
        }
    }

    private void contribute(Element element, ArrayList arrayList, boolean z) {
        arrayList.add(new EncryptedElement(this, element, z));
    }

    private Node resolveActualEncrypted(Node node, Node node2, boolean z) {
        return !z ? node2 == null ? node.getFirstChild() : node2.getNextSibling() : node;
    }

    private XMLCipher initXMLCipher(Key key, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        try {
            XMLCipher xMLCipher = XMLCipher.getInstance(this.algorithm);
            xMLCipher.init(2, key);
            return xMLCipher;
        } catch (XMLEncryptionException e) {
            log.log(Level.SEVERE, "WSS0137.unableto.decrypt.message", new Object[]{e.getMessage()});
            throw new XWSSecurityException("Unable to decrypt message", e);
        }
    }

    private Document decryptElementWithCipher(XMLCipher xMLCipher, SOAPElement sOAPElement, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        sOAPElement.normalize();
        try {
            return xMLCipher.doFinal(securableSoapMessage.getSOAPPart(), sOAPElement);
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0137.unableto.decrypt.message", new Object[]{e.getMessage()});
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_CHECK, "Unable to decrypt message", new XWSSecurityException("Unable to decrypt message", e));
        }
    }

    private String convertToXpath(String str) {
        QName valueOf = QName.valueOf(str);
        return "".equals(valueOf.getNamespaceURI()) ? new StringBuffer().append(WebModuleSupport.VIRTUAL_SERVER_PREFIX).append(valueOf.getLocalPart()).toString() : new StringBuffer().append("//*[local-name()='").append(valueOf.getLocalPart()).append("' and namespace-uri()='").append(valueOf.getNamespaceURI()).append("']").toString();
    }

    private ArrayList copyList(ArrayList arrayList) {
        if (arrayList == null) {
            return null;
        }
        ArrayList arrayList2 = new ArrayList();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            arrayList2.add(it.next());
        }
        return arrayList2;
    }
}
