package org.apache.rahas.impl.util;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.dom.DOMMetaFactory;
import org.apache.axis2.description.Parameter;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.rahas.RahasData;
import org.apache.rahas.TrustException;
import org.apache.rahas.impl.SAMLTokenIssuerConfig;
import org.apache.rahas.impl.TokenIssuerUtil;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.WSSecEncryptedKey;
import org.apache.ws.security.processor.EncryptedKeyProcessor;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.Loader;
import org.opensaml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilder;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.X509Data;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:WEB-INF/lib/rampart-trust-1.7.1.jar:org/apache/rahas/impl/util/CommonUtil.class */
public class CommonUtil {
    private static Log log = LogFactory.getLog(CommonUtil.class);

    public static Document getOMDOMDocument() throws TrustException {
        try {
            return ((DOMMetaFactory) OMAbstractFactory.getMetaFactory("dom")).newDocumentBuilderFactory().newDocumentBuilder().newDocument();
        } catch (ParserConfigurationException e) {
            throw new TrustException("Error creating Axiom compatible DOM Document", e);
        }
    }

    public static X509Certificate getCertificateByAlias(Crypto crypto, String str) throws TrustException {
        X509Certificate[] certificatesByAlias = getCertificatesByAlias(crypto, str);
        if (certificatesByAlias != null) {
            return certificatesByAlias[0];
        }
        log.error("Unable to retrieve certificate for alias " + str);
        throw new TrustException("issuerCertificateNotFound");
    }

    public static X509Certificate[] getCertificatesByAlias(Crypto crypto, String str) throws TrustException {
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        try {
            X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
            if (x509Certificates != null) {
                return x509Certificates;
            }
            log.debug("Unable to retrieve certificate for alias " + str);
            return new X509Certificate[0];
        } catch (WSSecurityException e) {
            log.error("Unable to retrieve certificate for alias " + str, e);
            throw new TrustException("issuerCertificateNotFound", e);
        }
    }

    public static byte[] getDecryptedBytes(CallbackHandler callbackHandler, Crypto crypto, Node node) throws WSSecurityException {
        EncryptedKeyProcessor encryptedKeyProcessor = new EncryptedKeyProcessor();
        RequestData requestData = new RequestData();
        requestData.setCallbackHandler(callbackHandler);
        requestData.setDecCrypto(crypto);
        requestData.setWssConfig(WSSConfig.getNewInstance());
        return (byte[]) encryptedKeyProcessor.handleToken((Element) node, requestData, new WSDocInfo(node.getOwnerDocument())).get(0).get(WSSecurityEngineResult.TAG_SECRET);
    }

    public static Crypto getCrypto(Properties properties, ClassLoader classLoader) throws TrustException {
        try {
            return CryptoFactory.getInstance(properties, classLoader);
        } catch (WSSecurityException e) {
            log.error("An error occurred while loading crypto properties", e);
            throw new TrustException("errorLoadingCryptoProperties", e);
        }
    }

    public static Crypto getCrypto(String str, ClassLoader classLoader) throws TrustException {
        try {
            return CryptoFactory.getInstance(str, classLoader);
        } catch (WSSecurityException e) {
            log.error("An error occurred while loading crypto properties with property file " + str, e);
            throw new TrustException("errorLoadingCryptoProperties", new Object[]{str}, e);
        }
    }

    public static SAMLTokenIssuerConfig getTokenIssuerConfiguration(OMElement oMElement, String str, Parameter parameter) throws TrustException {
        SAMLTokenIssuerConfig createTokenIssuerConfiguration = createTokenIssuerConfiguration(oMElement);
        if (createTokenIssuerConfiguration != null) {
            return createTokenIssuerConfiguration;
        }
        SAMLTokenIssuerConfig createTokenIssuerConfiguration2 = createTokenIssuerConfiguration(str);
        if (createTokenIssuerConfiguration2 != null) {
            return createTokenIssuerConfiguration2;
        }
        if (parameter != null) {
            createTokenIssuerConfiguration2 = createTokenIssuerConfiguration(parameter);
        }
        return createTokenIssuerConfiguration2;
    }

    protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(OMElement oMElement) throws TrustException {
        if (oMElement == null) {
            return null;
        }
        log.debug("Creating token issuer configuration using OMElement");
        return new SAMLTokenIssuerConfig(oMElement.getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
    }

    protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(String str) throws TrustException {
        if (str == null) {
            return null;
        }
        if (log.isDebugEnabled()) {
            log.debug("Creating token issuer configuration using file " + str);
        }
        return new SAMLTokenIssuerConfig(str);
    }

    protected static SAMLTokenIssuerConfig createTokenIssuerConfiguration(Parameter parameter) throws TrustException {
        if (parameter == null || parameter.getParameterElement() == null) {
            return null;
        }
        log.debug("Creating token issuer configuration using the config parameter");
        return new SAMLTokenIssuerConfig(parameter.getParameterElement().getFirstChildWithName(SAMLTokenIssuerConfig.SAML_ISSUER_CONFIG));
    }

    public static XMLObject buildXMLObject(QName qName) throws TrustException {
        XMLObjectBuilder builder = Configuration.getBuilderFactory().getBuilder(qName);
        if (builder != null) {
            return builder.buildObject(qName.getNamespaceURI(), qName.getLocalPart(), qName.getPrefix());
        }
        log.debug("Unable to find OpenSAML builder for object " + qName);
        throw new TrustException("builderNotFound", new Object[]{qName});
    }

    public static KeyInfo getSymmetricKeyBasedKeyInfo(Document document, RahasData rahasData, X509Certificate x509Certificate, int i, Crypto crypto, int i2) throws WSSecurityException, TrustException {
        WSSecEncryptedKey symmetricKeyBasedKeyInfoContent = getSymmetricKeyBasedKeyInfoContent(document, TokenIssuerUtil.getSharedSecret(rahasData, i2, i), x509Certificate, crypto);
        byte[] bArr = new byte[i / 8];
        System.arraycopy(symmetricKeyBasedKeyInfoContent.getEphemeralKey(), 0, bArr, 0, i / 8);
        rahasData.setEphmeralKey(bArr);
        return SAMLUtils.createKeyInfo(SAMLUtils.createEncryptedKey(x509Certificate, symmetricKeyBasedKeyInfoContent));
    }

    static WSSecEncryptedKey getSymmetricKeyBasedKeyInfoContent(Document document, byte[] bArr, X509Certificate x509Certificate, Crypto crypto) throws WSSecurityException, TrustException {
        WSSecEncryptedKey wSSecEncryptedKey = new WSSecEncryptedKey();
        wSSecEncryptedKey.setKeyIdentifierType(8);
        wSSecEncryptedKey.setUseThisCert(x509Certificate);
        wSSecEncryptedKey.setEphemeralKey(bArr);
        wSSecEncryptedKey.setKeyEncAlgo("http://www.w3.org/2001/04/xmlenc#rsa-1_5");
        wSSecEncryptedKey.prepare(document, crypto);
        return wSSecEncryptedKey;
    }

    public static KeyInfo getCertificateBasedKeyInfo(X509Certificate x509Certificate) throws TrustException {
        return SAMLUtils.createKeyInfo(createX509Data(x509Certificate));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Data createX509Data(X509Certificate x509Certificate) throws TrustException {
        try {
            String encode = Base64.encode(x509Certificate.getEncoded());
            org.opensaml.xml.signature.X509Certificate x509Certificate2 = (org.opensaml.xml.signature.X509Certificate) buildXMLObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
            x509Certificate2.setValue(encode);
            X509Data x509Data = (X509Data) buildXMLObject(X509Data.DEFAULT_ELEMENT_NAME);
            x509Data.getX509Certificates().add(x509Certificate2);
            return x509Data;
        } catch (CertificateEncodingException e) {
            log.error("An error occurred while encoding certificate.", e);
            throw new TrustException("An error occurred while encoding certificate.", e);
        }
    }

    public static SAMLCallbackHandler getSAMLCallbackHandler(SAMLTokenIssuerConfig sAMLTokenIssuerConfig, RahasData rahasData) throws TrustException {
        if (sAMLTokenIssuerConfig.getCallbackHandler() != null) {
            return sAMLTokenIssuerConfig.getCallbackHandler();
        }
        if (sAMLTokenIssuerConfig.getCallbackHandlerName() == null || sAMLTokenIssuerConfig.getCallbackHandlerName().trim().length() <= 0) {
            return null;
        }
        try {
            try {
                return (SAMLCallbackHandler) Loader.loadClass(rahasData.getInMessageContext().getAxisService().getClassLoader(), sAMLTokenIssuerConfig.getCallbackHandlerName()).newInstance();
            } catch (Exception e) {
                throw new TrustException("cannotCreatePWCBInstance", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e);
            }
        } catch (ClassNotFoundException e2) {
            throw new TrustException("cannotLoadPWCBClass", new String[]{sAMLTokenIssuerConfig.getCallbackHandlerName()}, e2);
        }
    }
}
