package com.sonicsw.ws.security.wss4j;

import com.sonicsw.blackbird.http.IHTTPResponse;
import com.sonicsw.net.http.HttpConstants;
import com.sonicsw.net.http.HttpHelper;
import com.sonicsw.net.http.HttpOutboundHandler;
import com.sonicsw.net.http.ws.WSHttpInRequest;
import com.sonicsw.net.http.ws.WSHttpOutRequest;
import com.sonicsw.security.cert.BrokerCertificateStore;
import com.sonicsw.security.cert.BrokerKeyStore;
import com.sonicsw.ws.axis.ContextProperties;
import com.sonicsw.ws.axis.DebugObjects;
import com.sonicsw.ws.security.AlgorithmConstants;
import com.sonicsw.ws.security.action.Action;
import com.sonicsw.ws.security.action.Encryption;
import com.sonicsw.ws.security.action.Signature;
import com.sonicsw.ws.security.action.SupportingToken;
import com.sonicsw.ws.security.action.Timestamp;
import com.sonicsw.ws.security.action.TransportBindingAction;
import com.sonicsw.ws.security.policy.MessagePartWSS4J;
import com.sonicsw.ws.security.policy.MessageParts;
import com.sonicsw.ws.security.policy.SSPConstants;
import com.sonicsw.ws.security.policy.SecurityPolicyAlternative;
import com.sonicsw.ws.security.policy.WSSPConstants;
import com.sonicsw.ws.security.policy.WSSPUtils;
import com.sonicsw.ws.security.policy.model.SonicAlgorithmSuiteUtils;
import com.sonicsw.ws.security.processingresult.TransportBindingResult;
import com.sonicsw.wsp.OperationContext;
import com.sonicsw.wsp.PolicyException;
import com.sonicsw.wsp.SecurityPolicyException;
import java.io.ByteArrayOutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import java.util.Vector;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.xml.namespace.QName;
import org.apache.axis.AxisFault;
import org.apache.axis.Message;
import org.apache.axis.MessageContext;
import org.apache.axis.SOAPPart;
import org.apache.axis.message.SAX2EventRecorder;
import org.apache.axis.message.SOAPEnvelope;
import org.apache.ws.security.SOAPConstants;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Merlin;
import org.apache.ws.security.handler.WSHandlerConstants;
import org.apache.ws.security.handler.WSHandlerResult;
import org.apache.ws.security.message.WSAddTimestamp;
import org.apache.ws.security.message.WSBaseMessage;
import org.apache.ws.security.message.WSEncryptBody;
import org.apache.ws.security.message.WSSAddUsernameToken;
import org.apache.ws.security.message.WSSignEnvelope;
import org.apache.ws.security.policy.model.AlgorithmSuite;
import org.apache.ws.security.util.StringUtil;
import org.apache.ws.security.util.WSSecurityUtil;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import progress.message.broker.Config;
import progress.message.broker.RoutingConnectionInfo;

/* loaded from: input_file:com/sonicsw/ws/security/wss4j/WSSOutboundHandler.class */
public class WSSOutboundHandler {
    static final SonicWSSecurityEngine secEngine = (SonicWSSecurityEngine) SonicWSSecurityEngine.getInstance();
    private static final String ENC_CRYPTO_KEYSTORE_PSW_VALUE = "interop";
    private static final String ENC_CRYPTO_CERT_ALIAS = "com_sonicsw_ws_security_wss4j_outbound_enc_cert_alias";
    private static final String REQUEST_DATA = "com.sonicsw.ws.security.wss4j.WSSOutboundHandler.RequestData";
    private static KeyStore s_emptyKeyStore;
    private static Crypto s_crypto;
    private boolean DEBUG = DebugObjects.getHandlerDebug().getDebug();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/ws/security/wss4j/WSSOutboundHandler$Crypto.class */
    public static class Crypto extends Merlin {
        Crypto(KeyStore keyStore) throws Exception {
            super((Properties) null);
            this.keystore = keyStore;
        }

        public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
            if (x509Certificate.getVersion() < 3) {
                throw new RuntimeException("SKI not available - certificate version (<3)");
            }
            byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
            if (extensionValue == null) {
                throw new RuntimeException("SKI not available from certificate:\n" + x509Certificate);
            }
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/ws/security/wss4j/WSSOutboundHandler$CryptoSKI.class */
    public class CryptoSKI extends Crypto {
        private byte[] skiBytes;

        CryptoSKI(KeyStore keyStore) throws Exception {
            super(keyStore);
            this.skiBytes = null;
        }

        public void setSKIBytes(byte[] bArr) {
            this.skiBytes = bArr;
        }

        @Override // com.sonicsw.ws.security.wss4j.WSSOutboundHandler.Crypto
        public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
            return this.skiBytes;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/sonicsw/ws/security/wss4j/WSSOutboundHandler$RequestData.class */
    public class RequestData {
        boolean noSerialization;
        SOAPConstants soapConstants;
        String actor;
        String username;
        String pwType;
        String[] utElements;
        Crypto sigCrypto;
        int sigKeyId;
        String sigAlgorithm;
        Vector signatureParts;
        Crypto encCrypto;
        int encKeyId;
        String encSymmAlgo;
        String encKeyTransport;
        String encUser;
        Vector encryptParts;
        X509Certificate encCert;
        int timeToLive;
        String action;
        boolean mustUnderstand;
        Document sndSecurity;
        String pwCallbackClass;
        String pwCallbackRef;
        String userPassword;
        byte[] key;
        KeyStore encKeyStore;
        String encKeyIdInString;
        String encKeyName;
        String encPartsInString;
        String encKeySKI;
        KeyStore sigKeyStore;
        String sigKeyIdInString;
        String sigPartsInString;
        String sigCanonAlgo;

        private RequestData() {
            this.noSerialization = false;
            this.pwType = WSSPConstants.LN_PASSWORDTYPE_TEXT;
            this.signatureParts = new Vector();
            this.encryptParts = new Vector();
            this.timeToLive = 300;
            this.mustUnderstand = true;
            this.encKeySKI = null;
        }

        void clear() {
            this.soapConstants = null;
            this.encUser = null;
            this.encKeyTransport = null;
            this.encSymmAlgo = null;
            this.sigAlgorithm = null;
            this.pwType = null;
            this.username = null;
            this.actor = null;
            this.encCrypto = null;
            this.sigCrypto = null;
            this.signatureParts.clear();
            this.encryptParts.clear();
            this.encryptParts = null;
            this.signatureParts = null;
            this.encCert = null;
            this.utElements = null;
            this.userPassword = null;
            this.pwCallbackRef = null;
            this.pwCallbackClass = null;
            this.action = null;
            this.encPartsInString = null;
            this.encKeyName = null;
            this.encKeyIdInString = null;
            this.sigCanonAlgo = null;
            this.sigPartsInString = null;
            this.sigKeyIdInString = null;
            this.mustUnderstand = true;
            this.sndSecurity = null;
            this.key = null;
            this.encKeyStore = null;
            this.sigKeyStore = null;
        }
    }

    private void debug(String str) {
        DebugObjects.getHandlerDebug().debug(str);
    }

    private void debug(String str, Throwable th) {
        DebugObjects.getHandlerDebug().debug(str, th);
    }

    private RequestData initializeReqData() {
        return new RequestData();
    }

    public void handleClientRequest(MessageContext messageContext) throws AxisFault {
        handleMessage(messageContext);
    }

    public void handleServerResponse(MessageContext messageContext) throws AxisFault {
        if (this.DEBUG) {
            debug("Server response being created...");
        }
        handleMessage(messageContext);
    }

    private void handleMessage(MessageContext messageContext) throws AxisFault {
        String byteArrayOutputStream;
        preprocessMessageContext(messageContext);
        RequestData[] requestDataArr = (RequestData[]) messageContext.getProperty(REQUEST_DATA);
        if (requestDataArr != null) {
            if (this.DEBUG) {
                debug("WSSOutboundHandler: Processing SOAP message");
            }
            for (RequestData requestData : requestDataArr) {
                try {
                    try {
                        handleMessage(messageContext, requestData);
                    } catch (Throwable th) {
                        if (this.DEBUG) {
                            th.printStackTrace();
                        }
                        if (th instanceof AxisFault) {
                            throw th;
                        }
                        AxisFault axisFault = new AxisFault("WSSOutboundHandler: Error in processing SOAP message.", th);
                        if (this.DEBUG) {
                            th.printStackTrace();
                            debug("Throwing AxisFault: " + axisFault.getMessage());
                        }
                        throw axisFault;
                    }
                } finally {
                    cleanup(messageContext);
                }
            }
            return;
        }
        if (this.DEBUG) {
            debug("WSSOutboundHandler: Nothing to do, returning.");
        }
        if (this.DEBUG) {
            try {
                Message currentMessage = messageContext.getCurrentMessage();
                if (currentMessage != null) {
                    SOAPPart sOAPPart = currentMessage.getSOAPPart();
                    SOAPEnvelope envelope = sOAPPart.getEnvelope();
                    if (envelope.isDirty()) {
                        envelope.setRecorder((SAX2EventRecorder) null);
                    }
                    Document asDocument = envelope.getAsDocument();
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    XMLUtils.outputDOM(asDocument, byteArrayOutputStream2, true);
                    sOAPPart.setCurrentMessage(byteArrayOutputStream2.toByteArray(), 4);
                    try {
                        byteArrayOutputStream = byteArrayOutputStream2.toString("UTF-8");
                    } catch (UnsupportedEncodingException e) {
                        byteArrayOutputStream = byteArrayOutputStream2.toString();
                    }
                    if (this.DEBUG) {
                        debug("Send request:");
                        debug("\r ---------------- \r" + byteArrayOutputStream + "\r ---------------- \r");
                    }
                }
            } catch (Exception e2) {
                e2.printStackTrace();
            }
        }
    }

    private void preprocessMessageContext(MessageContext messageContext) throws AxisFault {
        SecurityPolicyAlternative securityPolicyAlternative = (SecurityPolicyAlternative) messageContext.getProperty(ContextProperties.WSS_POLICY);
        if (securityPolicyAlternative == null) {
            return;
        }
        Action[] actions = securityPolicyAlternative.getActions();
        if (actions == null) {
            if (this.DEBUG) {
                debug("assertionList is null");
                return;
            }
            return;
        }
        if (actions.length == 0) {
            if (this.DEBUG) {
                debug("assertionList is empty");
                return;
            }
            return;
        }
        BrokerKeyStore brokerKeyStore = BrokerKeyStore.getInstance("JKS");
        String str = null;
        String str2 = null;
        if (brokerKeyStore != null) {
            str = brokerKeyStore.getDefaultAlias();
            char[] defaultKeyPassword = brokerKeyStore.getDefaultKeyPassword();
            if (defaultKeyPassword != null) {
                str2 = new String(defaultKeyPassword);
            }
        }
        HttpOutboundHandler httpOutboundHandler = (HttpOutboundHandler) messageContext.getProperty(ContextProperties.HTTP_OUT_HANDLER);
        RoutingConnectionInfo routingConnectionInfo = httpOutboundHandler != null ? httpOutboundHandler.getRoutingConnectionInfo() : null;
        if (this.DEBUG) {
            debug("Brokerwide WS properties");
            debug("\tUSERNAMETOKEN_USERNAME: " + Config.WS_SECURITY_UT_USER);
            debug("\tUSERNAMETOKEN_PASSWORD: " + Config.WS_SECURITY_UT_PASSWORD);
            debug("\tX509TOKEN_ALIAS: " + str);
            debug("\tX509TOKEN_PASSWORD: " + str2);
            if (routingConnectionInfo != null) {
                debug("Routing Defination WS properties");
                debug("\tUSERNAMETOKEN_USERNAME: " + routingConnectionInfo.getUsernameTokenName());
                if (routingConnectionInfo.getUsernameTokenPassword() != null) {
                    debug("\tUSERNAMETOKEN_PASSWORD: " + new String(routingConnectionInfo.getUsernameTokenPassword()));
                } else {
                    debug("\tUSERNAMETOKEN_PASSWORD: null");
                }
                debug("\tX509TOKEN_ALIAS: " + routingConnectionInfo.getX509Alias());
                if (routingConnectionInfo.getX509Password() != null) {
                    debug("\tX509TOKEN_PASSWORD: " + new String(routingConnectionInfo.getX509Password()));
                }
            }
        }
        ArrayList arrayList = new ArrayList();
        for (Action action : actions) {
            if (action != null) {
                int type = action.getType();
                if (type == 4) {
                    RequestData processSupportingToken = processSupportingToken((SupportingToken) action, routingConnectionInfo, Config.WS_SECURITY_UT_USER, Config.WS_SECURITY_UT_PASSWORD);
                    if (processSupportingToken != null) {
                        arrayList.add(processSupportingToken);
                    }
                } else if (type == 2 || type == 99) {
                    RequestData processEncryption = processEncryption((Encryption) action, routingConnectionInfo, messageContext);
                    if (processEncryption != null) {
                        arrayList.add(processEncryption);
                    }
                } else if (type == 1) {
                    RequestData processSignature = processSignature((Signature) action, routingConnectionInfo, str, str2, messageContext);
                    if (processSignature != null) {
                        arrayList.add(processSignature);
                    }
                } else if (type == 3) {
                    RequestData processTimestamp = processTimestamp((Timestamp) action);
                    if (processTimestamp != null) {
                        arrayList.add(processTimestamp);
                    }
                } else {
                    if (type != 5) {
                        AxisFault axisFault = new AxisFault("WSSOutboundHandler: Invalid Assertion: " + type + ".");
                        if (this.DEBUG) {
                            debug("Throwing AxisFault: " + axisFault.getMessage());
                        }
                        throw axisFault;
                    }
                    processTransportBinding((TransportBindingAction) action, messageContext);
                }
            }
        }
        messageContext.setProperty(REQUEST_DATA, (RequestData[]) arrayList.toArray(new RequestData[arrayList.size()]));
    }

    private void handleMessage(MessageContext messageContext, RequestData requestData) throws AxisFault {
        String byteArrayOutputStream;
        if (this.DEBUG) {
            debug("WSSOutboundHandler: enter invoke() with msg type: " + messageContext.getCurrentMessage().getMessageType());
            if (messageContext != null && messageContext.getCurrentMessage() != null) {
                debug("\r ---------------- \r" + new String(messageContext.getCurrentMessage().getSOAPPartAsBytes()) + "\r ---------------- \r");
            }
        }
        try {
            Vector vector = new Vector();
            String str = requestData.action;
            if (str == null) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: No action defined");
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage());
                }
                throw axisFault;
            }
            try {
                int decodeAction = WSSecurityUtil.decodeAction(str, vector);
                if (this.DEBUG) {
                    debug("action: " + str + ", int value is: " + decodeAction + (decodeAction == 0 ? ". WSConstants.NO_SECURITY" : ". SECURITY enabled"));
                }
                if (decodeAction == 0) {
                    return;
                }
                boolean z = requestData.mustUnderstand;
                if (this.DEBUG) {
                    debug("reqData.actor: " + requestData.actor);
                    debug("reqData.username: " + requestData.username);
                    debug("reqData.userPassword: " + requestData.userPassword);
                    debug("reqData.key: " + requestData.key);
                }
                if ((decodeAction & 67) != 0 && (requestData.username == null || "".equals(requestData.username))) {
                    AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: Empty username for specified action");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault2.getMessage());
                    }
                    throw axisFault2;
                }
                SOAPPart sOAPPart = messageContext.getCurrentMessage().getSOAPPart();
                Document document = requestData.sndSecurity;
                if (document == null) {
                    try {
                        document = sOAPPart.getEnvelope().getAsDocument();
                    } catch (Exception e) {
                        AxisFault axisFault3 = new AxisFault("WSSOutboundHandler: cannot get SOAP envlope from message" + e, e);
                        if (this.DEBUG) {
                            debug("Throwing AxisFault: " + axisFault3.getMessage(), axisFault3);
                        }
                        throw axisFault3;
                    }
                }
                requestData.soapConstants = WSSecurityUtil.getSOAPConstants(document.getDocumentElement());
                if ((decodeAction & 1) == 1) {
                    if (this.DEBUG) {
                        debug("UsernameToken...decoding param...WSConstants.UT");
                    }
                    decodeUTParameter(requestData);
                }
                if ((decodeAction & 64) == 64) {
                    if (this.DEBUG) {
                        debug("UsernameToken...decoding param...WSConstants.UT_SIGN");
                    }
                    decodeUTParameter(requestData);
                    if (this.DEBUG) {
                        debug("Signature (with UT secrect key)...decoding param");
                    }
                    decodeSignatureParameter(requestData);
                }
                if ((decodeAction & 2) == 2) {
                    if (this.DEBUG) {
                        debug("loading Signature Crypto");
                    }
                    requestData.sigCrypto = loadSignatureCrypto(requestData);
                    if (this.DEBUG) {
                        debug("Signature...decoding param...WSConstants.SIGN");
                    }
                    decodeSignatureParameter(requestData);
                }
                if ((decodeAction & 16) == 16) {
                    if (this.DEBUG) {
                        debug("SAMLToken signed...decoding param...WSConstants.ST_SIGNED");
                    }
                    decodeSignatureParameter(requestData);
                }
                if ((decodeAction & 4) == 4) {
                    if (this.DEBUG) {
                        debug("Encryption...decoding param...WSConstants.ENCR");
                    }
                    decodeEncryptionParameter(messageContext, requestData);
                }
                for (int i = 0; i < vector.size(); i++) {
                    int intValue = ((Integer) vector.get(i)).intValue();
                    if (this.DEBUG) {
                        debug("Performing Action: " + intValue);
                    }
                    switch (intValue) {
                        case 1:
                            if (this.DEBUG) {
                                debug("Perform UsernameToken...WSConstants.UT");
                            }
                            performUTAction(intValue, z, document, requestData, messageContext);
                            break;
                        case 2:
                            if (this.DEBUG) {
                                debug("Perform Signature...WSConstants.SIGN");
                            }
                            performSIGNAction(intValue, z, document, requestData, messageContext);
                            break;
                        case 4:
                            if (this.DEBUG) {
                                debug("Perform Encryption...WSConstants.ENCR");
                            }
                            performENCRAction(z, intValue, document, requestData, messageContext);
                            break;
                        case 8:
                            if (this.DEBUG) {
                                debug("Perform SAMLToken unsigned...WSConstants.ST_UNSIGNED");
                            }
                            performSTAction(intValue, z, document, requestData);
                            break;
                        case 16:
                            if (this.DEBUG) {
                                debug("Perform SAMLToken signed...WSConstants.ST_SIGNED");
                            }
                            performST_SIGNAction(intValue, z, document, requestData);
                            break;
                        case 32:
                            if (this.DEBUG) {
                                debug("Insert Timestamp...WSConstants.TS");
                            }
                            performTSAction(intValue, z, document, requestData);
                            break;
                        case 64:
                            if (this.DEBUG) {
                                debug("Perform sinagture with UT secrect key...WSConstants.UT_SIGN");
                            }
                            performUT_SIGNAction(intValue, z, document, requestData, messageContext);
                            break;
                        case 256:
                            if (this.DEBUG) {
                                debug("WSConstants.NO_SERIALIZE: true");
                            }
                            requestData.noSerialization = true;
                            break;
                    }
                }
                if (requestData.noSerialization) {
                    requestData.sndSecurity = document;
                } else {
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    XMLUtils.outputDOM(document, byteArrayOutputStream2, true);
                    sOAPPart.setCurrentMessage(byteArrayOutputStream2.toByteArray(), 4);
                    if (this.DEBUG) {
                        try {
                            byteArrayOutputStream = byteArrayOutputStream2.toString("UTF-8");
                        } catch (UnsupportedEncodingException e2) {
                            byteArrayOutputStream = byteArrayOutputStream2.toString();
                        }
                        if (this.DEBUG) {
                            debug("Send request:");
                            debug("\r ---------------- \r" + byteArrayOutputStream + "\r ---------------- \r");
                        }
                    }
                    requestData.sndSecurity = null;
                }
                if (this.DEBUG) {
                    debug("WSSOutboundHandler: exit invoke()");
                }
                requestData.clear();
                if (this.DEBUG) {
                    debug("\r ---------------- \r DONE handling " + (messageContext.isClient() ? "client request" : "service response") + " \r ---------------- \r");
                }
            } catch (WSSecurityException e3) {
                throw new AxisFault(e3.getMessage(), e3);
            }
        } finally {
            requestData.clear();
        }
    }

    private void performSIGNAction(int i, boolean z, Document document, RequestData requestData, MessageContext messageContext) throws AxisFault {
        WSSignEnvelope wSSignEnvelope = new WSSignEnvelope(requestData.actor, z);
        if (this.DEBUG) {
            debug("reqData.sigKeyId: " + requestData.sigKeyId);
            debug("reqData.sigAlgorithm: " + requestData.sigAlgorithm);
            debug("set setUserInfo, uid: " + requestData.username + ", psw: " + requestData.userPassword);
            debug("sey sign parts, if size > 0: reqData.signatureParts.size(): " + requestData.signatureParts.size());
        }
        if (requestData.sigKeyId != 0) {
            wSSignEnvelope.setKeyIdentifierType(requestData.sigKeyId);
        }
        if (requestData.sigAlgorithm != null) {
            wSSignEnvelope.setSignatureAlgorithm(requestData.sigAlgorithm);
        }
        if (requestData.sigCanonAlgo != null) {
            wSSignEnvelope.setSigCanonicalization(requestData.sigCanonAlgo);
        }
        wSSignEnvelope.setUserInfo(requestData.username, requestData.userPassword);
        if (messageContext.isClient()) {
            ((WSHttpOutRequest) messageContext.getProperty(ContextProperties.HTTP_OUT_REQUEST)).setSigningCertificate(requestData.username, requestData.userPassword.toCharArray());
            OperationContext operationContext = (OperationContext) messageContext.getProperty(ContextProperties.OPERATION_CONTEXT);
            if (operationContext != null) {
                operationContext.setSigningCertAlias(requestData.username);
                operationContext.setSigningCertPassword(requestData.userPassword);
            }
        }
        buildWithRetry(wSSignEnvelope, document, requestData.signatureParts, requestData.sigCrypto);
    }

    private void performENCRAction(boolean z, int i, Document document, RequestData requestData, MessageContext messageContext) throws AxisFault {
        WSEncryptBody wSEncryptBody = new WSEncryptBody(requestData.actor, z);
        if (requestData.encKeyId != 0) {
            wSEncryptBody.setKeyIdentifierType(requestData.encKeyId);
        }
        if (this.DEBUG) {
            debug("set reqData.encKeyId: " + requestData.encKeyId);
            debug("using reqData.encKeyId: " + requestData.encKeyId + " --> " + (requestData.encKeyId == 5 ? "EMBEDDED_KEYNAME" : "not EMBEDDED_KEYNAME"));
        }
        if (requestData.encKeyId == 5) {
            if (this.DEBUG) {
                debug("MessageContext prop is WSHandlerConstants.ENC_KEY_NAME");
            }
            String str = requestData.encKeyName;
            if (this.DEBUG) {
                debug("encKeyName: " + str);
            }
            wSEncryptBody.setEmbeddedKeyName(str);
            byte[] key = getPassword(requestData.encUser, requestData.userPassword, requestData.key, i, "EmbeddedKeyCallbackClass", "EmbeddedKeyCallbackRef", requestData, messageContext).getKey();
            if (this.DEBUG) {
                debug("embeddedKey: " + key);
            }
            wSEncryptBody.setKey(key);
        }
        if (this.DEBUG) {
            debug("set Encryption Algo: reqData.encSymmAlgo: " + requestData.encSymmAlgo);
            debug("set KeyTransport: reqData.encKeyTransport: " + requestData.encKeyTransport);
            debug("set userInfo: reqData.encUser: " + requestData.encUser);
            debug("set cert to use: reqData.encCert: " + requestData.encCert);
            debug("set encParts, if size > 0: reqData.encryptParts.size(): " + requestData.encryptParts.size());
        }
        if (requestData.encSymmAlgo != null) {
            wSEncryptBody.setSymmetricEncAlgorithm(requestData.encSymmAlgo);
        }
        if (requestData.encKeyTransport != null) {
            wSEncryptBody.setKeyEnc(requestData.encKeyTransport);
        }
        wSEncryptBody.setUserInfo(requestData.encUser);
        wSEncryptBody.setUseThisCert(requestData.encCert);
        buildWithRetry(wSEncryptBody, document, requestData.encryptParts, requestData.encCrypto);
    }

    private void performUTAction(int i, boolean z, Document document, RequestData requestData, MessageContext messageContext) throws AxisFault {
        String password = getPassword(requestData.username, requestData.userPassword, requestData.key, i, "passwordCallbackClass", "passwordCallbackRef", requestData, messageContext).getPassword();
        if (this.DEBUG) {
            debug("password: " + password);
            debug("password type: reqData.pwType: " + requestData.pwType);
        }
        WSSAddUsernameToken wSSAddUsernameToken = new WSSAddUsernameToken(requestData.actor, z);
        wSSAddUsernameToken.setPasswordType(requestData.pwType);
        wSSAddUsernameToken.build(document, requestData.username, password);
        if (requestData.utElements == null || requestData.utElements.length <= 0) {
            return;
        }
        for (int i2 = 0; i2 < requestData.utElements.length; i2++) {
            requestData.utElements[i2].trim();
            if ("Nonce".equals(requestData.utElements[i2])) {
                wSSAddUsernameToken.addNonce(document);
            }
            if (IHTTPResponse.STATUS_201_CREATED_PHRASE.equals(requestData.utElements[i2])) {
                wSSAddUsernameToken.addCreated(document);
            }
            requestData.utElements[i2] = null;
        }
    }

    private void performUT_SIGNAction(int i, boolean z, Document document, RequestData requestData, MessageContext messageContext) throws AxisFault {
        String password = getPassword(requestData.username, requestData.userPassword, requestData.key, i, "passwordCallbackClass", "passwordCallbackRef", requestData, messageContext).getPassword();
        if (this.DEBUG) {
            debug("password: " + password);
            debug("setPasswordType: WSConstants.PASSWORD_TEXT");
            debug("reqData.username: " + requestData.username);
            debug("reqData.signatureParts: " + requestData.signatureParts);
        }
        WSSAddUsernameToken wSSAddUsernameToken = new WSSAddUsernameToken(requestData.actor, z);
        wSSAddUsernameToken.setPasswordType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        wSSAddUsernameToken.preSetUsernameToken(document, requestData.username, password);
        wSSAddUsernameToken.addCreated(document);
        wSSAddUsernameToken.addNonce(document);
        WSSignEnvelope wSSignEnvelope = new WSSignEnvelope(requestData.actor, z);
        if (requestData.signatureParts.size() > 0) {
            wSSignEnvelope.setParts(requestData.signatureParts);
        }
        if (this.DEBUG) {
            debug("builder: " + wSSAddUsernameToken);
        }
        wSSignEnvelope.setUsernameToken(wSSAddUsernameToken);
        wSSignEnvelope.setKeyIdentifierType(7);
        if (requestData.sigAlgorithm != null) {
            wSSignEnvelope.setSignatureAlgorithm(requestData.sigAlgorithm);
        } else {
            wSSignEnvelope.setSignatureAlgorithm("http://www.w3.org/2000/09/xmldsig#hmac-sha1");
        }
        if (requestData.sigCanonAlgo != null) {
            wSSignEnvelope.setSigCanonicalization(requestData.sigCanonAlgo);
        }
        try {
            wSSignEnvelope.build(document, (org.apache.ws.security.components.crypto.Crypto) null);
            wSSAddUsernameToken.build(document, (String) null, (String) null);
        } catch (Exception e) {
            AxisFault axisFault = new AxisFault("WSSOutboundHandler: Error during Signatur with UsernameToken secret" + e, e);
            if (this.DEBUG) {
                debug("Throwing AxisFault: " + axisFault.getMessage(), axisFault);
            }
            throw axisFault;
        }
    }

    private void performSTAction(int i, boolean z, Document document, RequestData requestData) throws AxisFault {
        AxisFault axisFault = new AxisFault("WSSOutboundHandler: SAML not supported.");
        if (this.DEBUG) {
            debug("Throwing AxisFault: " + axisFault.getMessage());
        }
        throw axisFault;
    }

    private void performST_SIGNAction(int i, boolean z, Document document, RequestData requestData) throws AxisFault {
        AxisFault axisFault = new AxisFault("WSSOutboundHandler: SAML not supported.");
        if (this.DEBUG) {
            debug("Throwing AxisFault: " + axisFault.getMessage());
        }
        throw axisFault;
    }

    private void performTSAction(int i, boolean z, Document document, RequestData requestData) throws AxisFault {
        int i2 = requestData.timeToLive;
        WSAddTimestamp wSAddTimestamp = new WSAddTimestamp(requestData.actor, z);
        if (this.DEBUG) {
            debug("Final ttl_i: " + i2);
        }
        wSAddTimestamp.build(document, i2);
    }

    protected Crypto loadSignatureCrypto(RequestData requestData) throws AxisFault {
        Crypto crypto = null;
        KeyStore keyStore = requestData.sigKeyStore;
        if (keyStore != null) {
            try {
                crypto = new Crypto(keyStore);
            } catch (Exception e) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: Signature: No key store for signature: " + e.getMessage(), e);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage(), axisFault);
                }
                throw axisFault;
            }
        }
        if (crypto != null) {
            return crypto;
        }
        AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: Signature: No key store for signature. Null found.");
        if (this.DEBUG) {
            debug("Throwing AxisFault: " + axisFault2.getMessage());
        }
        throw axisFault2;
    }

    protected Crypto loadEncryptionCrypto(RequestData requestData) throws AxisFault {
        Crypto crypto = null;
        KeyStore keyStore = requestData.encKeyStore;
        if (keyStore != null) {
            try {
                crypto = new Crypto(keyStore);
            } catch (Exception e) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: Encryption: No key store for encryption: " + e.getMessage(), e);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage(), axisFault);
                }
                throw axisFault;
            }
        }
        if (crypto != null) {
            return crypto;
        }
        AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: Encryption: No key store for encryption. Null found.");
        if (this.DEBUG) {
            debug("Throwing AxisFault: " + axisFault2.getMessage());
        }
        throw axisFault2;
    }

    private void decodeUTParameter(RequestData requestData) throws AxisFault {
        if (requestData.pwType.equals(WSSPConstants.LN_PASSWORDTYPE_TEXT)) {
            requestData.pwType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
        } else if (requestData.pwType.equals(WSSPConstants.LN_PASSWORDTYPE_DIGEST)) {
            requestData.pwType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
        }
        if (this.DEBUG) {
            debug("reqData.pwType: " + requestData.pwType);
        }
        String str = null;
        String[] strArr = requestData.utElements;
        if (strArr != null) {
            for (int i = 0; i < strArr.length; i++) {
                if (strArr[i] != null) {
                    str = strArr[i] + " ";
                }
            }
        }
        if (this.DEBUG) {
            debug("WSHandlerConstants.ADD_UT_ELEMENTS: " + str);
        }
        if (str != null) {
            requestData.utElements = StringUtil.split(str, ' ');
        }
    }

    private void decodeSignatureParameter(RequestData requestData) throws AxisFault {
        if (requestData.sigKeyIdInString == null || requestData.sigKeyIdInString.length() == 0) {
            requestData.sigKeyId = 1;
        } else if (requestData.sigKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER)) {
            requestData.sigKeyId = 4;
        } else if (requestData.sigKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL)) {
            requestData.sigKeyId = 2;
        } else {
            if (!requestData.sigKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE)) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: Unsupported token reference for signing - " + requestData.sigKeyIdInString);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage());
                }
                throw axisFault;
            }
            requestData.sigKeyId = 1;
        }
        if (this.DEBUG) {
            String str = null;
            switch (requestData.sigKeyId) {
                case 1:
                    str = "WSConstants.BST_DIRECT_REFERENCE";
                    break;
                case 2:
                    str = "WSConstants.ISSUER_SERIAL";
                    break;
                case 3:
                    str = "WSConstants.X509_KEY_IDENTIFIER";
                    break;
                case 4:
                    str = "WSConstants.SKI_KEY_IDENTIFIER";
                    break;
            }
            if (this.DEBUG) {
                debug("reqData.sigKeyId: " + requestData.sigKeyId + " : " + str);
            }
        }
        if (this.DEBUG) {
            debug("reqData.sigAlgorithm: " + requestData.sigAlgorithm);
        }
        String str2 = requestData.sigPartsInString;
        if (this.DEBUG) {
            debug("SIGNATURE_PARTS: " + str2);
        }
        if (str2 != null) {
            splitEncParts(str2, requestData.signatureParts, requestData);
        }
    }

    private void decodeEncryptionParameter(MessageContext messageContext, RequestData requestData) throws AxisFault {
        if (requestData.encCert == null) {
            AxisFault axisFault = new AxisFault("WSSOutboundHandler: Encryption certificate not found for the request.");
            if (this.DEBUG) {
                debug("Throwing AxisFault: " + axisFault.getMessage());
            }
            throw axisFault;
        }
        if (requestData.encKeyIdInString == null || requestData.encKeyIdInString.length() == 0) {
            byte[] bArr = null;
            try {
                if (s_crypto != null) {
                    bArr = s_crypto.getSKIBytesFromCert(requestData.encCert);
                }
            } catch (Exception e) {
                if (this.DEBUG) {
                    debug(e.getMessage(), e);
                }
            }
            if (bArr != null) {
                requestData.encKeyId = 4;
                requestData.encCrypto = s_crypto;
            } else {
                requestData.encKeyId = 2;
            }
        } else if (requestData.encKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER)) {
            requestData.encKeyId = 4;
            if (requestData.encKeySKI != null) {
                try {
                    byte[] decode = Base64.decode(requestData.encKeySKI);
                    CryptoSKI cryptoSKI = new CryptoSKI(s_emptyKeyStore);
                    cryptoSKI.setSKIBytes(decode);
                    requestData.encCrypto = cryptoSKI;
                } catch (Exception e2) {
                    throw new AxisFault("Invalid subject key identifier: " + e2, e2);
                }
            } else {
                try {
                    if (s_crypto != null) {
                        if (s_crypto.getSKIBytesFromCert(requestData.encCert) == null) {
                            throw new Exception("SKI un-available");
                        }
                        requestData.encCrypto = s_crypto;
                    }
                } catch (Exception e3) {
                    throw new AxisFault("Failed to retrieve the subject key identifier from the encryption certificate: " + e3, e3);
                }
            }
        } else if (requestData.encKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_ISSUERSERIAL)) {
            requestData.encKeyId = 2;
        } else {
            if (!requestData.encKeyIdInString.equalsIgnoreCase(SSPConstants.LN_TOKEN_REF_MODEL_INCLUDE)) {
                AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: Unsupported token reference - " + requestData.encKeyIdInString);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault2.getMessage());
                }
                throw axisFault2;
            }
            requestData.encKeyId = 1;
        }
        if (requestData.encCert == null) {
            if (this.DEBUG) {
                debug("reqData.encUser: " + requestData.encUser);
                debug("reqData.username: " + requestData.username);
            }
            if (requestData.encUser == null) {
                String str = requestData.username;
                requestData.encUser = str;
                if (str == null) {
                    AxisFault axisFault3 = new AxisFault("WSSOutboundHandler: Encryption: no username");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault3.getMessage());
                    }
                    throw axisFault3;
                }
            }
            handleSpecialUser(messageContext, requestData);
            String str2 = requestData.encKeyIdInString;
            if (this.DEBUG) {
                debug("WSHandlerConstants.ENC_KEY_ID: " + str2);
            }
            if (str2 != null) {
                Integer num = (Integer) WSHandlerConstants.keyIdentifier.get(str2);
                if (num == null) {
                    AxisFault axisFault4 = new AxisFault("WSSOutboundHandler: Encryption: unknown key identification");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault4.getMessage());
                    }
                    throw axisFault4;
                }
                requestData.encKeyId = num.intValue();
                if (this.DEBUG) {
                    debug("reqData.encKeyId: " + requestData.encKeyId);
                }
                if (requestData.encKeyId != 2 && requestData.encKeyId != 3 && requestData.encKeyId != 4 && requestData.encKeyId != 1 && requestData.encKeyId != 5) {
                    AxisFault axisFault5 = new AxisFault("WSSOutboundHandler: Encryption: illegal key identification");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault5.getMessage());
                    }
                    throw axisFault5;
                }
            }
        }
        debug("reqData.encSymmAlgo: " + requestData.encSymmAlgo);
        String str3 = requestData.encPartsInString;
        if (this.DEBUG) {
            debug("ENCRYPTION_PARTS: " + str3);
        }
        if (str3 != null) {
            splitEncParts(str3, requestData.encryptParts, requestData);
        }
    }

    private WSPasswordCallback getPassword(String str, String str2, byte[] bArr, int i, String str3, String str4, RequestData requestData, MessageContext messageContext) throws AxisFault {
        WSPasswordCallback wSPasswordCallback;
        if (this.DEBUG) {
            debug("MessageContext prop is: " + str3);
        }
        String str5 = requestData.pwCallbackClass;
        if (this.DEBUG) {
            debug("callback: " + str5 + ", got from property " + str3);
            debug("cbHandler: " + messageContext.getProperty(str4) + ", got from property " + str4);
        }
        if (str5 != null) {
            wSPasswordCallback = readPwViaCallbackClass(str5, str, str2, bArr, i);
            if (wSPasswordCallback.getPassword() == null && wSPasswordCallback.getKey() == null) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: password callback class provided null or empty password");
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage());
                }
                throw axisFault;
            }
        } else {
            CallbackHandler callbackHandler = (CallbackHandler) messageContext.getProperty(str4);
            if (callbackHandler != null) {
                if (this.DEBUG) {
                    debug("cbHandler: " + callbackHandler);
                }
                wSPasswordCallback = performCallback(callbackHandler, str, i);
                if (wSPasswordCallback.getPassword() == null && wSPasswordCallback.getKey() == null) {
                    AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: password callback provided null or empty password");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault2.getMessage());
                    }
                    throw axisFault2;
                }
            } else {
                String password = messageContext.getPassword();
                if (password == null) {
                    AxisFault axisFault3 = new AxisFault("WSSOutboundHandler: application provided null or empty password");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault3.getMessage());
                    }
                    throw axisFault3;
                }
                messageContext.setPassword((String) null);
                wSPasswordCallback = new WSPasswordCallback("", 0);
                if (this.DEBUG) {
                    debug("default - password: " + password);
                }
                wSPasswordCallback.setPassword(password);
            }
        }
        if (this.DEBUG) {
            debug("WSPasswordCallback: " + wSPasswordCallback);
        }
        return wSPasswordCallback;
    }

    private WSPasswordCallback readPwViaCallbackClass(String str, String str2, String str3, byte[] bArr, int i) throws AxisFault {
        try {
            if (this.DEBUG) {
                debug("callback handler class: " + str);
            }
            try {
                CallbackHandler callbackHandler = (CallbackHandler) Class.forName(str).newInstance();
                if (callbackHandler instanceof SonicWSOutboundCallback) {
                    if (str3 != null) {
                        ((SonicWSOutboundCallback) callbackHandler).setPassword(str2, str3);
                    }
                    if (bArr != null) {
                        ((SonicWSOutboundCallback) callbackHandler).setKey(bArr);
                    }
                }
                return performCallback(callbackHandler, str2, i);
            } catch (Exception e) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: cannot create instance of password callback: " + str, e);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage());
                }
                throw axisFault;
            }
        } catch (ClassNotFoundException e2) {
            AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: cannot load password callback class: " + str, e2);
            if (this.DEBUG) {
                debug("Throwing AxisFault: " + axisFault2.getMessage());
            }
            throw axisFault2;
        }
    }

    private WSPasswordCallback performCallback(CallbackHandler callbackHandler, String str, int i) throws AxisFault {
        if (this.DEBUG) {
            debug("callback -  user: " + str + ", action: " + i);
        }
        int i2 = 0;
        switch (i) {
            case 1:
            case 64:
                if (this.DEBUG) {
                    debug("reason: WSPasswordCallback.USERNAME_TOKEN");
                }
                i2 = 2;
                break;
            case 2:
                if (this.DEBUG) {
                    debug("reason: WSPasswordCallback.SIGNATURE");
                }
                i2 = 3;
                break;
            case 4:
                if (this.DEBUG) {
                    debug("reason: WSPasswordCallback.KEY_NAME");
                }
                i2 = 4;
                break;
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, i2);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback;
        } catch (Exception e) {
            AxisFault axisFault = new AxisFault("WSSOutboundHandler: password callback failed", e);
            if (this.DEBUG) {
                debug("Throwing AxisFault: " + axisFault.getMessage());
            }
            throw axisFault;
        }
    }

    private void splitEncParts(String str, Vector vector, RequestData requestData) throws AxisFault {
        WSEncryptionPart wSEncryptionPart;
        for (String str2 : StringUtil.split(str, ';')) {
            String[] split = StringUtil.split(str2, '}');
            if (split.length == 1) {
                if (this.DEBUG) {
                    debug("single partDef: '" + split[0] + "'");
                }
                wSEncryptionPart = new WSEncryptionPart(split[0].trim(), requestData.soapConstants.getEnvelopeURI(), "Content");
            } else if (split.length == 2) {
                String trim = split[0].trim();
                String envelopeURI = trim.length() <= 1 ? requestData.soapConstants.getEnvelopeURI() : trim.substring(1);
                String trim2 = split[1].trim();
                if (this.DEBUG) {
                    debug("partDefs: '" + envelopeURI + "' ,'" + trim2 + "'");
                }
                wSEncryptionPart = new WSEncryptionPart(trim2, envelopeURI, "Content");
            } else {
                if (split.length != 3) {
                    AxisFault axisFault = new AxisFault("WSSOutboundHandler: wrong part definition: " + str);
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault.getMessage());
                    }
                    throw axisFault;
                }
                String trim3 = split[0].trim();
                String substring = trim3.length() <= 1 ? "Content" : trim3.substring(1);
                String trim4 = split[1].trim();
                String envelopeURI2 = trim4.length() <= 1 ? requestData.soapConstants.getEnvelopeURI() : trim4.substring(1);
                String trim5 = split[2].trim();
                if (this.DEBUG) {
                    debug("partDefs: '" + substring + "' ,'" + envelopeURI2 + "' ,'" + trim5 + "'");
                }
                wSEncryptionPart = new WSEncryptionPart(trim5, envelopeURI2, substring);
            }
            vector.add(wSEncryptionPart);
        }
    }

    private void handleSpecialUser(MessageContext messageContext, RequestData requestData) {
        if ("useReqSigCert".equals(requestData.encUser)) {
            if (this.DEBUG) {
                debug("MessageContext prop is WSHandlerConstants.RECV_RESULTS");
            }
            Vector vector = (Vector) messageContext.getProperty("RECV_RESULTS");
            if (vector == null) {
                return;
            }
            for (int i = 0; i < vector.size(); i++) {
                WSHandlerResult wSHandlerResult = (WSHandlerResult) vector.get(i);
                if (WSSecurityUtil.isActorEqual(requestData.actor, wSHandlerResult.getActor())) {
                    Vector results = wSHandlerResult.getResults();
                    for (int i2 = 0; i2 < results.size(); i2++) {
                        WSSecurityEngineResult wSSecurityEngineResult = (WSSecurityEngineResult) results.get(i2);
                        if (wSSecurityEngineResult.getAction() == 2) {
                            requestData.encCert = wSSecurityEngineResult.getCertificate();
                            if (this.DEBUG) {
                                debug("reqData.encCert: " + requestData.encCert);
                                return;
                            }
                            return;
                        }
                    }
                }
            }
        }
    }

    private RequestData processSupportingToken(SupportingToken supportingToken, RoutingConnectionInfo routingConnectionInfo, String str, String str2) {
        RequestData initializeReqData = initializeReqData();
        initializeReqData.action = WSSPConstants.LN_TOKENTYPE_USERNAME;
        initializeReqData.mustUnderstand = true;
        initializeReqData.actor = null;
        initializeReqData.sndSecurity = null;
        QName passwordType = supportingToken.getPasswordType();
        if (passwordType != null) {
            if (passwordType.getLocalPart().equals(WSSPConstants.LN_PASSWORDTYPE_TEXT)) {
                initializeReqData.pwType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
            } else if (passwordType.getLocalPart().equals(WSSPConstants.LN_PASSWORDTYPE_DIGEST)) {
                initializeReqData.pwType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
            }
            if (this.DEBUG) {
                debug("Password type FROM Assertion: " + initializeReqData.pwType);
            }
        } else if (this.DEBUG) {
            debug("No password type from Assertion: " + initializeReqData.pwType);
        }
        if (this.DEBUG) {
            debug("Password type: reqData.pwType: " + initializeReqData.pwType);
        }
        initializeReqData.pwCallbackClass = SonicWSOutboundCallbackImpl.class.getName();
        initializeReqData.pwCallbackRef = null;
        if (str != null && str2 != null && str.trim().length() > 0 && str2.trim().length() > 0) {
            initializeReqData.username = str;
            initializeReqData.userPassword = str2;
            if (this.DEBUG) {
                debug("Using Broker Setting: " + str + ", " + str2);
            }
        }
        if (routingConnectionInfo != null) {
            if (this.DEBUG) {
                debug("RoutingConnectionInfo: " + routingConnectionInfo.getConnectionURLs());
            }
            String usernameTokenName = routingConnectionInfo.getUsernameTokenName();
            String str3 = null;
            char[] usernameTokenPassword = routingConnectionInfo.getUsernameTokenPassword();
            if (usernameTokenPassword != null) {
                str3 = new String(usernameTokenPassword);
            }
            if (usernameTokenName != null && str3 != null && usernameTokenName.trim().length() > 0 && str3.trim().length() > 0) {
                initializeReqData.username = usernameTokenName;
                initializeReqData.userPassword = str3;
                if (this.DEBUG) {
                    debug("Using Routing Setting: " + usernameTokenName + ", " + str3);
                }
            }
        }
        String subjectName = supportingToken.getSubjectName();
        String password = supportingToken.getPassword();
        if (subjectName != null && password != null && subjectName.trim().length() > 0 && password.trim().length() > 0) {
            initializeReqData.username = subjectName;
            initializeReqData.userPassword = password;
            if (this.DEBUG) {
                debug("Using Override Setting: " + subjectName + ", " + password);
            }
        }
        return initializeReqData;
    }

    private RequestData processSignature(Signature signature, RoutingConnectionInfo routingConnectionInfo, String str, String str2, MessageContext messageContext) throws AxisFault {
        try {
            RequestData initializeReqData = initializeReqData();
            initializeReqData.action = "Signature";
            initializeReqData.sigKeyIdInString = null;
            if (signature.isSP2005()) {
                initializeReqData.sigKeyIdInString = WSSPUtils.getOutboundTokenRef(signature, messageContext);
            }
            BrokerKeyStore brokerKeyStore = BrokerKeyStore.getInstance("JKS");
            if (brokerKeyStore != null) {
                initializeReqData.sigKeyStore = brokerKeyStore.getKeyStore();
            }
            initializeReqData.pwCallbackClass = SonicWSOutboundCallbackImpl.class.getName();
            initializeReqData.sigAlgorithm = signature.getAlgSignature();
            initializeReqData.sigCanonAlgo = signature.getAlgCanonicalization();
            initializeReqData.sigPartsInString = signature.getPartsAsString();
            if (str != null && str2 != null && str.trim().length() > 0 && str2.trim().length() > 0) {
                initializeReqData.username = str;
                initializeReqData.userPassword = str2;
            }
            if (routingConnectionInfo != null) {
                String x509Alias = routingConnectionInfo.getX509Alias();
                String str3 = null;
                char[] x509Password = routingConnectionInfo.getX509Password();
                if (x509Password != null) {
                    str3 = new String(x509Password);
                }
                if (x509Alias != null && str3 != null && x509Alias.trim().length() > 0 && str3.trim().length() > 0) {
                    initializeReqData.username = x509Alias;
                    initializeReqData.userPassword = str3;
                }
            }
            String x509TokenAlias = signature.getX509TokenAlias();
            String x509TokenPrivateKeyPassword = signature.getX509TokenPrivateKeyPassword();
            if (x509TokenAlias != null && x509TokenPrivateKeyPassword != null && x509TokenAlias.trim().length() > 0 && x509TokenPrivateKeyPassword.trim().length() > 0) {
                initializeReqData.username = x509TokenAlias;
                initializeReqData.userPassword = x509TokenPrivateKeyPassword;
            }
            if ((initializeReqData.username == null || initializeReqData.username.length() == 0) && !messageContext.isClient()) {
                WSHttpInRequest wSHttpInRequest = (WSHttpInRequest) messageContext.getProperty(ContextProperties.HTTP_IN_REQUEST);
                initializeReqData.username = wSHttpInRequest.getServiceAlias();
                initializeReqData.userPassword = new String(wSHttpInRequest.getServicePrivateKeyPwd());
            }
            return initializeReqData;
        } catch (SecurityPolicyException e) {
            throw AxisFault.makeFault(e);
        }
    }

    private RequestData processEncryption(Encryption encryption, RoutingConnectionInfo routingConnectionInfo, MessageContext messageContext) throws AxisFault {
        try {
            RequestData initializeReqData = initializeReqData();
            initializeReqData.action = "Encrypt";
            if (encryption.isSP2002() && encryption.getX509TokenRef() != null) {
                QName x509TokenRef = encryption.getX509TokenRef();
                if (!x509TokenRef.getNamespaceURI().equals(SSPConstants.NSURI)) {
                    AxisFault axisFault = new AxisFault("WSSOutboundHandler: Unsupported token reference - " + x509TokenRef);
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault.getMessage());
                    }
                    throw axisFault;
                }
                initializeReqData.encKeyIdInString = x509TokenRef.getLocalPart();
                if (x509TokenRef.equals(SSPConstants.QN_TOKEN_REF_MODEL_KEYIDENTIFIER)) {
                    initializeReqData.encKeySKI = encryption.getSubjectKeyIdentifier();
                }
            } else if (encryption.isSP2005()) {
                initializeReqData.encKeyIdInString = WSSPUtils.getOutboundTokenRef(encryption, messageContext);
                if (initializeReqData.encKeyIdInString.equals(SSPConstants.LN_TOKEN_REF_MODEL_KEYIDENTIFIER)) {
                    initializeReqData.encKeySKI = encryption.getSubjectKeyIdentifier();
                }
            }
            if (encryption.getKeyEncryptionAlgorithm() != null) {
                initializeReqData.encKeyTransport = encryption.getKeyEncryptionAlgorithm();
            } else {
                initializeReqData.encKeyTransport = AlgorithmConstants.XMLENC_RSA_1_5;
            }
            initializeReqData.encSymmAlgo = encryption.getEncryptionAlgorithm();
            initializeReqData.encPartsInString = encryption.getPartsAsString();
            String x509TokenRefIssuer = encryption.getX509TokenRefIssuer();
            String x509TokenRefSerialNumber = encryption.getX509TokenRefSerialNumber();
            if (x509TokenRefIssuer == null || x509TokenRefIssuer.trim().length() == 0 || x509TokenRefSerialNumber == null || x509TokenRefSerialNumber.trim().length() == 0) {
                if (!messageContext.isClient()) {
                    initializeReqData.encCert = ((WSHttpInRequest) messageContext.getProperty(ContextProperties.HTTP_IN_REQUEST)).getSigningCert();
                    if (initializeReqData.encCert != null) {
                        if (this.DEBUG) {
                            debug("Request signing certificate is used for encrypting the response.");
                        }
                        return initializeReqData;
                    }
                    AxisFault axisFault2 = new AxisFault("WSSOutboundHandler: No certificate available for encrypting the response.");
                    if (this.DEBUG) {
                        debug("Throwing AxisFault: " + axisFault2.getMessage());
                    }
                    throw axisFault2;
                }
                x509TokenRefIssuer = routingConnectionInfo.getDestinationX509IssuerName();
                x509TokenRefSerialNumber = routingConnectionInfo.getDestinationX509SerialNumber();
                if (this.DEBUG) {
                    debug("reqData.encCert: Using routing configuration. Per-message override was not found.");
                }
            }
            if (x509TokenRefIssuer == null || x509TokenRefIssuer.trim().length() == 0) {
                AxisFault axisFault3 = new AxisFault("WSSOutboundHandler: Invalid issuerName: " + x509TokenRefIssuer);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault3.getMessage());
                }
                throw axisFault3;
            }
            if (this.DEBUG) {
                debug("reqData.encCert: issuerName: " + x509TokenRefIssuer);
            }
            if (x509TokenRefSerialNumber == null || x509TokenRefSerialNumber.trim().length() == 0) {
                AxisFault axisFault4 = new AxisFault("WSSOutboundHandler: Invalid serialNo: " + x509TokenRefSerialNumber);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault4.getMessage());
                }
                throw axisFault4;
            }
            if (this.DEBUG) {
                debug("reqData.encCert: serialNo: " + x509TokenRefSerialNumber);
            }
            BigInteger bigInteger = null;
            if (x509TokenRefSerialNumber != null) {
                try {
                    bigInteger = new BigInteger(x509TokenRefSerialNumber);
                } catch (NumberFormatException e) {
                    bigInteger = new BigInteger(x509TokenRefSerialNumber, 16);
                }
            }
            BrokerCertificateStore brokerCertificateStore = null;
            try {
                brokerCertificateStore = BrokerCertificateStore.getInstance();
            } catch (KeyStoreException e2) {
            }
            if (brokerCertificateStore == null) {
                AxisFault axisFault5 = new AxisFault("WSSOutboundHandler: unable to get BrokerCertificateStore.");
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault5.getMessage());
                }
                throw axisFault5;
            }
            X509Certificate findCertificateByIssuerAndSerialNumber = brokerCertificateStore.findCertificateByIssuerAndSerialNumber(x509TokenRefIssuer, bigInteger);
            if (findCertificateByIssuerAndSerialNumber != null) {
                initializeReqData.encCert = findCertificateByIssuerAndSerialNumber;
                return initializeReqData;
            }
            AxisFault axisFault6 = new AxisFault("WSSOutboundHandler: unable to get certificate issuer: " + x509TokenRefIssuer + ", Serial Number: " + x509TokenRefSerialNumber);
            if (this.DEBUG) {
                debug("Throwing AxisFault: " + axisFault6.getMessage());
            }
            throw axisFault6;
        } catch (SecurityPolicyException e3) {
            throw AxisFault.makeFault(e3);
        }
    }

    private void processTransportBinding(TransportBindingAction transportBindingAction, MessageContext messageContext) throws AxisFault {
        AlgorithmSuite algorithmSuite;
        try {
            TransportBindingResult transportBindingResult = new TransportBindingResult(messageContext);
            if (transportBindingResult.validate(transportBindingAction)) {
                if (HttpHelper.ENABLE_TRANSPORTBINDING_SUITE_CHECKING && (algorithmSuite = transportBindingAction.getAlgorithmSuite()) != null) {
                    messageContext.setProperty(HttpConstants.HTTPS_WS_BINDING_CIPHER_SUITE, SonicAlgorithmSuiteUtils.getAlgorithmSuiteName(algorithmSuite));
                }
            } else {
                String str = "WSSInboundHandler: processing TransportBinding Actions. Protocol Check failed: " + transportBindingResult.getStatus();
                AxisFault axisFault = new AxisFault(str);
                if (this.DEBUG) {
                    debug(str);
                }
                throw axisFault;
            }
        } catch (PolicyException e) {
            throw new AxisFault(e.getMessage(), e);
        }
    }

    private String getParts(MessageParts messageParts) {
        MessagePartWSS4J[] parts;
        if (messageParts == null || (parts = messageParts.getParts()) == null || parts.length == 0) {
            return null;
        }
        StringBuffer stringBuffer = new StringBuffer();
        for (int i = 0; i < parts.length; i++) {
            stringBuffer.append(parts[i].getWss4jPartString());
            if (i + 1 < parts.length) {
                stringBuffer.append(";");
            }
        }
        String stringBuffer2 = stringBuffer.toString();
        if (stringBuffer2 != null && stringBuffer2.trim().length() == 0) {
            stringBuffer2 = null;
        }
        return stringBuffer2;
    }

    private String getDefaultMessageParts(boolean z) {
        return z ? "{}{http://schemas.xmlsoap.org/soap/envelope/}Body; Token" : "{}{http://schemas.xmlsoap.org/soap/envelope/}Body";
    }

    private String getSignatureEncryptionPart() {
        return "{Element}{http://www.w3.org/2000/09/xmldsig#}Signature";
    }

    private RequestData processTimestamp(Timestamp timestamp) {
        RequestData initializeReqData = initializeReqData();
        initializeReqData.action = "Timestamp";
        return initializeReqData;
    }

    private boolean removeMissingParts(Document document, Vector vector) {
        boolean z = false;
        Iterator it = vector.iterator();
        while (it.hasNext()) {
            WSEncryptionPart wSEncryptionPart = (WSEncryptionPart) it.next();
            if (document.getElementsByTagNameNS(wSEncryptionPart.getNamespace(), wSEncryptionPart.getName()).getLength() == 0) {
                it.remove();
                z = true;
            }
        }
        return z;
    }

    private void buildWithRetry(WSBaseMessage wSBaseMessage, Document document, Vector vector, Crypto crypto) throws AxisFault {
        boolean z = false;
        if (!vector.isEmpty()) {
            wSBaseMessage.setParts(vector);
        }
        try {
            if (wSBaseMessage instanceof WSEncryptBody) {
                z = true;
                ((WSEncryptBody) wSBaseMessage).build(document, crypto);
            } else {
                if (!(wSBaseMessage instanceof WSSignEnvelope)) {
                    throw new Exception("Invalid action type: " + wSBaseMessage.getClass().getName());
                }
                ((WSSignEnvelope) wSBaseMessage).build(document, crypto);
            }
        } catch (Exception e) {
            Exception exc = e;
            if (e.getMessage().indexOf("Element to encrypt/sign not found") != -1 && removeMissingParts(document, vector)) {
                try {
                    if (0 != 0) {
                        ((WSEncryptBody) wSBaseMessage).build(document, crypto);
                    } else {
                        ((WSSignEnvelope) wSBaseMessage).build(document, crypto);
                    }
                    exc = null;
                } catch (Exception e2) {
                    exc = e2;
                }
            }
            if (exc != null) {
                AxisFault axisFault = new AxisFault("WSSOutboundHandler: " + (0 != 0 ? "Encryption" : "Signature") + ": error during message processing. " + exc);
                if (this.DEBUG) {
                    debug("Throwing AxisFault: " + axisFault.getMessage());
                }
                throw axisFault;
            }
        }
        if (this.DEBUG && this.DEBUG) {
            debug("WSSOutboundHandler: SOAP Message after " + (z ? "encryption" : "signing") + ":\n" + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(document));
        }
    }

    private void cleanup(MessageContext messageContext) {
        messageContext.removeProperty(REQUEST_DATA);
        messageContext.removeProperty(ContextProperties.WSS_POLICY);
    }

    private static KeyStore getEncKeyStore(X509Certificate x509Certificate) {
        KeyStore keyStore = null;
        try {
            keyStore = KeyStore.getInstance("JKS");
            keyStore.load(null, ENC_CRYPTO_KEYSTORE_PSW_VALUE.toCharArray());
            if (x509Certificate != null) {
                keyStore.setCertificateEntry(ENC_CRYPTO_CERT_ALIAS, x509Certificate);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
        return keyStore;
    }

    static {
        s_emptyKeyStore = null;
        s_crypto = null;
        try {
            s_emptyKeyStore = getEncKeyStore(null);
            s_crypto = new Crypto(s_emptyKeyStore);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
