package oracle.security.xmlsec.wss.username;

import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.io.UnsupportedEncodingException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Date;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import oracle.security.crypto.util.UnsyncByteArrayOutputStream;
import oracle.security.crypto.util.Utils;
import oracle.security.xmlsec.util.Base64;
import oracle.security.xmlsec.util.QName;
import oracle.security.xmlsec.util.XMLElement;
import oracle.security.xmlsec.util.XMLUtils;
import oracle.security.xmlsec.wss.WSSElement;
import oracle.security.xmlsec.wss.WSSException;
import oracle.security.xmlsec.wss.WSSURI;
import oracle.security.xmlsec.wss.WSSecurityToken;
import oracle.security.xmlsec.wss.WSUCreated;
import oracle.security.xmlsec.wss.util.WSSUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:oracle/security/xmlsec/wss/username/UsernameToken.class */
public class UsernameToken extends WSSElement implements WSSecurityToken {
    public static final String PASSWORD_TEXT = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    public static final String PASSWORD_DIGEST = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest";
    private static final String DEFAULT_NONCE_ENCODING_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    private static final String DEFAULT_PASSWORD_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
    private static final String[] nsURIs = {WSSURI.ns_wsse, WSSURI.ns_wsse, WSSURI.ns_wsse, WSSURI.ns_wsu, WSSURI.ns_wsse11, WSSURI.ns_wsse11};
    private static final String[] localNames = {WSSURI.USERNAME, WSSURI.PASSWORD, WSSURI.NONCE, WSSURI.CREATED, WSSURI.SALT, WSSURI.ITERATION};
    private static ArrayList passwordRetrieverList = new ArrayList();
    private static ArrayList keyDerivatorList = new ArrayList();

    public UsernameToken(Element element) {
        super(element);
    }

    public UsernameToken(Element element, String str) {
        super(element, str);
    }

    public UsernameToken(Document document) {
        super(document, WSSURI.ns_wsse, WSSURI.USERNAME_TOKEN);
    }

    public void setUsername(String str) {
        WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse, WSSURI.USERNAME, nsURIs, localNames, str, true);
    }

    public String getUsername() {
        return WSSUtils.collectTextFromChild(this, WSSURI.ns_wsse, WSSURI.USERNAME);
    }

    public void setNonce(byte[] bArr) {
        setNonce(bArr, null);
    }

    public void setNonce(byte[] bArr, String str) {
        if (str == null || str.length() == 0) {
            str = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
        }
        WSSUtils.setTypeAttribute(WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse, WSSURI.NONCE, nsURIs, localNames, WSSUtils.encodeBinary(bArr, str), true), WSSURI.ENCODING_TYPE, str);
    }

    public byte[] getNonce() {
        NodeList childElementsByTagNameNS = XMLElement.getChildElementsByTagNameNS((Element) getNode(), WSSURI.ns_wsse, WSSURI.NONCE);
        if (childElementsByTagNameNS.getLength() <= 0) {
            return null;
        }
        Element element = (Element) childElementsByTagNameNS.item(0);
        String typeAttribute = WSSUtils.getTypeAttribute(element, WSSURI.ENCODING_TYPE);
        if (typeAttribute == null || typeAttribute.length() == 0) {
            typeAttribute = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
        }
        return WSSUtils.decodeBinary(XMLUtils.collectText(element), typeAttribute);
    }

    public void setCreatedDate(Date date) {
        WSUCreated wSUCreated = new WSUCreated(getOwnerDocument());
        wSUCreated.setValue(date);
        WSSUtils.setChildElement(this, wSUCreated, nsURIs, localNames);
    }

    public void setCreated(WSUCreated wSUCreated) {
        WSSUtils.setChildElement(this, wSUCreated, nsURIs, localNames);
    }

    public WSUCreated getCreated() {
        return (WSUCreated) WSSUtils.getChildElement(this, WSSURI.ns_wsu, WSSURI.CREATED);
    }

    public Date getCreatedDate() {
        WSUCreated wSUCreated = (WSUCreated) WSSUtils.getChildElement(this, WSSURI.ns_wsu, WSSURI.CREATED);
        if (wSUCreated == null) {
            return null;
        }
        return wSUCreated.getValue();
    }

    public void setPassword(char[] cArr) {
        setPassword(cArr, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
    }

    public void setPasswordDigest(char[] cArr) {
        setPassword(cArr, PASSWORD_DIGEST);
    }

    public void setPassword(char[] cArr, String str) {
        char[] cArr2 = cArr;
        if (cArr2 == null) {
            cArr2 = retrievePassword(getUsername());
        }
        if (str == null || !str.equals(PASSWORD_DIGEST)) {
            WSSUtils.setTypeAttribute(WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse, WSSURI.PASSWORD, nsURIs, localNames, new String(cArr2), true), WSSURI.TYPE, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText");
        } else {
            WSSUtils.setTypeAttribute(WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse, WSSURI.PASSWORD, nsURIs, localNames, Base64.toBase64(computePasswordDigest(getNonce(), getCreated(), cArr2), false), true), WSSURI.TYPE, str);
        }
    }

    public String getPasswordType() {
        Element element = null;
        String str = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
        NodeList childElementsByTagNameNS = getChildElementsByTagNameNS(WSSURI.ns_wsse, WSSURI.PASSWORD);
        if (childElementsByTagNameNS.getLength() != 0) {
            element = (Element) childElementsByTagNameNS.item(0);
        }
        if (element != null) {
            str = WSSUtils.getTypeAttribute(element, WSSURI.TYPE);
            if (str == null || str.length() == 0) {
                str = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText";
            }
        }
        return str;
    }

    public char[] getPassword() {
        String collectTextFromChild;
        if (PASSWORD_DIGEST.equals(getPasswordType()) || (collectTextFromChild = WSSUtils.collectTextFromChild(this, WSSURI.ns_wsse, WSSURI.PASSWORD)) == null) {
            return null;
        }
        return collectTextFromChild.toCharArray();
    }

    public byte[] getPasswordDigest() {
        if (PASSWORD_DIGEST.equals(getPasswordType())) {
            return Base64.fromBase64(WSSUtils.collectTextFromChild(this, WSSURI.ns_wsse, WSSURI.PASSWORD));
        }
        return null;
    }

    public boolean isValid() {
        char[] retrievePassword = retrievePassword(getUsername());
        byte[] passwordDigest = getPasswordDigest();
        if (passwordDigest != null) {
            return Utils.areEqual(passwordDigest, computePasswordDigest(getNonce(), getCreated(), retrievePassword));
        }
        char[] password = getPassword();
        if (password == null || password.length != retrievePassword.length) {
            return false;
        }
        for (int i = 0; i < password.length; i++) {
            if (password[i] != retrievePassword[i]) {
                return false;
            }
        }
        return true;
    }

    public boolean isValid(String str, char[] cArr) {
        if (!str.equals(getUsername())) {
            return false;
        }
        char[] cArr2 = cArr;
        if (cArr2 == null) {
            cArr2 = retrievePassword(str);
        }
        byte[] passwordDigest = getPasswordDigest();
        if (passwordDigest != null) {
            return Utils.areEqual(passwordDigest, computePasswordDigest(getNonce(), getCreated(), cArr2));
        }
        char[] password = getPassword();
        if (password == null || password.length != cArr2.length) {
            return false;
        }
        for (int i = 0; i < password.length; i++) {
            if (password[i] != cArr2[i]) {
                return false;
            }
        }
        return true;
    }

    public byte[] getSalt() {
        String collectTextFromChild = WSSUtils.collectTextFromChild(this, WSSURI.ns_wsse11, WSSURI.SALT);
        if (collectTextFromChild == null) {
            return null;
        }
        return Base64.fromBase64(collectTextFromChild);
    }

    public void setSalt(byte[] bArr) {
        if (bArr == null || bArr.length != 16) {
            throw new IllegalArgumentException("Salt must be 128 bits");
        }
        if (bArr[0] != 1 && bArr[0] != 2) {
            throw new IllegalArgumentException("Salt first byte must be 1 or 2");
        }
        Element insertChildElementWithText = WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse11, WSSURI.SALT, nsURIs, localNames, new String(Base64.toBase64(bArr, false)), true);
        if (insertChildElementWithText.getPrefix() == null) {
            String defaultNSPrefix = XMLElement.getDefaultNSPrefix(WSSURI.ns_wsse11);
            insertChildElementWithText.setPrefix(defaultNSPrefix);
            insertChildElementWithText.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + defaultNSPrefix, WSSURI.ns_wsse11);
        }
    }

    public void setSalt(byte b, byte[] bArr) {
        if (bArr == null || bArr.length != 15) {
            throw new IllegalArgumentException("Salt must be 120 bits");
        }
        if (b != 1 && b != 2) {
            throw new IllegalArgumentException("Type must be 1 or 2");
        }
        byte[] bArr2 = new byte[16];
        bArr2[0] = b;
        System.arraycopy(bArr, 0, bArr2, 1, 15);
        setSalt(bArr2);
    }

    public int getIteration() {
        String collectTextFromChild = WSSUtils.collectTextFromChild(this, WSSURI.ns_wsse11, WSSURI.ITERATION);
        if (collectTextFromChild == null) {
            return 1000;
        }
        return Integer.parseInt(collectTextFromChild);
    }

    public void setIteration(int i) {
        Element insertChildElementWithText = WSSUtils.insertChildElementWithText(this, WSSURI.ns_wsse11, WSSURI.ITERATION, nsURIs, localNames, Integer.toString(i), true);
        if (insertChildElementWithText.getPrefix() == null) {
            String defaultNSPrefix = XMLElement.getDefaultNSPrefix(WSSURI.ns_wsse11);
            insertChildElementWithText.setPrefix(defaultNSPrefix);
            insertChildElementWithText.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + defaultNSPrefix, WSSURI.ns_wsse11);
        }
    }

    private char[] retrievePassword(String str) {
        char[] cArr = null;
        int size = passwordRetrieverList.size();
        for (int i = 0; i < size && cArr == null; i++) {
            try {
                cArr = ((PasswordRetriever) passwordRetrieverList.get(i)).getPassword(str);
            } catch (PasswordRetrievalException e) {
                cArr = null;
            }
        }
        return cArr;
    }

    public byte[] createSecretKey() {
        String passwordType = getPasswordType();
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText".equals(passwordType)) {
            return computePasswordDigest(getNonce(), getCreated(), getPassword());
        }
        if (PASSWORD_DIGEST.equals(passwordType)) {
            return getPasswordDigest();
        }
        return null;
    }

    public byte[] createSecretKey(char[] cArr) {
        char[] cArr2 = cArr;
        if (cArr2 == null) {
            cArr2 = retrievePassword(getUsername());
        }
        return computePasswordDigest(getNonce(), getCreated(), cArr2);
    }

    public byte[] computePasswordDigest(byte[] bArr, WSUCreated wSUCreated, char[] cArr) {
        char[] cArr2 = cArr;
        if (cArr2 == null) {
            try {
                cArr2 = retrievePassword(getUsername());
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException(e.toString());
            } catch (IOException e2) {
                throw new IllegalStateException(e2.toString());
            } catch (NoSuchAlgorithmException e3) {
                throw new IllegalStateException(e3.toString());
            }
        }
        UnsyncByteArrayOutputStream unsyncByteArrayOutputStream = new UnsyncByteArrayOutputStream();
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter((OutputStream) unsyncByteArrayOutputStream, "UTF8");
        outputStreamWriter.write(cArr2);
        outputStreamWriter.close();
        byte[] byteArray = unsyncByteArrayOutputStream.toByteArray();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        if (bArr != null) {
            messageDigest.update(bArr);
        }
        if (wSUCreated != null) {
            messageDigest.update(XMLUtils.collectText(wSUCreated.getNode()).getBytes("UTF8"));
        }
        messageDigest.update(byteArray);
        return messageDigest.digest();
    }

    @Override // oracle.security.xmlsec.wss.WSSecurityToken
    public QName getTokenName() {
        return WSSURI.st_USERNAME;
    }

    @Override // oracle.security.xmlsec.wss.WSSecurityToken
    public Object getToken() {
        return getUsername();
    }

    public SecretKey getKey() throws WSSException {
        SecretKey secretKey = null;
        if (0 == 0) {
            int size = keyDerivatorList.size();
            for (int i = 0; i < size && secretKey == null; i++) {
                try {
                    secretKey = ((KeyDerivator) keyDerivatorList.get(i)).resolve(this, null);
                } catch (KeyDerivationException e) {
                    secretKey = null;
                }
            }
        }
        if (secretKey == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE);
        }
        return secretKey;
    }

    public static void addPasswordRetriever(PasswordRetriever passwordRetriever) {
        passwordRetrieverList.add(passwordRetriever);
    }

    public static void addKeyDerivator(KeyDerivator keyDerivator) {
        keyDerivatorList.add(keyDerivator);
    }

    public static SecretKey deriveKey(char[] cArr, byte[] bArr, int i) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.update(new String(cArr).getBytes("UTF8"));
            messageDigest.update(bArr);
            byte[] digest = messageDigest.digest();
            for (int i2 = 2; i2 <= i; i2++) {
                MessageDigest messageDigest2 = MessageDigest.getInstance("SHA-1");
                messageDigest2.update(digest);
                digest = messageDigest2.digest();
            }
            return new SecretKeySpec(digest, "Hmac");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException(e.toString());
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException(e2.toString());
        }
    }

    public SecretKey deriveKey(char[] cArr) {
        if (cArr == null) {
            cArr = retrievePassword(getUsername());
        }
        return deriveKey(cArr, getSalt(), getIteration());
    }

    public SecretKey deriveKey() {
        return deriveKey(null);
    }
}
