package org.apache.cxf.rs.security.common;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.cert.X509Certificate;
import javax.security.auth.callback.CallbackHandler;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.cxf.common.util.StringUtils;
import org.apache.cxf.interceptor.Fault;
import org.apache.cxf.message.Message;
import org.apache.cxf.message.MessageUtils;
import org.apache.cxf.rt.security.SecurityConstants;
import org.apache.cxf.rt.security.utils.SecurityUtils;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/cxf/rs/security/common/RSSecurityUtils.class */
public final class RSSecurityUtils {
    public static final String X509_CERT = "X509Certificate";
    public static final String X509_ISSUER_SERIAL = "X509IssuerSerial";
    public static final String USE_REQUEST_SIGNATURE_CERT = "useReqSigCert";

    private RSSecurityUtils() {
    }

    public static boolean isSignedAndEncryptedTwoWay(Message message) {
        Message outMessage = message.getExchange().getOutMessage();
        return (!"POST".equals(((outMessage == null || !MessageUtils.isRequestor(outMessage)) ? message : outMessage).get(Message.HTTP_REQUEST_METHOD)) || SecurityUtils.getSecurityPropertyValue(SecurityConstants.ENCRYPT_PROPERTIES, message) == null || SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PROPERTIES, message) == null) ? false : true;
    }

    public static X509Certificate loadX509Certificate(Crypto crypto, Element element) throws Exception {
        byte[] decode = Base64Utility.decode(element.getTextContent().trim());
        Crypto crypto2 = crypto;
        if (crypto2 == null) {
            crypto2 = new Merlin();
        }
        return crypto2.loadCertificate(new ByteArrayInputStream(decode));
    }

    public static X509Certificate loadX509IssuerSerial(Crypto crypto, Element element) throws Exception {
        Node item = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509IssuerName").item(0);
        Node item2 = element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509SerialNumber").item(0);
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
        cryptoType.setIssuerSerial(item.getTextContent(), new BigInteger(item2.getTextContent()));
        return crypto.getX509Certificates(cryptoType)[0];
    }

    public static X509Certificate[] getCertificates(Crypto crypto, String str) throws Exception {
        if (crypto == null) {
            throw new Exception("Crypto instance is null");
        }
        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
        cryptoType.setAlias(str);
        X509Certificate[] x509Certificates = crypto.getX509Certificates(cryptoType);
        if (x509Certificates == null || x509Certificates.length == 0) {
            throw new Exception("No issuer certs were found using issuer name: " + str);
        }
        return x509Certificates;
    }

    public static Crypto getCrypto(Message message, String str, String str2) throws IOException, WSSecurityException {
        return new CryptoLoader().getCrypto(message, str, str2);
    }

    public static String getUserName(Message message, Crypto crypto, String str) {
        return getUserName(crypto, (String) SecurityUtils.getSecurityPropertyValue(str, message));
    }

    public static String getUserName(Crypto crypto, String str) {
        if (crypto != null && StringUtils.isEmpty(str)) {
            try {
                str = crypto.getDefaultX509Identifier();
            } catch (WSSecurityException e) {
                throw new Fault(e);
            }
        }
        return str;
    }

    public static String getSignaturePassword(Message message, String str, Class<?> cls) throws WSSecurityException {
        CallbackHandler callbackHandler = getCallbackHandler(message, cls);
        if (callbackHandler == null) {
            return (String) SecurityUtils.getSecurityPropertyValue(SecurityConstants.SIGNATURE_PASSWORD, message);
        }
        WSPasswordCallback[] wSPasswordCallbackArr = {new WSPasswordCallback(str, 3)};
        try {
            callbackHandler.handle(wSPasswordCallbackArr);
            String password = wSPasswordCallbackArr[0].getPassword();
            return password == null ? "" : password;
        } catch (Exception e) {
            return null;
        }
    }

    public static CallbackHandler getCallbackHandler(Message message, Class<?> cls) throws WSSecurityException {
        return getCallbackHandler(message, cls, SecurityConstants.CALLBACK_HANDLER);
    }

    public static CallbackHandler getCallbackHandler(Message message, Class<?> cls, String str) throws WSSecurityException {
        try {
            return SecurityUtils.getCallbackHandler(SecurityUtils.getSecurityPropertyValue(str, message));
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e);
        }
    }
}
