package org.apache.ws.axis.security.trust.secconv.interop;

import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.axis.AxisFault;
import org.apache.axis.message.addressing.EndpointReference;
import org.apache.axis.utils.DOM2Writer;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.conversation.ConversationUtil;
import org.apache.ws.security.conversation.message.token.RequestSecurityTokenResponse;
import org.apache.ws.security.conversation.message.token.RequestedProofToken;
import org.apache.ws.security.conversation.message.token.RequestedSecurityToken;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.policy.message.token.AppliesTo;
import org.apache.ws.security.saml.SAMLIssuer;
import org.apache.ws.security.saml.SAMLIssuerFactory;
import org.apache.ws.security.trust.issue.STIssuer;
import org.apache.ws.security.trust.message.token.BinarySecret;
import org.apache.ws.security.trust.message.token.ComputedKey;
import org.apache.ws.security.trust.message.token.Entropy;
import org.apache.ws.security.trust.message.token.LifeTime;
import org.apache.ws.security.util.WSSecurityUtil;
import org.opensaml.SAMLAssertion;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/ghn-core-runtime-1.0.0.jar:org/apache/ws/axis/security/trust/secconv/interop/UNT2SAMLIssuer.class */
public class UNT2SAMLIssuer implements STIssuer {
    private boolean doDebug = false;

    @Override // org.apache.ws.security.trust.issue.STIssuer
    public Document issue(Document document, Document document2) throws Exception {
        try {
            NodeList childNodes = WSSecurityUtil.findWsseSecurityHeaderBlock(WSSConfig.getDefaultWSConfig(), document2, document.getDocumentElement(), false).getChildNodes();
            Element element = null;
            for (int i = 0; i < childNodes.getLength(); i++) {
                Node item = childNodes.item(i);
                if (item.getNodeType() == 1 && item.getLocalName().equals("UsernameToken")) {
                    element = (Element) item;
                }
            }
            UsernameToken usernameToken = new UsernameToken(WSSConfig.getDefaultWSConfig(), element);
            if (this.doDebug) {
                System.out.println(new StringBuffer().append("Node count : ").append(childNodes.getLength()).toString());
                System.out.println(new StringBuffer().append("Username token: ").append(DOM2Writer.nodeToString(element, true)).toString());
                System.out.println(new StringBuffer().append("Username: ").append(usernameToken.getName()).toString());
                System.out.println(new StringBuffer().append("Password: ").append(usernameToken.getPassword()).toString());
            }
            EndpointReference endpointReference = new EndpointReference((Element) ((Element) WSSecurityUtil.findElement(document, AppliesTo.TOKEN.getLocalPart(), AppliesTo.TOKEN.getNamespaceURI())).getFirstChild());
            Element element2 = new LifeTime(document2, 720).getElement();
            AppliesTo appliesTo = new AppliesTo(document2);
            appliesTo.setAnyElement(new EndpointReference(endpointReference.toDOM(document)).toDOM(document2));
            String binarySecretValue = new BinarySecret((Element) ((Element) WSSecurityUtil.findElement(document, Entropy.TOKEN.getLocalPart(), Entropy.TOKEN.getNamespaceURI())).getFirstChild()).getBinarySecretValue();
            Entropy entropy = new Entropy(document2);
            BinarySecret binarySecret = new BinarySecret(document2);
            String generateNonce = ConversationUtil.generateNonce(128);
            binarySecret.setBinarySecretValue(generateNonce);
            entropy.setBinarySecret(binarySecret);
            RequestedProofToken requestedProofToken = new RequestedProofToken(document2);
            ComputedKey computedKey = new ComputedKey(document2);
            computedKey.setComputedKeyValue(ComputedKey.PSHA1);
            requestedProofToken.addToken(computedKey.getElement());
            RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse(document2);
            RequestedSecurityToken requestedSecurityToken = new RequestedSecurityToken(document2);
            requestedSecurityToken.addToken(getSignedSAMLToken(document2, endpointReference.getAddress().toString(), generateSymmetricFromEntropy(binarySecretValue, generateNonce), getEmailFromUserName(usernameToken.getName())));
            requestSecurityTokenResponse.addToken(element2);
            requestSecurityTokenResponse.addToken(appliesTo.getElement());
            requestSecurityTokenResponse.addToken(requestedSecurityToken.getElement());
            requestSecurityTokenResponse.addToken(requestedProofToken.getElement());
            requestSecurityTokenResponse.addToken(entropy.getElement());
            Element documentElement = document2.getDocumentElement();
            WSSecurityUtil.findBodyElement(documentElement.getOwnerDocument(), WSSecurityUtil.getSOAPConstants(documentElement)).appendChild(requestSecurityTokenResponse.getElement());
            return document2;
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    private Element getSignedSAMLToken(Document document, String str, byte[] bArr, String str2) throws Exception {
        Crypto cryptoFactory = CryptoFactory.getInstance("interop_STS_crypto.properties");
        SAMLIssuer sAMLIssuerFactory = SAMLIssuerFactory.getInstance("interop_saml_STS.properties");
        sAMLIssuerFactory.setUserCrypto(cryptoFactory);
        sAMLIssuerFactory.setInstanceDoc(document);
        sAMLIssuerFactory.setUsername(str2);
        ((InteropSAMLIssuerImpl) sAMLIssuerFactory).setEpr(str);
        ((InteropSAMLIssuerImpl) sAMLIssuerFactory).setSx(bArr);
        SAMLAssertion newAssertion = sAMLIssuerFactory.newAssertion();
        if (newAssertion == null) {
            throw new AxisFault("Issuer: Signed SAML: no SAML token received");
        }
        return (Element) newAssertion.toDOM(document);
    }

    private byte[] generateSymmetricFromEntropy(String str, String str2) throws Exception {
        return P_hash(str.getBytes(), str2.getBytes(), 16);
    }

    private byte[] P_hash(byte[] bArr, byte[] bArr2, int i) throws Exception {
        Mac mac = Mac.getInstance("HmacSHA1");
        byte[] bArr3 = new byte[i];
        int i2 = 0;
        byte[] bArr4 = bArr2;
        while (i > 0) {
            SecretKeySpec secretKeySpec = new SecretKeySpec(bArr, "HMACSHA1");
            mac.init(secretKeySpec);
            mac.update(bArr4);
            bArr4 = mac.doFinal();
            mac.reset();
            mac.init(secretKeySpec);
            mac.update(bArr4);
            mac.update(bArr2);
            byte[] doFinal = mac.doFinal();
            int min = min(i, doFinal.length);
            System.arraycopy(doFinal, 0, bArr3, i2, min);
            i2 += min;
            i -= min;
        }
        return bArr3;
    }

    private int min(int i, int i2) {
        return i > i2 ? i2 : i;
    }

    private String getEmailFromUserName(String str) throws AxisFault {
        if (str.equals("Alice")) {
            return "alice@fabrikam.com";
        }
        if (str.equals("Bob")) {
            return "bob@fabrikam.com";
        }
        if (str.equals("Charlie")) {
            return "charlie@fabrikam.com";
        }
        if (str.equals("Dawn")) {
            return "dawn@fabrikam.com";
        }
        if (str.equals("Evan")) {
            return "evan@fabrikam.com";
        }
        if (str.equals("Fred")) {
            return "fred@fabrikam.com";
        }
        if (str.equals("Graham")) {
            return "graham@fabrikam.com";
        }
        if (str.equals("Hayley")) {
            return "hayley@fabrikam.com";
        }
        if (str.equals("Imogen")) {
            return "imogen@fabrikam.com";
        }
        throw new AxisFault("Invalid user: This should be checked at the WSDoAllReceiver");
    }
}
