package com.sun.xml.wss.impl.misc;

import com.sun.xml.wss.ProcessingContext;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.SubjectAccessor;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.Timestamp;
import com.sun.xml.wss.impl.FilterProcessingContext;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.DynamicPolicyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.PasswordCallback;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.callback.TimestampValidationCallback;
import com.sun.xml.wss.impl.callback.UsernameCallback;
import com.sun.xml.wss.impl.configuration.DynamicApplicationContext;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.saml.Assertion;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivateKey;
import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Map;
import java.util.Timer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKey;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import javax.xml.namespace.QName;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/xml/wss/impl/misc/DefaultSecurityEnvironmentImpl.class */
public class DefaultSecurityEnvironmentImpl implements SecurityEnvironment {
    static final boolean USE_DAEMON_THREAD = true;
    static final Timer nonceCleanupTimer = new Timer(true);
    private static final long offset;
    protected static Logger log;
    CallbackHandler callbackHandler;
    NonceCache nonceCache = null;
    private final SimpleDateFormat calendarFormatter1 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
    private final SimpleDateFormat calendarFormatter2 = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'");

    public DefaultSecurityEnvironmentImpl(CallbackHandler callbackHandler) {
        this.callbackHandler = null;
        this.callbackHandler = callbackHandler;
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getDefaultCertificate(Map map) throws XWSSecurityException {
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            X509Certificate x509Certificate = defaultPrivKeyCertRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, "WSS0218.cannot.locate.default.cert");
            throw new XWSSecurityException("Unable to locate a default certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public SignatureKeyCallback.PrivKeyCertRequest getDefaultPrivKeyCertRequest(Map map) throws XWSSecurityException {
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            return defaultPrivKeyCertRequest;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public SignatureKeyCallback.AliasPrivKeyCertRequest getAliasPrivKeyCertRequest(String str) throws XWSSecurityException {
        SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
        try {
            this.callbackHandler.handle(new Callback[]{new SignatureKeyCallback(aliasPrivKeyCertRequest)});
            return aliasPrivKeyCertRequest;
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    public PrivateKey getDefaultPrivateKey(Map map) throws XWSSecurityException {
        SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = new SignatureKeyCallback.DefaultPrivKeyCertRequest();
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(defaultPrivKeyCertRequest);
        ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            PrivateKey privateKey = defaultPrivKeyCertRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, "WSS0219.cannot.locate.default.privkey");
            throw new XWSSecurityException("Unable to locate a default certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.DefaultPrivKeyCertRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public SecretKey getSecretKey(Map map, String str, boolean z) throws XWSSecurityException {
        SecretKey symmetricKey;
        if (z) {
            EncryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest = new EncryptionKeyCallback.AliasSymmetricKeyRequest(str);
            EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(aliasSymmetricKeyRequest);
            ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
                symmetricKey = aliasSymmetricKeyRequest.getSymmetricKey();
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"EncryptionKeyCallback.AliasSymmetricKeyRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
                throw new XWSSecurityException(e);
            }
        } else {
            DecryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest2 = new DecryptionKeyCallback.AliasSymmetricKeyRequest(str);
            DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(aliasSymmetricKeyRequest2);
            ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
                symmetricKey = aliasSymmetricKeyRequest2.getSymmetricKey();
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"DecryptionKeyCallback.AliasSymmetricKeyRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        }
        if (symmetricKey != null) {
            return symmetricKey;
        }
        log.log(Level.SEVERE, "WSS0220.cannot.locate.symmetrickey.for.decrypt");
        throw new XWSSecurityException(new StringBuffer().append("Could not locate the symmetric key for alias ").append(str).toString());
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, String str, boolean z) throws XWSSecurityException {
        X509Certificate x509Certificate;
        if (str == null && z) {
            return getDefaultCertificate(map);
        }
        if (z) {
            SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
            SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(aliasPrivKeyCertRequest);
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
                x509Certificate = aliasPrivKeyCertRequest.getX509Certificate();
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
                throw new XWSSecurityException(e);
            }
        } else {
            EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest = new EncryptionKeyCallback.AliasX509CertificateRequest(str);
            EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(aliasX509CertificateRequest);
            ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
                x509Certificate = aliasX509CertificateRequest.getX509Certificate();
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"EncryptionKeyCallback.AliasX509CertificateRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
        }
        if (x509Certificate != null) {
            return x509Certificate;
        }
        log.log(Level.SEVERE, "WSS0221.cannot.locate.cert", new Object[]{z ? "Signature" : "Key Ecnryption"});
        throw new XWSSecurityException(new StringBuffer().append("Unable to locate certificate for the alias ").append(str).toString());
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, PublicKey publicKey, boolean z) throws XWSSecurityException {
        if (z) {
            SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest = new SignatureVerificationKeyCallback.PublicKeyBasedRequest(publicKey);
            SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(publicKeyBasedRequest);
            ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            } catch (UnsupportedCallbackException e) {
            } catch (Exception e2) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureVerificationKeyCallback.PublicKeyBasedRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e2);
                throw new XWSSecurityException(e2);
            }
            return publicKeyBasedRequest.getX509Certificate();
        }
        EncryptionKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest2 = new EncryptionKeyCallback.PublicKeyBasedRequest(publicKey);
        EncryptionKeyCallback encryptionKeyCallback = new EncryptionKeyCallback(publicKeyBasedRequest2);
        ProcessingContext.copy(encryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{encryptionKeyCallback});
        } catch (UnsupportedCallbackException e3) {
        } catch (Exception e4) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"EncryptionKeyCallback.PublicKeyBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e4);
            throw new XWSSecurityException(e4);
        }
        return publicKeyBasedRequest2.getX509Certificate();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, String str) throws XWSSecurityException {
        if (str == null) {
            return getDefaultPrivateKey(map);
        }
        SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest = new SignatureKeyCallback.AliasPrivKeyCertRequest(str);
        SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(aliasPrivKeyCertRequest);
        ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
            PrivateKey privateKey = aliasPrivKeyCertRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, "WSS0222.cannot.locate.privkey", new Object[]{str});
            throw new XWSSecurityException(new StringBuffer().append("Unable to locate private key for the alias ").append(str).toString());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.AliasPrivKeyCertRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, byte[] bArr) throws XWSSecurityException {
        DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = new DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest(bArr);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509SubjectKeyIdentifierBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509SubjectKeyIdentifierBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, "WSS0222.cannot.locate.privkey", new Object[]{bArr});
            throw new XWSSecurityException(new StringBuffer().append("No Matching private key for ").append(com.sun.org.apache.xml.internal.security.utils.Base64.encode(bArr)).append(" subject key identifier found").toString());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        DecryptionKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = new DecryptionKeyCallback.X509IssuerSerialBasedRequest(str, bigInteger);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509IssuerSerialBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509IssuerSerialBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, "WSS0222.cannot.locate.privkey", new Object[]{new StringBuffer().append(bigInteger).append(":").append(str).toString()});
            throw new XWSSecurityException(new StringBuffer().append("No Matching private key for serial number ").append(bigInteger).append(" and issuer name ").append(str).append(" found").toString());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"DecryptionKeyCallback.X509IssuerSerialBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, byte[] bArr) throws XWSSecurityException {
        return getCertificate(map, bArr).getPublicKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, byte[] bArr) throws XWSSecurityException {
        SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest = new SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest(bArr);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(x509SubjectKeyIdentifierBasedRequest);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            X509Certificate x509Certificate = x509SubjectKeyIdentifierBasedRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, "WSS0221.cannot.locate.cert", new Object[]{bArr});
            throw new XWSSecurityException(new StringBuffer().append("No Matching public key for ").append(com.sun.org.apache.xml.internal.security.utils.Base64.encode(bArr)).append(" subject key identifier found").toString());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PublicKey getPublicKey(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        return getCertificate(map, bigInteger, str).getPublicKey();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public X509Certificate getCertificate(Map map, BigInteger bigInteger, String str) throws XWSSecurityException {
        SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest = new SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest(str, bigInteger);
        SignatureVerificationKeyCallback signatureVerificationKeyCallback = new SignatureVerificationKeyCallback(x509IssuerSerialBasedRequest);
        ProcessingContext.copy(signatureVerificationKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{signatureVerificationKeyCallback});
            X509Certificate x509Certificate = x509IssuerSerialBasedRequest.getX509Certificate();
            if (x509Certificate != null) {
                return x509Certificate;
            }
            log.log(Level.SEVERE, "WSS0221.cannot.locate.cert", new Object[]{new StringBuffer().append(bigInteger).append(":").append(str).toString()});
            throw new XWSSecurityException(new StringBuffer().append("No Matching public key for serial number ").append(bigInteger).append(" and issuer name ").append(str).append(" found").toString());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateCertificate(X509Certificate x509Certificate) throws XWSSecurityException {
        CertificateValidationCallback certificateValidationCallback = new CertificateValidationCallback(x509Certificate);
        try {
            this.callbackHandler.handle(new Callback[]{certificateValidationCallback});
            return certificateValidationCallback.getResult();
        } catch (Exception e) {
            throw newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, "Certificate validation failed", e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, String str, String str2) {
        AccessController.doPrivileged(new PrivilegedAction(this, str, subject, str2) { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.1
            private final String val$username;
            private final Subject val$subject;
            private final String val$password;
            private final DefaultSecurityEnvironmentImpl this$0;

            {
                this.this$0 = this;
                this.val$username = str;
                this.val$subject = subject;
                this.val$password = str2;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                this.val$subject.getPrincipals().add(new X500Principal(new StringBuffer().append("CN=").append(this.val$username).toString()));
                if (this.val$password == null) {
                    return null;
                }
                this.val$subject.getPrivateCredentials().add(this.val$password);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, X509Certificate x509Certificate) {
        AccessController.doPrivileged(new PrivilegedAction(this, x509Certificate, subject) { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.2
            private final X509Certificate val$cert;
            private final Subject val$subject;
            private final DefaultSecurityEnvironmentImpl this$0;

            {
                this.this$0 = this;
                this.val$cert = x509Certificate;
                this.val$subject = subject;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                this.val$subject.getPrincipals().add(this.val$cert.getSubjectX500Principal());
                this.val$subject.getPublicCredentials().add(this.val$cert);
                return null;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void updateOtherPartySubject(Subject subject, Assertion assertion) {
        AccessController.doPrivileged(new PrivilegedAction(this, subject, assertion) { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.3
            private final Subject val$subject;
            private final Assertion val$assertion;
            private final DefaultSecurityEnvironmentImpl this$0;

            {
                this.this$0 = this;
                this.val$subject = subject;
                this.val$assertion = assertion;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                this.val$subject.getPublicCredentials().add(this.val$assertion);
                return null;
            }
        });
    }

    public static Subject getSubject(FilterProcessingContext filterProcessingContext) {
        return (Subject) AccessController.doPrivileged(new PrivilegedAction(filterProcessingContext) { // from class: com.sun.xml.wss.impl.misc.DefaultSecurityEnvironmentImpl.4
            private final FilterProcessingContext val$context;

            {
                this.val$context = filterProcessingContext;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Subject subject = (Subject) this.val$context.getExtraneousProperty(MessageConstants.AUTH_SUBJECT);
                if (subject == null) {
                    subject = new Subject();
                    this.val$context.setExtraneousProperty(MessageConstants.AUTH_SUBJECT, subject);
                    SubjectAccessor.setRequesterSubject(subject);
                }
                return subject;
            }
        });
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, X509Certificate x509Certificate) throws XWSSecurityException {
        DecryptionKeyCallback.X509CertificateBasedRequest x509CertificateBasedRequest = new DecryptionKeyCallback.X509CertificateBasedRequest(x509Certificate);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(x509CertificateBasedRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            PrivateKey privateKey = x509CertificateBasedRequest.getPrivateKey();
            if (privateKey != null) {
                return privateKey;
            }
            log.log(Level.SEVERE, "WSS0222.cannot.locate.privkey", new Object[]{"given certificate"});
            throw new XWSSecurityException("Could not retrieve private Key matching the given certificate");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"DecryptionKeyCallback.X509CertificateBasedRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public PrivateKey getPrivateKey(Map map, PublicKey publicKey, boolean z) throws XWSSecurityException {
        if (z) {
            SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest publicKeyBasedPrivKeyCertRequest = new SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest(publicKey);
            SignatureKeyCallback signatureKeyCallback = new SignatureKeyCallback(publicKeyBasedPrivKeyCertRequest);
            ProcessingContext.copy(signatureKeyCallback.getRuntimeProperties(), map);
            try {
                this.callbackHandler.handle(new Callback[]{signatureKeyCallback});
                return publicKeyBasedPrivKeyCertRequest.getPrivateKey();
            } catch (Exception e) {
                log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest"});
                log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
                throw new XWSSecurityException(e);
            }
        }
        DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest publicKeyBasedPrivKeyRequest = new DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest(publicKey);
        DecryptionKeyCallback decryptionKeyCallback = new DecryptionKeyCallback(publicKeyBasedPrivKeyRequest);
        ProcessingContext.copy(decryptionKeyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{decryptionKeyCallback});
            return publicKeyBasedPrivKeyRequest.getPrivateKey();
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e2);
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Subject getSubject() {
        throw new UnsupportedOperationException("This environment does not have an associated Subject");
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2, String str3, String str4) throws XWSSecurityException {
        PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(new PasswordValidationCallback.DigestPasswordRequest(str, str2, str3, str4));
        ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            return passwordValidationCallback.getResult();
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean authenticateUser(Map map, String str, String str2) throws XWSSecurityException {
        PasswordValidationCallback passwordValidationCallback = new PasswordValidationCallback(new PasswordValidationCallback.PlainTextPasswordRequest(str, str2));
        ProcessingContext.copy(passwordValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordValidationCallback});
            return passwordValidationCallback.getResult();
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    private void defaultValidateCreationTime(String str, long j, long j2) throws XWSSecurityException {
        Date parse;
        try {
            try {
                synchronized (this.calendarFormatter1) {
                    parse = this.calendarFormatter1.parse(str);
                }
            } catch (ParseException e) {
                synchronized (this.calendarFormatter2) {
                    parse = this.calendarFormatter2.parse(str);
                }
            }
            if (parse.before(getFreshnessAndSkewAdjustedDate(j, j2))) {
                throw new XWSSecurityException("The creation time is older than  currenttime - timestamp-freshness-limit - max-clock-skew");
            }
            if (getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, true).before(parse)) {
                throw new XWSSecurityException("The creation time is ahead of the current time.");
            }
        } catch (ParseException e2) {
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateCreationTime(Map map, String str, long j, long j2) throws XWSSecurityException {
        TimestampValidationCallback.UTCTimestampRequest uTCTimestampRequest = new TimestampValidationCallback.UTCTimestampRequest(str, null, j, j2);
        uTCTimestampRequest.isUsernameToken(true);
        TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(uTCTimestampRequest);
        ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{timestampValidationCallback});
            try {
                timestampValidationCallback.getResult();
            } catch (TimestampValidationCallback.TimestampValidationException e) {
                throw new XWSSecurityException(e);
            }
        } catch (UnsupportedCallbackException e2) {
            defaultValidateCreationTime(str, j, j2);
        } catch (Exception e3) {
            throw new XWSSecurityException(e3);
        }
    }

    public boolean validateSamlIssuer(String str) {
        throw new UnsupportedOperationException();
    }

    public boolean validateSamlUser(String str, String str2, String str3) {
        throw new UnsupportedOperationException();
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getUsername(Map map) throws XWSSecurityException {
        UsernameCallback usernameCallback = new UsernameCallback();
        ProcessingContext.copy(usernameCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{usernameCallback});
            return usernameCallback.getUsername();
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0216.callbackhandler.handle.exception", new Object[]{"UsernameCallback"});
            log.log(Level.SEVERE, "WSS0217.callbackhandler.handle.exception.log", (Throwable) e);
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public String getPassword(Map map) throws XWSSecurityException {
        PasswordCallback passwordCallback = new PasswordCallback();
        ProcessingContext.copy(passwordCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{passwordCallback});
            return passwordCallback.getPassword();
        } catch (Exception e) {
            throw new XWSSecurityException(e.getMessage(), e);
        }
    }

    private void defaultValidateExpirationTime(String str, long j, long j2) throws XWSSecurityException {
        Date parse;
        try {
            if (str != null) {
                try {
                    synchronized (this.calendarFormatter1) {
                        parse = this.calendarFormatter1.parse(str);
                    }
                } catch (ParseException e) {
                    synchronized (this.calendarFormatter2) {
                        parse = this.calendarFormatter2.parse(str);
                    }
                }
                if (parse.before(getGMTDateWithSkewAdjusted(new GregorianCalendar(), j, false))) {
                    log.log(Level.SEVERE, "WSS0393.current.ahead.of.expires");
                    throw new XWSSecurityException("The current time is ahead of the expiration time in Timestamp");
                }
            }
        } catch (Exception e2) {
            log.log(Level.SEVERE, "WSS0394.error.parsing.expirationtime");
            throw new XWSSecurityException(e2);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateTimestamp(Map map, Timestamp timestamp, long j, long j2) throws XWSSecurityException {
        if (expiresBeforeCreated(timestamp.getCreated(), timestamp.getExpires())) {
            throw newSOAPFaultException(MessageConstants.WSU_MESSAGE_EXPIRED, "Message expired!", new XWSSecurityException("Message expired!"));
        }
        TimestampValidationCallback timestampValidationCallback = new TimestampValidationCallback(new TimestampValidationCallback.UTCTimestampRequest(timestamp.getCreated(), timestamp.getExpires(), j, j2));
        ProcessingContext.copy(timestampValidationCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{timestampValidationCallback});
            try {
                timestampValidationCallback.getResult();
            } catch (TimestampValidationCallback.TimestampValidationException e) {
                throw new XWSSecurityException(e);
            }
        } catch (UnsupportedCallbackException e2) {
            defaultValidateCreationTime(timestamp.getCreated(), j, j2);
            defaultValidateExpirationTime(timestamp.getExpires(), j, j2);
        } catch (Exception e3) {
            throw new XWSSecurityException(e3);
        }
    }

    public static WssSoapFaultException newSOAPFaultException(QName qName, String str, Throwable th) {
        WssSoapFaultException wssSoapFaultException = new WssSoapFaultException(qName, str, null, null);
        wssSoapFaultException.initCause(th);
        return wssSoapFaultException;
    }

    private static Date getGMTDateWithSkewAdjusted(Calendar calendar, long j, boolean z) {
        long timeInMillis = calendar.getTimeInMillis() - offset;
        calendar.setTimeInMillis(z ? timeInMillis + j : timeInMillis - j);
        return calendar.getTime();
    }

    private static Date getFreshnessAndSkewAdjustedDate(long j, long j2) {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTimeInMillis(((gregorianCalendar.getTimeInMillis() - offset) - j) - j2);
        return gregorianCalendar.getTime();
    }

    private boolean expiresBeforeCreated(String str, String str2) throws XWSSecurityException {
        Date parse;
        Date date = null;
        try {
            try {
                synchronized (this.calendarFormatter1) {
                    parse = this.calendarFormatter1.parse(str);
                    if (str2 != null) {
                        date = this.calendarFormatter1.parse(str2);
                    }
                }
            } catch (ParseException e) {
                synchronized (this.calendarFormatter2) {
                    parse = this.calendarFormatter2.parse(str);
                    if (str2 != null) {
                        date = this.calendarFormatter2.parse(str2);
                    }
                }
            }
            if (date == null || !date.equals(parse)) {
                return date != null && date.before(parse);
            }
            return true;
        } catch (ParseException e2) {
            throw new XWSSecurityException(e2.getMessage());
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public boolean validateAndCacheNonce(String str, String str2, long j) throws XWSSecurityException {
        if (this.nonceCache == null || (this.nonceCache != null && this.nonceCache.wasCanceled())) {
            initNonceCache(j);
        }
        if (!this.nonceCache.isScheduled()) {
            setNonceCacheCleanup();
        }
        return this.nonceCache.validateAndCacheNonce(str, str2);
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public void validateSAMLAssertion(Map map, Element element) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) new AuthenticationTokenPolicy().newSAMLAssertionFeatureBinding();
        sAMLAssertionBinding.setAssertion(element);
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, null);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
        } catch (Exception e) {
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_FAILED_AUTHENTICATION, new StringBuffer().append("Validation failed for SAML Assertion ID: ").append(((Assertion) element).getAssertionID()).toString(), e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public Element locateSAMLAssertion(Map map, Element element, String str, Document document) throws XWSSecurityException {
        AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding = (AuthenticationTokenPolicy.SAMLAssertionBinding) new AuthenticationTokenPolicy().newSAMLAssertionFeatureBinding();
        sAMLAssertionBinding.setAuthorityBinding(element);
        sAMLAssertionBinding.setAssertionId(str);
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, null);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
            Element assertion = sAMLAssertionBinding.getAssertion();
            if (assertion == null) {
                throw new XWSSecurityException("SAML Assertion not set into Policy by CallbackHandler");
            }
            return assertion;
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public AuthenticationTokenPolicy.SAMLAssertionBinding populateSAMLPolicy(Map map, AuthenticationTokenPolicy.SAMLAssertionBinding sAMLAssertionBinding, DynamicApplicationContext dynamicApplicationContext) throws XWSSecurityException {
        DynamicPolicyCallback dynamicPolicyCallback = new DynamicPolicyCallback(sAMLAssertionBinding, dynamicApplicationContext);
        ProcessingContext.copy(dynamicPolicyCallback.getRuntimeProperties(), map);
        try {
            this.callbackHandler.handle(new Callback[]{dynamicPolicyCallback});
            return (AuthenticationTokenPolicy.SAMLAssertionBinding) dynamicPolicyCallback.getSecurityPolicy();
        } catch (Exception e) {
            throw new XWSSecurityException(e);
        }
    }

    @Override // com.sun.xml.wss.SecurityEnvironment
    public CallbackHandler getCallbackHandler() {
        return this.callbackHandler;
    }

    private synchronized void initNonceCache(long j) {
        if (this.nonceCache == null) {
            if (j == 0) {
                this.nonceCache = new NonceCache();
                return;
            } else {
                this.nonceCache = new NonceCache(j);
                return;
            }
        }
        if (this.nonceCache.wasCanceled()) {
            if (j == 0) {
                this.nonceCache = new NonceCache();
            } else {
                this.nonceCache = new NonceCache(j);
            }
        }
    }

    private synchronized void setNonceCacheCleanup() {
        if (this.nonceCache.isScheduled()) {
            return;
        }
        nonceCleanupTimer.schedule(this.nonceCache, this.nonceCache.getMaxNonceAge(), this.nonceCache.getMaxNonceAge());
        this.nonceCache.scheduled(true);
    }

    private void validateSamlVersion(Assertion assertion) {
        BigInteger majorVersion = assertion.getMajorVersion();
        BigInteger minorVersion = assertion.getMinorVersion();
        if (majorVersion.intValue() != 1) {
            log.log(Level.SEVERE, "WSS0404.saml.invalid.version");
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, new StringBuffer().append("Major version is not 1 for SAML Assertion:").append(assertion.getAssertionID()).toString(), new Exception("Major version is not 1 for SAML Assertion"));
        }
        if (minorVersion.intValue() == 0 || minorVersion.intValue() == 1) {
            return;
        }
        log.log(Level.SEVERE, "WSS0404.saml.invalid.version");
        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY_TOKEN, new StringBuffer().append("Minor version is not 0/1 for SAML Assertion:").append(assertion.getAssertionID()).toString(), new Exception("Minor version is not 0/1 for SAML Assertion"));
    }

    private void validateIssuer(SecurableSoapMessage securableSoapMessage, Assertion assertion) {
    }

    private void validateSamlUser(SecurableSoapMessage securableSoapMessage, Assertion assertion) {
    }

    static {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        long j = gregorianCalendar.get(15);
        if (gregorianCalendar.getTimeZone().inDaylightTime(gregorianCalendar.getTime())) {
            j += gregorianCalendar.getTimeZone().getDSTSavings();
        }
        offset = j;
        log = Logger.getLogger("jakarta.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    }
}
