package org.apache.ws.security.processor;

import java.util.Collections;
import java.util.List;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.SAMLTokenPrincipal;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.WSUsernameTokenPrincipal;
import org.apache.ws.security.cache.ReplayCache;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.UsernameToken;
import org.apache.ws.security.validate.Credential;
import org.apache.ws.security.validate.Validator;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/lib/wss4j-1.6.6.jar:org/apache/ws/security/processor/UsernameTokenProcessor.class */
public class UsernameTokenProcessor implements Processor {
    private static Log log = LogFactory.getLog(UsernameTokenProcessor.class);

    @Override // org.apache.ws.security.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        if (log.isDebugEnabled()) {
            log.debug("Found UsernameToken list element");
        }
        String attributeNS = element.getAttributeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", "Id");
        if (!"".equals(attributeNS)) {
            Element tokenElement = wSDocInfo.getTokenElement(attributeNS);
            if (element.equals(tokenElement)) {
                return Collections.singletonList(wSDocInfo.getResult(attributeNS));
            }
            if (tokenElement != null) {
                throw new WSSecurityException(4, "duplicateError");
            }
        }
        Validator validator = requestData.getValidator(WSSecurityEngine.USERNAME_TOKEN);
        Credential handleUsernameToken = handleUsernameToken(element, validator, requestData);
        UsernameToken usernametoken = handleUsernameToken.getUsernametoken();
        int i = 1;
        byte[] bArr = null;
        if (usernametoken.getPassword() == null) {
            i = 8192;
            if (usernametoken.isDerivedKey()) {
                usernametoken.setRawPassword(requestData);
                bArr = usernametoken.getDerivedKey();
            }
        }
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(i, usernametoken);
        wSSecurityEngineResult.put("id", usernametoken.getID());
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_SECRET, bArr);
        if (validator != null) {
            wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_VALIDATED_TOKEN, Boolean.TRUE);
            if (handleUsernameToken.getTransformedToken() != null) {
                wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_TRANSFORMED_TOKEN, handleUsernameToken.getTransformedToken());
                wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_PRINCIPAL, new SAMLTokenPrincipal(handleUsernameToken.getTransformedToken()));
            } else {
                WSUsernameTokenPrincipal wSUsernameTokenPrincipal = new WSUsernameTokenPrincipal(usernametoken.getName(), usernametoken.isHashed());
                wSUsernameTokenPrincipal.setNonce(usernametoken.getNonce());
                wSUsernameTokenPrincipal.setPassword(usernametoken.getPassword());
                wSUsernameTokenPrincipal.setCreatedTime(usernametoken.getCreated());
                wSUsernameTokenPrincipal.setPasswordType(usernametoken.getPasswordType());
                wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_PRINCIPAL, wSUsernameTokenPrincipal);
            }
        }
        wSDocInfo.addTokenElement(element);
        wSDocInfo.addResult(wSSecurityEngineResult);
        return Collections.singletonList(wSSecurityEngineResult);
    }

    public Credential handleUsernameToken(Element element, Validator validator, RequestData requestData) throws WSSecurityException {
        boolean z = false;
        boolean z2 = true;
        WSSConfig wssConfig = requestData.getWssConfig();
        if (wssConfig != null) {
            z = wssConfig.getAllowNamespaceQualifiedPasswordTypes();
            z2 = wssConfig.isWsiBSPCompliant();
        }
        UsernameToken usernameToken = new UsernameToken(element, z, z2);
        ReplayCache nonceReplayCache = requestData.getNonceReplayCache();
        if (nonceReplayCache != null && usernameToken.getNonce() != null) {
            if (nonceReplayCache.contains(usernameToken.getNonce())) {
                throw new WSSecurityException(3, "badUsernameToken", new Object[]{"A replay attack has been detected"});
            }
            nonceReplayCache.add(usernameToken.getNonce());
        }
        Credential credential = new Credential();
        credential.setUsernametoken(usernameToken);
        return validator != null ? validator.validate(credential, requestData) : credential;
    }
}
