package com.sun.identity.wss.security;

import com.iplanet.am.util.SecureRandomManager;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.shared.DateUtils;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.xml.XMLUtils;
import java.security.MessageDigest;
import java.util.Date;
import java.util.ResourceBundle;
import org.apache.batik.constants.XMLConstants;
import org.forgerock.openam.sdk.org.forgerock.util.crypto.CryptoConstants;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/wss/security/UserNameToken.class */
public class UserNameToken implements SecurityToken {
    private static final String USER_NAME_TOKEN = "UsernameToken";
    private static final String USER_NAME = "Username";
    private static final String PASSWORD = "Password";
    private static final String NONCE = "Nonce";
    private static final String CREATED = "Created";
    private String passwordType;
    private boolean setNonce;
    private boolean setTimeStamp;
    private String nonce;
    private String created;
    private String username;
    private String password;
    private String xmlString;
    private String id;
    private static Debug debug = WSSUtils.debug;
    private static ResourceBundle bundle = WSSUtils.bundle;

    public UserNameToken(UserNameTokenSpec userNameTokenSpec) throws SecurityException {
        this.passwordType = null;
        this.setNonce = false;
        this.setTimeStamp = false;
        this.nonce = null;
        this.created = null;
        this.username = null;
        this.password = null;
        this.xmlString = null;
        this.id = null;
        if (userNameTokenSpec == null) {
            throw new SecurityException(bundle.getString("invalidTokenSpec"));
        }
        debug.message("UserNameToken.constructor:");
        this.username = userNameTokenSpec.getUserName();
        if (this.username == null) {
            debug.error("UserNameToken:: username is null");
            throw new SecurityException(bundle.getString("invalidTokenSpec"));
        }
        this.username = this.username.trim();
        if (this.username.length() == 0) {
            debug.error("UserNameToken:: username is null");
            throw new SecurityException(bundle.getString("invalidTokenSpec"));
        }
        this.passwordType = userNameTokenSpec.getPasswordType();
        this.setNonce = userNameTokenSpec.isCreateNonce();
        this.setTimeStamp = userNameTokenSpec.isCreateTimeStamp();
        if (this.setNonce) {
            createNonce();
        }
        if (this.setTimeStamp) {
            this.created = DateUtils.toUTCDateFormat(new Date());
        }
        setPassword(userNameTokenSpec.getPassword());
        this.id = SAMLUtils.generateID();
    }

    public UserNameToken(Element element) throws SecurityException {
        this.passwordType = null;
        this.setNonce = false;
        this.setTimeStamp = false;
        this.nonce = null;
        this.created = null;
        this.username = null;
        this.password = null;
        this.xmlString = null;
        this.id = null;
        if (element == null) {
            throw new IllegalArgumentException(bundle.getString("nullInputParameter"));
        }
        if (!"UsernameToken".equals(element.getLocalName()) || !"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(element.getNamespaceURI())) {
            throw new SecurityException(bundle.getString("invalidElement"));
        }
        NodeList childNodes = element.getChildNodes();
        if (childNodes == null || childNodes.getLength() == 0) {
            throw new SecurityException(bundle.getString("invalidElement"));
        }
        for (int i = 0; i < childNodes.getLength(); i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1) {
                Element element2 = (Element) item;
                if (USER_NAME.equals(item.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(item.getNamespaceURI())) {
                    this.username = item.getFirstChild().getNodeValue();
                } else if ("Password".equals(item.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(item.getNamespaceURI())) {
                    this.password = item.getFirstChild().getNodeValue();
                    Attr attributeNodeNS = element2.getAttributeNodeNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "Type");
                    if (attributeNodeNS != null) {
                        this.passwordType = attributeNodeNS.getNodeValue();
                    } else {
                        this.passwordType = element2.getAttribute("Type");
                    }
                } else if (NONCE.equals(item.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(item.getNamespaceURI())) {
                    this.nonce = item.getFirstChild().getNodeValue();
                } else if ("Created".equals(item.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd".equals(item.getNamespaceURI())) {
                    this.created = item.getFirstChild().getNodeValue();
                } else if (debug.messageEnabled()) {
                    debug.message("UserNameToken.constructor:: Invalid element " + item.getLocalName());
                }
            }
        }
        if (this.username == null || this.username.length() == 0) {
            debug.error("UserNameToken.constructor:: username is null");
            throw new SecurityException(bundle.getString("invalidElement"));
        }
    }

    public String getUserName() {
        return this.username;
    }

    public void setUserName(String str) {
        this.username = str;
    }

    public String getPassword() {
        return this.password;
    }

    public String getPasswordType() {
        return this.passwordType;
    }

    public void setPassword(String str) throws SecurityException {
        if (str == null) {
            debug.error("UserNameToken.setPassword:: password is empty");
            throw new SecurityException(bundle.getString("invalidTokenSpec"));
        }
        if (this.passwordType == null || !WSSConstants.PASSWORD_DIGEST_TYPE.equals(this.passwordType)) {
            this.password = str;
        } else {
            this.password = getPasswordDigest(str, this.nonce, this.created);
        }
    }

    public String getNonce() {
        return this.nonce;
    }

    public String getCreated() {
        return this.created;
    }

    public String getSigningId() {
        return this.id;
    }

    public String toString() {
        if (this.xmlString != null) {
            return this.xmlString;
        }
        StringBuffer stringBuffer = new StringBuffer(300);
        stringBuffer.append("<").append("wsse").append(":").append("UsernameToken").append(" ").append("xmlns:wsse").append(XMLConstants.XML_EQUAL_QUOT).append("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd").append("\" ").append("xmlns:wsu").append(XMLConstants.XML_EQUAL_QUOT).append("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd").append("\" ").append("wsu:Id").append(XMLConstants.XML_EQUAL_QUOT).append(this.id).append("\">\n").append("<").append("wsse").append(":").append(USER_NAME).append(">").append(this.username).append("</").append("wsse").append(":").append(USER_NAME).append(">\n").append("<").append("wsse").append(":").append("Password");
        if (this.passwordType != null) {
            stringBuffer.append(" ").append("Type=").append("\"").append(this.passwordType).append("\"");
        }
        stringBuffer.append(">").append(this.password).append("</").append("wsse").append(":").append("Password").append(">\n");
        if (this.nonce != null) {
            stringBuffer.append("<").append("wsse").append(":").append(NONCE).append(" ").append("EncodingType=").append("\"").append(BinarySecurityToken.BASE64BINARY).append("\"").append(">").append(this.nonce).append("</").append("wsse").append(":").append(NONCE).append(">\n");
        }
        if (this.created != null) {
            stringBuffer.append("<").append("wsu").append(":").append("Created").append(">").append(this.created).append("</").append("wsu").append(":").append("Created").append(">\n");
        }
        stringBuffer.append("</").append("wsse").append(":").append("UsernameToken").append(">\n");
        this.xmlString = stringBuffer.toString();
        if (debug.messageEnabled()) {
            debug.message("UserNameToken.toString:: \n" + this.xmlString);
        }
        return this.xmlString;
    }

    @Override // com.sun.identity.wss.security.SecurityToken
    public Element toDocumentElement() throws SecurityException {
        Document dOMDocument = XMLUtils.toDOMDocument(toString(), debug);
        if (dOMDocument == null) {
            throw new SecurityException(bundle.getString("cannotConvertToDocument"));
        }
        return dOMDocument.getDocumentElement();
    }

    @Override // com.sun.identity.wss.security.SecurityToken
    public String getTokenType() {
        return SecurityToken.WSS_USERNAME_TOKEN;
    }

    private void createNonce() throws SecurityException {
        byte[] bArr = new byte[18];
        try {
            SecureRandomManager.getSecureRandom().nextBytes(bArr);
            this.nonce = Base64.encode(bArr);
        } catch (Exception e) {
            debug.error("UserNameToken.createNonce:: exception", e);
            throw new SecurityException();
        }
    }

    public static String getPasswordDigest(String str, String str2, String str3) throws SecurityException {
        try {
            if (str2 == null || str3 == null || str == null) {
                debug.error("UserNameToken.getPasswordDigest:: nonce and created are required");
                throw new IllegalArgumentException("nullInputParams");
            }
            byte[] decode = Base64.decode(str2);
            byte[] bytes = str3.getBytes("UTF-8");
            byte[] bytes2 = str.getBytes("UTF-8");
            byte[] bArr = new byte[decode.length + bytes.length + bytes2.length];
            System.arraycopy(decode, 0, bArr, 0, decode.length);
            int length = 0 + decode.length;
            System.arraycopy(bytes, 0, bArr, length, bytes.length);
            System.arraycopy(bytes2, 0, bArr, length + bytes.length, bytes2.length);
            MessageDigest messageDigest = MessageDigest.getInstance(CryptoConstants.ALGORITHM_SHA_1);
            messageDigest.reset();
            messageDigest.update(bArr);
            return Base64.encode(messageDigest.digest());
        } catch (Exception e) {
            debug.error("UserNameToken.getPasswordDigest:: password digest error.", e);
            throw new SecurityException(bundle.getString("passwordDigestFailed"));
        }
    }
}
