package com.sun.identity.wss.security;

import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.idm.AMIdentity;
import com.sun.identity.idm.AMIdentityRepository;
import com.sun.identity.idm.IdRepoException;
import com.sun.identity.idm.IdSearchControl;
import com.sun.identity.idm.IdSearchOpModifier;
import com.sun.identity.idm.IdSearchResults;
import com.sun.identity.idm.IdType;
import com.sun.identity.saml.assertion.Assertion;
import com.sun.identity.saml.assertion.AttributeStatement;
import com.sun.identity.saml.assertion.AuthenticationStatement;
import com.sun.identity.saml.assertion.Statement;
import com.sun.identity.saml.assertion.Subject;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml.xmlsig.XMLSignatureException;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.security.AdminTokenAction;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import com.sun.identity.shared.locale.Locale;
import com.sun.identity.shared.xml.XMLUtils;
import com.sun.identity.wss.provider.ProviderConfig;
import com.sun.identity.wss.security.handler.WSSCacheRepository;
import com.sun.identity.wss.sts.spi.NameIdentifierMapper;
import com.sun.identity.wss.xmlenc.WSSEncryptionProvider;
import com.sun.identity.wss.xmlsig.WSSSignatureProvider;
import com.sun.identity.xmlenc.EncryptionConstants;
import com.sun.identity.xmlenc.XMLEncryptionManager;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.math.BigInteger;
import java.security.AccessController;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.ResourceBundle;
import java.util.Set;
import java.util.StringTokenizer;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPMessage;
import org.apache.batik.util.SVGConstants;
import org.forgerock.openam.sdk.org.apache.xml.security.c14n.Canonicalizer;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.EncryptedKey;
import org.forgerock.openam.sdk.org.apache.xml.security.encryption.XMLCipher;
import org.forgerock.openam.sdk.org.apache.xml.security.exceptions.XMLSecurityException;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.KeyInfo;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.keyvalues.DSAKeyValue;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.3.jar:com/sun/identity/wss/security/WSSUtils.class */
public class WSSUtils {
    public static ResourceBundle bundle;
    private static final String AGENT_TYPE_ATTR = "AgentType";
    private static final String WSP_ENDPOINT = "WSPEndpoint";
    private static final String WSS_CACHE_REPO_PLUGIN = "com.sun.identity.wss.security.cacherepository.plugin";
    private static final String MEMBERSHIPS = "Memberships";
    public static Debug debug = Debug.getInstance("WebServicesSecurity");
    private static XMLSignatureManager xmlSigManager = null;
    private static XMLEncryptionManager xmlEncManager = null;
    private static WSSCacheRepository cacheRepository = null;
    private static Set trustedCACertAliases = new HashSet();
    private static Map issuerTrustedCACertAliases = new HashMap();

    public static X509Certificate getCertificate(SecurityToken securityToken) throws SecurityException {
        String tokenType = securityToken.getTokenType();
        if (tokenType.equals(SecurityToken.WSS_SAML_TOKEN)) {
            AssertionToken assertionToken = (AssertionToken) securityToken;
            if (assertionToken.isSenderVouches()) {
                return null;
            }
            return getCertificate(getKeyInfo(assertionToken.getAssertion()));
        }
        if (!tokenType.equals(SecurityToken.WSS_X509_TOKEN)) {
            return null;
        }
        String tokenValue = ((BinarySecurityToken) securityToken).getTokenValue();
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append("-----BEGIN CERTIFICATE-----\n");
        stringBuffer.append(tokenValue);
        stringBuffer.append("\n-----END CERTIFICATE-----");
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(stringBuffer.toString().getBytes()));
        } catch (Exception e) {
            debug.error("WSSUtils.getCertificate:: Unable to retrieve  certificate from the binary token", e);
            throw new SecurityException(bundle.getString("cannotRetrieveCert"));
        }
    }

    private static Element getKeyInfo(Assertion assertion) {
        try {
            Subject subject = null;
            Set statement = assertion.getStatement();
            if (statement == null) {
                debug.error("Assertion does not contain any Statement.");
            }
            if (!statement.isEmpty()) {
                Iterator it = statement.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    Statement statement2 = (Statement) it.next();
                    if (statement2.getStatementType() == 1) {
                        subject = ((AuthenticationStatement) statement2).getSubject();
                        break;
                    }
                    if (statement2.getStatementType() == 3) {
                        subject = ((AttributeStatement) statement2).getSubject();
                    }
                }
            }
            return subject.getSubjectConfirmation().getKeyInfo();
        } catch (Exception e) {
            debug.error("getCertificate Exception: ", e);
            return null;
        }
    }

    public static X509Certificate getCertificate(Element element) {
        X509Certificate x509Certificate = null;
        if (debug.messageEnabled()) {
            debug.message("KeyInfo = " + XMLUtils.print(element));
        }
        if (((Element) element.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "EncryptedKey").item(0)) != null) {
            return null;
        }
        Element element2 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate").item(0);
        if (element2 == null) {
            try {
                x509Certificate = (X509Certificate) AMTokenProvider.getKeyProvider().getCertificate(getPublicKey(element));
            } catch (Exception e) {
                debug.error("getCertificate Exception: ", e);
            }
        } else {
            x509Certificate = getCertificate(XMLUtils.getElementValue(element2), null);
        }
        return x509Certificate;
    }

    private static PublicKey getPublicKey(Element element) throws XMLSignatureException {
        PublicKey publicKey = null;
        Document ownerDocument = element.getOwnerDocument();
        Element element2 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", SAMLConstants.TAG_DSAKEYVALUE).item(0);
        if (element2 != null) {
            NodeList childNodes = element2.getChildNodes();
            int length = childNodes.getLength();
            if (length > 0) {
                BigInteger bigInteger = null;
                BigInteger bigInteger2 = null;
                BigInteger bigInteger3 = null;
                BigInteger bigInteger4 = null;
                for (int i = 0; i < length; i++) {
                    Node item = childNodes.item(i);
                    if (item.getNodeType() == 1) {
                        String localName = item.getLocalName();
                        BigInteger bigInteger5 = new BigInteger(Base64.decode(SAMLUtils.removeNewLineChars(item.getChildNodes().item(0).getNodeValue())));
                        if (localName.equals("P")) {
                            bigInteger = bigInteger5;
                        } else if (localName.equals(SVGConstants.PATH_QUAD_TO)) {
                            bigInteger2 = bigInteger5;
                        } else if (localName.equals(SVGConstants.SVG_G_VALUE)) {
                            bigInteger3 = bigInteger5;
                        } else {
                            if (!localName.equals("Y")) {
                                throw new XMLSignatureException(bundle.getString("invalidReference"));
                            }
                            bigInteger4 = bigInteger5;
                        }
                    }
                }
                try {
                    publicKey = new DSAKeyValue(ownerDocument, bigInteger, bigInteger2, bigInteger3, bigInteger4).getPublicKey();
                } catch (XMLSecurityException e) {
                    debug.error("Could not get Public Key from DSA key value.");
                    throw new XMLSignatureException(bundle.getString("errorObtainPK"));
                }
            }
        } else {
            Element element3 = (Element) element.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", SAMLConstants.TAG_RSAKEYVALUE).item(0);
            if (element3 != null) {
                NodeList childNodes2 = element3.getChildNodes();
                int length2 = childNodes2.getLength();
                BigInteger bigInteger6 = null;
                BigInteger bigInteger7 = null;
                if (length2 > 0) {
                    for (int i2 = 0; i2 < length2; i2++) {
                        Node item2 = childNodes2.item(i2);
                        if (item2.getNodeType() == 1) {
                            String localName2 = item2.getLocalName();
                            BigInteger bigInteger8 = new BigInteger(Base64.decode(SAMLUtils.removeNewLineChars(item2.getChildNodes().item(0).getNodeValue())));
                            if (localName2.equals("Exponent")) {
                                bigInteger7 = bigInteger8;
                            } else {
                                if (!localName2.equals("Modulus")) {
                                    throw new XMLSignatureException("Invalid reference");
                                }
                                bigInteger6 = bigInteger8;
                            }
                        }
                    }
                }
                try {
                    publicKey = new RSAKeyValue(ownerDocument, bigInteger6, bigInteger7).getPublicKey();
                } catch (XMLSecurityException e2) {
                    debug.error("Could not get Public Key from RSA key value.");
                    throw new XMLSignatureException(bundle.getString("errorObtainPK"));
                }
            }
        }
        return publicKey;
    }

    private static X509Certificate getCertificate(String str, String str2) {
        X509Certificate x509Certificate = null;
        try {
            if (debug.messageEnabled()) {
                debug.message("getCertificate(Assertion) : " + str);
            }
            StringBuffer stringBuffer = new StringBuffer(100);
            stringBuffer.append("-----BEGIN CERTIFICATE-----\n");
            stringBuffer.append(str);
            stringBuffer.append("\n-----END CERTIFICATE-----");
            byte[] bytes = stringBuffer.toString().getBytes();
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bytes);
            if (str2 == null || !str2.equals("wsse:PKCS7")) {
                while (byteArrayInputStream.available() > 0) {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                }
            } else {
                Iterator<? extends Certificate> it = certificateFactory.generateCertificates(byteArrayInputStream).iterator();
                while (it.hasNext()) {
                    x509Certificate = (X509Certificate) it.next();
                }
            }
        } catch (Exception e) {
            debug.error("getCertificate Exception: ", e);
        }
        return x509Certificate;
    }

    public static SOAPMessage toSOAPMessage(Document document) {
        try {
            String namespaceURI = document.getDocumentElement().getNamespaceURI();
            MessageFactory newInstance = MessageFactory.newInstance();
            MimeHeaders mimeHeaders = new MimeHeaders();
            if ("http://schemas.xmlsoap.org/soap/envelope/".equals(namespaceURI)) {
                mimeHeaders.addHeader("Content-Type", "text/xml");
            } else if (SAMLConstants.SOAP12_URI.equals(namespaceURI)) {
                newInstance = MessageFactory.newInstance("SOAP 1.2 Protocol");
                mimeHeaders.addHeader("Content-Type", "application/soap+xml");
            }
            return newInstance.createMessage(mimeHeaders, new ByteArrayInputStream(print(document).getBytes("UTF-8")));
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    public static String print(Node node) {
        return XMLUtils.print(node);
    }

    public static Element prependChildElement(Element element, Element element2, boolean z, Document document) {
        Node firstChild = element.getFirstChild();
        if (firstChild == null) {
            element.appendChild(element2);
        } else {
            element.insertBefore(element2, firstChild);
        }
        if (z) {
            element.insertBefore(document.createTextNode("\n"), element2);
        }
        return element2;
    }

    public static Node getDirectChild(Node node, String str, String str2) {
        Node firstChild = node.getFirstChild();
        while (true) {
            Node node2 = firstChild;
            if (node2 == null) {
                return null;
            }
            if (str.equals(node2.getLocalName()) && str2.equals(node2.getNamespaceURI())) {
                return node2;
            }
            firstChild = node2.getNextSibling();
        }
    }

    public static XMLEncryptionManager getXMLEncryptionManager() {
        try {
            KeyProvider keyProvider = (KeyProvider) Thread.currentThread().getContextClassLoader().loadClass(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
            if (xmlEncManager == null) {
                synchronized (XMLEncryptionManager.class) {
                    if (xmlEncManager == null) {
                        xmlEncManager = XMLEncryptionManager.getInstance(new WSSEncryptionProvider(), keyProvider);
                    }
                }
            }
            return xmlEncManager;
        } catch (Exception e) {
            debug.error("getXMLEncryptionManager : get keyprovider error", e);
            throw new RuntimeException(e.getMessage());
        }
    }

    public static XMLSignatureManager getXMLSignatureManager() {
        try {
            KeyProvider keyProvider = (KeyProvider) Thread.currentThread().getContextClassLoader().loadClass(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
            if (xmlSigManager == null) {
                synchronized (XMLSignatureManager.class) {
                    if (xmlSigManager == null) {
                        xmlSigManager = XMLSignatureManager.getInstance(keyProvider, new WSSSignatureProvider());
                    }
                }
            }
            return xmlSigManager;
        } catch (Exception e) {
            debug.error("getXMLSignatureManager : get keystore error", e);
            throw new RuntimeException(e.getMessage());
        }
    }

    public static String getAuthMethodURI(String str) {
        if (str == null) {
            return null;
        }
        if (str.equalsIgnoreCase(SAMLConstants.AUTH_METHOD_CERT)) {
            return SAMLConstants.AUTH_METHOD_CERT_URI;
        }
        if (str.equalsIgnoreCase("Kerberos")) {
            return SAMLConstants.AUTH_METHOD_KERBEROS_URI;
        }
        if (SAMLConstants.passwordAuthMethods.contains(str.toLowerCase())) {
            return SAMLConstants.AUTH_METHOD_PASSWORD_URI;
        }
        if (SAMLConstants.tokenAuthMethods.contains(str.toLowerCase())) {
            return SAMLConstants.AUTH_METHOD_HARDWARE_TOKEN_URI;
        }
        StringBuffer stringBuffer = new StringBuffer(100);
        stringBuffer.append(SAMLConstants.AUTH_METHOD_URI_PREFIX).append(str);
        return stringBuffer.toString();
    }

    public static void setRoles(javax.security.auth.Subject subject, String str) {
        List memberShips = getMemberShips(str);
        if (memberShips == null || memberShips.isEmpty()) {
            if (debug.messageEnabled()) {
                debug.message("WSSUtils.setRoles:: There are no memberships for this user");
            }
        } else {
            if (debug.messageEnabled()) {
                debug.message("WSSUtils.setRoles:: " + memberShips);
            }
            Iterator it = memberShips.iterator();
            while (it.hasNext()) {
                subject.getPrincipals().add(new SecurityPrincipal((String) it.next()));
            }
        }
    }

    public static List getMemberShips(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            SSOToken adminToken = getAdminToken();
            if (adminToken == null) {
                debug.message("WSSUtils.getRoleMemberShips: Admin Token is null");
                return arrayList;
            }
            AMIdentity aMIdentity = new AMIdentity(adminToken, str);
            if (aMIdentity == null) {
                if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getMemberShips: unable to get the user");
                }
                return arrayList;
            }
            Set<IdType> supportedIdTypes = new AMIdentityRepository(adminToken, aMIdentity.getRealm()).getSupportedIdTypes();
            HashSet hashSet = new HashSet();
            for (IdType idType : supportedIdTypes) {
                if (!idType.canHaveMembers().isEmpty()) {
                    hashSet.add(idType);
                }
            }
            if (hashSet.isEmpty()) {
                if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getMemberShips: Can have enrolled types are empty");
                }
                return arrayList;
            }
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                Iterator it2 = aMIdentity.getMemberships((IdType) it.next()).iterator();
                while (it2.hasNext()) {
                    arrayList.add(((AMIdentity) it2.next()).getUniversalId());
                }
            }
            return arrayList;
        } catch (SSOException e) {
            debug.message("WSSUtils.getRoleMemberShips: SSOException : " + e);
            return arrayList;
        } catch (IdRepoException e2) {
            debug.message("WSSUtils.getRoleMemberShips: IdRepoException : " + e2);
            return arrayList;
        }
    }

    public static Map getAgentAttributes(String str, Set set, String str2) {
        try {
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository(getAdminToken(), "/");
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setAllReturnAttributes(true);
            idSearchControl.setTimeOut(0);
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashSet.add(str2);
            hashMap.put("AgentType", hashSet);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(str);
            hashMap.put(WSP_ENDPOINT, hashSet2);
            idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, hashMap);
            IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.AGENTONLY, "*", idSearchControl);
            Set searchResults = searchIdentities.getSearchResults();
            if (searchResults.isEmpty()) {
                return new HashMap();
            }
            searchIdentities.getResultAttributes();
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            return set != null ? aMIdentity.getAttributes(set) : aMIdentity.getAttributes();
        } catch (Exception e) {
            debug.error("STSUtils.getAgentAttributes: Exception", e);
            return new HashMap();
        }
    }

    public static SSOToken getAdminToken() {
        SSOToken sSOToken;
        try {
            sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            if (sSOToken != null && !SSOTokenManager.getInstance().isValidToken(sSOToken)) {
                if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getAdminToken: AdminTokenAction returned expired or invalid token, trying again...");
                }
                sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
            }
        } catch (Exception e) {
            debug.message("WSSUtils.getAdminToken::Trying second time ....");
            sSOToken = (SSOToken) AccessController.doPrivileged(AdminTokenAction.getInstance());
        }
        return sSOToken;
    }

    public static X509Certificate getMessageCertificate(Element element) {
        if (element == null) {
            return null;
        }
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", "SecurityTokenReference");
        if (elementsByTagNameNS.getLength() == 0) {
            return null;
        }
        try {
            SecurityTokenReference securityTokenReference = new SecurityTokenReference((Element) elementsByTagNameNS.item(0));
            String referenceType = securityTokenReference.getReferenceType();
            if ("DirectReference".equals(referenceType)) {
                return null;
            }
            if (!"KeyIdentifierRef".equals(referenceType)) {
                if ("X509IssuerSerialRef".equals(referenceType)) {
                    return AMTokenProvider.getX509Certificate(securityTokenReference.getX509IssuerSerial());
                }
                return null;
            }
            KeyIdentifier keyIdentifier = securityTokenReference.getKeyIdentifier();
            if (keyIdentifier != null) {
                return keyIdentifier.getX509Certificate();
            }
            return null;
        } catch (SecurityException e) {
            debug.error("WSSUtils.getMessageCertificate: exception", e);
            return null;
        }
    }

    public static WSSCacheRepository getWSSCacheRepository() {
        if (cacheRepository == null) {
            synchronized (WSSUtils.class) {
                String property = SystemConfigurationUtil.getProperty(WSS_CACHE_REPO_PLUGIN);
                if (property == null || property.length() == 0) {
                    return null;
                }
                try {
                    cacheRepository = (WSSCacheRepository) Thread.currentThread().getContextClassLoader().loadClass(property).newInstance();
                } catch (Exception e) {
                    debug.error("WSSUtils.getWSSCacheRepository: Failed in obtaining class", e);
                    return null;
                }
            }
        }
        return cacheRepository;
    }

    public static Map<QName, List<String>> getSAMLAttributes(String str, Set set, String str2, SSOToken sSOToken) {
        HashMap hashMap = new HashMap();
        try {
            AMIdentity aMIdentity = new AMIdentity(getAdminToken(), str);
            if (!aMIdentity.isExists()) {
                if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getSAMLAttributes: Subject " + str + " does not exist");
                }
                return hashMap;
            }
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                if (str3.indexOf("=") != -1) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str3, "=");
                    if (stringTokenizer.countTokens() == 2) {
                        String nextToken = stringTokenizer.nextToken();
                        String nextToken2 = stringTokenizer.nextToken();
                        Set hashSet = new HashSet();
                        boolean z = false;
                        if (sSOToken != null) {
                            try {
                                String property = sSOToken.getProperty(nextToken2);
                                if (property != null) {
                                    hashSet.add(property);
                                    z = true;
                                }
                            } catch (SSOException e) {
                                if (debug.warningEnabled()) {
                                    debug.warning("WSSUtils.getSAMLAttributes: SSOException", e);
                                }
                            }
                        }
                        if (!z) {
                            try {
                                hashSet = aMIdentity.getAttribute(nextToken2);
                            } catch (SSOException e2) {
                                if (debug.warningEnabled()) {
                                    debug.warning("WSSUtils.getSAMLAttributes: SSOException", e2);
                                }
                            } catch (IdRepoException e3) {
                                if (debug.warningEnabled()) {
                                    debug.warning("WSSUtils.getSAMLAttributes: IdRepoException", e3);
                                }
                            }
                        }
                        if (hashSet != null && !hashSet.isEmpty()) {
                            ArrayList arrayList = new ArrayList();
                            arrayList.addAll(hashSet);
                            hashMap.put(new QName(str2, nextToken), arrayList);
                        } else if (debug.messageEnabled()) {
                            debug.message("WSSUtils.getSAMLAttributes: attribute value not found for" + nextToken2);
                        }
                    }
                }
            }
            return hashMap;
        } catch (SSOException e4) {
            if (debug.warningEnabled()) {
                debug.warning("WSSUtils.getSAMLAttributes: SSOException", e4);
            }
            return hashMap;
        } catch (IdRepoException e5) {
            if (debug.warningEnabled()) {
                debug.warning("WSSUtils.getSAMLAttributes: IdRepo exception: ", e5);
            }
            return hashMap;
        }
    }

    public static String getUserPseduoName(String str, String str2) {
        if (str2 == null) {
            return str;
        }
        try {
            return ((NameIdentifierMapper) Thread.currentThread().getContextClassLoader().loadClass(str2).newInstance()).getUserPsuedoName(str);
        } catch (Exception e) {
            debug.error("FAMSTSAttributeProvider.getUserPseduoName:  Exception", e);
            return str;
        }
    }

    public static Map<QName, List<String>> getMembershipAttributes(String str, String str2) {
        HashMap hashMap = new HashMap();
        List memberShips = getMemberShips(str);
        if (memberShips == null || memberShips.isEmpty()) {
            return hashMap;
        }
        hashMap.put(new QName(str2, MEMBERSHIPS), memberShips);
        return hashMap;
    }

    public static long getTimeSkew() {
        return Long.parseLong(SystemConfigurationUtil.getProperty("com.sun.identity.wss.security.timeskew", "5000"));
    }

    public static EncryptedKey encryptKey(Document document, byte[] bArr, X509Certificate x509Certificate, String str) {
        try {
            PublicKey publicKey = x509Certificate.getPublicKey();
            XMLCipher xMLCipher = str != null ? XMLCipher.getInstance(str) : XMLCipher.getInstance(EncryptionConstants.ENC_KEY_ENC_METHOD_RSA_OAEP);
            xMLCipher.init(3, publicKey);
            EncryptedKey encryptKey = xMLCipher.encryptKey(document, new SecretKeySpec(bArr, EncryptionConstants.AES));
            encryptKey.setKeyInfo(new KeyInfo(document));
            return encryptKey;
        } catch (Exception e) {
            debug.error("WSSUtils.encryptKey: failed", e);
            return null;
        }
    }

    public static Key getSecretKey(SecurityToken securityToken, String str) throws SecurityException {
        AssertionToken assertionToken = (AssertionToken) securityToken;
        if (assertionToken.isSenderVouches()) {
            return null;
        }
        return getXMLEncryptionManager().decryptKey(getKeyInfo(assertionToken.getAssertion()), str);
    }

    public static String getCertAlias(String str) {
        return (String) issuerTrustedCACertAliases.get(str);
    }

    public static Map<QName, List<String>> getRequestedClaims(String str, Set set, SSOToken sSOToken) {
        HashMap hashMap = new HashMap();
        try {
            AMIdentity aMIdentity = new AMIdentity(getAdminToken(), str);
            if (!aMIdentity.isExists()) {
                if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getRequestedClaims: Subject " + str + " does not exist");
                }
                return hashMap;
            }
            Iterator it = set.iterator();
            while (it.hasNext()) {
                String str2 = (String) it.next();
                Set hashSet = new HashSet();
                boolean z = false;
                if (sSOToken != null) {
                    try {
                        String property = sSOToken.getProperty(str2);
                        if (property != null) {
                            hashSet.add(property);
                            z = true;
                        }
                    } catch (SSOException e) {
                        if (debug.warningEnabled()) {
                            debug.warning("WSSUtils.getRequestedClaims SSOException", e);
                        }
                    }
                }
                if (!z) {
                    try {
                        hashSet = aMIdentity.getAttribute(str2);
                    } catch (SSOException e2) {
                        if (debug.warningEnabled()) {
                            debug.warning("WSSUtils.getRequestedClaims:  SSOException", e2);
                        }
                    } catch (IdRepoException e3) {
                        if (debug.warningEnabled()) {
                            debug.warning("WSSUtils.getRequestedClaims:  IdRepoException", e3);
                        }
                    }
                }
                if (hashSet != null && !hashSet.isEmpty()) {
                    ArrayList arrayList = new ArrayList();
                    arrayList.addAll(hashSet);
                    hashMap.put(new QName("http://schemas.xmlsoap.org/ws/2005/05/identity/Claims/" + str2), arrayList);
                } else if (debug.messageEnabled()) {
                    debug.message("WSSUtils.getRequestedClaims: attribute value not found for" + str2);
                }
            }
            return hashMap;
        } catch (SSOException e4) {
            if (debug.warningEnabled()) {
                debug.warning("WSSUtils.getRequestedClaims:SSOException", e4);
            }
            return hashMap;
        } catch (IdRepoException e5) {
            if (debug.warningEnabled()) {
                debug.warning("WSSUtils.getRequestedClaims: IdRepo exception: ", e5);
            }
            return hashMap;
        }
    }

    public static ProviderConfig getConfigByDnsClaim(String str, String str2) {
        try {
            AMIdentityRepository aMIdentityRepository = new AMIdentityRepository(getAdminToken(), "/");
            IdSearchControl idSearchControl = new IdSearchControl();
            idSearchControl.setAllReturnAttributes(true);
            idSearchControl.setTimeOut(0);
            HashMap hashMap = new HashMap();
            HashSet hashSet = new HashSet();
            hashSet.add(str2);
            hashMap.put("AgentType", hashSet);
            HashSet hashSet2 = new HashSet();
            hashSet2.add(str);
            hashMap.put(WSSConstants.DNS_CLAIM, hashSet2);
            idSearchControl.setSearchModifiers(IdSearchOpModifier.AND, hashMap);
            IdSearchResults searchIdentities = aMIdentityRepository.searchIdentities(IdType.AGENTONLY, "*", idSearchControl);
            Set searchResults = searchIdentities.getSearchResults();
            if (searchResults.isEmpty()) {
                return null;
            }
            searchIdentities.getResultAttributes();
            AMIdentity aMIdentity = (AMIdentity) searchResults.iterator().next();
            String name = aMIdentity.getName();
            Set attribute = aMIdentity.getAttribute("AgentType");
            String str3 = ProviderConfig.WSC;
            if (attribute != null) {
                str3 = (String) attribute.iterator().next();
            }
            return ProviderConfig.getProvider(name, str3);
        } catch (Exception e) {
            debug.error("WSSUtils.getConfigByEndpoint: Exception", e);
            return null;
        }
    }

    public static Element getCanonicalElement(Node node) {
        try {
            Canonicalizer canonicalizer = Canonicalizer.getInstance("http://www.w3.org/2001/10/xml-exc-c14n#");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            canonicalizer.canonicalizeSubtree(node, byteArrayOutputStream);
            return XMLUtils.getSafeDocumentBuilder(false).parse(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())).getDocumentElement();
        } catch (Exception e) {
            debug.error("WSSUtils:getCanonicalElement: Error while performing canonicalization on the input Node.", e);
            return null;
        }
    }

    static {
        bundle = null;
        bundle = Locale.getInstallResourceBundle("fmWSSecurity");
        String property = SystemConfigurationUtil.getProperty("com.sun.identity.liberty.ws.trustedca.certaliases");
        if (debug.messageEnabled()) {
            debug.message("WSSUtils.static: trusted ca certaliases = " + property);
        }
        if (property != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property, "|");
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                if (trim.length() > 0) {
                    int indexOf = trim.indexOf(":");
                    if (indexOf == -1) {
                        trustedCACertAliases.add(trim);
                    } else {
                        String trim2 = trim.substring(0, indexOf).trim();
                        if (trim2.length() > 0) {
                            trustedCACertAliases.add(trim2);
                            String trim3 = trim.substring(indexOf + 1).trim();
                            if (trim3.length() > 0) {
                                issuerTrustedCACertAliases.put(trim3, trim2);
                            }
                        }
                    }
                }
            }
        }
    }
}
