package nz.co.breakpoint.jmeter.modifiers;

import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import javax.security.auth.callback.Callback;
import org.apache.jmeter.samplers.SampleResult;
import org.apache.jorphan.logging.LoggingManager;
import org.apache.log.Logger;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.w3c.dom.Document;

/* loaded from: input_file:nz/co/breakpoint/jmeter/modifiers/WSSDecryptionPostProcessor.class */
public class WSSDecryptionPostProcessor extends CryptoWSSecurityPostProcessor {
    private static final long serialVersionUID = 1;
    private static final Logger log = LoggingManager.getLoggerForClass();
    protected List<Credential> credentials = new ArrayList();

    protected String getPasswordForAlias(String str) {
        for (Credential credential : this.credentials) {
            if (str.equals(credential.getName())) {
                return credential.getPassword();
            }
        }
        return null;
    }

    @Override // nz.co.breakpoint.jmeter.modifiers.AbstractWSSecurityPostProcessor
    protected Document process(Document document) throws WSSecurityException {
        WSSecurityEngine wSSecurityEngine = new WSSecurityEngine();
        Crypto crypto = getCrypto();
        RequestData requestData = new RequestData();
        requestData.setSigVerCrypto(crypto);
        requestData.setDecCrypto(crypto);
        requestData.setActor(getActor());
        updateAttachmentCallbackHandler();
        requestData.setAttachmentCallbackHandler(getAttachmentCallbackHandler());
        requestData.setExpandXopInclude(true);
        requestData.setAllowRSA15KeyTransportAlgorithm(true);
        requestData.setCallbackHandler(callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof WSPasswordCallback) {
                    WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callback;
                    switch (wSPasswordCallback.getUsage()) {
                        case 1:
                            log.debug("Providing callback with private key password for " + wSPasswordCallback.getIdentifier());
                            wSPasswordCallback.setPassword(getPasswordForAlias(wSPasswordCallback.getIdentifier()));
                            break;
                        case 2:
                            log.debug("Providing callback with password for username " + wSPasswordCallback.getIdentifier());
                            wSPasswordCallback.setPassword(getPasswordForAlias(wSPasswordCallback.getIdentifier()));
                            break;
                        case 3:
                            log.debug("Not providing callback with anything");
                            break;
                        case 4:
                        case 5:
                        case 6:
                        case 7:
                        case 8:
                        default:
                            log.warn("Ignoring unsupported password callback usage " + wSPasswordCallback.getUsage());
                            break;
                        case 9:
                            log.debug("Providing callback with secret key for digest " + wSPasswordCallback.getIdentifier());
                            try {
                                KeyStore keyStore = ((Merlin) crypto).getKeyStore();
                                Enumeration<String> aliases = keyStore.aliases();
                                while (true) {
                                    if (aliases.hasMoreElements()) {
                                        String nextElement = aliases.nextElement();
                                        String passwordForAlias = getPasswordForAlias(nextElement);
                                        if (passwordForAlias != null && keyStore.entryInstanceOf(nextElement, KeyStore.SecretKeyEntry.class)) {
                                            byte[] secretKey = this.crypto.getSecretKey(nextElement, passwordForAlias);
                                            if (wSPasswordCallback.getIdentifier().equals(CryptoTestElement.getSecretKeyDigest(secretKey))) {
                                                wSPasswordCallback.setKey(secretKey);
                                            }
                                        }
                                    }
                                }
                                break;
                            } catch (KeyStoreException e) {
                                log.error("Failed to find secret key entry", e);
                                break;
                            }
                            break;
                    }
                }
            }
        });
        wSSecurityEngine.processSecurityHeader(document, requestData);
        return document;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // nz.co.breakpoint.jmeter.modifiers.AbstractWSSecurityPostProcessor
    public void updateSampleResult(org.apache.wss4j.common.ext.Attachment attachment, SampleResult sampleResult) {
        super.updateSampleResult(attachment, sampleResult);
        Map<String, String> headersMap = Attachment.toHeadersMap(sampleResult.getResponseHeaders());
        Map<? extends String, ? extends String> headers = attachment.getHeaders();
        if (headers != null && !headers.isEmpty()) {
            log.debug("Adding subresult headers: " + headers);
            headersMap.putAll(headers);
        }
        String mimeType = attachment.getMimeType();
        if (mimeType != null && mimeType.length() != 0) {
            log.debug("Setting subresult MimeType: " + mimeType);
            sampleResult.setContentType(mimeType);
            sampleResult.setEncodingAndType(mimeType);
            headersMap.replace("Content-Type", mimeType);
        }
        sampleResult.setResponseHeaders(Attachment.fromHeadersMap(headersMap));
    }

    public List<Credential> getCredentials() {
        return this.credentials;
    }

    public void setCredentials(List<Credential> list) {
        this.credentials = list;
    }

    @Override // nz.co.breakpoint.jmeter.modifiers.AbstractWSSecurityTestElement
    public List<Attachment> getAttachments() {
        return this.attachments;
    }

    public void setAttachments(List<Attachment> list) {
        this.attachments = list;
    }
}
