package org.apache.wss4j.dom.str;

import java.security.Principal;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.BinarySecurity;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.message.token.X509Security;
import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.str.STRParser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-090.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-dom-2.0.3.jar:org/apache/wss4j/dom/str/EncryptedKeySTRParser.class */
public class EncryptedKeySTRParser implements STRParser {
    private static final Logger LOG = LoggerFactory.getLogger(EncryptedKeySTRParser.class);
    private X509Certificate[] certs;
    private STRParser.REFERENCE_TYPE referenceType;

    @Override // org.apache.wss4j.dom.str.STRParser
    public void parseSecurityTokenReference(Element element, RequestData requestData, WSDocInfo wSDocInfo, Map<String, Object> map) throws WSSecurityException {
        Crypto decCrypto = requestData.getDecCrypto();
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(element, requestData.getBSPEnforcer());
        String str = null;
        if (securityTokenReference.containsReference()) {
            str = securityTokenReference.getReference().getURI();
            if (str.charAt(0) == '#') {
                str = str.substring(1);
            }
            this.referenceType = STRParser.REFERENCE_TYPE.DIRECT_REF;
        } else if (securityTokenReference.containsKeyIdentifier()) {
            str = securityTokenReference.getKeyIdentifierValue();
            if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1".equals(securityTokenReference.getKeyIdentifierValueType())) {
                this.referenceType = STRParser.REFERENCE_TYPE.THUMBPRINT_SHA1;
            } else {
                this.referenceType = STRParser.REFERENCE_TYPE.KEY_IDENTIFIER;
            }
        }
        WSSecurityEngineResult result = wSDocInfo.getResult(str);
        if (result != null) {
            processPreviousResult(result, securityTokenReference, requestData, wSDocInfo);
        } else if (securityTokenReference.containsKeyIdentifier()) {
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(securityTokenReference.getKeyIdentifierValueType())) {
                SamlAssertionWrapper assertionFromKeyIdentifier = STRParserUtil.getAssertionFromKeyIdentifier(securityTokenReference, element, requestData, wSDocInfo);
                STRParserUtil.checkSamlTokenBSPCompliance(securityTokenReference, assertionFromKeyIdentifier, requestData.getBSPEnforcer());
                this.certs = SAMLUtil.getCredentialFromSubject(assertionFromKeyIdentifier, new WSSSAMLKeyInfoProcessor(requestData, wSDocInfo), requestData.getSigVerCrypto(), requestData.getCallbackHandler()).getCerts();
            } else {
                STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, null, requestData.getBSPEnforcer());
                this.certs = securityTokenReference.getKeyIdentifier(decCrypto);
            }
        } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
            this.referenceType = STRParser.REFERENCE_TYPE.ISSUER_SERIAL;
            this.certs = securityTokenReference.getX509IssuerSerial(decCrypto);
        } else if (securityTokenReference.containsReference()) {
            Element tokenElement = securityTokenReference.getTokenElement(element.getOwnerDocument(), wSDocInfo, requestData.getCallbackHandler());
            if (!new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName()).equals(WSSecurityEngine.BINARY_TOKEN)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedBinaryTokenType", new Object[0]);
            }
            X509Security x509Security = new X509Security(tokenElement, requestData.getBSPEnforcer());
            STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, x509Security, requestData.getBSPEnforcer());
            this.certs = new X509Certificate[]{x509Security.getX509Certificate(decCrypto)};
        }
        if (!LOG.isDebugEnabled() || this.certs == null || this.certs[0] == null) {
            return;
        }
        LOG.debug("cert: " + this.certs[0]);
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public X509Certificate[] getCertificates() {
        return this.certs;
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public Principal getPrincipal() {
        return null;
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public PublicKey getPublicKey() {
        return null;
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public byte[] getSecretKey() {
        return null;
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public boolean isTrustedCredential() {
        return false;
    }

    @Override // org.apache.wss4j.dom.str.STRParser
    public STRParser.REFERENCE_TYPE getCertificatesReferenceType() {
        return this.referenceType;
    }

    private void processPreviousResult(WSSecurityEngineResult wSSecurityEngineResult, SecurityTokenReference securityTokenReference, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        int intValue = ((Integer) wSSecurityEngineResult.get("action")).intValue();
        if (4096 == intValue) {
            STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, (BinarySecurity) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN), requestData.getBSPEnforcer());
            this.certs = (X509Certificate[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
        } else {
            if (8 != intValue && 16 != intValue) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedBinaryTokenType", new Object[0]);
            }
            SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            STRParserUtil.checkSamlTokenBSPCompliance(securityTokenReference, samlAssertionWrapper, requestData.getBSPEnforcer());
            this.certs = SAMLUtil.getCredentialFromSubject(samlAssertionWrapper, new WSSSAMLKeyInfoProcessor(requestData, wSDocInfo), requestData.getSigVerCrypto(), requestData.getCallbackHandler()).getCerts();
        }
    }
}
