package org.apache.wss4j.stax.impl.processor.input;

import org.apache.wss4j.binding.wss10.ObjectFactory;
import org.apache.wss4j.binding.wss10.ReferenceType;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmlenc.EncryptedKeyType;
import org.apache.xml.security.binding.xmlenc.EncryptionMethodType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.processor.input.XMLEncryptedKeyInputHandler;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-090.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-stax-2.0.3.jar:org/apache/wss4j/stax/impl/processor/input/WSSEncryptedKeyInputHandler.class */
public class WSSEncryptedKeyInputHandler extends XMLEncryptedKeyInputHandler {
    private static final transient Logger log = LoggerFactory.getLogger(WSSEncryptedKeyInputHandler.class);

    @Override // org.apache.xml.security.stax.impl.processor.input.XMLEncryptedKeyInputHandler
    public void handle(InputProcessorChain inputProcessorChain, EncryptedKeyType encryptedKeyType, XMLSecEvent xMLSecEvent, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
        checkBSPCompliance(inputProcessorChain, encryptedKeyType);
        EncryptionMethodType encryptionMethod = encryptedKeyType.getEncryptionMethod();
        if (xMLSecurityProperties.getEncryptionKeyTransportAlgorithm() != null && encryptionMethod != null) {
            if (!xMLSecurityProperties.getEncryptionKeyTransportAlgorithm().equals(encryptionMethod.getAlgorithm())) {
                log.debug("The Key transport method does not match the requirement");
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY);
            }
        }
        super.handle(inputProcessorChain, encryptedKeyType, xMLSecEvent, xMLSecurityProperties);
    }

    @Override // org.apache.xml.security.stax.impl.processor.input.XMLEncryptedKeyInputHandler
    protected void handleReferenceList(InputProcessorChain inputProcessorChain, EncryptedKeyType encryptedKeyType, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
        KeyInfoType keyInfoType = new KeyInfoType();
        SecurityTokenReferenceType securityTokenReferenceType = new SecurityTokenReferenceType();
        ReferenceType referenceType = new ReferenceType();
        referenceType.setURI("#" + encryptedKeyType.getId());
        ObjectFactory objectFactory = new ObjectFactory();
        securityTokenReferenceType.getAny().add(objectFactory.createReference(referenceType));
        keyInfoType.getContent().add(objectFactory.createSecurityTokenReference(securityTokenReferenceType));
        inputProcessorChain.addProcessor(new DecryptInputProcessor(keyInfoType, encryptedKeyType.getReferenceList(), (WSSSecurityProperties) xMLSecurityProperties, (WSInboundSecurityContext) inputProcessorChain.getSecurityContext()));
    }

    protected void checkBSPCompliance(InputProcessorChain inputProcessorChain, EncryptedKeyType encryptedKeyType) throws XMLSecurityException {
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        if (encryptedKeyType.getType() != null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3209);
        }
        if (encryptedKeyType.getMimeType() != null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R5622);
        }
        if (encryptedKeyType.getEncoding() != null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R5623);
        }
        if (encryptedKeyType.getRecipient() != null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R5602);
        }
        EncryptionMethodType encryptionMethod = encryptedKeyType.getEncryptionMethod();
        if (encryptionMethod == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R5603);
            return;
        }
        String algorithm = encryptionMethod.getAlgorithm();
        if ("http://www.w3.org/2001/04/xmlenc#rsa-1_5".equals(algorithm) || "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p".equals(algorithm)) {
            return;
        }
        wSInboundSecurityContext.handleBSPRule(BSPRule.R5621);
    }
}
