package org.apache.wss4j.stax.impl.processor.input;

import java.util.Deque;
import javax.xml.bind.JAXBElement;
import org.apache.wss4j.binding.wss10.BinarySecurityTokenType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.KerberosTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.X509TokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
import org.apache.wss4j.stax.securityToken.X509SecurityToken;
import org.apache.wss4j.stax.validate.BinarySecurityTokenValidator;
import org.apache.wss4j.stax.validate.BinarySecurityTokenValidatorImpl;
import org.apache.wss4j.stax.validate.TokenContext;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.TokenSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.2.1.redhat-159.zip:modules/system/layers/fuse/org/apache/ws/security/2.0/wss4j-ws-security-stax-2.0.3.jar:org/apache/wss4j/stax/impl/processor/input/BinarySecurityTokenInputHandler.class */
public class BinarySecurityTokenInputHandler extends AbstractInputSecurityHeaderHandler {
    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        TokenSecurityEvent tokenSecurityEvent;
        BinarySecurityTokenType binarySecurityTokenType = (BinarySecurityTokenType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        checkBSPCompliance(inputProcessorChain, binarySecurityTokenType);
        if (binarySecurityTokenType.getId() == null) {
            binarySecurityTokenType.setId(IDGenerator.generateID(null));
        }
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        WSSSecurityProperties wSSSecurityProperties = (WSSSecurityProperties) xMLSecurityProperties;
        TokenContext tokenContext = new TokenContext(wSSSecurityProperties, wSInboundSecurityContext, getResponsibleXMLSecEvents(deque, num.intValue()), getElementPath(deque));
        BinarySecurityTokenValidator binarySecurityTokenValidator = (BinarySecurityTokenValidator) wSSSecurityProperties.getValidator(WSSConstants.TAG_wsse_BinarySecurityToken);
        if (binarySecurityTokenValidator == null) {
            binarySecurityTokenValidator = new BinarySecurityTokenValidatorImpl();
        }
        final InboundSecurityToken validate = binarySecurityTokenValidator.validate(binarySecurityTokenType, tokenContext);
        wSInboundSecurityContext.registerSecurityTokenProvider(binarySecurityTokenType.getId(), new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.wss4j.stax.impl.processor.input.BinarySecurityTokenInputHandler.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
                return validate;
            }

            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
            public String getId() {
                return validate.getId();
            }
        });
        if (binarySecurityTokenType.getValueType().startsWith("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0")) {
            TokenSecurityEvent x509TokenSecurityEvent = new X509TokenSecurityEvent();
            x509TokenSecurityEvent.setSecurityToken((X509SecurityToken) validate);
            tokenSecurityEvent = x509TokenSecurityEvent;
        } else {
            if (!binarySecurityTokenType.getValueType().startsWith(WSSConstants.NS_KERBEROS11_TOKEN_PROFILE)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "invalidValueType", binarySecurityTokenType.getValueType());
            }
            TokenSecurityEvent kerberosTokenSecurityEvent = new KerberosTokenSecurityEvent();
            kerberosTokenSecurityEvent.setSecurityToken((KerberosServiceSecurityToken) validate);
            tokenSecurityEvent = kerberosTokenSecurityEvent;
        }
        tokenSecurityEvent.setCorrelationID(binarySecurityTokenType.getId());
        wSInboundSecurityContext.registerSecurityEvent(tokenSecurityEvent);
    }

    private void checkBSPCompliance(InputProcessorChain inputProcessorChain, BinarySecurityTokenType binarySecurityTokenType) throws WSSecurityException {
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        if (binarySecurityTokenType.getEncodingType() == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3029);
        }
        if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(binarySecurityTokenType.getEncodingType())) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3030);
        }
        if (binarySecurityTokenType.getValueType() == null) {
            wSInboundSecurityContext.handleBSPRule(BSPRule.R3031);
        }
    }
}
