package org.apache.wss4j.dom.transform;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.str.STRParserUtil;
import org.apache.xml.security.utils.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-02.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-dom-2.1.7.jar:org/apache/wss4j/dom/transform/STRTransformUtil.class */
public final class STRTransformUtil {
    private static final Logger LOG = LoggerFactory.getLogger(STRTransformUtil.class);

    public static Element dereferenceSTR(Document document, SecurityTokenReference securityTokenReference, WSDocInfo wSDocInfo) throws WSSecurityException {
        if (securityTokenReference.containsReference()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("STR: Reference");
            }
            Reference reference = securityTokenReference.getReference();
            return STRParserUtil.getTokenElement(document, wSDocInfo, null, reference.getURI(), reference.getValueType());
        }
        if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("STR: IssuerSerial");
            }
            X509Certificate[] x509IssuerSerial = securityTokenReference.getX509IssuerSerial(wSDocInfo.getCrypto());
            if (x509IssuerSerial == null || x509IssuerSerial.length == 0 || x509IssuerSerial[0] == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
            }
            return createBSTX509(document, x509IssuerSerial[0], securityTokenReference.getElement(), securityTokenReference.getKeyIdentifierEncodingType());
        }
        if (!securityTokenReference.containsKeyIdentifier()) {
            return null;
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("STR: KeyIdentifier");
        }
        if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType()) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(securityTokenReference.getKeyIdentifierValueType())) {
            return STRParserUtil.getTokenElement(document, wSDocInfo, null, securityTokenReference.getKeyIdentifierValue(), securityTokenReference.getKeyIdentifierValueType());
        }
        X509Certificate[] keyIdentifier = securityTokenReference.getKeyIdentifier(wSDocInfo.getCrypto());
        if (keyIdentifier == null || keyIdentifier.length == 0 || keyIdentifier[0] == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK);
        }
        return createBSTX509(document, keyIdentifier[0], securityTokenReference.getElement());
    }

    public static Element createBSTX509(Document document, X509Certificate x509Certificate, Element element) throws WSSecurityException {
        return createBSTX509(document, x509Certificate, element, null);
    }

    public static Element createBSTX509(Document document, X509Certificate x509Certificate, Element element, String str) throws WSSecurityException {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            String prefixNS = XMLUtils.getPrefixNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", element);
            if (prefixNS == null) {
                prefixNS = "wsse";
            }
            Element createElementNS = document.createElementNS("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", prefixNS + ":BinarySecurityToken");
            XMLUtils.setNamespace(createElementNS, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", prefixNS);
            createElementNS.setAttributeNS(null, "ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
            if (str != null) {
                createElementNS.setAttributeNS(null, "EncodingType", str);
            }
            createElementNS.appendChild(document.createTextNode(Base64.encode(encoded)));
            return createElementNS;
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
        }
    }

    private STRTransformUtil() {
    }
}
