package org.apache.wss4j.dom.str;

import java.security.cert.X509Certificate;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.token.BinarySecurity;
import org.apache.wss4j.common.token.Reference;
import org.apache.wss4j.common.token.SecurityTokenReference;
import org.apache.wss4j.common.token.X509Security;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.saml.WSSSAMLKeyInfoProcessor;
import org.apache.wss4j.dom.str.STRParser;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/wss4j-ws-security-dom-2.2.2-SNAPSHOT.jar:org/apache/wss4j/dom/str/EncryptedKeySTRParser.class */
public class EncryptedKeySTRParser implements STRParser {
    @Override // org.apache.wss4j.dom.str.STRParser
    public STRParserResult parseSecurityTokenReference(STRParserParameters sTRParserParameters) throws WSSecurityException {
        if (sTRParserParameters == null || sTRParserParameters.getData() == null || sTRParserParameters.getData().getWsDocInfo() == null || sTRParserParameters.getStrElement() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSTRParserParameter");
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(sTRParserParameters.getStrElement(), sTRParserParameters.getData().getBSPEnforcer());
        String str = null;
        if (securityTokenReference.getReference() != null) {
            str = XMLUtils.getIDFromReference(securityTokenReference.getReference().getURI());
        } else if (securityTokenReference.containsKeyIdentifier()) {
            str = securityTokenReference.getKeyIdentifierValue();
        }
        WSSecurityEngineResult result = sTRParserParameters.getData().getWsDocInfo().getResult(str);
        return result != null ? processPreviousResult(result, securityTokenReference, sTRParserParameters) : processSTR(securityTokenReference, sTRParserParameters);
    }

    private STRParserResult processPreviousResult(WSSecurityEngineResult wSSecurityEngineResult, SecurityTokenReference securityTokenReference, STRParserParameters sTRParserParameters) throws WSSecurityException {
        STRParserResult sTRParserResult = new STRParserResult();
        RequestData data = sTRParserParameters.getData();
        Integer num = (Integer) wSSecurityEngineResult.get("action");
        if (num != null && 4096 == num.intValue()) {
            STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, (BinarySecurity) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_BINARY_SECURITY_TOKEN), data.getBSPEnforcer());
            sTRParserResult.setCerts((X509Certificate[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES));
        } else {
            if (num == null || !(8 == num.intValue() || 16 == num.intValue())) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedBinaryTokenType");
            }
            SamlAssertionWrapper samlAssertionWrapper = (SamlAssertionWrapper) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
            STRParserUtil.checkSamlTokenBSPCompliance(securityTokenReference, samlAssertionWrapper, data.getBSPEnforcer());
            SAMLKeyInfo credentialFromSubject = SAMLUtil.getCredentialFromSubject(samlAssertionWrapper, new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler());
            sTRParserResult.setCerts(credentialFromSubject.getCerts());
            sTRParserResult.setPublicKey(credentialFromSubject.getPublicKey());
        }
        STRParser.REFERENCE_TYPE referenceType = getReferenceType(securityTokenReference);
        if (referenceType != null) {
            sTRParserResult.setReferenceType(referenceType);
        }
        return sTRParserResult;
    }

    private STRParserResult processSTR(SecurityTokenReference securityTokenReference, STRParserParameters sTRParserParameters) throws WSSecurityException {
        STRParserResult sTRParserResult = new STRParserResult();
        RequestData data = sTRParserParameters.getData();
        Element strElement = sTRParserParameters.getStrElement();
        WSDocInfo wsDocInfo = data.getWsDocInfo();
        Crypto decCrypto = data.getDecCrypto();
        if (securityTokenReference.containsKeyIdentifier()) {
            if (WSS4JConstants.WSS_SAML_KI_VALUE_TYPE.equals(securityTokenReference.getKeyIdentifierValueType()) || WSS4JConstants.WSS_SAML2_KI_VALUE_TYPE.equals(securityTokenReference.getKeyIdentifierValueType())) {
                SamlAssertionWrapper assertionFromKeyIdentifier = STRParserUtil.getAssertionFromKeyIdentifier(securityTokenReference, strElement, data);
                STRParserUtil.checkSamlTokenBSPCompliance(securityTokenReference, assertionFromKeyIdentifier, data.getBSPEnforcer());
                SAMLKeyInfo credentialFromSubject = SAMLUtil.getCredentialFromSubject(assertionFromKeyIdentifier, new WSSSAMLKeyInfoProcessor(data), data.getSigVerCrypto(), data.getCallbackHandler());
                sTRParserResult.setCerts(credentialFromSubject.getCerts());
                sTRParserResult.setPublicKey(credentialFromSubject.getPublicKey());
            } else {
                STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, null, data.getBSPEnforcer());
                sTRParserResult.setCerts(securityTokenReference.getKeyIdentifier(decCrypto));
            }
        } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
            sTRParserResult.setReferenceType(STRParser.REFERENCE_TYPE.ISSUER_SERIAL);
            sTRParserResult.setCerts(securityTokenReference.getX509IssuerSerial(decCrypto));
        } else if (securityTokenReference.containsReference()) {
            Reference reference = securityTokenReference.getReference();
            Element tokenElement = STRParserUtil.getTokenElement(strElement.getOwnerDocument(), wsDocInfo, data.getCallbackHandler(), reference.getURI(), reference.getValueType());
            if (!new QName(tokenElement.getNamespaceURI(), tokenElement.getLocalName()).equals(WSConstants.BINARY_TOKEN)) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedBinaryTokenType");
            }
            X509Security x509Security = new X509Security(tokenElement, data.getBSPEnforcer());
            STRParserUtil.checkBinarySecurityBSPCompliance(securityTokenReference, x509Security, data.getBSPEnforcer());
            sTRParserResult.setCerts(new X509Certificate[]{x509Security.getX509Certificate(decCrypto)});
        }
        STRParser.REFERENCE_TYPE referenceType = getReferenceType(securityTokenReference);
        if (referenceType != null) {
            sTRParserResult.setReferenceType(referenceType);
        }
        return sTRParserResult;
    }

    private STRParser.REFERENCE_TYPE getReferenceType(SecurityTokenReference securityTokenReference) {
        if (securityTokenReference.containsReference()) {
            return STRParser.REFERENCE_TYPE.DIRECT_REF;
        }
        if (securityTokenReference.containsKeyIdentifier()) {
            return SecurityTokenReference.THUMB_URI.equals(securityTokenReference.getKeyIdentifierValueType()) ? STRParser.REFERENCE_TYPE.THUMBPRINT_SHA1 : STRParser.REFERENCE_TYPE.KEY_IDENTIFIER;
        }
        return null;
    }
}
