package org.apache.wss4j.stax.validate;

import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.binding.wss10.BinarySecurityTokenType;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSSConfigurationException;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.KerberosServiceSecurityTokenImpl;
import org.apache.wss4j.stax.impl.securityToken.X509PKIPathv1SecurityTokenImpl;
import org.apache.wss4j.stax.impl.securityToken.X509V3SecurityTokenImpl;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/wss4j/stax/validate/BinarySecurityTokenValidatorImpl.class */
public class BinarySecurityTokenValidatorImpl implements BinarySecurityTokenValidator {
    private static final transient Logger log = LoggerFactory.getLogger((Class<?>) BinarySecurityTokenValidatorImpl.class);

    @Override // org.apache.wss4j.stax.validate.BinarySecurityTokenValidator
    public InboundSecurityToken validate(BinarySecurityTokenType binarySecurityTokenType, TokenContext tokenContext) throws WSSecurityException {
        if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(binarySecurityTokenType.getEncodingType())) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "badEncoding", new Object[]{binarySecurityTokenType.getEncodingType()});
        }
        byte[] decodeBase64 = Base64.decodeBase64(binarySecurityTokenType.getValue());
        try {
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(binarySecurityTokenType.getValueType())) {
                X509V3SecurityTokenImpl x509V3SecurityTokenImpl = new X509V3SecurityTokenImpl(tokenContext.getWsSecurityContext(), getCrypto(tokenContext.getWssSecurityProperties()), tokenContext.getWssSecurityProperties().getCallbackHandler(), decodeBase64, binarySecurityTokenType.getId(), tokenContext.getWssSecurityProperties());
                x509V3SecurityTokenImpl.setElementPath(tokenContext.getElementPath());
                x509V3SecurityTokenImpl.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
                return x509V3SecurityTokenImpl;
            }
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1".equals(binarySecurityTokenType.getValueType())) {
                X509PKIPathv1SecurityTokenImpl x509PKIPathv1SecurityTokenImpl = new X509PKIPathv1SecurityTokenImpl(tokenContext.getWsSecurityContext(), getCrypto(tokenContext.getWssSecurityProperties()), tokenContext.getWssSecurityProperties().getCallbackHandler(), decodeBase64, binarySecurityTokenType.getId(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference, tokenContext.getWssSecurityProperties());
                x509PKIPathv1SecurityTokenImpl.setElementPath(tokenContext.getElementPath());
                x509PKIPathv1SecurityTokenImpl.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
                return x509PKIPathv1SecurityTokenImpl;
            }
            if (!"http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ".equals(binarySecurityTokenType.getValueType())) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "invalidValueType", new Object[]{binarySecurityTokenType.getValueType()});
            }
            KerberosServiceSecurityTokenImpl kerberosServiceSecurityTokenImpl = new KerberosServiceSecurityTokenImpl(tokenContext.getWsSecurityContext(), tokenContext.getWssSecurityProperties().getCallbackHandler(), decodeBase64, binarySecurityTokenType.getValueType(), binarySecurityTokenType.getId(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
            kerberosServiceSecurityTokenImpl.setElementPath(tokenContext.getElementPath());
            kerberosServiceSecurityTokenImpl.setXMLSecEvent(tokenContext.getFirstXMLSecEvent());
            return kerberosServiceSecurityTokenImpl;
        } catch (XMLSecurityException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Crypto getCrypto(WSSSecurityProperties wSSSecurityProperties) throws WSSConfigurationException {
        Crypto crypto = null;
        try {
            crypto = wSSSecurityProperties.getSignatureVerificationCrypto();
        } catch (WSSConfigurationException e) {
            log.debug(e.getMessage(), (Throwable) e);
        }
        if (crypto == null) {
            crypto = wSSSecurityProperties.getDecryptionCrypto();
        }
        return crypto;
    }
}
