package org.apache.wss4j.stax.impl.processor.input;

import java.security.Key;
import java.util.Deque;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import javax.servlet.jsp.tagext.TagInfo;
import javax.xml.bind.JAXBElement;
import org.apache.wss4j.binding.wssc.AbstractDerivedKeyTokenType;
import org.apache.wss4j.common.derivedKey.DerivedKeyUtils;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl;
import org.apache.wss4j.stax.securityEvent.DerivedKeyTokenSecurityEvent;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:org/apache/wss4j/stax/impl/processor/input/DerivedKeyTokenInputHandler.class */
public class DerivedKeyTokenInputHandler extends AbstractInputSecurityHeaderHandler {
    public void handle(final InputProcessorChain inputProcessorChain, final XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        final AbstractDerivedKeyTokenType abstractDerivedKeyTokenType = (AbstractDerivedKeyTokenType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        if (abstractDerivedKeyTokenType.getId() == null) {
            abstractDerivedKeyTokenType.setId(IDGenerator.generateID((String) null));
        }
        if (abstractDerivedKeyTokenType.getSecurityTokenReference() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "noReference");
        }
        final List elementPath = getElementPath(deque);
        final XMLSecEvent responsibleStartXMLEvent = getResponsibleStartXMLEvent(deque, num.intValue());
        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler.1
            private AbstractInboundSecurityToken derivedKeySecurityToken = null;

            /* renamed from: getSecurityToken, reason: merged with bridge method [inline-methods] */
            public InboundSecurityToken m3039getSecurityToken() throws XMLSecurityException {
                if (this.derivedKeySecurityToken != null) {
                    return this.derivedKeySecurityToken;
                }
                this.derivedKeySecurityToken = new AbstractInboundSecurityToken((WSInboundSecurityContext) inputProcessorChain.getSecurityContext(), abstractDerivedKeyTokenType.getId(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference, true) { // from class: org.apache.wss4j.stax.impl.processor.input.DerivedKeyTokenInputHandler.1.1
                    private InboundSecurityToken referencedSecurityToken = null;

                    private InboundSecurityToken getReferencedSecurityToken() throws XMLSecurityException {
                        if (this.referencedSecurityToken != null) {
                            return this.referencedSecurityToken;
                        }
                        this.referencedSecurityToken = SecurityTokenFactoryImpl.getSecurityToken(abstractDerivedKeyTokenType.getSecurityTokenReference(), ((WSSSecurityProperties) xMLSecurityProperties).getDecryptionCrypto(), ((WSSSecurityProperties) xMLSecurityProperties).getCallbackHandler(), inputProcessorChain.getSecurityContext(), (WSSSecurityProperties) xMLSecurityProperties);
                        this.referencedSecurityToken.addWrappedToken(this);
                        return this.referencedSecurityToken;
                    }

                    protected Key getKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
                        UsernameSecurityToken referencedSecurityToken = getReferencedSecurityToken();
                        if (referencedSecurityToken == null) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, "unsupportedKeyId");
                        }
                        byte[] generateDerivedKey = referencedSecurityToken instanceof UsernameSecurityToken ? referencedSecurityToken.generateDerivedKey() : referencedSecurityToken.getSecretKey(str, algorithmUsage, str2).getEncoded();
                        byte[] nonce = abstractDerivedKeyTokenType.getNonce();
                        if (nonce == null || nonce.length == 0) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, TagInfo.BODY_CONTENT_EMPTY, new Object[]{"Missing wsc:Nonce value"});
                        }
                        String algorithm = abstractDerivedKeyTokenType.getAlgorithm();
                        if (algorithm == null) {
                            algorithm = "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1";
                        }
                        byte[] deriveKey = DerivedKeyUtils.deriveKey(algorithm, abstractDerivedKeyTokenType.getLabel(), abstractDerivedKeyTokenType.getLength().intValue(), generateDerivedKey, nonce, abstractDerivedKeyTokenType.getOffset().intValue());
                        XMLSecurityConstants.AlgorithmUsage algorithmUsage2 = WSSConstants.Enc.equals(algorithmUsage) ? WSSConstants.Enc_KD : WSSConstants.Sig_KD;
                        AlgorithmSuiteSecurityEvent algorithmSuiteSecurityEvent = new AlgorithmSuiteSecurityEvent();
                        algorithmSuiteSecurityEvent.setAlgorithmURI(algorithm);
                        algorithmSuiteSecurityEvent.setAlgorithmUsage(algorithmUsage2);
                        algorithmSuiteSecurityEvent.setKeyLength(deriveKey.length * 8);
                        algorithmSuiteSecurityEvent.setCorrelationID(str2);
                        inputProcessorChain.getSecurityContext().registerSecurityEvent(algorithmSuiteSecurityEvent);
                        return new SecretKeySpec(deriveKey, JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(str));
                    }

                    /* renamed from: getKeyWrappingToken, reason: merged with bridge method [inline-methods] */
                    public InboundSecurityToken m3040getKeyWrappingToken() throws XMLSecurityException {
                        return getReferencedSecurityToken();
                    }

                    public SecurityTokenConstants.TokenType getTokenType() {
                        return WSSecurityTokenConstants.DerivedKeyToken;
                    }
                };
                this.derivedKeySecurityToken.setElementPath(elementPath);
                this.derivedKeySecurityToken.setXMLSecEvent(responsibleStartXMLEvent);
                return this.derivedKeySecurityToken;
            }

            public String getId() {
                return abstractDerivedKeyTokenType.getId();
            }
        };
        inputProcessorChain.getSecurityContext().registerSecurityTokenProvider(abstractDerivedKeyTokenType.getId(), securityTokenProvider);
        DerivedKeyTokenSecurityEvent derivedKeyTokenSecurityEvent = new DerivedKeyTokenSecurityEvent();
        derivedKeyTokenSecurityEvent.setSecurityToken((SecurityToken) securityTokenProvider.getSecurityToken());
        derivedKeyTokenSecurityEvent.setCorrelationID(abstractDerivedKeyTokenType.getId());
        inputProcessorChain.getSecurityContext().registerSecurityEvent(derivedKeyTokenSecurityEvent);
    }
}
