package org.apache.wss4j.dom.saml;

import java.security.Principal;
import java.util.HashMap;
import javax.xml.namespace.QName;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.principal.WSDerivedKeyTokenPrincipal;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SAMLKeyInfoProcessor;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.WSSecurityEngine;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.processor.EncryptedKeyProcessor;
import org.apache.wss4j.dom.str.SignatureSTRParser;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;

/* loaded from: input_file:lib/open/cxf/wssec/wss4j-ws-security-dom-2.0.2.jar:org/apache/wss4j/dom/saml/WSSSAMLKeyInfoProcessor.class */
public class WSSSAMLKeyInfoProcessor implements SAMLKeyInfoProcessor {
    private static final String WST_NS = "http://schemas.xmlsoap.org/ws/2005/02/trust";
    private static final String WST_NS_05_12 = "http://docs.oasis-open.org/ws-sx/ws-trust/200512";
    private static final QName BINARY_SECRET = new QName("http://schemas.xmlsoap.org/ws/2005/02/trust", "BinarySecret");
    private static final QName BINARY_SECRET_05_12 = new QName("http://docs.oasis-open.org/ws-sx/ws-trust/200512", "BinarySecret");
    private RequestData data;
    private WSDocInfo docInfo;

    public WSSSAMLKeyInfoProcessor(RequestData requestData, WSDocInfo wSDocInfo) {
        this.data = requestData;
        this.docInfo = wSDocInfo;
    }

    @Override // org.apache.wss4j.common.saml.SAMLKeyInfoProcessor
    public SAMLKeyInfo processSAMLKeyInfo(Element element) throws WSSecurityException {
        Node node;
        Node firstChild = element.getFirstChild();
        while (true) {
            node = firstChild;
            if (node == null) {
                return null;
            }
            if (1 == node.getNodeType()) {
                QName qName = new QName(node.getNamespaceURI(), node.getLocalName());
                if (qName.equals(WSSecurityEngine.ENCRYPTED_KEY)) {
                    return new SAMLKeyInfo((byte[]) new EncryptedKeyProcessor().handleToken((Element) node, this.data, this.docInfo, this.data.getSamlAlgorithmSuite()).get(0).get("secret"));
                }
                if (qName.equals(BINARY_SECRET) || qName.equals(BINARY_SECRET_05_12)) {
                    break;
                }
                if (SecurityTokenReference.STR_QNAME.equals(qName)) {
                    SignatureSTRParser signatureSTRParser = new SignatureSTRParser();
                    signatureSTRParser.parseSecurityTokenReference((Element) node, this.data, this.docInfo, new HashMap());
                    SAMLKeyInfo sAMLKeyInfo = new SAMLKeyInfo(signatureSTRParser.getCertificates());
                    sAMLKeyInfo.setPublicKey(signatureSTRParser.getPublicKey());
                    sAMLKeyInfo.setSecret(signatureSTRParser.getSecretKey());
                    Principal principal = signatureSTRParser.getPrincipal();
                    AlgorithmSuite samlAlgorithmSuite = this.data.getSamlAlgorithmSuite();
                    if (samlAlgorithmSuite != null && (principal instanceof WSDerivedKeyTokenPrincipal)) {
                        AlgorithmSuiteValidator algorithmSuiteValidator = new AlgorithmSuiteValidator(samlAlgorithmSuite);
                        algorithmSuiteValidator.checkDerivedKeyAlgorithm(((WSDerivedKeyTokenPrincipal) principal).getAlgorithm());
                        algorithmSuiteValidator.checkSignatureDerivedKeyLength(((WSDerivedKeyTokenPrincipal) principal).getLength());
                    }
                    return sAMLKeyInfo;
                }
            }
            firstChild = node.getNextSibling();
        }
        try {
            return new SAMLKeyInfo(Base64.decode(((Text) node.getFirstChild()).getData()));
        } catch (Exception e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "decoding.general", e);
        }
    }
}
