package com.sun.xml.ws.security.opt.impl.keyinfo;

import com.sun.xml.ws.security.opt.api.SecurityHeaderElement;
import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
import com.sun.xml.ws.security.opt.crypto.dsig.keyinfo.KeyInfo;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.message.GSHeaderElement;
import com.sun.xml.ws.security.opt.impl.util.NamespaceContextEx;
import com.sun.xml.ws.security.secext10.SecurityTokenReferenceType;
import com.sun.xml.ws.security.trust.GenericToken;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.IssuedTokenKeyBinding;
import com.sun.xml.wss.impl.policy.mls.KeyBindingBase;
import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
import java.security.Key;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.HashMap;
import java.util.logging.Level;
import javax.crypto.spec.SecretKeySpec;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/xml/ws/security/opt/impl/keyinfo/IssuedTokenBuilder.class */
public class IssuedTokenBuilder extends TokenBuilder {
    private IssuedTokenKeyBinding ikb;

    public IssuedTokenBuilder(JAXBFilterProcessingContext jAXBFilterProcessingContext, IssuedTokenKeyBinding issuedTokenKeyBinding) {
        super(jAXBFilterProcessingContext);
        this.ikb = null;
        this.ikb = issuedTokenKeyBinding;
    }

    @Override // com.sun.xml.ws.security.opt.api.keyinfo.TokenBuilder
    public BuilderResult process() throws XWSSecurityException {
        Key secretKeySpec;
        Key key;
        BuilderResult builderResult = new BuilderResult();
        byte[] proofKey = this.context.getTrustContext().getProofKey();
        if (proofKey == null) {
            KeyPair proofKeyPair = this.context.getTrustContext().getProofKeyPair();
            if (proofKeyPair == null) {
                X509Certificate requestorCertificate = this.context.getTrustContext().getRequestorCertificate();
                if (requestorCertificate == null) {
                    logger.log(Level.SEVERE, LogStringsMessages.WSS_1823_KEY_PAIR_PROOF_KEY_NULL_ISSUEDTOKEN());
                    throw new XWSSecurityException("Proof Key and RSA KeyPair for Supporting token (KeyValueToken or RsaToken) are both null for Issued Token");
                }
                secretKeySpec = this.context.getSecurityEnvironment().getPrivateKey(this.context.getExtraneousProperties(), requestorCertificate);
                key = requestorCertificate.getPublicKey();
            } else {
                secretKeySpec = proofKeyPair.getPrivate();
                key = proofKeyPair.getPublic();
            }
        } else {
            secretKeySpec = new SecretKeySpec(proofKey, this.context.getAlgorithmSuite() != null ? SecurityUtil.getSecretKeyAlgorithm(this.context.getAlgorithmSuite().getEncryptionAlgorithm()) : "AES");
            key = secretKeySpec;
        }
        SecurityHeaderElement securityHeaderElement = null;
        GenericToken genericToken = (GenericToken) this.context.getTrustContext().getSecurityToken();
        if (genericToken != null) {
            securityHeaderElement = genericToken.getElement();
            if (securityHeaderElement == null) {
                securityHeaderElement = new GSHeaderElement((Element) genericToken.getTokenValue());
                securityHeaderElement.setId(genericToken.getId());
                builderResult.setDPTokenId(genericToken.getId());
            }
            String id = securityHeaderElement.getId();
            if (MessageConstants.EMPTY_STRING.equals(id) && "EncryptedData".equals(securityHeaderElement.getLocalPart())) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1808_ID_NOTSET_ENCRYPTED_ISSUEDTOKEN());
                throw new XWSSecurityException("ID attribute not set");
            }
            this.context.getTokenCache().put(this.ikb.getUUID(), securityHeaderElement);
            HashMap hashMap = (HashMap) this.context.getExtraneousProperty(MessageConstants.STORED_SAML_KEYS);
            if (hashMap == null) {
                hashMap = new HashMap();
            }
            hashMap.put(id, secretKeySpec);
            this.context.setExtraneousProperty(MessageConstants.STORED_SAML_KEYS, hashMap);
        }
        String includeToken = this.ikb.getIncludeToken();
        boolean z = KeyBindingBase.INCLUDE_ALWAYS.equals(includeToken) || KeyBindingBase.INCLUDE_ALWAYS_TO_RECIPIENT.equals(includeToken) || KeyBindingBase.INCLUDE_ALWAYS_VER2.equals(includeToken) || KeyBindingBase.INCLUDE_ALWAYS_TO_RECIPIENT_VER2.equals(includeToken);
        SecurityTokenReferenceType securityTokenReferenceType = z ? (SecurityTokenReferenceType) this.context.getTrustContext().getAttachedSecurityTokenReference() : (SecurityTokenReferenceType) this.context.getTrustContext().getUnAttachedSecurityTokenReference();
        if (genericToken != null && z && this.context.getSecurityHeader().getChildElement(securityHeaderElement.getId()) == null) {
            this.context.getSecurityHeader().add(securityHeaderElement);
        }
        ((NamespaceContextEx) this.context.getNamespaceContext()).addWSS11NS();
        this.keyInfo = new KeyInfo();
        this.keyInfo.setContent(Collections.singletonList(new com.sun.xml.ws.security.secext10.ObjectFactory().createSecurityTokenReference(securityTokenReferenceType)));
        if (securityTokenReferenceType != null) {
            SecurityUtil.updateSamlVsKeyCache(securityTokenReferenceType, this.context, key);
        }
        builderResult.setDataProtectionKey(secretKeySpec);
        builderResult.setKeyInfo(this.keyInfo);
        return builderResult;
    }
}
