package org.apache.ws.security.transform;

import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSConstants;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSecurityEngine;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.message.token.X509Security;
import org.apache.ws.security.util.Base64;
import org.apache.ws.security.util.WSSecurityUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/ws/security/transform/STRTransformUtil.class */
public class STRTransformUtil {
    private static final Log log = LogFactory.getLog(STRTransformUtil.class.getName());

    public static Element dereferenceSTR(Document document, SecurityTokenReference securityTokenReference, WSDocInfo wSDocInfo) throws WSSecurityException {
        Element element = null;
        if (securityTokenReference.containsReference()) {
            if (log.isDebugEnabled()) {
                log.debug("STR: Reference");
            }
            element = securityTokenReference.getTokenElement(document, wSDocInfo, null);
        } else if (securityTokenReference.containsX509Data() || securityTokenReference.containsX509IssuerSerial()) {
            if (log.isDebugEnabled()) {
                log.debug("STR: IssuerSerial");
            }
            X509Certificate[] x509IssuerSerial = securityTokenReference.getX509IssuerSerial(wSDocInfo.getCrypto());
            if (x509IssuerSerial == null || x509IssuerSerial.length == 0 || x509IssuerSerial[0] == null) {
                throw new WSSecurityException(6);
            }
            element = createBSTX509(document, x509IssuerSerial[0], securityTokenReference.getElement());
        } else if (securityTokenReference.containsKeyIdentifier()) {
            if (log.isDebugEnabled()) {
                log.debug("STR: KeyIdentifier");
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(securityTokenReference.getKeyIdentifierValueType()) || WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(securityTokenReference.getKeyIdentifierValueType())) {
                element = securityTokenReference.getKeyIdentifierTokenElement(document, wSDocInfo, null);
            } else {
                X509Certificate[] keyIdentifier = securityTokenReference.getKeyIdentifier(wSDocInfo.getCrypto());
                if (keyIdentifier == null || keyIdentifier.length == 0 || keyIdentifier[0] == null) {
                    throw new WSSecurityException(6);
                }
                element = createBSTX509(document, keyIdentifier[0], securityTokenReference.getElement());
            }
        }
        return element;
    }

    protected static Element createBSTX509(Document document, X509Certificate x509Certificate, Element element) throws WSSecurityException {
        try {
            byte[] encoded = x509Certificate.getEncoded();
            String prefixNS = WSSecurityUtil.getPrefixNS(WSConstants.WSSE_NS, element);
            Element createElementNS = document.createElementNS(WSConstants.WSSE_NS, prefixNS + ":BinarySecurityToken");
            WSSecurityUtil.setNamespace(createElementNS, WSConstants.WSSE_NS, prefixNS);
            createElementNS.setAttributeNS(null, WSSecurityEngine.VALUE_TYPE, X509Security.X509_V3_TYPE);
            createElementNS.appendChild(document.createTextNode(Base64.encode(encoded)));
            return createElementNS;
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError", null, e);
        }
    }

    private STRTransformUtil() {
    }
}
