package org.apache.wss4j.dom.message;

import java.io.UnsupportedEncodingException;
import org.apache.wss4j.common.derivedKey.AlgoFactory;
import org.apache.wss4j.common.derivedKey.ConversationException;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.WSSConfig;
import org.apache.wss4j.dom.message.token.DerivedKeyToken;
import org.apache.wss4j.dom.message.token.KerberosSecurity;
import org.apache.wss4j.dom.message.token.Reference;
import org.apache.wss4j.dom.message.token.SecurityTokenReference;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/message/WSSecDerivedKeyBase.class */
public abstract class WSSecDerivedKeyBase extends WSSecSignatureBase {
    protected Document document;
    private byte[] ephemeralKey;
    protected DerivedKeyToken dkt;
    protected byte[] derivedKeyBytes;
    protected String dktId;
    private String clientLabel;
    private String serviceLabel;
    protected Element envelope;
    private String tokenIdentifier;
    private boolean tokenIdDirectId;
    private Element strElem;
    private int wscVersion;
    protected int derivedKeyLength;
    private String customValueType;

    protected abstract int getDerivedKeyLength() throws WSSecurityException;

    public WSSecDerivedKeyBase() {
        this.clientLabel = "WS-SecureConversation";
        this.serviceLabel = "WS-SecureConversation";
        this.wscVersion = 1;
        this.derivedKeyLength = -1;
    }

    public WSSecDerivedKeyBase(WSSConfig wSSConfig) {
        super(wSSConfig);
        this.clientLabel = "WS-SecureConversation";
        this.serviceLabel = "WS-SecureConversation";
        this.wscVersion = 1;
        this.derivedKeyLength = -1;
    }

    public void setExternalKey(byte[] bArr, String str) {
        this.ephemeralKey = bArr;
        this.tokenIdentifier = str;
    }

    public void setExternalKey(byte[] bArr, Element element) {
        this.ephemeralKey = bArr;
        this.strElem = element;
    }

    public String getTokenIdentifier() {
        return this.tokenIdentifier;
    }

    public String getId() {
        return this.dktId;
    }

    public void setClientLabel(String str) {
        this.clientLabel = str;
    }

    public void setServiceLabel(String str) {
        this.serviceLabel = str;
    }

    public void prepare(Document document) throws WSSecurityException, ConversationException {
        this.document = document;
        int derivedKeyLength = getDerivedKeyLength();
        try {
            byte[] bytes = (this.clientLabel + this.serviceLabel).getBytes("UTF-8");
            byte[] generateNonce = WSSecurityUtil.generateNonce(16);
            byte[] bArr = new byte[bytes.length + generateNonce.length];
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
            System.arraycopy(generateNonce, 0, bArr, bytes.length, generateNonce.length);
            this.derivedKeyBytes = AlgoFactory.getInstance("http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1").createKey(this.ephemeralKey, bArr, 0, derivedKeyLength);
            this.dkt = new DerivedKeyToken(this.wscVersion, this.document);
            this.dktId = getWsConfig().getIdAllocator().createId("DK-", this.dkt);
            this.dkt.setOffset(0);
            this.dkt.setLength(derivedKeyLength);
            this.dkt.setNonce(Base64.encode(generateNonce));
            this.dkt.setID(this.dktId);
            if (this.strElem != null) {
                this.dkt.setSecurityTokenReference(this.strElem);
                return;
            }
            SecurityTokenReference securityTokenReference = new SecurityTokenReference(this.document);
            securityTokenReference.setID(getWsConfig().getIdAllocator().createSecureId("STR-", securityTokenReference));
            switch (this.keyIdentifierType) {
                case WSConstants.CUSTOM_KEY_IDENTIFIER /* 12 */:
                    securityTokenReference.setKeyIdentifier(this.customValueType, this.tokenIdentifier);
                    if (!WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customValueType)) {
                        if (!WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customValueType)) {
                            if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(this.customValueType)) {
                                securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                                break;
                            }
                        } else {
                            securityTokenReference.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                            break;
                        }
                    } else {
                        securityTokenReference.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                        break;
                    }
                    break;
                default:
                    Reference reference = new Reference(this.document);
                    if (this.tokenIdDirectId) {
                        reference.setURI(this.tokenIdentifier);
                    } else {
                        reference.setURI("#" + this.tokenIdentifier);
                    }
                    if (this.customValueType != null && !"".equals(this.customValueType)) {
                        reference.setValueType(this.customValueType);
                    }
                    if (WSConstants.WSS_SAML_KI_VALUE_TYPE.equals(this.customValueType)) {
                        securityTokenReference.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
                        reference.setValueType(this.customValueType);
                    } else if (WSConstants.WSS_SAML2_KI_VALUE_TYPE.equals(this.customValueType)) {
                        securityTokenReference.addTokenType(WSConstants.WSS_SAML2_TOKEN_TYPE);
                    } else if (WSConstants.WSS_ENC_KEY_VALUE_TYPE.equals(this.customValueType)) {
                        securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                        reference.setValueType(this.customValueType);
                    } else if (KerberosSecurity.isKerberosToken(this.customValueType)) {
                        securityTokenReference.addTokenType(this.customValueType);
                        reference.setValueType(this.customValueType);
                    } else if (WSConstants.WSC_SCT.equals(this.customValueType) || WSConstants.WSC_SCT_05_12.equals(this.customValueType)) {
                        reference.setValueType(this.customValueType);
                    } else if (!WSConstants.WSS_USERNAME_TOKEN_VALUE_TYPE.equals(this.customValueType)) {
                        securityTokenReference.addTokenType(WSConstants.WSS_ENC_KEY_VALUE_TYPE);
                    }
                    securityTokenReference.setReference(reference);
                    break;
            }
            this.dkt.setSecurityTokenReference(securityTokenReference);
        } catch (UnsupportedEncodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", e, new Object[]{"UTF-8 encoding is not supported"});
        }
    }

    public void prependDKElementToHeader(WSSecHeader wSSecHeader) {
        WSSecurityUtil.prependChildElement(wSSecHeader.getSecurityHeader(), this.dkt.getElement());
    }

    public void appendDKElementToHeader(WSSecHeader wSSecHeader) {
        wSSecHeader.getSecurityHeader().appendChild(this.dkt.getElement());
    }

    public void setWscVersion(int i) {
        this.wscVersion = i;
    }

    public int getWscVersion() {
        return this.wscVersion;
    }

    public Element getdktElement() {
        return this.dkt.getElement();
    }

    public void setDerivedKeyLength(int i) {
        this.derivedKeyLength = i;
    }

    public void setCustomValueType(String str) {
        this.customValueType = str;
    }

    public void setTokenIdDirectId(boolean z) {
        this.tokenIdDirectId = z;
    }
}
