package weblogic.xml.crypto.wss;

import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import weblogic.xml.crypto.dsig.DsigConstants;
import weblogic.xml.crypto.dsig.WLXMLStructure;
import weblogic.xml.crypto.dsig.api.XMLSignatureException;
import weblogic.xml.crypto.dsig.api.XMLSignatureFactory;
import weblogic.xml.crypto.dsig.api.keyinfo.KeyInfoFactory;
import weblogic.xml.crypto.dsig.api.keyinfo.X509Data;
import weblogic.xml.crypto.dsig.api.keyinfo.X509IssuerSerial;
import weblogic.xml.crypto.dsig.keyinfo.X509DataImpl;
import weblogic.xml.crypto.dsig.keyinfo.X509IssuerSerialImpl;
import weblogic.xml.crypto.utils.DOMUtils;
import weblogic.xml.crypto.utils.LogUtils;
import weblogic.xml.crypto.wss.api.BinarySecurityToken;
import weblogic.xml.crypto.wss.api.BinarySecurityTokenType;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.dom.DOMStreamReader;
import weblogic.xml.dom.DOMStreamWriter;
import weblogic.xml.dom.marshal.MarshalException;

/* loaded from: input_file:weblogic/xml/crypto/wss/BinarySecurityTokenReference.class */
public class BinarySecurityTokenReference extends SecurityTokenReferenceImpl {
    public static final String VERBOSE_PROPERTY = "weblogic.xml.crypto.wss.verbose";
    public static final boolean VERBOSE = Boolean.getBoolean("weblogic.xml.crypto.wss.verbose");
    private X509Data x509Data;
    private X509IssuerSerial issuerSerial;
    private static final String DEFAULT_VALUE_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    private boolean useIssuerSerial;

    public BinarySecurityTokenReference() {
        this.x509Data = null;
        this.issuerSerial = null;
        this.useIssuerSerial = false;
        setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
    }

    public BinarySecurityTokenReference(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        super(qName, str, securityToken);
        this.x509Data = null;
        this.issuerSerial = null;
        this.useIssuerSerial = false;
        if (VERBOSE) {
            LogUtils.logWss("STRType =" + qName.toString() + " Value Type =" + str + " useIssuerSerial =" + this.useIssuerSerial);
        }
        init(qName, str, securityToken);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void init(QName qName, String str, SecurityToken securityToken) throws WSSecurityException {
        if (!WSSConstants.KEY_IDENTIFIER_QNAME.equals(qName)) {
            if (DsigConstants.X509ISSUER_SERIAL_QNAME.equals(qName)) {
                initIssuerSerial(securityToken);
            }
        } else {
            if (this.useIssuerSerial) {
                initIssuerSerial(securityToken);
                return;
            }
            try {
                initKeyIdentifier(str, securityToken);
                LogUtils.logWss("Got Key Identifier STR OK for value type =" + str + " for token id =" + securityToken.getId() + " value type =" + securityToken.getValueType());
            } catch (WSSecurityException e) {
                LogUtils.logWss("BinarySecurityTokenReference init error on KeyIdentifier, " + e.getMessage() + " Try IssuerSerial");
                initIssuerSerial(securityToken);
            }
        }
    }

    private void initKeyIdentifier(String str, SecurityToken securityToken) throws WSSecurityException {
        BinarySecurityTokenType bSTType = BinarySecurityTokenImpl.getBSTType(str);
        if (null == bSTType) {
            LogUtils.logWss("BinarySecurityTokenReference initKeyIdentifier error, Invalid value type " + str + " for BST");
            throw new WSSecurityException("Invalid value type " + str + " for BST");
        }
        String keyIdentifierValueType = bSTType.getKeyIdentifierValueType();
        try {
            byte[] keyIdRefValue = BinarySecurityTokenImpl.getBSTType(str).getKeyIdRefValue(securityToken);
            if (keyIdRefValue == null) {
                throw new WSSecurityException("Failed to create KeyIdentifier STR for BST, for value type =" + str + "  for token id =" + securityToken.getId() + " value type =" + securityToken.getValueType() + " and keyIdValueType = " + keyIdentifierValueType);
            }
            setValueType(keyIdentifierValueType);
            setKeyIdentifier(new KeyIdentifierImpl(keyIdRefValue));
        } catch (BSTEncodingException e) {
            LogUtils.logWss("BinarySecurityTokenReference initKeyIdentifier error, error =" + e.toString());
            e.printStackTrace(System.err);
            throw new WSSecurityException(e);
        }
    }

    private void initIssuerSerial(SecurityToken securityToken) throws WSSecurityException {
        try {
            X509Certificate certificate = ((BinarySecurityToken) securityToken).getCertificate();
            KeyInfoFactory keyInfoFactory = XMLSignatureFactory.getInstance().getKeyInfoFactory();
            this.issuerSerial = keyInfoFactory.newX509IssuerSerial(certificate.getIssuerX500Principal().getName(), certificate.getSerialNumber());
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.issuerSerial);
            this.x509Data = keyInfoFactory.newX509Data(Collections.unmodifiableList(arrayList));
            setValueType(securityToken.getValueType());
            setSTRType(DsigConstants.X509ISSUER_SERIAL_QNAME);
        } catch (XMLSignatureException e) {
            throw new WSSecurityException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void init() {
        register(new BinarySecurityTokenHandler());
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenReferenceImpl, weblogic.xml.crypto.api.XMLStructure
    public boolean isFeatureSupported(String str) {
        return false;
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenReferenceImpl
    public void unmarshal(Node node) throws MarshalException {
        Element lastElement = DOMUtils.getLastElement(node);
        try {
            XMLStreamReader dOMStreamReader = new DOMStreamReader(lastElement);
            if (DOMUtils.is(lastElement, DsigConstants.X509DATA_QNAME)) {
                super.unmarshalInternal(node);
                this.x509Data = (X509DataImpl) X509DataImpl.readKeyInfoObject(dOMStreamReader);
                Object obj = this.x509Data.getContent().get(0);
                if (!(obj instanceof X509IssuerSerial)) {
                    throw new MarshalException("Invalid content in SecurityTokenReferrence/X509Data.");
                }
                this.issuerSerial = (X509IssuerSerial) obj;
            } else if (DOMUtils.is(lastElement, DsigConstants.X509ISSUER_SERIAL_QNAME)) {
                super.unmarshalInternal(node);
                X509IssuerSerialImpl x509IssuerSerialImpl = new X509IssuerSerialImpl();
                x509IssuerSerialImpl.read(dOMStreamReader, false);
                this.issuerSerial = x509IssuerSerialImpl;
            } else {
                super.unmarshal(node);
                if (getValueType() == null) {
                    setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
                }
            }
        } catch (weblogic.xml.crypto.api.MarshalException e) {
            throw new MarshalException("Failed to unmarshal SecurityTokenReference child " + DOMUtils.getQName(lastElement) + ", " + e.getMessage(), e);
        } catch (XMLStreamException e2) {
            throw new MarshalException("Failed to unmarshal SecurityTokenReference child " + DOMUtils.getQName(lastElement) + ", " + e2.getMessage(), e2);
        }
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenReferenceImpl
    public void marshal(Element element, Node node, Map map) throws MarshalException {
        if (getSTRType().equals(DsigConstants.X509ISSUER_SERIAL_QNAME)) {
            try {
                marshalIssuerSerialRef(element, node, map);
            } catch (weblogic.xml.crypto.api.MarshalException e) {
                throw new MarshalException(e);
            }
        }
        super.marshal(element, node, map);
    }

    private void marshalIssuerSerialRef(Element element, Node node, Map map) throws weblogic.xml.crypto.api.MarshalException {
        String str = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
        String str2 = (String) map.get("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
        Element createElement = DOMUtils.createElement(element, WSSConstants.STR_QNAME, str);
        if (getId() != null) {
            DOMUtils.addPrefixedAttribute(createElement, WSSConstants.WSU_ID_QNAME, str2, getId());
        }
        if (node != null) {
            element.insertBefore(createElement, node);
        } else {
            element.appendChild(createElement);
        }
        ((WLXMLStructure) this.x509Data).write(new DOMStreamWriter(createElement.getOwnerDocument(), createElement));
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenReferenceImpl
    public void unmarshalEmbeddedRef(Element element) throws MarshalException {
        new BinarySecurityTokenImpl().unmarshal(element.getFirstChild());
    }

    public String toString() {
        return super.toString() + " URI: " + getId();
    }

    @Override // weblogic.xml.crypto.wss.SecurityTokenReferenceImpl, weblogic.xml.crypto.wss.provider.SecurityTokenReference
    public X509IssuerSerial getIssuerSerial() {
        return this.issuerSerial;
    }
}
