package weblogic.wsee.wstx.wsat.security;

import javax.crypto.spec.SecretKeySpec;
import javax.xml.ws.WebServiceException;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.security.wssc.base.sct.SCTHelper;
import weblogic.wsee.security.wssc.base.sct.SCTokenHandlerBase;
import weblogic.wsee.security.wssc.sct.SCCredential;
import weblogic.wsee.security.wssc.v13.sct.SCTokenHandler;
import weblogic.wsee.security.wst.binding.RequestSecurityTokenResponse;
import weblogic.wsee.security.wst.helpers.BindingHelper;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;

/* loaded from: input_file:weblogic/wsee/wstx/wsat/security/IssuedTokenCPBuilder.class */
public class IssuedTokenCPBuilder {
    private SCTokenHandlerBase tokenHandler;
    private Node rstrNode = null;
    private String algorithm = "AES";

    public IssuedTokenCPBuilder algorithm(String str) {
        this.algorithm = str;
        return this;
    }

    public IssuedTokenCPBuilder issuedTokens(Element element) {
        String localName = element.getLocalName();
        String namespaceURI = element.getNamespaceURI();
        if ("IssuedTokens".equals(localName)) {
            if ("http://docs.oasis-open.org/ws-sx/ws-trust/200512".equals(namespaceURI)) {
                this.tokenHandler = new SCTokenHandler();
            } else if ("http://schemas.xmlsoap.org/ws/2005/02/trust".equals(namespaceURI)) {
                this.tokenHandler = new weblogic.wsee.security.wssc.v200502.sct.SCTokenHandler();
            }
        }
        if (this.tokenHandler == null) {
            throw new IllegalArgumentException("not valid issuedTokens");
        }
        NodeList elementsByTagNameNS = element.getElementsByTagNameNS(namespaceURI, RequestSecurityTokenResponse.NAME);
        if (elementsByTagNameNS.getLength() > 0) {
            this.rstrNode = elementsByTagNameNS.item(0);
        }
        if (this.rstrNode == null) {
            throw new IllegalArgumentException("issuedTokens doesn't include RequestSecurityTokenResponse element");
        }
        return this;
    }

    public CredentialProvider build() {
        try {
            RequestSecurityTokenResponse unmarshalRSTRNode = BindingHelper.unmarshalRSTRNode(this.rstrNode, this.tokenHandler);
            final SCCredential sCCredentialFromRSTR = SCTHelper.getSCCredentialFromRSTR(null, new SecretKeySpec(unmarshalRSTRNode.getRequestedProofToken().getBinarySecret().getValue(), this.algorithm), unmarshalRSTRNode, this.tokenHandler);
            return new CredentialProvider() { // from class: weblogic.wsee.wstx.wsat.security.IssuedTokenCPBuilder.1
                @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
                public String[] getValueTypes() {
                    return IssuedTokenCPBuilder.this.tokenHandler.getValueTypes();
                }

                @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
                public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
                    return sCCredentialFromRSTR;
                }
            };
        } catch (Exception e) {
            throw new WebServiceException(e);
        }
    }
}
