package weblogic.wsee.security.wssc.base.dk;

import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import weblogic.security.service.ContextHandler;
import weblogic.wsee.security.saml.SAMLUtils;
import weblogic.wsee.security.wss.plan.helper.TokenReferenceTypeHelper;
import weblogic.wsee.security.wssc.base.faults.WSCFaultException;
import weblogic.wsee.security.wssc.dk.DKClaims;
import weblogic.wsee.security.wssc.dk.DKCredential;
import weblogic.wsee.security.wst.faults.WSTFaultUtil;
import weblogic.xml.crypto.utils.KeyUtils;
import weblogic.xml.crypto.wss.SecurityTokenContextHandler;
import weblogic.xml.crypto.wss.WSSConstants;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.WSSecurityException;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import weblogic.xml.crypto.wss.provider.Purpose;
import weblogic.xml.crypto.wss.provider.SecurityToken;
import weblogic.xml.crypto.wss.provider.SecurityTokenHandler;
import weblogic.xml.crypto.wss.provider.SecurityTokenReference;
import weblogic.xml.crypto.wss11.internal.STRType;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/dk/DKCredentialProviderBase.class */
public abstract class DKCredentialProviderBase implements CredentialProvider {
    private static final Logger LOGGER = Logger.getLogger(DKCredentialProviderBase.class.getName());

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public abstract String[] getValueTypes();

    protected abstract String getURI_P_SHA1();

    protected abstract WSCFaultException newUnknownDerivationSourceException(String str);

    @Override // weblogic.xml.crypto.wss.provider.CredentialProvider
    public Object getCredential(String str, String str2, ContextHandler contextHandler, Purpose purpose) {
        if (purpose == null || purpose.equals(Purpose.IDENTITY) || purpose.equals(Purpose.ENCRYPT_RESPONSE)) {
            return null;
        }
        return createNewDK(contextHandler, purpose);
    }

    protected Object createNewDK(ContextHandler contextHandler, Purpose purpose) {
        List sTRTypesForSAMLIssuedToken;
        try {
            SecurityToken securityToken = (SecurityToken) contextHandler.getValue(SecurityTokenContextHandler.DERIVED_FROM_TOKEN);
            if (securityToken == null) {
                return null;
            }
            WSSecurityContext wSSecurityContext = (WSSecurityContext) contextHandler.getValue(SecurityTokenContextHandler.SECURITY_INFO);
            String valueType = securityToken.getValueType();
            SecurityTokenHandler requiredTokenHandler = wSSecurityContext.getRequiredTokenHandler(valueType);
            QName qName = (QName) contextHandler.getValue(SecurityTokenContextHandler.DK_STR_REFERENCE_TYPE);
            if (SAMLUtils.isSamlTokenType(valueType) && (sTRTypesForSAMLIssuedToken = TokenReferenceTypeHelper.getSTRTypesForSAMLIssuedToken(valueType)) != null && sTRTypesForSAMLIssuedToken.size() > 0) {
                qName = ((STRType) sTRTypesForSAMLIssuedToken.get(0)).getTopLevelElement();
            }
            if (qName == null) {
                qName = WSSConstants.REFERENCE_QNAME;
            }
            SecurityTokenReference str = requiredTokenHandler.getSTR(qName, valueType, securityToken);
            DKCredential dKCredential = new DKCredential();
            dKCredential.setSecurityToken(securityToken);
            dKCredential.setTokenReference(str);
            dKCredential.setAlgorithm(getURI_P_SHA1());
            dKCredential.setLabel(DKClaims.getLabelFromContextHandler(contextHandler));
            dKCredential.setLength(DKClaims.getLengthFromContextHandler(contextHandler));
            dKCredential.setGeneration(0);
            dKCredential.setNonce(KeyUtils.createNonce());
            if (LOGGER.isLoggable(Level.FINE)) {
                LOGGER.log(Level.FINE, "Returning DK Credential");
                LOGGER.log(Level.FINE, "DKLabel: " + dKCredential.getLabel());
                LOGGER.log(Level.FINE, "DKLength: " + dKCredential.getLength());
            }
            if (SAMLUtils.isSamlTokenType(valueType)) {
                dKCredential.setSecretKey(securityToken.getSecretKey());
            }
            return dKCredential;
        } catch (WSSecurityException e) {
            WSTFaultUtil.raiseFault(newUnknownDerivationSourceException("Can not create DerivedKey Token"));
            return null;
        }
    }
}
