package weblogic.wsee.security.wssc.base.sct;

import java.security.Key;
import weblogic.wsee.security.wssc.sct.SCCredential;
import weblogic.wsee.security.wst.binding.AppliesTo;
import weblogic.wsee.security.wst.binding.Lifetime;
import weblogic.wsee.security.wst.binding.RequestSecurityTokenResponse;
import weblogic.wsee.security.wst.binding.RequestedAttachedReference;
import weblogic.wsee.security.wst.binding.RequestedSecurityToken;
import weblogic.wsee.security.wst.binding.RequestedUnattachedReference;
import weblogic.wsee.security.wst.binding.TokenType;
import weblogic.wsee.security.wst.faults.RequestFailedException;
import weblogic.wsee.security.wst.faults.WSTFaultException;
import weblogic.wsee.security.wst.framework.WSTContext;
import weblogic.xml.crypto.wss.provider.SecurityToken;

/* loaded from: input_file:weblogic/wsee/security/wssc/base/sct/SCTHelper.class */
public class SCTHelper {
    public static SCCredential getSCCredentialFromRSTR(WSTContext wSTContext, Key key, RequestSecurityTokenResponse requestSecurityTokenResponse, SCTokenHandlerBase sCTokenHandlerBase) throws WSTFaultException {
        SCCredential newSCCredential = sCTokenHandlerBase.newSCCredential();
        TokenType tokenType = requestSecurityTokenResponse.getTokenType();
        if (tokenType != null && !tokenType.getTokenType().equals(sCTokenHandlerBase.getSCT_VALUE_TYPE())) {
            throw new RequestFailedException("Unexpected token type in RSTR: " + tokenType.getTokenType());
        }
        RequestedSecurityToken requestedSecurityToken = requestSecurityTokenResponse.getRequestedSecurityToken();
        if (requestedSecurityToken == null) {
            throw new RequestFailedException("RequestedSecurityToken must be specified");
        }
        SecurityToken securityToken = requestedSecurityToken.getSecurityToken();
        if (!(securityToken instanceof SCTokenBase)) {
            throw new RequestFailedException(securityToken.getValueType() + " is not a SCT");
        }
        SCCredential.copy(((SCTokenBase) securityToken).getCredential(), newSCCredential);
        newSCCredential.setSecret(key);
        Lifetime lifetime = requestSecurityTokenResponse.getLifetime();
        newSCCredential.setCreated(lifetime.getCreated());
        newSCCredential.setExpires(lifetime.getExpires());
        AppliesTo appliesTo = requestSecurityTokenResponse.getAppliesTo();
        if (appliesTo != null) {
            newSCCredential.setAppliesTo(appliesTo.getEndpointReference());
            newSCCredential.setAppliesToElement(appliesTo.getElement());
        } else {
            newSCCredential.setAppliesTo(wSTContext.getAppliesTo());
            newSCCredential.setAppliesToElement(wSTContext.getAppliesToElement());
        }
        RequestedAttachedReference requestedAttachedReference = requestSecurityTokenResponse.getRequestedAttachedReference();
        if (requestedAttachedReference != null) {
            SCCredential.copyFromSTRToInfo(requestedAttachedReference.getSecurityTokenReference(), newSCCredential.newAttachedSecurityTokenReferenceInfo());
        }
        RequestedUnattachedReference requestedUnattachedReference = requestSecurityTokenResponse.getRequestedUnattachedReference();
        if (requestedUnattachedReference != null) {
            SCCredential.copyFromSTRToInfo(requestedUnattachedReference.getSecurityTokenReference(), newSCCredential.newUnattachedSecurityTokenReferenceInfo());
        }
        return newSCCredential;
    }
}
