package org.apache.ws.security.processor;

import java.io.IOException;
import java.util.Vector;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSConfig;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.conversation.dkalgo.AlgoFactory;
import org.apache.ws.security.conversation.dkalgo.DerivationAlgorithm;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.message.token.SecurityTokenReference;
import org.apache.ws.security.saml.SAMLUtil;
import org.apache.ws.security.util.Base64;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/wss4j-1.5.4-patched.jar:org/apache/ws/security/processor/DerivedKeyTokenProcessor.class */
public class DerivedKeyTokenProcessor implements Processor {
    private String id;
    private byte[] keyBytes;
    private byte[] secret;
    private int length;
    private int offset;
    private byte[] nonce;
    private String label;
    private String algorithm;

    @Override // org.apache.ws.security.processor.Processor
    public void handleToken(Element element, Crypto crypto, Crypto crypto2, CallbackHandler callbackHandler, WSDocInfo wSDocInfo, Vector vector, WSSConfig wSSConfig) throws WSSecurityException {
        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(element);
        extractSecret(wSDocInfo, derivedKeyToken, callbackHandler, crypto);
        String nonce = derivedKeyToken.getNonce();
        if (nonce == null) {
            throw new WSSecurityException("Missing wsc:Nonce value");
        }
        this.nonce = Base64.decode(nonce);
        this.length = derivedKeyToken.getLength();
        this.label = derivedKeyToken.getLabel();
        this.algorithm = derivedKeyToken.getAlgorithm();
        this.id = derivedKeyToken.getID();
        if (this.length > 0) {
            deriveKey();
        }
    }

    private void deriveKey() throws WSSecurityException {
        try {
            DerivationAlgorithm algoFactory = AlgoFactory.getInstance(this.algorithm);
            byte[] bytes = (this.label == null || (this.label != null && this.label.length() == 0)) ? "WS-SecureConversationWS-SecureConversation".getBytes("UTF-8") : this.label.getBytes("UTF-8");
            byte[] bArr = new byte[bytes.length + this.nonce.length];
            System.arraycopy(bytes, 0, bArr, 0, bytes.length);
            System.arraycopy(this.nonce, 0, bArr, bytes.length, this.nonce.length);
            this.keyBytes = algoFactory.createKey(this.secret, bArr, this.offset, this.length);
        } catch (Exception e) {
            throw new WSSecurityException(0, e.getMessage());
        }
    }

    private void extractSecret(WSDocInfo wSDocInfo, DerivedKeyToken derivedKeyToken, CallbackHandler callbackHandler, Crypto crypto) throws WSSecurityException {
        Processor processor;
        SecurityTokenReference secuityTokenReference = derivedKeyToken.getSecuityTokenReference();
        if (secuityTokenReference == null) {
            throw new WSSecurityException(6, "noReference");
        }
        String str = null;
        String str2 = null;
        String str3 = null;
        if (secuityTokenReference.containsReference()) {
            str = secuityTokenReference.getReference().getURI();
            processor = wSDocInfo.getProcessor(str.substring(1));
        } else {
            str3 = secuityTokenReference.getKeyIdentifierValue();
            str2 = secuityTokenReference.getKeyIdentifierValueType();
            processor = wSDocInfo.getProcessor(str3);
        }
        if (processor == null && str != null) {
            this.secret = getSecret(callbackHandler, str.substring(1));
            return;
        }
        if (processor == null && str3 != null && str2 != null) {
            this.secret = getSecret(callbackHandler, str3, str2);
            return;
        }
        if (processor instanceof EncryptedKeyProcessor) {
            this.secret = ((EncryptedKeyProcessor) processor).getDecryptedBytes();
        } else if (processor instanceof SecurityContextTokenProcessor) {
            this.secret = ((SecurityContextTokenProcessor) processor).getSecret();
        } else {
            if (!(processor instanceof SAMLTokenProcessor)) {
                throw new WSSecurityException(6, "unsupportedKeyId");
            }
            this.secret = SAMLUtil.getSAMLKeyInfo(((SAMLTokenProcessor) processor).getSamlTokenElement(), crypto, callbackHandler).getSecret();
        }
    }

    private byte[] getSecret(CallbackHandler callbackHandler, String str) throws WSSecurityException {
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, 6);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback.getKey();
        } catch (IOException e) {
            throw new WSSecurityException(0, "noKey", new Object[]{str});
        } catch (UnsupportedCallbackException e2) {
            throw new WSSecurityException(0, "noKey", new Object[]{str});
        }
    }

    private byte[] getSecret(CallbackHandler callbackHandler, String str, String str2) throws WSSecurityException {
        if (callbackHandler == null) {
            throw new WSSecurityException(0, "noCallback");
        }
        WSPasswordCallback wSPasswordCallback = null;
        if (str2.equals(SecurityTokenReference.ENC_KEY_SHA1_URI)) {
            wSPasswordCallback = new WSPasswordCallback(str, 8);
            try {
                callbackHandler.handle(new Callback[]{wSPasswordCallback});
            } catch (IOException e) {
                throw new WSSecurityException(0, "noKey", new Object[]{this.id});
            } catch (UnsupportedCallbackException e2) {
                throw new WSSecurityException(0, "noKey", new Object[]{this.id});
            }
        }
        return wSPasswordCallback.getKey();
    }

    @Override // org.apache.ws.security.processor.Processor
    public String getId() {
        return this.id;
    }

    public byte[] getKeyBytes() {
        return this.keyBytes;
    }

    public byte[] getKeyBytes(int i) throws WSSecurityException {
        this.length = i;
        deriveKey();
        return this.keyBytes;
    }
}
