package org.apache.wss4j.stax.impl.processor.input;

import java.util.ArrayDeque;
import java.util.Deque;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
import org.apache.wss4j.binding.wss10.KeyIdentifierType;
import org.apache.wss4j.binding.wss10.ReferenceType;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.ext.WSSUtils;
import org.apache.wss4j.stax.impl.securityToken.SecurityTokenReferenceImpl;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.AbstractInputProcessor;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEndElement;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:lib/open/cxf/wssec/wss4j-ws-security-stax-2.0.2.jar:org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler.class */
public class SecurityTokenReferenceInputHandler extends AbstractInputSecurityHeaderHandler {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:lib/open/cxf/wssec/wss4j-ws-security-stax-2.0.2.jar:org/apache/wss4j/stax/impl/processor/input/SecurityTokenReferenceInputHandler$InternalSecurityTokenReferenceInputProcessor.class */
    public class InternalSecurityTokenReferenceInputProcessor extends AbstractInputProcessor {
        private final String securityTokenReferenceId;
        private final QName attribute;
        private final String attributeValue;
        private boolean refFound;
        private boolean end;
        private QName startElementName;
        private int startElementLevel;
        private final ArrayDeque<XMLSecEvent> xmlSecEventList;

        InternalSecurityTokenReferenceInputProcessor(String str, QName qName, String str2, WSSSecurityProperties wSSSecurityProperties) {
            super(wSSSecurityProperties);
            this.refFound = false;
            this.end = false;
            this.xmlSecEventList = new ArrayDeque<>();
            this.securityTokenReferenceId = str;
            this.attribute = qName;
            this.attributeValue = str2;
        }

        @Override // org.apache.xml.security.stax.ext.AbstractInputProcessor, org.apache.xml.security.stax.ext.InputProcessor
        public XMLSecEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
            return inputProcessorChain.processHeaderEvent();
        }

        @Override // org.apache.xml.security.stax.ext.AbstractInputProcessor, org.apache.xml.security.stax.ext.InputProcessor
        public XMLSecEvent processNextEvent(final InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
            XMLSecEvent processEvent = inputProcessorChain.processEvent();
            switch (processEvent.getEventType()) {
                case 1:
                    XMLSecStartElement mo4276asStartElement = processEvent.mo4276asStartElement();
                    Attribute attributeByName = mo4276asStartElement.getAttributeByName(this.attribute);
                    if (attributeByName != null && this.attributeValue.equals(attributeByName.getValue())) {
                        if (!this.refFound) {
                            this.refFound = true;
                            this.startElementName = mo4276asStartElement.getName();
                            this.startElementLevel = mo4276asStartElement.getElementPath().size();
                            break;
                        } else {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "duplicateId", new Object[0]);
                        }
                    }
                    break;
                case 2:
                    XMLSecEndElement mo4274asEndElement = processEvent.mo4274asEndElement();
                    if (!mo4274asEndElement.getName().equals(this.startElementName) || mo4274asEndElement.getDocumentLevel() != this.startElementLevel) {
                        if (mo4274asEndElement.getDocumentLevel() == 3 && mo4274asEndElement.getName().equals(WSSConstants.TAG_wsse_Security) && WSSUtils.isInSecurityHeader(mo4274asEndElement, ((WSSSecurityProperties) getSecurityProperties()).getActor())) {
                            inputProcessorChain.removeProcessor(this);
                            break;
                        }
                    } else {
                        this.end = true;
                        this.xmlSecEventList.push(processEvent);
                        inputProcessorChain.getSecurityContext().registerSecurityTokenProvider(this.securityTokenReferenceId, new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.wss4j.stax.impl.processor.input.SecurityTokenReferenceInputHandler.InternalSecurityTokenReferenceInputProcessor.1
                            private InboundSecurityToken securityToken = null;

                            /* JADX WARN: Can't rename method to resolve collision */
                            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                            public InboundSecurityToken getSecurityToken() throws XMLSecurityException {
                                if (this.securityToken != null) {
                                    return this.securityToken;
                                }
                                SecurityTokenReferenceImpl securityTokenReferenceImpl = new SecurityTokenReferenceImpl(inputProcessorChain.getSecurityContext().getSecurityTokenProvider(InternalSecurityTokenReferenceInputProcessor.this.attributeValue).getSecurityToken(), InternalSecurityTokenReferenceInputProcessor.this.xmlSecEventList, (WSInboundSecurityContext) inputProcessorChain.getSecurityContext(), InternalSecurityTokenReferenceInputProcessor.this.securityTokenReferenceId, WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                                this.securityToken = securityTokenReferenceImpl;
                                return securityTokenReferenceImpl;
                            }

                            @Override // org.apache.xml.security.stax.securityToken.SecurityTokenProvider
                            public String getId() {
                                return InternalSecurityTokenReferenceInputProcessor.this.securityTokenReferenceId;
                            }
                        });
                        return processEvent;
                    }
                    break;
            }
            if (this.refFound && !this.end) {
                this.xmlSecEventList.push(processEvent);
            }
            return processEvent;
        }
    }

    @Override // org.apache.xml.security.stax.ext.XMLSecurityHeaderHandler
    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        SecurityTokenReferenceType securityTokenReferenceType = (SecurityTokenReferenceType) ((JAXBElement) parseStructure(deque, num.intValue(), xMLSecurityProperties)).getValue();
        QName qName = null;
        String str = null;
        KeyIdentifierType keyIdentifierType = (KeyIdentifierType) XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_KeyIdentifier);
        if (keyIdentifierType != null) {
            str = keyIdentifierType.getValue().trim();
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(keyIdentifierType.getValueType())) {
                qName = WSSConstants.ATT_NULL_AssertionID;
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(keyIdentifierType.getValueType())) {
                qName = WSSConstants.ATT_NULL_ID;
            }
        }
        ReferenceType referenceType = (ReferenceType) XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_Reference);
        if (referenceType != null) {
            str = WSSUtils.dropReferenceMarker(referenceType.getURI());
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(referenceType.getValueType())) {
                qName = WSSConstants.ATT_NULL_AssertionID;
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(referenceType.getValueType())) {
                qName = WSSConstants.ATT_NULL_ID;
            }
        }
        if (qName == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN);
        }
        inputProcessorChain.addProcessor(new InternalSecurityTokenReferenceInputProcessor(securityTokenReferenceType.getId(), qName, str, (WSSSecurityProperties) xMLSecurityProperties));
    }
}
