package org.apache.ws.security.processor;

import java.util.Collections;
import java.util.List;
import org.apache.ws.security.WSDataRef;
import org.apache.ws.security.WSDocInfo;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.AlgorithmSuite;
import org.apache.ws.security.components.crypto.AlgorithmSuiteValidator;
import org.apache.ws.security.handler.RequestData;
import org.apache.ws.security.message.token.DerivedKeyToken;
import org.apache.ws.security.str.DerivedKeyTokenSTRParser;
import org.w3c.dom.Element;

/* loaded from: input_file:lib/wss4j-1.6.11.jar:org/apache/ws/security/processor/DerivedKeyTokenProcessor.class */
public class DerivedKeyTokenProcessor implements Processor {
    @Override // org.apache.ws.security.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(element, requestData.getWssConfig().isWsiBSPCompliant());
        AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
        if (algorithmSuite != null) {
            new AlgorithmSuiteValidator(algorithmSuite).checkDerivedKeyAlgorithm(derivedKeyToken.getAlgorithm());
        }
        Element securityTokenReferenceElement = derivedKeyToken.getSecurityTokenReferenceElement();
        if (securityTokenReferenceElement == null) {
            throw new WSSecurityException(6, "noReference");
        }
        DerivedKeyTokenSTRParser derivedKeyTokenSTRParser = new DerivedKeyTokenSTRParser();
        derivedKeyTokenSTRParser.parseSecurityTokenReference(securityTokenReferenceElement, requestData, wSDocInfo, null);
        byte[] secretKey = derivedKeyTokenSTRParser.getSecretKey();
        if (derivedKeyToken.getNonce() == null) {
            throw new WSSecurityException("Missing wsc:Nonce value");
        }
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(2048, (byte[]) null, derivedKeyToken.deriveKey(derivedKeyToken.getLength(), secretKey), (List<WSDataRef>) null);
        wSDocInfo.addTokenElement(element);
        wSSecurityEngineResult.put("id", derivedKeyToken.getID());
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_DERIVED_KEY_TOKEN, derivedKeyToken);
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_SECRET, secretKey);
        wSSecurityEngineResult.put(WSSecurityEngineResult.TAG_TOKEN_ELEMENT, derivedKeyToken.getElement());
        wSDocInfo.addResult(wSSecurityEngineResult);
        return Collections.singletonList(wSSecurityEngineResult);
    }
}
