package org.apache.wss4j.stax.impl.securityToken;

import java.lang.reflect.InvocationHandler;
import java.lang.reflect.InvocationTargetException;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.binding.wss10.KeyIdentifierType;
import org.apache.wss4j.binding.wss10.ReferenceType;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityToken.KerberosServiceSecurityToken;
import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
import org.apache.wss4j.stax.securityToken.SecurityTokenReference;
import org.apache.wss4j.stax.securityToken.UsernameSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.securityToken.X509SecurityToken;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmldsig.KeyValueType;
import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.X509DataType;
import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.SecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;

/* loaded from: input_file:lib/wss4j-ws-security-stax-2.1.4.jar:org/apache/wss4j/stax/impl/securityToken/SecurityTokenFactoryImpl.class */
public class SecurityTokenFactoryImpl extends SecurityTokenFactory {
    public InboundSecurityToken getSecurityToken(KeyInfoType keyInfoType, SecurityTokenConstants.KeyUsage keyUsage, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {
        Crypto crypto = null;
        if (WSSecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage)) {
            crypto = ((WSSSecurityProperties) xMLSecurityProperties).getSignatureVerificationCrypto();
        } else if (WSSecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage)) {
            crypto = ((WSSSecurityProperties) xMLSecurityProperties).getDecryptionCrypto();
        }
        if (keyInfoType != null) {
            SecurityTokenReferenceType securityTokenReferenceType = (SecurityTokenReferenceType) XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_wsse_SecurityTokenReference);
            if (securityTokenReferenceType != null) {
                return getSecurityToken(securityTokenReferenceType, crypto, ((WSSSecurityProperties) xMLSecurityProperties).getCallbackHandler(), inboundSecurityContext, (WSSSecurityProperties) xMLSecurityProperties);
            }
            KeyValueType keyValueType = (KeyValueType) XMLSecurityUtils.getQNameType(keyInfoType.getContent(), WSSConstants.TAG_dsig_KeyValue);
            if (keyValueType != null) {
                return getSecurityToken(keyValueType, crypto, ((WSSSecurityProperties) xMLSecurityProperties).getCallbackHandler(), (SecurityContext) inboundSecurityContext);
            }
        } else if (crypto != null && crypto.getDefaultX509Identifier() != null) {
            return new X509DefaultSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, ((WSSSecurityProperties) xMLSecurityProperties).getCallbackHandler(), crypto.getDefaultX509Identifier(), crypto.getDefaultX509Identifier(), WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, (WSSSecurityProperties) xMLSecurityProperties);
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
    }

    public static InboundSecurityToken getSecurityToken(SecurityTokenReferenceType securityTokenReferenceType, Crypto crypto, CallbackHandler callbackHandler, InboundSecurityContext inboundSecurityContext, WSSSecurityProperties wSSSecurityProperties) throws XMLSecurityException {
        try {
        } catch (Throwable th) {
            inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
            throw th;
        }
        if (securityTokenReferenceType == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noSecTokRef");
        }
        if (securityTokenReferenceType.getAny().size() > 1) {
            ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3061);
        }
        if (securityTokenReferenceType.getId() == null) {
            securityTokenReferenceType.setId(IDGenerator.generateID((String) null));
        }
        X509DataType x509DataType = (X509DataType) XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_dsig_X509Data);
        if (x509DataType != null) {
            X509IssuerSerialType x509IssuerSerialType = (X509IssuerSerialType) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509IssuerSerial);
            if (x509IssuerSerialType != null) {
                List registeredSecurityTokenProviders = inboundSecurityContext.getRegisteredSecurityTokenProviders();
                for (int i = 0; i < registeredSecurityTokenProviders.size(); i++) {
                    X509SecurityToken x509SecurityToken = (InboundSecurityToken) ((SecurityTokenProvider) registeredSecurityTokenProviders.get(i)).getSecurityToken();
                    if (x509SecurityToken instanceof X509SecurityToken) {
                        X509Certificate x509Certificate = x509SecurityToken.getX509Certificates()[0];
                        if (x509Certificate.getSerialNumber().compareTo(x509IssuerSerialType.getX509SerialNumber()) == 0 && x509Certificate.getIssuerX500Principal().equals(new X500Principal(x509IssuerSerialType.getX509IssuerName()))) {
                            InboundSecurityToken createSecurityTokenProxy = createSecurityTokenProxy(x509SecurityToken, WSSecurityTokenConstants.KeyIdentifier_IssuerSerial);
                            inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                            return createSecurityTokenProxy;
                        }
                    }
                }
                X509IssuerSerialTokenImpl x509IssuerSerialTokenImpl = new X509IssuerSerialTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, x509IssuerSerialType, securityTokenReferenceType.getId(), wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return x509IssuerSerialTokenImpl;
            }
            byte[] bArr = (byte[]) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), XMLSecurityConstants.TAG_dsig_X509SKI);
            if (bArr != null) {
                X509SKISecurityTokenImpl x509SKISecurityTokenImpl = new X509SKISecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, bArr, securityTokenReferenceType.getId(), wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return x509SKISecurityTokenImpl;
            }
            byte[] bArr2 = (byte[]) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), WSSConstants.TAG_dsig_X509Certificate);
            if (bArr2 != null) {
                X509V3SecurityTokenImpl x509V3SecurityTokenImpl = new X509V3SecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, bArr2, securityTokenReferenceType.getId(), wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return x509V3SecurityTokenImpl;
            }
        }
        String qNameAttribute = XMLSecurityUtils.getQNameAttribute(securityTokenReferenceType.getOtherAttributes(), WSSConstants.ATT_wsse11_TokenType);
        KeyIdentifierType keyIdentifierType = (KeyIdentifierType) XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_KeyIdentifier);
        if (keyIdentifierType != null) {
            String valueType = keyIdentifierType.getValueType();
            if (valueType == null) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3054);
            }
            String encodingType = keyIdentifierType.getEncodingType();
            byte[] bArr3 = null;
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary".equals(encodingType)) {
                bArr3 = Base64.decodeBase64(keyIdentifierType.getValue());
            } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(valueType) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(valueType)) {
                if (encodingType != null && ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(valueType) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(valueType))) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6604);
                }
            } else if (encodingType == null) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3070);
            } else {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3071);
            }
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(valueType)) {
                X509V3SecurityTokenImpl x509V3SecurityTokenImpl2 = new X509V3SecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, bArr3, securityTokenReferenceType.getId(), wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return x509V3SecurityTokenImpl2;
            }
            if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier".equals(valueType)) {
                X509SKISecurityTokenImpl x509SKISecurityTokenImpl2 = new X509SKISecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, bArr3, securityTokenReferenceType.getId(), wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return x509SKISecurityTokenImpl2;
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1".equals(valueType)) {
                try {
                    try {
                        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
                        List registeredSecurityTokenProviders2 = inboundSecurityContext.getRegisteredSecurityTokenProviders();
                        for (int i2 = 0; i2 < registeredSecurityTokenProviders2.size(); i2++) {
                            X509SecurityToken x509SecurityToken2 = (InboundSecurityToken) ((SecurityTokenProvider) registeredSecurityTokenProviders2.get(i2)).getSecurityToken();
                            if ((x509SecurityToken2 instanceof X509SecurityToken) && Arrays.equals(messageDigest.digest(x509SecurityToken2.getX509Certificates()[0].getEncoded()), bArr3)) {
                                InboundSecurityToken createSecurityTokenProxy2 = createSecurityTokenProxy(x509SecurityToken2, WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
                                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                                return createSecurityTokenProxy2;
                            }
                        }
                        X509ThumbprintSHA1SecurityTokenImpl x509ThumbprintSHA1SecurityTokenImpl = new X509ThumbprintSHA1SecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, crypto, callbackHandler, bArr3, securityTokenReferenceType.getId(), wSSSecurityProperties);
                        inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                        return x509ThumbprintSHA1SecurityTokenImpl;
                    } catch (CertificateEncodingException e) {
                        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
                    }
                } catch (NoSuchAlgorithmException e2) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2);
                }
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1".equals(valueType)) {
                EncryptedKeySha1SecurityTokenImpl encryptedKeySha1SecurityTokenImpl = new EncryptedKeySha1SecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, callbackHandler, keyIdentifierType.getValue(), securityTokenReferenceType.getId());
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return encryptedKeySha1SecurityTokenImpl;
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(valueType) || "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(valueType)) {
                if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID".equals(valueType) && !"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(qNameAttribute)) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6617);
                } else if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(valueType) && !"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(qNameAttribute)) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6611);
                }
                SecurityTokenProvider securityTokenProvider = inboundSecurityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
                if (securityTokenProvider != null) {
                    InboundSecurityToken createSecurityTokenProxy3 = createSecurityTokenProxy((InboundSecurityToken) securityTokenProvider.getSecurityToken(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                    inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                    return createSecurityTokenProxy3;
                }
                SamlSecurityTokenImpl samlSecurityTokenImpl = new SamlSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, keyIdentifierType.getValue(), WSSecurityTokenConstants.KeyIdentifier_ExternalReference, wSSSecurityProperties);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return samlSecurityTokenImpl;
            }
            if ("http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1".equals(valueType)) {
                SecurityTokenProvider securityTokenProvider2 = inboundSecurityContext.getSecurityTokenProvider(keyIdentifierType.getValue());
                if (securityTokenProvider2 != null) {
                    InboundSecurityToken createSecurityTokenProxy4 = createSecurityTokenProxy((InboundSecurityToken) securityTokenProvider2.getSecurityToken(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
                    inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                    return createSecurityTokenProxy4;
                }
                try {
                    MessageDigest messageDigest2 = MessageDigest.getInstance("SHA-1");
                    List registeredSecurityTokenProviders3 = inboundSecurityContext.getRegisteredSecurityTokenProviders();
                    for (int i3 = 0; i3 < registeredSecurityTokenProviders3.size(); i3++) {
                        KerberosServiceSecurityToken kerberosServiceSecurityToken = (InboundSecurityToken) ((SecurityTokenProvider) registeredSecurityTokenProviders3.get(i3)).getSecurityToken();
                        if ((kerberosServiceSecurityToken instanceof KerberosServiceSecurityToken) && Arrays.equals(messageDigest2.digest(kerberosServiceSecurityToken.getBinaryContent()), bArr3)) {
                            InboundSecurityToken createSecurityTokenProxy5 = createSecurityTokenProxy(kerberosServiceSecurityToken, WSSecurityTokenConstants.KeyIdentifier_ThumbprintIdentifier);
                            inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                            return createSecurityTokenProxy5;
                        }
                    }
                    EncryptedKeySha1SecurityTokenImpl encryptedKeySha1SecurityTokenImpl2 = new EncryptedKeySha1SecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, callbackHandler, keyIdentifierType.getValue(), securityTokenReferenceType.getId());
                    inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                    return encryptedKeySha1SecurityTokenImpl2;
                } catch (NoSuchAlgorithmException e3) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e3);
                }
            }
            ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3063);
            inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
            throw th;
        }
        ReferenceType referenceType = (ReferenceType) XMLSecurityUtils.getQNameType(securityTokenReferenceType.getAny(), WSSConstants.TAG_wsse_Reference);
        if (referenceType == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "noKeyinfo");
        }
        String uri = referenceType.getURI();
        if (uri == null) {
            ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3062);
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "badReferenceURI");
        }
        boolean z = true;
        if (!uri.startsWith("#")) {
            z = false;
            try {
                ExternalSecurityTokenImpl externalSecurityTokenImpl = new ExternalSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, uri, WSSecurityTokenConstants.KeyIdentifier_ExternalReference, wSSSecurityProperties, false);
                inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
                return externalSecurityTokenImpl;
            } catch (WSSecurityException e4) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R5204);
            }
        }
        String dropReferenceMarker = WSSUtils.dropReferenceMarker(uri);
        Integer num = (Integer) inboundSecurityContext.get("" + Thread.currentThread().hashCode());
        if (num == null) {
            num = 0;
        }
        Integer valueOf = Integer.valueOf(num.intValue() + 1);
        if (valueOf.intValue() == 10) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN);
        }
        inboundSecurityContext.put("" + Thread.currentThread().hashCode(), valueOf);
        SecurityTokenProvider securityTokenProvider3 = inboundSecurityContext.getSecurityTokenProvider(dropReferenceMarker);
        if (securityTokenProvider3 == null) {
            ExternalSecurityTokenImpl externalSecurityTokenImpl2 = new ExternalSecurityTokenImpl((WSInboundSecurityContext) inboundSecurityContext, dropReferenceMarker, WSSecurityTokenConstants.KeyIdentifier_ExternalReference, wSSSecurityProperties, z);
            inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
            return externalSecurityTokenImpl2;
        }
        if (securityTokenProvider3.getSecurityToken() instanceof SecurityTokenReference) {
            ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3057);
        } else if (securityTokenProvider3.getSecurityToken() instanceof X509PKIPathv1SecurityTokenImpl) {
            if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1".equals(referenceType.getValueType())) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3058);
            }
            if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1".equals(qNameAttribute)) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R5215);
            }
        } else if (securityTokenProvider3.getSecurityToken() instanceof X509SecurityToken) {
            if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(referenceType.getValueType())) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R3058);
            }
        } else if (securityTokenProvider3.getSecurityToken() instanceof UsernameSecurityToken) {
            if (!"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken".equals(referenceType.getValueType())) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R4214);
            }
        } else if (securityTokenProvider3.getSecurityToken() instanceof SamlSecurityToken) {
            SecurityTokenConstants.TokenType tokenType = ((InboundSecurityToken) securityTokenProvider3.getSecurityToken()).getTokenType();
            if (WSSecurityTokenConstants.Saml20Token.equals(tokenType)) {
                String valueType2 = referenceType.getValueType();
                if (valueType2 != null && !"".equals(valueType2)) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6614);
                }
                if (!"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0".equals(qNameAttribute)) {
                    ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6617);
                }
            } else if (WSSecurityTokenConstants.Saml10Token.equals(tokenType) && !"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1".equals(qNameAttribute)) {
                ((WSInboundSecurityContext) inboundSecurityContext).handleBSPRule(BSPRule.R6611);
            }
        }
        InboundSecurityToken createSecurityTokenProxy6 = createSecurityTokenProxy((InboundSecurityToken) securityTokenProvider3.getSecurityToken(), WSSecurityTokenConstants.KeyIdentifier_SecurityTokenDirectReference);
        inboundSecurityContext.remove("" + Thread.currentThread().hashCode());
        return createSecurityTokenProxy6;
    }

    public static InboundSecurityToken getSecurityToken(KeyValueType keyValueType, Crypto crypto, CallbackHandler callbackHandler, SecurityContext securityContext) throws XMLSecurityException {
        RSAKeyValueType rSAKeyValueType = (RSAKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_RSAKeyValue);
        if (rSAKeyValueType != null) {
            return new RsaKeyValueSecurityTokenImpl(rSAKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
        }
        DSAKeyValueType dSAKeyValueType = (DSAKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig_DSAKeyValue);
        if (dSAKeyValueType != null) {
            return new DsaKeyValueSecurityTokenImpl(dSAKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
        }
        ECKeyValueType eCKeyValueType = (ECKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), WSSConstants.TAG_dsig11_ECKeyValue);
        if (eCKeyValueType != null) {
            return new ECKeyValueSecurityTokenImpl(eCKeyValueType, (WSInboundSecurityContext) securityContext, crypto);
        }
        throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, "unsupportedKeyInfo");
    }

    private static InboundSecurityToken createSecurityTokenProxy(final InboundSecurityToken inboundSecurityToken, final SecurityTokenConstants.KeyIdentifier keyIdentifier) {
        ArrayList arrayList = new ArrayList();
        getImplementedInterfaces(inboundSecurityToken.getClass(), arrayList);
        return (InboundSecurityToken) Proxy.newProxyInstance(inboundSecurityToken.getClass().getClassLoader(), (Class[]) arrayList.toArray(new Class[arrayList.size()]), new InvocationHandler() { // from class: org.apache.wss4j.stax.impl.securityToken.SecurityTokenFactoryImpl.1
            @Override // java.lang.reflect.InvocationHandler
            public Object invoke(Object obj, Method method, Object[] objArr) throws Throwable {
                if (method.getName().equals("getKeyIdentifier")) {
                    return keyIdentifier;
                }
                try {
                    return method.invoke(inboundSecurityToken, objArr);
                } catch (InvocationTargetException e) {
                    throw e.getTargetException();
                }
            }
        });
    }

    private static void getImplementedInterfaces(Class<?> cls, List<Class<?>> list) {
        if (cls == null) {
            return;
        }
        for (Class<?> cls2 : cls.getInterfaces()) {
            if (!list.contains(cls2)) {
                list.add(cls2);
            }
            getImplementedInterfaces(cls2, list);
        }
        getImplementedInterfaces(cls.getSuperclass(), list);
    }
}
