package org.apache.wss4j.stax.impl.processor.input;

import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Deque;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Comment;
import javax.xml.stream.events.Namespace;
import javax.xml.stream.events.ProcessingInstruction;
import org.apache.commons.codec.binary.Base64;
import org.apache.wss4j.binding.wss10.SecurityTokenReferenceType;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.stax.ext.WSInboundSecurityContext;
import org.apache.wss4j.stax.ext.WSSConstants;
import org.apache.wss4j.stax.ext.WSSSecurityProperties;
import org.apache.wss4j.stax.securityEvent.SamlTokenSecurityEvent;
import org.apache.wss4j.stax.securityEvent.SignedPartSecurityEvent;
import org.apache.wss4j.stax.securityEvent.WSSecurityEventConstants;
import org.apache.wss4j.stax.securityToken.SamlSecurityToken;
import org.apache.wss4j.stax.securityToken.WSSecurityTokenConstants;
import org.apache.wss4j.stax.utils.WSSUtils;
import org.apache.wss4j.stax.validate.SamlTokenValidator;
import org.apache.wss4j.stax.validate.SamlTokenValidatorImpl;
import org.apache.wss4j.stax.validate.TokenContext;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmldsig.KeyValueType;
import org.apache.xml.security.binding.xmldsig.ObjectFactory;
import org.apache.xml.security.binding.xmldsig.X509DataType;
import org.apache.xml.security.binding.xmlenc.EncryptedKeyType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.config.JCEAlgorithmMapper;
import org.apache.xml.security.stax.ext.AbstractInputProcessor;
import org.apache.xml.security.stax.ext.AbstractInputSecurityHeaderHandler;
import org.apache.xml.security.stax.ext.InputProcessorChain;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.stax.XMLSecAttribute;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecNamespace;
import org.apache.xml.security.stax.ext.stax.XMLSecStartElement;
import org.apache.xml.security.stax.impl.XMLSecurityEventReader;
import org.apache.xml.security.stax.impl.securityToken.AbstractInboundSecurityToken;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.SecurityEvent;
import org.apache.xml.security.stax.securityEvent.SecurityEventListener;
import org.apache.xml.security.stax.securityEvent.SignedElementSecurityEvent;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.x509.BasicX509Credential;
import org.opensaml.xmlsec.signature.Signature;
import org.opensaml.xmlsec.signature.support.SignatureException;
import org.opensaml.xmlsec.signature.support.SignatureValidator;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;

/* loaded from: input_file:org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler.class */
public class SAMLTokenInputHandler extends AbstractInputSecurityHeaderHandler {
    private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
    private static final List<QName> SAML1_TOKEN_PATH = new ArrayList(WSSConstants.WSSE_SECURITY_HEADER_PATH);
    private static final List<QName> SAML2_TOKEN_PATH = new ArrayList(WSSConstants.WSSE_SECURITY_HEADER_PATH);

    /* loaded from: input_file:org/apache/wss4j/stax/impl/processor/input/SAMLTokenInputHandler$SAMLTokenVerifierInputProcessor.class */
    class SAMLTokenVerifierInputProcessor extends AbstractInputProcessor implements SecurityEventListener {
        private SamlAssertionWrapper samlAssertionWrapper;
        private SecurityTokenProvider<InboundSecurityToken> securityTokenProvider;
        private InboundSecurityToken subjectSecurityToken;
        private List<SignedElementSecurityEvent> samlTokenSignedElementSecurityEvents;
        private SignedPartSecurityEvent bodySignedPartSecurityEvent;

        SAMLTokenVerifierInputProcessor(XMLSecurityProperties xMLSecurityProperties, SamlAssertionWrapper samlAssertionWrapper, SecurityTokenProvider<InboundSecurityToken> securityTokenProvider, InboundSecurityToken inboundSecurityToken) {
            super(xMLSecurityProperties);
            this.samlTokenSignedElementSecurityEvents = new ArrayList();
            setPhase(XMLSecurityConstants.Phase.POSTPROCESSING);
            addAfterProcessor(OperationInputProcessor.class.getName());
            this.samlAssertionWrapper = samlAssertionWrapper;
            this.securityTokenProvider = securityTokenProvider;
            this.subjectSecurityToken = inboundSecurityToken;
        }

        public void registerSecurityEvent(SecurityEvent securityEvent) throws XMLSecurityException {
            if (WSSecurityEventConstants.SIGNED_PART.equals(securityEvent.getSecurityEventType())) {
                SignedPartSecurityEvent signedPartSecurityEvent = (SignedPartSecurityEvent) securityEvent;
                if (signedPartSecurityEvent.getElementPath().equals(WSSConstants.SOAP_11_BODY_PATH)) {
                    this.bodySignedPartSecurityEvent = signedPartSecurityEvent;
                    return;
                }
                return;
            }
            if (WSSecurityEventConstants.SignedElement.equals(securityEvent.getSecurityEventType())) {
                SignedElementSecurityEvent signedElementSecurityEvent = (SignedElementSecurityEvent) securityEvent;
                List elementPath = signedElementSecurityEvent.getElementPath();
                if (elementPath.equals(SAMLTokenInputHandler.SAML2_TOKEN_PATH) || elementPath.equals(SAMLTokenInputHandler.SAML1_TOKEN_PATH)) {
                    this.samlTokenSignedElementSecurityEvents.add(signedElementSecurityEvent);
                }
            }
        }

        public XMLSecEvent processNextHeaderEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
            return inputProcessorChain.processHeaderEvent();
        }

        public XMLSecEvent processNextEvent(InputProcessorChain inputProcessorChain) throws XMLStreamException, XMLSecurityException {
            XMLSecEvent processEvent = inputProcessorChain.processEvent();
            if (processEvent.getEventType() == 1) {
                List elementPath = processEvent.asStartElement().getElementPath();
                if (elementPath.size() == 3 && WSSUtils.isInSOAPBody((List<QName>) elementPath)) {
                    inputProcessorChain.removeProcessor(this);
                    checkPossessionOfKey(inputProcessorChain, this.samlAssertionWrapper, this.subjectSecurityToken);
                }
            }
            return processEvent;
        }

        private void checkPossessionOfKey(InputProcessorChain inputProcessorChain, SamlAssertionWrapper samlAssertionWrapper, InboundSecurityToken inboundSecurityToken) throws WSSecurityException {
            boolean z = false;
            try {
                InboundSecurityToken httpsSecurityToken = getHttpsSecurityToken(inputProcessorChain);
                List registeredSecurityTokenProviders = inputProcessorChain.getSecurityContext().getRegisteredSecurityTokenProviders();
                List confirmationMethods = samlAssertionWrapper.getConfirmationMethods();
                for (int i = 0; i < confirmationMethods.size(); i++) {
                    String str = (String) confirmationMethods.get(i);
                    if (OpenSAMLUtil.isMethodHolderOfKey(str)) {
                        X509Certificate[] x509Certificates = inboundSecurityToken.getX509Certificates();
                        PublicKey publicKey = inboundSecurityToken.getPublicKey();
                        Map secretKey = inboundSecurityToken.getSecretKey();
                        Key key = secretKey.size() > 0 ? ((Key[]) secretKey.values().toArray(new Key[secretKey.size()]))[0] : null;
                        if (httpsSecurityToken != null && httpsSecurityToken.getX509Certificates() != null && httpsSecurityToken.getX509Certificates().length > 0) {
                            X509Certificate x509Certificate = httpsSecurityToken.getX509Certificates()[0];
                            if ((x509Certificates != null && x509Certificates.length > 0 && x509Certificate.equals(x509Certificates[0])) || x509Certificate.getPublicKey().equals(publicKey)) {
                                return;
                            }
                        }
                        for (int i2 = 0; i2 < registeredSecurityTokenProviders.size(); i2++) {
                            InboundSecurityToken inboundSecurityToken2 = (InboundSecurityToken) ((SecurityTokenProvider) registeredSecurityTokenProviders.get(i2)).getSecurityToken();
                            if (inboundSecurityToken2 != httpsSecurityToken && inboundSecurityToken2 != inboundSecurityToken && containsSignature(inboundSecurityToken2.getTokenUsages())) {
                                X509Certificate[] x509Certificates2 = inboundSecurityToken2.getX509Certificates();
                                PublicKey publicKey2 = inboundSecurityToken2.getPublicKey();
                                Map secretKey2 = inboundSecurityToken2.getSecretKey();
                                if (x509Certificates2 != null && x509Certificates2.length > 0 && x509Certificates != null && x509Certificates.length > 0 && x509Certificates[0].equals(x509Certificates2[0])) {
                                    return;
                                }
                                if (publicKey2 != null && publicKey2.equals(publicKey)) {
                                    return;
                                }
                                Iterator it = secretKey2.entrySet().iterator();
                                while (it.hasNext()) {
                                    if (((Key) ((Map.Entry) it.next()).getValue()).equals(key)) {
                                        return;
                                    }
                                }
                            }
                        }
                        z = true;
                    } else if (!OpenSAMLUtil.isMethodSenderVouches(str)) {
                        continue;
                    } else {
                        if (httpsSecurityToken != null && httpsSecurityToken.getX509Certificates() != null && httpsSecurityToken.getX509Certificates().length > 0) {
                            return;
                        }
                        SignedElementSecurityEvent signedElementSecurityEvent = null;
                        for (int i3 = 0; i3 < this.samlTokenSignedElementSecurityEvents.size(); i3++) {
                            SignedElementSecurityEvent signedElementSecurityEvent2 = this.samlTokenSignedElementSecurityEvents.get(i3);
                            if (((InboundSecurityToken) this.securityTokenProvider.getSecurityToken()).getXMLSecEvent() == signedElementSecurityEvent2.getXmlSecEvent()) {
                                signedElementSecurityEvent = signedElementSecurityEvent2;
                            }
                        }
                        if (this.bodySignedPartSecurityEvent != null && signedElementSecurityEvent != null && this.bodySignedPartSecurityEvent.getSecurityToken() == signedElementSecurityEvent.getSecurityToken()) {
                            return;
                        } else {
                            z = true;
                        }
                    }
                }
                if (z) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION, "empty", new Object[]{"SAML proof-of-possession of the private/secret key failed"});
                }
            } catch (XMLSecurityException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY, e);
            }
        }

        private SecurityToken getHttpsSecurityToken(InputProcessorChain inputProcessorChain) throws XMLSecurityException {
            List registeredSecurityTokenProviders = inputProcessorChain.getSecurityContext().getRegisteredSecurityTokenProviders();
            for (int i = 0; i < registeredSecurityTokenProviders.size(); i++) {
                SecurityToken securityToken = (SecurityToken) ((SecurityTokenProvider) registeredSecurityTokenProviders.get(i)).getSecurityToken();
                if (WSSecurityTokenConstants.HTTPS_TOKEN.equals(securityToken.getTokenType())) {
                    return securityToken;
                }
            }
            return null;
        }

        private boolean containsSignature(List<SecurityTokenConstants.TokenUsage> list) {
            return list.contains(WSSecurityTokenConstants.TOKENUSAGE_MAIN_SIGNATURE) || list.contains(WSSecurityTokenConstants.TokenUsage_Signature) || list.contains(WSSecurityTokenConstants.TOKENUSAGE_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS) || list.contains(WSSecurityTokenConstants.TOKENUSAGE_ENDORSING_SUPPORTING_TOKENS) || list.contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_ENCRYPTED_SUPPORTING_TOKENS) || list.contains(WSSecurityTokenConstants.TOKENUSAGE_SIGNED_ENDORSING_SUPPORTING_TOKENS);
        }
    }

    public void handle(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, Integer num) throws XMLSecurityException {
        AbstractInboundSecurityToken abstractInboundSecurityToken;
        BasicX509Credential basicCredential;
        Document document = (Document) parseStructure(deque, num.intValue(), xMLSecurityProperties);
        WSSSecurityProperties wSSSecurityProperties = (WSSSecurityProperties) xMLSecurityProperties;
        WSInboundSecurityContext wSInboundSecurityContext = (WSInboundSecurityContext) inputProcessorChain.getSecurityContext();
        Element documentElement = document.getDocumentElement();
        final SamlAssertionWrapper samlAssertionWrapper = new SamlAssertionWrapper(documentElement);
        SamlTokenValidator samlTokenValidator = (SamlTokenValidator) wSSSecurityProperties.getValidator(new QName(documentElement.getNamespaceURI(), documentElement.getLocalName()));
        if (samlTokenValidator == null) {
            samlTokenValidator = new SamlTokenValidatorImpl();
        }
        if (samlAssertionWrapper.isSigned()) {
            Signature signature = samlAssertionWrapper.getSignature();
            if (signature == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "empty", new Object[]{"no signature to validate"});
            }
            int signatureKeyInfoIndex = getSignatureKeyInfoIndex(deque);
            if (signatureKeyInfoIndex < 0) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
            }
            InboundSecurityToken parseKeyInfo = parseKeyInfo(inputProcessorChain, xMLSecurityProperties, deque, signatureKeyInfoIndex);
            if (parseKeyInfo == null) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
            }
            samlTokenValidator.validate(parseKeyInfo, wSSSecurityProperties);
            if (parseKeyInfo.getX509Certificates() != null) {
                basicCredential = new BasicX509Credential(parseKeyInfo.getX509Certificates()[0]);
            } else {
                if (parseKeyInfo.getPublicKey() == null) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity", new Object[]{"cannot get certificate or key"});
                }
                basicCredential = new BasicCredential(parseKeyInfo.getPublicKey());
            }
            try {
                SignatureValidator.validate(signature, basicCredential);
            } catch (SignatureException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "empty", new Object[]{"SAML signature validation failed"});
            }
        }
        List confirmationMethods = samlAssertionWrapper.getConfirmationMethods();
        boolean z = false;
        if (confirmationMethods != null) {
            Iterator it = confirmationMethods.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                } else if (OpenSAMLUtil.isMethodHolderOfKey((String) it.next())) {
                    z = true;
                    break;
                }
            }
        }
        if (z) {
            final byte[] secretKeyFromCallbackHandler = SAMLUtil.getSecretKeyFromCallbackHandler(samlAssertionWrapper.getId(), wSSSecurityProperties.getCallbackHandler());
            if (secretKeyFromCallbackHandler == null || secretKeyFromCallbackHandler.length <= 0) {
                int subjectKeyInfoIndex = getSubjectKeyInfoIndex(deque);
                if (subjectKeyInfoIndex < 0) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
                }
                abstractInboundSecurityToken = parseKeyInfo(inputProcessorChain, xMLSecurityProperties, deque, subjectKeyInfoIndex);
                if (abstractInboundSecurityToken == null) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
                }
            } else {
                abstractInboundSecurityToken = new AbstractInboundSecurityToken(wSInboundSecurityContext, IDGenerator.generateID((String) null), WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, true) { // from class: org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler.1
                    public SecurityTokenConstants.TokenType getTokenType() {
                        return WSSecurityTokenConstants.DefaultToken;
                    }

                    public boolean isAsymmetric() throws XMLSecurityException {
                        return false;
                    }

                    protected Key getKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
                        Key key = super.getKey(str, algorithmUsage, str2);
                        if (key == null) {
                            key = new SecretKeySpec(secretKeyFromCallbackHandler, JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(str));
                            setSecretKey(str, key);
                        }
                        return key;
                    }
                };
            }
        } else {
            abstractInboundSecurityToken = null;
        }
        final SamlSecurityToken validate = samlTokenValidator.validate(samlAssertionWrapper, abstractInboundSecurityToken, new TokenContext(wSSSecurityProperties, wSInboundSecurityContext, getResponsibleXMLSecEvents(deque, num.intValue()), getElementPath(deque)));
        SecurityTokenProvider<InboundSecurityToken> securityTokenProvider = new SecurityTokenProvider<InboundSecurityToken>() { // from class: org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler.2
            /* renamed from: getSecurityToken, reason: merged with bridge method [inline-methods] */
            public InboundSecurityToken m10getSecurityToken() throws XMLSecurityException {
                return validate;
            }

            public String getId() {
                return samlAssertionWrapper.getId();
            }
        };
        wSInboundSecurityContext.registerSecurityTokenProvider(samlAssertionWrapper.getId(), securityTokenProvider);
        SamlTokenSecurityEvent samlTokenSecurityEvent = new SamlTokenSecurityEvent();
        samlTokenSecurityEvent.setSecurityToken((SamlSecurityToken) securityTokenProvider.getSecurityToken());
        samlTokenSecurityEvent.setCorrelationID(samlAssertionWrapper.getId());
        wSInboundSecurityContext.registerSecurityEvent(samlTokenSecurityEvent);
        if (wSSSecurityProperties.isValidateSamlSubjectConfirmation()) {
            SAMLTokenVerifierInputProcessor sAMLTokenVerifierInputProcessor = new SAMLTokenVerifierInputProcessor(xMLSecurityProperties, samlAssertionWrapper, securityTokenProvider, abstractInboundSecurityToken);
            wSInboundSecurityContext.addSecurityEventListener(sAMLTokenVerifierInputProcessor);
            inputProcessorChain.addProcessor(sAMLTokenVerifierInputProcessor);
        }
    }

    private int getSubjectKeyInfoIndex(Deque<XMLSecEvent> deque) {
        int i = -1;
        Iterator<XMLSecEvent> descendingIterator = deque.descendingIterator();
        while (descendingIterator.hasNext()) {
            XMLSecEvent next = descendingIterator.next();
            i++;
            switch (next.getEventType()) {
                case 1:
                    if (WSSConstants.TAG_dsig_KeyInfo.equals(next.asStartElement().getName())) {
                        List elementPath = next.asStartElement().getElementPath();
                        if (elementPath.size() >= 4) {
                            int size = elementPath.size() - 2;
                            if ("SubjectConfirmationData".equals(((QName) elementPath.get(size)).getLocalPart()) && "SubjectConfirmation".equals(((QName) elementPath.get(size - 1)).getLocalPart()) && "Subject".equals(((QName) elementPath.get(size - 2)).getLocalPart())) {
                                return i;
                            }
                            if ("SubjectConfirmation".equals(((QName) elementPath.get(size)).getLocalPart()) && "Subject".equals(((QName) elementPath.get(size - 1)).getLocalPart())) {
                                return i;
                            }
                        } else {
                            continue;
                        }
                    } else {
                        continue;
                    }
                    break;
            }
        }
        return i;
    }

    private int getSignatureKeyInfoIndex(Deque<XMLSecEvent> deque) {
        int i = -1;
        Iterator<XMLSecEvent> descendingIterator = deque.descendingIterator();
        while (descendingIterator.hasNext()) {
            XMLSecEvent next = descendingIterator.next();
            i++;
            switch (next.getEventType()) {
                case 1:
                    if (WSSConstants.TAG_dsig_KeyInfo.equals(next.asStartElement().getName())) {
                        List elementPath = next.asStartElement().getElementPath();
                        if (elementPath.size() >= 4) {
                            int size = elementPath.size() - 2;
                            if ("Signature".equals(((QName) elementPath.get(size)).getLocalPart()) && "Assertion".equals(((QName) elementPath.get(size - 1)).getLocalPart())) {
                                return i;
                            }
                        } else {
                            continue;
                        }
                    } else {
                        continue;
                    }
                    break;
            }
        }
        return i;
    }

    private InboundSecurityToken parseKeyInfo(InputProcessorChain inputProcessorChain, XMLSecurityProperties xMLSecurityProperties, Deque<XMLSecEvent> deque, int i) throws XMLSecurityException {
        XMLSecEvent xMLSecEvent = null;
        int i2 = 0;
        Iterator<XMLSecEvent> descendingIterator = deque.descendingIterator();
        while (descendingIterator.hasNext() && i2 <= i) {
            xMLSecEvent = descendingIterator.next();
            i2++;
        }
        while (descendingIterator.hasNext()) {
            xMLSecEvent = descendingIterator.next();
            if (xMLSecEvent.isStartElement()) {
                break;
            }
            i2++;
        }
        if (xMLSecEvent == null || !xMLSecEvent.isStartElement()) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "noKeyInSAMLToken");
        }
        XMLSecEvent asStartElement = xMLSecEvent.asStartElement();
        QName name = asStartElement.getName();
        if (WSSConstants.TAG_WST_BINARY_SECRET.equals(name) || WSSConstants.TAG_WST0512_BINARY_SECRET.equals(name)) {
            final StringBuilder sb = new StringBuilder();
            while (descendingIterator.hasNext()) {
                XMLSecEvent next = descendingIterator.next();
                switch (next.getEventType()) {
                    case 2:
                        if (!next.asEndElement().getName().equals(name)) {
                            break;
                        } else {
                            break;
                        }
                    case 4:
                        sb.append(next.asCharacters().getText());
                        break;
                }
            }
            return new AbstractInboundSecurityToken(inputProcessorChain.getSecurityContext(), IDGenerator.generateID((String) null), WSSecurityTokenConstants.KeyIdentifier_NoKeyInfo, true) { // from class: org.apache.wss4j.stax.impl.processor.input.SAMLTokenInputHandler.3
                public SecurityTokenConstants.TokenType getTokenType() {
                    return WSSecurityTokenConstants.DefaultToken;
                }

                public boolean isAsymmetric() throws XMLSecurityException {
                    return false;
                }

                protected Key getKey(String str, XMLSecurityConstants.AlgorithmUsage algorithmUsage, String str2) throws XMLSecurityException {
                    Key key = super.getKey(str, algorithmUsage, str2);
                    if (key == null) {
                        key = new SecretKeySpec(Base64.decodeBase64(sb.toString()), JCEAlgorithmMapper.getJCEKeyAlgorithmFromURI(str));
                        setSecretKey(str, key);
                    }
                    return key;
                }
            };
        }
        try {
            Object unmarshal = WSSConstants.getJaxbUnmarshaller(xMLSecurityProperties.isDisableSchemaValidation()).unmarshal(new XMLSecurityEventReader(deque, i2));
            if (unmarshal instanceof JAXBElement) {
                unmarshal = ((JAXBElement) unmarshal).getValue();
            }
            KeyInfoType keyInfoType = null;
            if (unmarshal instanceof X509DataType) {
                JAXBElement createX509Data = new ObjectFactory().createX509Data((X509DataType) unmarshal);
                keyInfoType = new KeyInfoType();
                SecurityTokenReferenceType securityTokenReferenceType = new SecurityTokenReferenceType();
                securityTokenReferenceType.getAny().add(createX509Data);
                keyInfoType.getContent().add(new org.apache.wss4j.binding.wss10.ObjectFactory().createSecurityTokenReference(securityTokenReferenceType));
            } else if (unmarshal instanceof EncryptedKeyType) {
                EncryptedKeyType encryptedKeyType = (EncryptedKeyType) unmarshal;
                new WSSEncryptedKeyInputHandler().handle(inputProcessorChain, encryptedKeyType, asStartElement, xMLSecurityProperties);
                SecurityTokenProvider securityTokenProvider = inputProcessorChain.getSecurityContext().getSecurityTokenProvider(encryptedKeyType.getId());
                if (securityTokenProvider != null) {
                    return (InboundSecurityToken) securityTokenProvider.getSecurityToken();
                }
            } else if (unmarshal instanceof SecurityTokenReferenceType) {
                JAXBElement createSecurityTokenReference = new org.apache.wss4j.binding.wss10.ObjectFactory().createSecurityTokenReference((SecurityTokenReferenceType) unmarshal);
                keyInfoType = new KeyInfoType();
                keyInfoType.getContent().add(createSecurityTokenReference);
            } else {
                if (!(unmarshal instanceof KeyValueType)) {
                    throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, "unsupportedKeyInfo");
                }
                JAXBElement createKeyValue = new ObjectFactory().createKeyValue((KeyValueType) unmarshal);
                keyInfoType = new KeyInfoType();
                keyInfoType.getContent().add(createKeyValue);
            }
            return SecurityTokenFactory.getInstance().getSecurityToken(keyInfoType, WSSecurityTokenConstants.KeyUsage_Signature_Verification, xMLSecurityProperties, inputProcessorChain.getSecurityContext());
        } catch (JAXBException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.UNSUPPORTED_SECURITY_TOKEN, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v3, types: [T, org.w3c.dom.Document] */
    protected <T> T parseStructure(Deque<XMLSecEvent> deque, int i, XMLSecurityProperties xMLSecurityProperties) throws XMLSecurityException {
        try {
            ?? r0 = (T) DOC_BUILDER_FACTORY.newDocumentBuilder().newDocument();
            Iterator<XMLSecEvent> descendingIterator = deque.descendingIterator();
            int i2 = 0;
            while (true) {
                int i3 = i2;
                i2++;
                if (i3 >= i) {
                    break;
                }
                descendingIterator.next();
            }
            Node node = r0;
            while (true) {
                Node node2 = node;
                if (!descendingIterator.hasNext()) {
                    return r0;
                }
                node = parseXMLEvent(descendingIterator.next(), node2, r0);
            }
        } catch (ParserConfigurationException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, e);
        }
    }

    public Node parseXMLEvent(XMLSecEvent xMLSecEvent, Node node, Document document) throws WSSecurityException {
        switch (xMLSecEvent.getEventType()) {
            case 1:
                XMLSecStartElement asStartElement = xMLSecEvent.asStartElement();
                Element createElementNS = document.createElementNS(asStartElement.getName().getNamespaceURI(), asStartElement.getName().getLocalPart());
                if (asStartElement.getName().getPrefix() != null && !asStartElement.getName().getPrefix().isEmpty()) {
                    createElementNS.setPrefix(asStartElement.getName().getPrefix());
                }
                node = node.appendChild(createElementNS);
                Iterator namespaces = asStartElement.getNamespaces();
                while (namespaces.hasNext()) {
                    parseXMLEvent((XMLSecNamespace) namespaces.next(), node, document);
                }
                Iterator attributes = asStartElement.getAttributes();
                while (attributes.hasNext()) {
                    parseXMLEvent((XMLSecAttribute) attributes.next(), node, document);
                }
                if (document.lookupNamespaceURI(asStartElement.getName().getPrefix()) == null) {
                    parseXMLEvent(asStartElement.getElementNamespace(), node, document);
                    break;
                }
                break;
            case 2:
                if (node.getParentNode() != null) {
                    node = node.getParentNode();
                    break;
                }
                break;
            case 3:
                node.appendChild(document.createProcessingInstruction(((ProcessingInstruction) xMLSecEvent).getTarget(), ((ProcessingInstruction) xMLSecEvent).getTarget()));
                break;
            case 4:
                node.appendChild(document.createTextNode(xMLSecEvent.asCharacters().getData()));
                break;
            case 5:
                node.appendChild(document.createComment(((Comment) xMLSecEvent).getText()));
                break;
            case 6:
            case 9:
            case 12:
            default:
                throw new WSSecurityException(WSSecurityException.ErrorCode.INVALID_SECURITY_TOKEN, "empty", new Object[]{"Illegal XMLEvent received: " + xMLSecEvent.getEventType()});
            case 7:
            case 11:
                break;
            case 8:
                return node;
            case 10:
                XMLSecAttribute xMLSecAttribute = (XMLSecAttribute) xMLSecEvent;
                Attr createAttributeNS = document.createAttributeNS(xMLSecAttribute.getName().getNamespaceURI(), xMLSecAttribute.getName().getLocalPart());
                createAttributeNS.setPrefix(xMLSecAttribute.getName().getPrefix());
                createAttributeNS.setValue(xMLSecAttribute.getValue());
                ((Element) node).setAttributeNodeNS(createAttributeNS);
                if (document.lookupNamespaceURI(xMLSecAttribute.getName().getPrefix()) == null) {
                    parseXMLEvent(xMLSecAttribute.getAttributeNamespace(), node, document);
                    break;
                }
                break;
            case 13:
                Namespace namespace = (Namespace) xMLSecEvent;
                String prefix = namespace.getPrefix();
                Attr createAttributeNS2 = (prefix == null || prefix.isEmpty()) ? document.createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns") : document.createAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:" + prefix);
                createAttributeNS2.setValue(namespace.getNamespaceURI());
                ((Element) node).setAttributeNodeNS(createAttributeNS2);
                break;
        }
        return node;
    }

    static {
        DOC_BUILDER_FACTORY.setNamespaceAware(true);
        SAML1_TOKEN_PATH.add(WSSConstants.TAG_SAML_ASSERTION);
        SAML2_TOKEN_PATH.add(WSSConstants.TAG_SAML2_ASSERTION);
    }
}
