package org.apache.wss4j.dom.processor;

import java.util.Collections;
import java.util.List;
import org.apache.wss4j.common.crypto.AlgorithmSuite;
import org.apache.wss4j.common.crypto.AlgorithmSuiteValidator;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.WSDataRef;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
import org.apache.wss4j.dom.handler.RequestData;
import org.apache.wss4j.dom.message.token.DerivedKeyToken;
import org.apache.wss4j.dom.str.DerivedKeyTokenSTRParser;
import org.apache.wss4j.dom.str.STRParserParameters;
import org.apache.xalan.templates.Constants;
import org.w3c.dom.Element;

/* loaded from: input_file:org/apache/wss4j/dom/processor/DerivedKeyTokenProcessor.class */
public class DerivedKeyTokenProcessor implements Processor {
    @Override // org.apache.wss4j.dom.processor.Processor
    public List<WSSecurityEngineResult> handleToken(Element element, RequestData requestData, WSDocInfo wSDocInfo) throws WSSecurityException {
        DerivedKeyToken derivedKeyToken = new DerivedKeyToken(element, requestData.getBSPEnforcer());
        AlgorithmSuite algorithmSuite = requestData.getAlgorithmSuite();
        if (algorithmSuite != null) {
            new AlgorithmSuiteValidator(algorithmSuite).checkDerivedKeyAlgorithm(derivedKeyToken.getAlgorithm());
        }
        Element securityTokenReferenceElement = derivedKeyToken.getSecurityTokenReferenceElement();
        if (securityTokenReferenceElement == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_CHECK, "noReference");
        }
        STRParserParameters sTRParserParameters = new STRParserParameters();
        sTRParserParameters.setData(requestData);
        sTRParserParameters.setWsDocInfo(wSDocInfo);
        sTRParserParameters.setStrElement(securityTokenReferenceElement);
        byte[] secretKey = new DerivedKeyTokenSTRParser().parseSecurityTokenReference(sTRParserParameters).getSecretKey();
        if (derivedKeyToken.getNonce() == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, Constants.ELEMNAME_EMPTY_STRING, new Object[]{"Missing wsc:Nonce value"});
        }
        WSSecurityEngineResult wSSecurityEngineResult = new WSSecurityEngineResult(2048, (byte[]) null, derivedKeyToken.deriveKey(derivedKeyToken.getLength(), secretKey), (List<WSDataRef>) null);
        wSDocInfo.addTokenElement(element);
        Object id = derivedKeyToken.getID();
        if (!"".equals(id)) {
            wSSecurityEngineResult.put("id", id);
        }
        wSSecurityEngineResult.put("derived-key-token", derivedKeyToken);
        wSSecurityEngineResult.put("secret", secretKey);
        wSSecurityEngineResult.put("token-element", derivedKeyToken.getElement());
        wSDocInfo.addResult(wSSecurityEngineResult);
        return Collections.singletonList(wSSecurityEngineResult);
    }
}
