package com.sun.xml.ws.security.opt.impl.keyinfo;

import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.crypto.OctectStreamData;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
import java.util.logging.Level;

/* loaded from: input_file:spg-ui-war-2.1.39.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/opt/impl/keyinfo/KerberosTokenBuilder.class */
public class KerberosTokenBuilder extends TokenBuilder {
    AuthenticationTokenPolicy.KerberosTokenBinding binding;

    public KerberosTokenBuilder(JAXBFilterProcessingContext jAXBFilterProcessingContext, AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding) {
        super(jAXBFilterProcessingContext);
        this.binding = null;
        this.binding = kerberosTokenBinding;
    }

    @Override // com.sun.xml.ws.security.opt.api.keyinfo.TokenBuilder
    public BuilderResult process() throws XWSSecurityException {
        String uuid = this.binding.getUUID();
        if (uuid == null || uuid.equals("")) {
            this.context.generateID();
        }
        setIncludeTokenPolicy();
        String referenceType = this.binding.getReferenceType();
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, LogStringsMessages.WSS_1853_REFERENCETYPE_KERBEROS_TOKEN(referenceType));
        }
        BuilderResult builderResult = new BuilderResult();
        if (referenceType.equals("Direct")) {
            com.sun.xml.ws.security.opt.api.keyinfo.BinarySecurityToken createKerberosBST = createKerberosBST(this.binding, this.binding.getTokenValue());
            if (createKerberosBST == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
                throw new XWSSecurityException(LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
            }
            buildKeyInfo(buildDirectReference(createKerberosBST.getId(), MessageConstants.KERBEROS_V5_GSS_APREQ), this.binding.getSTRID());
        } else {
            if (!referenceType.equals("Identifier")) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
                throw new XWSSecurityException(LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
            }
            createKerberosBST(this.binding, this.binding.getTokenValue());
            buildKeyInfoWithKIKerberos(this.binding, MessageConstants.KERBEROS_v5_APREQ_IDENTIFIER);
            if (this.binding.getSTRID() != null) {
                this.context.getElementCache().put(this.binding.getSTRID(), new OctectStreamData(new String(this.binding.getTokenValue())));
            }
        }
        builderResult.setKeyInfo(this.keyInfo);
        return builderResult;
    }

    private void setIncludeTokenPolicy() throws XWSSecurityException {
        if (this.binding.policyTokenWasSet()) {
            AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding = this.binding;
            if (!AuthenticationTokenPolicy.KerberosTokenBinding.INCLUDE_ALWAYS.equals(this.binding.getIncludeToken())) {
                AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding2 = this.binding;
                if (!AuthenticationTokenPolicy.KerberosTokenBinding.INCLUDE_ALWAYS_TO_RECIPIENT.equals(this.binding.getIncludeToken())) {
                    AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding3 = this.binding;
                    if (AuthenticationTokenPolicy.KerberosTokenBinding.INCLUDE_NEVER.equals(this.binding.getIncludeToken())) {
                        this.binding.setReferenceType("Identifier");
                        return;
                    }
                    AuthenticationTokenPolicy.KerberosTokenBinding kerberosTokenBinding4 = this.binding;
                    if (AuthenticationTokenPolicy.KerberosTokenBinding.INCLUDE_ONCE.equals(this.binding.getIncludeToken())) {
                        this.binding.setReferenceType("Direct");
                        return;
                    }
                    return;
                }
            }
            logger.log(Level.SEVERE, LogStringsMessages.WSS_1822_KERBEROS_ALWAYS_NOTALLOWED());
            throw new XWSSecurityException(LogStringsMessages.WSS_1822_KERBEROS_ALWAYS_NOTALLOWED());
        }
    }
}
