package org.apache.cxf.xkms.x509.utils;

import java.io.ByteArrayInputStream;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.UUID;
import java.util.logging.Logger;
import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.xkms.model.xkms.LocateRequestType;
import org.apache.cxf.xkms.model.xkms.LocateResultType;
import org.apache.cxf.xkms.model.xkms.UnverifiedKeyBindingType;
import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
import org.apache.cxf.xkms.model.xmldsig.ObjectFactory;
import org.apache.cxf.xkms.model.xmldsig.X509DataType;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/cxf-services-xkms-x509-handlers-2.7.0.redhat-611472.jar:org/apache/cxf/xkms/x509/utils/X509Utils.class */
public final class X509Utils {
    public static final QName X509_DATA = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Data");
    public static final QName X509_KEY_NAME = new QName("http://www.w3.org/2000/09/xmldsig#", "KeyName");
    public static final QName X509_ISSUER_SERIAL = new QName("http://www.w3.org/2000/09/xmldsig#", "X509IssuerSerial");
    public static final QName X509_SUBJECT_NAME = new QName("http://www.w3.org/2000/09/xmldsig#", "X509SubjectName");
    public static final QName X509_CERTIFICATE = new QName("http://www.w3.org/2000/09/xmldsig#", "X509Certificate");
    private static final Logger LOG = LogUtils.getL7dLogger(X509Utils.class);
    private static final CertificateFactory X509_FACTORY;

    private X509Utils() {
    }

    public static void parseX509Data(X509DataType x509DataType, List<X509Certificate> list) throws CertificateException {
        X509Certificate parseX509Item;
        for (Object obj : x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName()) {
            if ((obj instanceof JAXBElement) && null != (parseX509Item = parseX509Item((JAXBElement) obj))) {
                list.add(parseX509Item);
            }
        }
    }

    private static X509Certificate parseX509Item(JAXBElement<?> jAXBElement) throws CertificateException {
        if (!X509_CERTIFICATE.equals(jAXBElement.getName())) {
            return null;
        }
        X509Certificate extractCertificate = extractCertificate(jAXBElement);
        LOG.fine("Extracted " + extractCertificate.getSubjectX500Principal().getName());
        return extractCertificate;
    }

    private static X509Certificate extractCertificate(JAXBElement<?> jAXBElement) throws CertificateException {
        Certificate generateCertificate = X509_FACTORY.generateCertificate(new ByteArrayInputStream((byte[]) jAXBElement.getValue()));
        if (generateCertificate instanceof X509Certificate) {
            return (X509Certificate) generateCertificate;
        }
        throw new CertificateException("Unsupported certificate type encountered: " + generateCertificate.getClass().getName());
    }

    public static UnverifiedKeyBindingType getUnverifiedKeyBinding(X509Certificate x509Certificate) throws CertificateEncodingException {
        UnverifiedKeyBindingType unverifiedKeyBindingType = new UnverifiedKeyBindingType();
        unverifiedKeyBindingType.setKeyInfo(getKeyInfo(x509Certificate));
        return unverifiedKeyBindingType;
    }

    public static KeyInfoType getKeyInfo(X509Certificate x509Certificate) throws CertificateEncodingException {
        KeyInfoType keyInfoType = new KeyInfoType();
        JAXBElement<byte[]> createX509DataTypeX509Certificate = new ObjectFactory().createX509DataTypeX509Certificate(x509Certificate.getEncoded());
        X509DataType x509DataType = new X509DataType();
        x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(createX509DataTypeX509Certificate);
        keyInfoType.getContent().add(new ObjectFactory().createX509Data(x509DataType));
        return keyInfoType;
    }

    LocateResultType createResponse(LocateRequestType locateRequestType) {
        LocateResultType locateResultType = new LocateResultType();
        locateResultType.setId(UUID.randomUUID().toString());
        locateResultType.setRequestId(locateRequestType.getId());
        locateResultType.setService("http://services.sopera.org/xkms/v2.0");
        return locateResultType;
    }

    public static void assertElementNotNull(Object obj, Class<?> cls) {
        if (obj == null) {
            throw new IllegalArgumentException(cls.getName() + " must be set");
        }
    }

    static {
        try {
            X509_FACTORY = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        } catch (CertificateException e) {
            throw new IllegalStateException("Cannot initialize X509 CertificateFactory: " + e.getMessage(), e);
        }
    }
}
