package org.apache.cxf.xkms.x509.handlers;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.xml.bind.JAXBElement;
import org.apache.cxf.xkms.handlers.Register;
import org.apache.cxf.xkms.model.xkms.KeyBindingEnum;
import org.apache.cxf.xkms.model.xkms.KeyBindingType;
import org.apache.cxf.xkms.model.xkms.PrototypeKeyBindingType;
import org.apache.cxf.xkms.model.xkms.RecoverRequestType;
import org.apache.cxf.xkms.model.xkms.RecoverResultType;
import org.apache.cxf.xkms.model.xkms.RegisterRequestType;
import org.apache.cxf.xkms.model.xkms.RegisterResultType;
import org.apache.cxf.xkms.model.xkms.ReissueRequestType;
import org.apache.cxf.xkms.model.xkms.ReissueResultType;
import org.apache.cxf.xkms.model.xkms.RequestAbstractType;
import org.apache.cxf.xkms.model.xkms.RespondWithEnum;
import org.apache.cxf.xkms.model.xkms.RevokeRequestType;
import org.apache.cxf.xkms.model.xkms.RevokeResultType;
import org.apache.cxf.xkms.model.xkms.StatusType;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
import org.apache.cxf.xkms.model.xmldsig.KeyInfoType;
import org.apache.cxf.xkms.model.xmldsig.X509DataType;
import org.apache.cxf.xkms.x509.repo.CertificateRepo;
import org.apache.cxf.xkms.x509.utils.X509Utils;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/cxf-services-xkms-x509-handlers-2.7.0.redhat-611472.jar:org/apache/cxf/xkms/x509/handlers/X509Register.class */
public class X509Register implements Register {
    protected final CertificateFactory certFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
    private CertificateRepo certRepo;

    public X509Register(CertificateRepo certificateRepo) throws CertificateException {
        this.certRepo = certificateRepo;
    }

    @Override // org.apache.cxf.xkms.handlers.Register
    public boolean canProcess(RequestAbstractType requestAbstractType) {
        if (requestAbstractType instanceof RecoverRequestType) {
            return false;
        }
        List<String> respondWith = requestAbstractType.getRespondWith();
        if (respondWith == null || respondWith.isEmpty()) {
            return true;
        }
        return respondWith.contains(RespondWithEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_X_509_CERT);
    }

    @Override // org.apache.cxf.xkms.handlers.Register
    public RegisterResultType register(RegisterRequestType registerRequestType, RegisterResultType registerResultType) {
        try {
            PrototypeKeyBindingType prototypeKeyBinding = registerRequestType.getPrototypeKeyBinding();
            X509Utils.assertElementNotNull(prototypeKeyBinding, PrototypeKeyBindingType.class);
            KeyInfoType keyInfo = prototypeKeyBinding.getKeyInfo();
            X509Utils.assertElementNotNull(prototypeKeyBinding, KeyInfoType.class);
            List<UseKeyWithType> useKeyWith = prototypeKeyBinding.getUseKeyWith();
            if (useKeyWith == null || useKeyWith.size() != 1) {
                throw new IllegalArgumentException("Exactly one useKeyWith element needed");
            }
            UseKeyWithType useKeyWithType = useKeyWith.get(0);
            List<X509Certificate> certsFromKeyInfo = getCertsFromKeyInfo(keyInfo);
            if (certsFromKeyInfo.size() != 1) {
                throw new IllegalArgumentException("Must provide one X509Certificate");
            }
            this.certRepo.saveCertificate(certsFromKeyInfo.get(0), useKeyWithType);
            registerResultType.getKeyBinding().add(prepareResponseBinding(prototypeKeyBinding));
            return registerResultType;
        } catch (CertificateException e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    private KeyBindingType prepareResponseBinding(PrototypeKeyBindingType prototypeKeyBindingType) {
        KeyBindingType keyBindingType = new KeyBindingType();
        keyBindingType.setKeyInfo(prototypeKeyBindingType.getKeyInfo());
        StatusType statusType = new StatusType();
        statusType.setStatusValue(KeyBindingEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_VALID);
        keyBindingType.setStatus(statusType);
        return keyBindingType;
    }

    @Override // org.apache.cxf.xkms.handlers.Register
    public ReissueResultType reissue(ReissueRequestType reissueRequestType, ReissueResultType reissueResultType) {
        throw new UnsupportedOperationException("This service does not support reissue");
    }

    @Override // org.apache.cxf.xkms.handlers.Register
    public RevokeResultType revoke(RevokeRequestType revokeRequestType, RevokeResultType revokeResultType) {
        throw new UnsupportedOperationException("This service does not support revoke");
    }

    private List<X509Certificate> getCertsFromKeyInfo(KeyInfoType keyInfoType) throws CertificateException {
        ArrayList arrayList = new ArrayList();
        for (Object obj : keyInfoType.getContent()) {
            if (obj instanceof JAXBElement) {
                Object value = ((JAXBElement) obj).getValue();
                if (value instanceof X509DataType) {
                    Iterator<Object> it = ((X509DataType) value).getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
                    while (it.hasNext()) {
                        JAXBElement jAXBElement = (JAXBElement) it.next();
                        if (jAXBElement.getDeclaredType() == byte[].class) {
                            arrayList.add((X509Certificate) this.certFactory.generateCertificate(new ByteArrayInputStream((byte[]) jAXBElement.getValue())));
                        }
                    }
                }
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.xkms.handlers.Register
    public RecoverResultType recover(RecoverRequestType recoverRequestType, RecoverResultType recoverResultType) {
        throw new UnsupportedOperationException("Recover is currently not supported");
    }
}
