package org.apache.xml.security.stax.impl.securityToken;

import java.io.IOException;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.xml.security.binding.xmldsig.DSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
import org.apache.xml.security.binding.xmldsig.KeyValueType;
import org.apache.xml.security.binding.xmldsig.RSAKeyValueType;
import org.apache.xml.security.binding.xmldsig.X509DataType;
import org.apache.xml.security.binding.xmldsig.X509IssuerSerialType;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.XMLSecurityProperties;
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
import org.apache.xml.security.utils.RFC2253Parser;
import org.apache.xml.security.utils.UnsyncByteArrayInputStream;

/* loaded from: input_file:m2repo/org/apache/santuario/xmlsec/2.1.2/xmlsec-2.1.2.jar:org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.class */
public class SecurityTokenFactoryImpl extends SecurityTokenFactory {
    @Override // org.apache.xml.security.stax.securityToken.SecurityTokenFactory
    public InboundSecurityToken getSecurityToken(KeyInfoType keyInfoType, SecurityTokenConstants.KeyUsage keyUsage, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {
        if (keyInfoType != null) {
            X509DataType x509DataType = (X509DataType) XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_X509Data);
            if (x509DataType != null) {
                return getSecurityToken(x509DataType, xMLSecurityProperties, inboundSecurityContext, keyUsage);
            }
            KeyValueType keyValueType = (KeyValueType) XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyValue);
            if (keyValueType != null) {
                return getSecurityToken(keyValueType, xMLSecurityProperties, inboundSecurityContext, keyUsage);
            }
            String str = (String) XMLSecurityUtils.getQNameType(keyInfoType.getContent(), XMLSecurityConstants.TAG_dsig_KeyName);
            if (str != null) {
                return getSecurityToken(str, xMLSecurityProperties, inboundSecurityContext, keyUsage);
            }
        }
        if (SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage) && xMLSecurityProperties.getSignatureVerificationKey() != null) {
            return getDefaultSecurityToken(xMLSecurityProperties, inboundSecurityContext, keyUsage);
        }
        if (!SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage) || xMLSecurityProperties.getDecryptionKey() == null) {
            throw new XMLSecurityException("stax.noKey", new Object[]{keyUsage});
        }
        return getDefaultSecurityToken(xMLSecurityProperties, inboundSecurityContext, keyUsage);
    }

    private InboundSecurityToken getDefaultSecurityToken(XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext, SecurityTokenConstants.KeyUsage keyUsage) {
        AbstractInboundSecurityToken abstractInboundSecurityToken = new AbstractInboundSecurityToken(inboundSecurityContext, IDGenerator.generateID(null), SecurityTokenConstants.KeyIdentifier_NoKeyInfo, false) { // from class: org.apache.xml.security.stax.impl.securityToken.SecurityTokenFactoryImpl.1
            @Override // org.apache.xml.security.stax.securityToken.SecurityToken
            public SecurityTokenConstants.TokenType getTokenType() {
                return SecurityTokenConstants.DefaultToken;
            }
        };
        setTokenKey(xMLSecurityProperties, keyUsage, abstractInboundSecurityToken);
        return abstractInboundSecurityToken;
    }

    private KeyNameSecurityToken getSecurityToken(String str, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext, SecurityTokenConstants.KeyUsage keyUsage) throws XMLSecurityException {
        KeyNameSecurityToken keyNameSecurityToken = new KeyNameSecurityToken(str, inboundSecurityContext);
        if (SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage) && xMLSecurityProperties.getSignatureVerificationKey() == null) {
            Key key = xMLSecurityProperties.getKeyNameMap().get(str);
            if (key == null) {
                throw new XMLSecurityException("stax.keyNotFoundForName", new Object[]{str});
            }
            if (!(key instanceof PublicKey)) {
                throw new XMLSecurityException("stax.keyTypeNotSupported", new Object[]{key.getClass().getSimpleName()});
            }
            keyNameSecurityToken.setPublicKey((PublicKey) key);
        }
        setTokenKey(xMLSecurityProperties, keyUsage, keyNameSecurityToken);
        return keyNameSecurityToken;
    }

    private static InboundSecurityToken getSecurityToken(KeyValueType keyValueType, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext, SecurityTokenConstants.KeyUsage keyUsage) throws XMLSecurityException {
        RSAKeyValueType rSAKeyValueType = (RSAKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_RSAKeyValue);
        if (rSAKeyValueType != null) {
            RsaKeyValueSecurityToken rsaKeyValueSecurityToken = new RsaKeyValueSecurityToken(rSAKeyValueType, inboundSecurityContext);
            setTokenKey(xMLSecurityProperties, keyUsage, rsaKeyValueSecurityToken);
            return rsaKeyValueSecurityToken;
        }
        DSAKeyValueType dSAKeyValueType = (DSAKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig_DSAKeyValue);
        if (dSAKeyValueType != null) {
            DsaKeyValueSecurityToken dsaKeyValueSecurityToken = new DsaKeyValueSecurityToken(dSAKeyValueType, inboundSecurityContext);
            setTokenKey(xMLSecurityProperties, keyUsage, dsaKeyValueSecurityToken);
            return dsaKeyValueSecurityToken;
        }
        ECKeyValueType eCKeyValueType = (ECKeyValueType) XMLSecurityUtils.getQNameType(keyValueType.getContent(), XMLSecurityConstants.TAG_dsig11_ECKeyValue);
        if (eCKeyValueType == null) {
            throw new XMLSecurityException("stax.unsupportedKeyValue");
        }
        ECKeyValueSecurityToken eCKeyValueSecurityToken = new ECKeyValueSecurityToken(eCKeyValueType, inboundSecurityContext);
        setTokenKey(xMLSecurityProperties, keyUsage, eCKeyValueSecurityToken);
        return eCKeyValueSecurityToken;
    }

    private static InboundSecurityToken getSecurityToken(X509DataType x509DataType, XMLSecurityProperties xMLSecurityProperties, InboundSecurityContext inboundSecurityContext, SecurityTokenConstants.KeyUsage keyUsage) throws XMLSecurityException {
        byte[] bArr = (byte[]) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), XMLSecurityConstants.TAG_dsig_X509Certificate);
        if (bArr != null) {
            X509Certificate certificateFromBytes = getCertificateFromBytes(bArr);
            SecurityTokenConstants.TokenType tokenType = SecurityTokenConstants.X509V3Token;
            if (certificateFromBytes.getVersion() == 1) {
                tokenType = SecurityTokenConstants.X509V1Token;
            }
            X509SecurityToken x509SecurityToken = new X509SecurityToken(tokenType, inboundSecurityContext, IDGenerator.generateID(null), SecurityTokenConstants.KeyIdentifier_X509KeyIdentifier, true);
            x509SecurityToken.setX509Certificates(new X509Certificate[]{certificateFromBytes});
            setTokenKey(xMLSecurityProperties, keyUsage, x509SecurityToken);
            return x509SecurityToken;
        }
        X509IssuerSerialType x509IssuerSerialType = (X509IssuerSerialType) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), XMLSecurityConstants.TAG_dsig_X509IssuerSerial);
        if (x509IssuerSerialType != null) {
            if (x509IssuerSerialType.getX509IssuerName() == null || x509IssuerSerialType.getX509SerialNumber() == null || ((SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage) && xMLSecurityProperties.getSignatureVerificationKey() == null) || (SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage) && xMLSecurityProperties.getDecryptionKey() == null))) {
                throw new XMLSecurityException("stax.noKey", new Object[]{keyUsage});
            }
            X509IssuerSerialSecurityToken x509IssuerSerialSecurityToken = new X509IssuerSerialSecurityToken(SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
            x509IssuerSerialSecurityToken.setIssuerName(x509IssuerSerialType.getX509IssuerName());
            x509IssuerSerialSecurityToken.setSerialNumber(x509IssuerSerialType.getX509SerialNumber());
            setTokenKey(xMLSecurityProperties, keyUsage, x509IssuerSerialSecurityToken);
            return x509IssuerSerialSecurityToken;
        }
        byte[] bArr2 = (byte[]) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), XMLSecurityConstants.TAG_dsig_X509SKI);
        if (bArr2 != null) {
            if ((SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage) && xMLSecurityProperties.getSignatureVerificationKey() == null) || (SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage) && xMLSecurityProperties.getDecryptionKey() == null)) {
                throw new XMLSecurityException("stax.noKey", new Object[]{keyUsage});
            }
            X509SKISecurityToken x509SKISecurityToken = new X509SKISecurityToken(SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
            x509SKISecurityToken.setSkiBytes(bArr2);
            setTokenKey(xMLSecurityProperties, keyUsage, x509SKISecurityToken);
            return x509SKISecurityToken;
        }
        String str = (String) XMLSecurityUtils.getQNameType(x509DataType.getX509IssuerSerialOrX509SKIOrX509SubjectName(), XMLSecurityConstants.TAG_dsig_X509SubjectName);
        if (str == null) {
            throw new XMLSecurityException("stax.noKey", new Object[]{keyUsage});
        }
        if ((SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage) && xMLSecurityProperties.getSignatureVerificationKey() == null) || (SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage) && xMLSecurityProperties.getDecryptionKey() == null)) {
            throw new XMLSecurityException("stax.noKey", new Object[]{keyUsage});
        }
        String normalize = RFC2253Parser.normalize(str);
        X509SubjectNameSecurityToken x509SubjectNameSecurityToken = new X509SubjectNameSecurityToken(SecurityTokenConstants.X509V3Token, inboundSecurityContext, IDGenerator.generateID(null));
        x509SubjectNameSecurityToken.setSubjectName(normalize);
        setTokenKey(xMLSecurityProperties, keyUsage, x509SubjectNameSecurityToken);
        return x509SubjectNameSecurityToken;
    }

    private static void setTokenKey(XMLSecurityProperties xMLSecurityProperties, SecurityTokenConstants.KeyUsage keyUsage, AbstractInboundSecurityToken abstractInboundSecurityToken) {
        Key key = null;
        if (SecurityTokenConstants.KeyUsage_Signature_Verification.equals(keyUsage)) {
            key = xMLSecurityProperties.getSignatureVerificationKey();
        } else if (SecurityTokenConstants.KeyUsage_Decryption.equals(keyUsage)) {
            key = xMLSecurityProperties.getDecryptionKey();
        }
        if (!(key instanceof PublicKey) || SecurityTokenConstants.KeyValueToken.equals(abstractInboundSecurityToken.getTokenType())) {
            abstractInboundSecurityToken.setSecretKey("", key);
        } else {
            abstractInboundSecurityToken.setPublicKey((PublicKey) key);
        }
    }

    private static X509Certificate getCertificateFromBytes(byte[] bArr) throws XMLSecurityException {
        try {
            UnsyncByteArrayInputStream unsyncByteArrayInputStream = new UnsyncByteArrayInputStream(bArr);
            Throwable th = null;
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(unsyncByteArrayInputStream);
                if (0 != 0) {
                    try {
                        unsyncByteArrayInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    unsyncByteArrayInputStream.close();
                }
                return x509Certificate;
            } catch (Throwable th3) {
                if (0 != 0) {
                    try {
                        unsyncByteArrayInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    unsyncByteArrayInputStream.close();
                }
                throw th3;
            }
        } catch (IOException | CertificateException e) {
            throw new XMLSecurityException(e);
        }
    }
}
