package org.jboss.ws.extensions.security.element;

import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.jboss.lang.JBossStringBuilder;
import org.jboss.ws.extensions.security.Constants;
import org.jboss.ws.extensions.security.WSSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/ws/extensions/security/element/KeyIdentifier.class */
public class KeyIdentifier extends Reference {
    public static final String SKI_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
    private Document doc;
    private String value;
    private Element cachedElement;

    public KeyIdentifier(Document document, BinarySecurityToken binarySecurityToken) throws WSSecurityException {
        this.doc = document;
        referenceToken(binarySecurityToken);
    }

    public KeyIdentifier(Element element) throws WSSecurityException {
        this.doc = element.getOwnerDocument();
        if (!"KeyIdentifier".equals(element.getLocalName())) {
            throw new WSSecurityException("Invalid message, invalid local name on a KeyIdentifier");
        }
        String attribute = element.getAttribute("ValueType");
        if (attribute == null || attribute.length() == 0) {
            throw new WSSecurityException("Inavliad message, KeyIdentifier element is missing an ValueType");
        }
        if (!SKI_TYPE.equals(attribute)) {
            throw new WSSecurityException(new JBossStringBuilder().append("Currently only SubjectKeyIdentifiers are supported, was passed: ").append(attribute).toString());
        }
        this.value = XMLUtils.getFullTextChildrenFromElement(element);
    }

    public void referenceToken(BinarySecurityToken binarySecurityToken) throws WSSecurityException {
        if (!(binarySecurityToken instanceof X509Token)) {
            throw new WSSecurityException("KeyIdentifier tried to reference something besides an X509 token");
        }
        byte[] extensionValue = ((X509Token) binarySecurityToken).getCert().getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            throw new WSSecurityException("Certificate did not contain a subject key identifier!");
        }
        int length = extensionValue.length - 4;
        byte[] bArr = new byte[length];
        System.arraycopy(bArr, 4, extensionValue, 0, length);
        this.value = Base64.encode(bArr);
    }

    public String getValue() {
        return this.value;
    }

    public String getValueType() {
        return SKI_TYPE;
    }

    public Document getDocument() {
        return this.doc;
    }

    public byte[] getIdentifier() throws WSSecurityException {
        if (this.value == null) {
            return null;
        }
        try {
            return Base64.decode(this.value);
        } catch (Base64DecodingException e) {
            throw new WSSecurityException("Error decoding key identifier", e);
        }
    }

    @Override // org.jboss.ws.extensions.security.element.SecurityElement
    public Element getElement() {
        if (this.cachedElement != null) {
            return this.cachedElement;
        }
        Element createElementNS = this.doc.createElementNS(Constants.WSSE_NS, "wsse:KeyIdentifier");
        createElementNS.setAttribute("ValueType", getValueType());
        createElementNS.setAttribute("EncodingType", Constants.BASE64_ENCODING_TYPE);
        this.cachedElement = createElementNS;
        return this.cachedElement;
    }
}
