package org.jboss.ws.extensions.security;

import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import org.apache.xml.security.keys.KeyInfo;
import org.jboss.lang.JBossStringBuilder;
import org.jboss.util.NotImplementedException;
import org.jboss.ws.extensions.security.element.BinarySecurityToken;
import org.jboss.ws.extensions.security.element.DirectReference;
import org.jboss.ws.extensions.security.element.KeyIdentifier;
import org.jboss.ws.extensions.security.element.Reference;
import org.jboss.ws.extensions.security.element.SecurityTokenReference;
import org.jboss.ws.extensions.security.element.X509IssuerSerial;
import org.jboss.ws.extensions.security.element.X509Token;
import org.w3c.dom.Element;

/* loaded from: input_file:org/jboss/ws/extensions/security/KeyResolver.class */
public class KeyResolver {
    private HashMap<String, BinarySecurityToken> tokenCache = new HashMap<>();
    private SecurityStore store;

    public KeyResolver(SecurityStore securityStore) {
        this.store = securityStore;
    }

    private SecurityTokenReference extractSecurityTokenReference(KeyInfo keyInfo) throws WSSecurityException {
        Element firstChildElement = Util.getFirstChildElement(keyInfo.getElement());
        if (firstChildElement == null) {
            throw new WSSecurityException("Empty KeyInfo");
        }
        if (firstChildElement.getLocalName().equals("SecurityTokenReference")) {
            return new SecurityTokenReference(firstChildElement);
        }
        throw new WSSecurityException(new JBossStringBuilder().append("KeyInfo did not contain expected SecurityTokenReference, instead got: ").append(firstChildElement.getLocalName()).toString());
    }

    public void cacheToken(BinarySecurityToken binarySecurityToken) {
        this.tokenCache.put(binarySecurityToken.getId(), binarySecurityToken);
    }

    public BinarySecurityToken resolve(SecurityTokenReference securityTokenReference) throws WSSecurityException {
        Reference reference = securityTokenReference.getReference();
        if (reference instanceof DirectReference) {
            return resolveDirectReference((DirectReference) reference);
        }
        if (reference instanceof KeyIdentifier) {
            return resolveKeyIdentifier((KeyIdentifier) reference);
        }
        if (reference instanceof X509IssuerSerial) {
            return resolveX509IssuerSerial((X509IssuerSerial) reference);
        }
        throw new NotImplementedException("Currently only DirectReference is supported!");
    }

    private BinarySecurityToken resolveDirectReference(DirectReference directReference) throws WSSecurityException {
        String substring = directReference.getUri().substring(1);
        BinarySecurityToken binarySecurityToken = this.tokenCache.get(substring);
        if (binarySecurityToken == null) {
            throw new SecurityTokenUnavailableException(new JBossStringBuilder().append("Could not resolve token id: ").append(substring).toString());
        }
        return binarySecurityToken;
    }

    private BinarySecurityToken resolveKeyIdentifier(KeyIdentifier keyIdentifier) throws WSSecurityException {
        X509Certificate certificateBySubjectKeyIdentifier = this.store.getCertificateBySubjectKeyIdentifier(keyIdentifier.getIdentifier());
        if (certificateBySubjectKeyIdentifier == null) {
            throw new SecurityTokenUnavailableException("Could not locate certificate by key identifier");
        }
        return new X509Token(certificateBySubjectKeyIdentifier, keyIdentifier.getDocument());
    }

    private BinarySecurityToken resolveX509IssuerSerial(X509IssuerSerial x509IssuerSerial) throws WSSecurityException {
        X509Certificate certificateByIssuerSerial = this.store.getCertificateByIssuerSerial(x509IssuerSerial.getIssuer(), x509IssuerSerial.getSerial());
        if (certificateByIssuerSerial == null) {
            throw new SecurityTokenUnavailableException("Could not locate certificate by issuer and serial number");
        }
        return new X509Token(certificateByIssuerSerial, x509IssuerSerial.getDocument());
    }

    public X509Certificate resolveCertificate(SecurityTokenReference securityTokenReference) throws WSSecurityException {
        BinarySecurityToken resolve = resolve(securityTokenReference);
        if (resolve instanceof X509Token) {
            return ((X509Token) resolve).getCert();
        }
        throw new WSSecurityException(new JBossStringBuilder().append("Expected X509Token, cache contained: ").append(resolve.getClass().getName()).toString());
    }

    public PublicKey resolvePublicKey(SecurityTokenReference securityTokenReference) throws WSSecurityException {
        return resolveCertificate(securityTokenReference).getPublicKey();
    }

    public PrivateKey resolvePrivateKey(SecurityTokenReference securityTokenReference) throws WSSecurityException {
        return this.store.getPrivateKey(resolveCertificate(securityTokenReference));
    }

    public BinarySecurityToken resolve(KeyInfo keyInfo) throws WSSecurityException {
        return resolve(extractSecurityTokenReference(keyInfo));
    }

    public X509Certificate resolveCertificate(KeyInfo keyInfo) throws WSSecurityException {
        return resolveCertificate(extractSecurityTokenReference(keyInfo));
    }

    public PublicKey resolvePublicKey(KeyInfo keyInfo) throws WSSecurityException {
        return resolvePublicKey(extractSecurityTokenReference(keyInfo));
    }

    public PrivateKey resolvePrivateKey(KeyInfo keyInfo) throws WSSecurityException {
        return resolvePrivateKey(extractSecurityTokenReference(keyInfo));
    }
}
