package org.apache.xml.security.keys.keyresolver.implementations;

import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import javax.crypto.SecretKey;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Digest;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.utils.XMLUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-329-07.zip:modules/system/layers/fuse/org/apache/santuario/xmlsec/2.0/xmlsec-2.0.6.jar:org/apache/xml/security/keys/keyresolver/implementations/X509DigestResolver.class */
public class X509DigestResolver extends KeyResolverSpi {
    private static Logger log = LoggerFactory.getLogger(X509DigestResolver.class);

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public boolean engineCanResolve(Element element, String str, StorageResolver storageResolver) {
        if (!XMLUtils.elementIsInSignatureSpace(element, "X509Data")) {
            return false;
        }
        try {
            return new X509Data(element, str).containsDigest();
        } catch (XMLSecurityException e) {
            return false;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public PublicKey engineLookupAndResolvePublicKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        X509Certificate engineLookupResolveX509Certificate = engineLookupResolveX509Certificate(element, str, storageResolver);
        if (engineLookupResolveX509Certificate != null) {
            return engineLookupResolveX509Certificate.getPublicKey();
        }
        return null;
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public X509Certificate engineLookupResolveX509Certificate(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        if (log.isDebugEnabled()) {
            log.debug("Can I resolve " + element.getTagName());
        }
        if (!engineCanResolve(element, str, storageResolver)) {
            return null;
        }
        try {
            return resolveCertificate(element, str, storageResolver);
        } catch (XMLSecurityException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("XMLSecurityException", e);
            return null;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public SecretKey engineLookupAndResolveSecretKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        return null;
    }

    private X509Certificate resolveCertificate(Element element, String str, StorageResolver storageResolver) throws XMLSecurityException {
        Element[] selectDs11Nodes = XMLUtils.selectDs11Nodes(element.getFirstChild(), "X509Digest");
        if (selectDs11Nodes == null || selectDs11Nodes.length <= 0) {
            return null;
        }
        try {
            checkStorage(storageResolver);
            XMLX509Digest[] xMLX509DigestArr = new XMLX509Digest[selectDs11Nodes.length];
            for (int i = 0; i < selectDs11Nodes.length; i++) {
                xMLX509DigestArr[i] = new XMLX509Digest(selectDs11Nodes[i], str);
            }
            Iterator<Certificate> iterator = storageResolver.getIterator();
            while (iterator.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) iterator.next();
                for (XMLX509Digest xMLX509Digest : xMLX509DigestArr) {
                    if (Arrays.equals(xMLX509Digest.getDigestBytes(), XMLX509Digest.getDigestBytesFromCert(x509Certificate, xMLX509Digest.getAlgorithm()))) {
                        if (log.isDebugEnabled()) {
                            log.debug("Found certificate with: " + x509Certificate.getSubjectX500Principal().getName());
                        }
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (XMLSecurityException e) {
            throw new KeyResolverException(e);
        }
    }

    private void checkStorage(StorageResolver storageResolver) throws KeyResolverException {
        if (storageResolver == null) {
            KeyResolverException keyResolverException = new KeyResolverException("KeyResolver.needStorageResolver", new Object[]{"X509Digest"});
            if (log.isDebugEnabled()) {
                log.debug("", keyResolverException);
            }
            throw keyResolverException;
        }
    }
}
