package org.apache.wss4j.common.token;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.wss4j.common.bsp.BSPEnforcer;
import org.apache.wss4j.common.bsp.BSPRule;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.Merlin;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:META-INF/repository/fuse-eap-distro-6.3.0.redhat-416-04.zip:modules/system/layers/fuse/org/apache/ws/security/2.1/wss4j-ws-security-common-2.1.7.jar:org/apache/wss4j/common/token/X509Security.class */
public class X509Security extends BinarySecurity {
    public static final String X509_V3_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    private X509Certificate cachedCert;

    public X509Security(Element element, BSPEnforcer bSPEnforcer) throws WSSecurityException {
        super(element, bSPEnforcer);
        if ("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3".equals(getValueType())) {
            return;
        }
        bSPEnforcer.handleBSPRule(BSPRule.R3033);
    }

    public X509Security(Document document) {
        super(document);
        setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
    }

    public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException {
        if (this.cachedCert != null) {
            return this.cachedCert;
        }
        Crypto crypto2 = crypto;
        if (crypto2 == null) {
            crypto2 = new Merlin();
        }
        byte[] token = getToken();
        if (token == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidCertData", new Object[]{"0"});
        }
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(token);
            Throwable th = null;
            try {
                try {
                    this.cachedCert = crypto2.loadCertificate(byteArrayInputStream);
                    X509Certificate x509Certificate = this.cachedCert;
                    if (byteArrayInputStream != null) {
                        if (0 != 0) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            byteArrayInputStream.close();
                        }
                    }
                    return x509Certificate;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "parseError");
        }
    }

    public void setX509Certificate(X509Certificate x509Certificate) throws WSSecurityException {
        if (x509Certificate == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCert");
        }
        this.cachedCert = x509Certificate;
        try {
            setToken(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
        }
    }
}
