package org.apache.wss4j.dom.validate;

import java.security.PublicKey;
import java.security.cert.X509Certificate;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.handler.RequestData;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/wss4j-ws-security-dom-2.2.4.redhat-00001.jar:org/apache/wss4j/dom/validate/SignatureTrustValidator.class */
public class SignatureTrustValidator implements Validator {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) SignatureTrustValidator.class);

    @Override // org.apache.wss4j.dom.validate.Validator
    public Credential validate(Credential credential, RequestData requestData) throws WSSecurityException {
        if (credential == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noCredential");
        }
        X509Certificate[] certificates = credential.getCertificates();
        PublicKey publicKey = credential.getPublicKey();
        Crypto crypto = getCrypto(requestData);
        if (crypto == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "noSigCryptoFile");
        }
        if (certificates != null && certificates.length > 0) {
            validateCertificates(certificates);
            verifyTrustInCerts(certificates, crypto, requestData, requestData.isRevocationEnabled());
            return credential;
        }
        if (publicKey == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        validatePublicKey(publicKey, crypto);
        return credential;
    }

    protected Crypto getCrypto(RequestData requestData) {
        return requestData.getSigVerCrypto();
    }

    protected void validateCertificates(X509Certificate[] x509CertificateArr) throws WSSecurityException {
    }

    protected void verifyTrustInCerts(X509Certificate[] x509CertificateArr, Crypto crypto, RequestData requestData, boolean z) throws WSSecurityException {
        crypto.verifyTrust(x509CertificateArr, z, requestData.getSubjectCertConstraints(), requestData.getIssuerDNPatterns());
        LOG.debug("Certificate path has been verified for certificate with subject {}", x509CertificateArr[0].getSubjectX500Principal().getName());
    }

    protected void validatePublicKey(PublicKey publicKey, Crypto crypto) throws WSSecurityException {
        crypto.verifyTrust(publicKey);
    }
}
