package edu.internet2.middleware.shibboleth.common.config.security;

import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.XMLHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.FatalBeanException;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.xml.AbstractSingleBeanDefinitionParser;
import org.springframework.beans.factory.xml.ParserContext;
import org.w3c.dom.Element;

/* loaded from: input_file:edu/internet2/middleware/shibboleth/common/config/security/AbstractPKIXValidationInformationBeanDefinitionParser.class */
public abstract class AbstractPKIXValidationInformationBeanDefinitionParser extends AbstractSingleBeanDefinitionParser {
    private final Logger log = LoggerFactory.getLogger(AbstractX509CredentialBeanDefinitionParser.class);

    protected Class getBeanClass(Element element) {
        return PKIXValidationInformationFactoryBean.class;
    }

    protected String resolveId(Element element, AbstractBeanDefinition abstractBeanDefinition, ParserContext parserContext) {
        return element.getAttributeNS(null, "id");
    }

    protected void doParse(Element element, BeanDefinitionBuilder beanDefinitionBuilder) {
        this.log.debug("Parsing PKIX ValidationInfo: {}", element.getAttributeNS(null, "id"));
        int i = 1;
        if (element.hasAttributeNS(null, "verifyDepth")) {
            i = new Integer(DatatypeHelper.safeTrim(element.getAttributeNS(null, "verifyDepth"))).intValue();
        }
        beanDefinitionBuilder.addPropertyValue("verifyDepth", Integer.valueOf(i));
        Map<QName, List<Element>> childElements = XMLHelper.getChildElements(element);
        parseCertificates(childElements, beanDefinitionBuilder);
        parseCRLs(childElements, beanDefinitionBuilder);
    }

    protected void parseCertificates(Map<QName, List<Element>> map, BeanDefinitionBuilder beanDefinitionBuilder) {
        List<Element> list = map.get(new QName(SecurityNamespaceHandler.NAMESPACE, "Certificate"));
        if (list == null || list.isEmpty()) {
            return;
        }
        this.log.debug("Parsing PKIX validation info certificates");
        ArrayList arrayList = new ArrayList();
        Iterator<Element> it = list.iterator();
        while (it.hasNext()) {
            byte[] encodedCertificate = getEncodedCertificate(DatatypeHelper.safeTrimOrNullString(it.next().getTextContent()));
            if (encodedCertificate != null) {
                try {
                    arrayList.addAll(X509Util.decodeCertificate(encodedCertificate));
                } catch (CertificateException e) {
                    throw new FatalBeanException("Unable to create PKIX validation info, unable to parse certificates", e);
                }
            }
        }
        beanDefinitionBuilder.addPropertyValue("certificates", arrayList);
    }

    protected abstract byte[] getEncodedCertificate(String str);

    protected void parseCRLs(Map<QName, List<Element>> map, BeanDefinitionBuilder beanDefinitionBuilder) {
        List<Element> list = map.get(new QName(SecurityNamespaceHandler.NAMESPACE, "CRL"));
        if (list == null || list.isEmpty()) {
            return;
        }
        this.log.debug("Parsing PKIX validation info CRLs");
        ArrayList arrayList = new ArrayList();
        Iterator<Element> it = list.iterator();
        while (it.hasNext()) {
            byte[] encodedCRL = getEncodedCRL(DatatypeHelper.safeTrimOrNullString(it.next().getTextContent()));
            if (encodedCRL != null) {
                try {
                    arrayList.addAll(X509Util.decodeCRLs(encodedCRL));
                } catch (CRLException e) {
                    throw new FatalBeanException("Unable to create PKIX validation info, unable to parse CRLs", e);
                }
            }
        }
        beanDefinitionBuilder.addPropertyValue("crls", arrayList);
    }

    protected abstract byte[] getEncodedCRL(String str);
}
