package org.opensaml.xml.security.keyinfo;

import java.security.Key;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.log4j.Logger;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver;
import org.opensaml.xml.security.credential.BasicCredential;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.credential.CredentialCriteriaSet;
import org.opensaml.xml.security.keyinfo.provider.DSAKeyValueProvider;
import org.opensaml.xml.security.keyinfo.provider.RSAKeyValueProvider;
import org.opensaml.xml.security.keyinfo.provider.X509DataProvider;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyInfoHelper;
import org.opensaml.xml.signature.KeyName;
import org.opensaml.xml.signature.KeyValue;

/* loaded from: input_file:org/opensaml/xml/security/keyinfo/KeyInfoCredentialResolver.class */
public class KeyInfoCredentialResolver extends AbstractCriteriaFilteringCredentialResolver {
    private static Logger log = Logger.getLogger(KeyInfoCredentialResolver.class);
    private List<KeyInfoProvider> providers = new ArrayList();

    /* loaded from: input_file:org/opensaml/xml/security/keyinfo/KeyInfoCredentialResolver$KeyInfoResolutionContext.class */
    public class KeyInfoResolutionContext {
        private KeyInfo keyInfo;
        private List<String> names;
        private Credential credential;
        private Collection<Credential> resolvedCredentials;
        private final Map<String, Object> properties = new HashMap();

        public KeyInfoResolutionContext(Collection<Credential> collection) {
            this.resolvedCredentials = Collections.unmodifiableCollection(collection);
        }

        public KeyInfo getKeyInfo() {
            return this.keyInfo;
        }

        public void setKeyInfo(KeyInfo keyInfo) {
            this.keyInfo = keyInfo;
        }

        public List<String> getKeyNames() {
            return this.names;
        }

        public void setKeyNames(List<String> list) {
            this.names = list;
        }

        public Credential getKeyValueCredential() {
            return this.credential;
        }

        public Collection<Credential> getResolvedCredentials() {
            return this.resolvedCredentials;
        }

        public void setKeyValueCredential(Credential credential) {
            this.credential = credential;
        }

        public Map<String, Object> getProperties() {
            return this.properties;
        }
    }

    public KeyInfoCredentialResolver() {
        this.providers.add(new RSAKeyValueProvider());
        this.providers.add(new DSAKeyValueProvider());
        this.providers.add(new X509DataProvider());
    }

    @Override // org.opensaml.xml.security.credential.AbstractCriteriaFilteringCredentialResolver
    protected Iterable<Credential> resolveFromSource(CredentialCriteriaSet credentialCriteriaSet) throws SecurityException {
        KeyInfoCriteria keyInfoCriteria = (KeyInfoCriteria) credentialCriteriaSet.get(KeyInfoCriteria.class);
        if (keyInfoCriteria == null) {
            log.error("No KeyInfo criteria supplied, resolver could not process");
            throw new SecurityException("Credential criteria set did not contain an instance ofKeyInfoCredentialCriteria");
        }
        KeyInfo keyInfo = keyInfoCriteria.getKeyInfo();
        ArrayList arrayList = new ArrayList();
        KeyInfoResolutionContext keyInfoResolutionContext = new KeyInfoResolutionContext(arrayList);
        if (keyInfo != null) {
            initResolutionContext(keyInfoResolutionContext, keyInfo, credentialCriteriaSet);
            processKeyInfoChildren(keyInfoResolutionContext, credentialCriteriaSet, arrayList);
            if (arrayList.isEmpty() && keyInfoResolutionContext.getKeyValueCredential() != null) {
                log.debug("No credentials extracted by registered non-KeyValue handling providers, adding KeyValue credential to returned credential set");
                arrayList.add(keyInfoResolutionContext.getKeyValueCredential());
            }
        } else {
            log.info("KeyInfo was null, any credentials will be resolved by post-processing hooks only");
        }
        postProcess(keyInfoResolutionContext, credentialCriteriaSet, arrayList);
        if (arrayList.isEmpty()) {
            log.debug("No credentials were found, calling empty credentials post-processing hook");
            postProcessEmptyCredentials(keyInfoResolutionContext, credentialCriteriaSet, arrayList);
        }
        if (log.isDebugEnabled()) {
            log.debug("A total of " + arrayList.size() + " credentials were resolved");
        }
        return arrayList;
    }

    protected void postProcess(KeyInfoResolutionContext keyInfoResolutionContext, CredentialCriteriaSet credentialCriteriaSet, List<Credential> list) throws SecurityException {
    }

    protected void postProcessEmptyCredentials(KeyInfoResolutionContext keyInfoResolutionContext, CredentialCriteriaSet credentialCriteriaSet, List<Credential> list) throws SecurityException {
    }

    private void processKeyInfoChildren(KeyInfoResolutionContext keyInfoResolutionContext, CredentialCriteriaSet credentialCriteriaSet, List<Credential> list) throws SecurityException {
        for (XMLObject xMLObject : keyInfoResolutionContext.getKeyInfo().getXMLObjects()) {
            if (!(xMLObject instanceof KeyValue)) {
                if (log.isDebugEnabled()) {
                    log.debug("Processing KeyInfo child with qname: " + xMLObject.getElementQName());
                }
                Collection<Credential> processKeyInfoChild = processKeyInfoChild(keyInfoResolutionContext, credentialCriteriaSet, xMLObject);
                if (processKeyInfoChild != null && !processKeyInfoChild.isEmpty()) {
                    list.addAll(processKeyInfoChild);
                } else if (!(xMLObject instanceof KeyName)) {
                    log.warn("No credentials could be extracted from KeyInfo child with qname " + xMLObject.getElementQName() + " by any registered provider");
                } else if (log.isDebugEnabled()) {
                    log.debug("KeyName with value '" + ((KeyName) xMLObject).getValue() + "' did not independently produce a credential based on any registered providers");
                }
            }
        }
    }

    private Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext keyInfoResolutionContext, CredentialCriteriaSet credentialCriteriaSet, XMLObject xMLObject) throws SecurityException {
        for (KeyInfoProvider keyInfoProvider : this.providers) {
            if (keyInfoProvider.handles(xMLObject)) {
                if (log.isDebugEnabled()) {
                    log.debug("Processing KeyInfo child " + xMLObject.getElementQName() + " with provider " + keyInfoProvider.getClass().getName());
                }
                Collection<Credential> process = keyInfoProvider.process(this, xMLObject, credentialCriteriaSet, keyInfoResolutionContext);
                if (process != null && !process.isEmpty()) {
                    if (log.isDebugEnabled()) {
                        log.debug("Credentials (count = " + process.size() + ") successfully extracted from child " + xMLObject.getElementQName() + " by provider " + keyInfoProvider.getClass().getName());
                    }
                    return process;
                }
            } else if (log.isDebugEnabled()) {
                log.debug("Provider " + keyInfoProvider.getClass().getName() + " doesn't handle objects of type " + xMLObject.getElementQName() + ", skipping");
            }
        }
        return null;
    }

    private void initResolutionContext(KeyInfoResolutionContext keyInfoResolutionContext, KeyInfo keyInfo, CredentialCriteriaSet credentialCriteriaSet) throws SecurityException {
        keyInfoResolutionContext.setKeyInfo(keyInfo);
        keyInfoResolutionContext.setKeyNames(KeyInfoHelper.getKeyNames(keyInfo));
        if (log.isDebugEnabled()) {
            log.debug("Found " + keyInfoResolutionContext.getKeyNames().size() + " key names: " + keyInfoResolutionContext.getKeyNames());
        }
        resolveKeyValue(keyInfoResolutionContext, credentialCriteriaSet, keyInfo.getKeyValues());
    }

    protected void resolveKeyValue(KeyInfoResolutionContext keyInfoResolutionContext, CredentialCriteriaSet credentialCriteriaSet, List<KeyValue> list) throws SecurityException {
        Iterator<KeyValue> it = list.iterator();
        while (it.hasNext()) {
            Collection<Credential> processKeyInfoChild = processKeyInfoChild(keyInfoResolutionContext, credentialCriteriaSet, it.next());
            if (processKeyInfoChild != null && !processKeyInfoChild.isEmpty()) {
                keyInfoResolutionContext.setKeyValueCredential(processKeyInfoChild.iterator().next());
                if (log.isDebugEnabled()) {
                    log.debug("Found a credential based on a KeyValue having key type: " + extractKeyValue(keyInfoResolutionContext.getKeyValueCredential()).getAlgorithm());
                    return;
                }
                return;
            }
        }
    }

    public KeyInfoCredentialContext buildCredentialContext(KeyInfoResolutionContext keyInfoResolutionContext) {
        return new KeyInfoCredentialContext(keyInfoResolutionContext.getKeyInfo());
    }

    protected Credential buildKeyNameOnlyCredential(KeyInfoResolutionContext keyInfoResolutionContext) throws SecurityException {
        BasicCredential basicCredential = new BasicCredential();
        basicCredential.getKeyNames().addAll(keyInfoResolutionContext.getKeyNames());
        basicCredential.getCredentalContextSet().add(buildCredentialContext(keyInfoResolutionContext));
        return basicCredential;
    }

    protected Key extractKeyValue(Credential credential) {
        if (credential == null) {
            return null;
        }
        if (credential.getPublicKey() != null) {
            return credential.getPublicKey();
        }
        if (credential.getSecretKey() != null) {
            return credential.getSecretKey();
        }
        if (credential.getPrivateKey() != null) {
            return credential.getPrivateKey();
        }
        return null;
    }
}
