package com.sun.xml.wss.helpers;

import com.sun.org.apache.xml.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.security.keys.content.KeyValue;
import com.sun.org.apache.xml.security.keys.content.X509Data;
import com.sun.org.apache.xml.security.utils.Base64;
import com.sun.xml.wss.KeyInfoHeaderBlock;
import com.sun.xml.wss.MessageConstants;
import com.sun.xml.wss.ReferenceElement;
import com.sun.xml.wss.SecurableSoapMessage;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.SecurityToken;
import com.sun.xml.wss.X509SecurityToken;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.reference.DirectReference;
import com.sun.xml.wss.reference.KeyIdentifier;
import com.sun.xml.wss.reference.X509IssuerSerial;
import java.math.BigInteger;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.Subject;

/* loaded from: input_file:119166-02/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/xml/wss/helpers/KeyResolver.class */
public class KeyResolver {
    private static Logger log = Logger.getLogger("javax.enterprise.resource.webservices.security", "com.sun.xml.wss.LogStrings");

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v82, types: [java.security.Key] */
    /* JADX WARN: Type inference failed for: r0v89, types: [java.security.Key] */
    public static Key getKey(KeyInfoHeaderBlock keyInfoHeaderBlock, boolean z, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        PublicKey resolveX509Data;
        try {
            if (keyInfoHeaderBlock.containsSecurityTokenReference()) {
                ReferenceElement reference = keyInfoHeaderBlock.getSecurityTokenReference(0).getReference();
                if (reference instanceof KeyIdentifier) {
                    resolveX509Data = z ? securableSoapMessage.getSecurityEnvironment().getPublicKey(getDecodedBase64EncodedData(((KeyIdentifier) reference).getReferenceValue())) : securableSoapMessage.getSecurityEnvironment().getPrivateKey(getDecodedBase64EncodedData(((KeyIdentifier) reference).getReferenceValue()));
                } else if (reference instanceof DirectReference) {
                    String uri = ((DirectReference) reference).getURI();
                    if (MessageConstants.X509v3_NS.equals(((DirectReference) reference).getValueType())) {
                        resolveX509Data = resolveX509Token(securableSoapMessage, (X509SecurityToken) securableSoapMessage.getToken(securableSoapMessage.getIdFromFragmentRef(uri)), z);
                    } else {
                        if (null != ((DirectReference) reference).getValueType()) {
                            log.log(Level.SEVERE, "WSS0337.unsupported.directref.mechanism", new Object[]{((DirectReference) reference).getValueType()});
                            XWSSecurityException xWSSecurityException = new XWSSecurityException(new StringBuffer().append("Unsupported DirectReference ValueType ").append(((DirectReference) reference).getValueType()).toString());
                            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, xWSSecurityException.getMessage(), xWSSecurityException);
                        }
                        SecurityToken token = securableSoapMessage.getToken(securableSoapMessage.getIdFromFragmentRef(uri));
                        if (!(token instanceof X509SecurityToken)) {
                            String stringBuffer = new StringBuffer().append(" Cannot Resolve URI ").append(uri).toString();
                            log.log(Level.SEVERE, "WSS0337.unsupported.directref.mechanism", new Object[]{stringBuffer});
                            XWSSecurityException xWSSecurityException2 = new XWSSecurityException(stringBuffer);
                            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, xWSSecurityException2.getMessage(), xWSSecurityException2);
                        }
                        resolveX509Data = resolveX509Token(securableSoapMessage, (X509SecurityToken) token, z);
                    }
                } else {
                    if (!(reference instanceof X509IssuerSerial)) {
                        log.log(Level.SEVERE, "WSS0338.unsupported.reference.mechanism");
                        XWSSecurityException xWSSecurityException3 = new XWSSecurityException("Key reference mechanism not supported");
                        throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, xWSSecurityException3.getMessage(), xWSSecurityException3);
                    }
                    BigInteger serialNumber = ((X509IssuerSerial) reference).getSerialNumber();
                    String issuerName = ((X509IssuerSerial) reference).getIssuerName();
                    resolveX509Data = z ? securableSoapMessage.getSecurityEnvironment().getPublicKey(serialNumber, issuerName) : securableSoapMessage.getSecurityEnvironment().getPrivateKey(serialNumber, issuerName);
                }
            } else if (keyInfoHeaderBlock.containsKeyName()) {
                resolveX509Data = securableSoapMessage.getSecurityEnvironment().getSecretKey(keyInfoHeaderBlock.getKeyNameString(0), false);
            } else if (keyInfoHeaderBlock.containsKeyValue()) {
                resolveX509Data = resolveKeyValue(securableSoapMessage, keyInfoHeaderBlock.getKeyValue(0), z);
            } else {
                if (!keyInfoHeaderBlock.containsX509Data()) {
                    log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
                    XWSSecurityException xWSSecurityException4 = new XWSSecurityException("Support for processing information in the given ds:KeyInfo is not present");
                    throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_UNSUPPORTED_SECURITY_TOKEN, xWSSecurityException4.getMessage(), xWSSecurityException4);
                }
                resolveX509Data = resolveX509Data(securableSoapMessage, keyInfoHeaderBlock.getX509Data(0), z);
            }
            if (resolveX509Data != null) {
                return resolveX509Data;
            }
            log.log(Level.SEVERE, "WSS0600.illegal.token.reference");
            XWSSecurityException xWSSecurityException5 = new XWSSecurityException("Referenced security token could not be retrieved");
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_SECURITY_TOKEN_UNAVAILABLE, xWSSecurityException5.getMessage(), xWSSecurityException5);
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, "WSS0800.error.resolving.key", new Object[]{e.getMessage()});
            throw SecurableSoapMessage.newSOAPFaultException(MessageConstants.WSSE_INVALID_SECURITY, e.getMessage(), e);
        }
    }

    public static Key resolveX509Token(SecurableSoapMessage securableSoapMessage, X509SecurityToken x509SecurityToken, boolean z) throws XWSSecurityException {
        if (!z) {
            return securableSoapMessage.getSecurityEnvironment().getPrivateKey(x509SecurityToken.getCertificate());
        }
        X509Certificate certificate = x509SecurityToken.getCertificate();
        Subject subject = securableSoapMessage.getSubject();
        if (subject == null) {
            subject = new Subject();
            securableSoapMessage.setSubject(subject);
        }
        SecurityEnvironment securityEnvironment = securableSoapMessage.getSecurityEnvironment();
        if (null != securityEnvironment) {
            securityEnvironment.updateOtherPartySubject(subject, certificate);
        }
        return certificate.getPublicKey();
    }

    public static Key resolveKeyValue(SecurableSoapMessage securableSoapMessage, KeyValue keyValue, boolean z) throws XWSSecurityException {
        keyValue.getElement().normalize();
        try {
            return z ? keyValue.getPublicKey() : securableSoapMessage.getSecurityEnvironment().getPrivateKey(keyValue.getPublicKey());
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0601.illegal.key.value", e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    public static Key resolveX509Data(SecurableSoapMessage securableSoapMessage, X509Data x509Data, boolean z) throws XWSSecurityException {
        x509Data.getElement().normalize();
        SecurityEnvironment securityEnvironment = securableSoapMessage.getSecurityEnvironment();
        try {
            if (x509Data.containsCertificate()) {
                X509Certificate x509Certificate = x509Data.itemCertificate(0).getX509Certificate();
                return z ? x509Certificate.getPublicKey() : securityEnvironment.getPrivateKey(x509Certificate);
            }
            if (x509Data.containsSKI()) {
                return z ? securityEnvironment.getPublicKey(x509Data.itemSKI(0).getSKIBytes()) : securityEnvironment.getPrivateKey(x509Data.itemSKI(0).getSKIBytes());
            }
            if (x509Data.containsSubjectName()) {
                log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
                throw new XWSSecurityException("X509SubjectName child element of X509Data is not yet supported by our implementation");
            }
            if (x509Data.containsIssuerSerial()) {
                return z ? securityEnvironment.getPublicKey(x509Data.itemIssuerSerial(0).getSerialNumber(), x509Data.itemIssuerSerial(0).getIssuerName()) : securityEnvironment.getPrivateKey(x509Data.itemIssuerSerial(0).getSerialNumber(), x509Data.itemIssuerSerial(0).getIssuerName());
            }
            log.log(Level.SEVERE, "WSS0339.unsupported.keyinfo");
            throw new XWSSecurityException("Unsupported child element of X509Data encountered");
        } catch (Exception e) {
            log.log(Level.SEVERE, "WSS0602.illegal.x509.data", e.getMessage());
            throw new XWSSecurityException(e);
        }
    }

    private static byte[] getDecodedBase64EncodedData(String str) throws XWSSecurityException {
        try {
            return Base64.decode(str);
        } catch (Base64DecodingException e) {
            log.log(Level.SEVERE, "WSS0144.unableto.decode.base64.data", new Object[]{e.getMessage()});
            throw new XWSSecurityException("Unable to decode Base64 encoded data", e);
        }
    }
}
