package oracle.security.xmlsec.wss.x509;

import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.crypto.util.Utils;
import oracle.security.xmlsec.keys.retrieval.KeyRetrievalException;
import oracle.security.xmlsec.keys.retrieval.KeyRetriever;
import oracle.security.xmlsec.wss.WSSBinarySecurityToken;
import oracle.security.xmlsec.wss.WSSException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:oracle/security/xmlsec/wss/x509/X509BinarySecurityToken.class */
public class X509BinarySecurityToken extends WSSBinarySecurityToken {
    public static final String vt_X509v1 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1";
    public static final String vt_X509v3 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    public static final String vt_X509PKIPathv1 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1";
    public static final String vt_PKCS7 = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7";
    boolean alreadyValidated;

    public X509BinarySecurityToken(Element element) {
        super(element);
        this.alreadyValidated = false;
    }

    public X509BinarySecurityToken(Element element, String str) {
        super(element, str);
        this.alreadyValidated = false;
    }

    public X509BinarySecurityToken(Document document) {
        super(document, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
        this.alreadyValidated = false;
    }

    public X509BinarySecurityToken(Document document, String str, String str2) {
        super(document, str, str2);
        this.alreadyValidated = false;
    }

    @Override // oracle.security.xmlsec.wss.WSSBinarySecurityToken
    public void setToken(Object obj) {
        if (obj instanceof X509Certificate) {
            try {
                setValue(((X509Certificate) obj).getEncoded());
                setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3");
                return;
            } catch (CertificateEncodingException e) {
                throw new IllegalArgumentException("Certificate encoding exception:" + e.getMessage());
            }
        }
        if (!(obj instanceof CertPath)) {
            throw new IllegalArgumentException("Unexpected object type. Expecting  X509Certificate/PKCS7/PKIPath Got:" + obj.getClass().getName());
        }
        try {
            setValue(((CertPath) obj).getEncoded("PkiPath"));
            setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
        } catch (CertificateEncodingException e2) {
            throw new IllegalArgumentException("Certificate encoding exception:" + e2.getMessage());
        }
    }

    public void setToken(X509Certificate x509Certificate) {
        try {
            setValue(x509Certificate.getEncoded());
            setValueType(x509Certificate.getVersion() == 3 ? "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" : "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1");
        } catch (CertificateEncodingException e) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Can't get certificate bytes");
            illegalArgumentException.initCause(e);
            throw illegalArgumentException;
        }
    }

    public void setToken(CertPath certPath) throws CertificateEncodingException {
        setValue(certPath.getEncoded("PkiPath"));
        setValueType("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1");
    }

    @Override // oracle.security.xmlsec.wss.WSSBinarySecurityToken, oracle.security.xmlsec.wss.WSSecurityToken
    public Object getToken() throws WSSException {
        byte[] value = getValue();
        String valueType = getValueType();
        if (valueType.equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3") || getValueType().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v1")) {
            try {
                return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new UnsyncByteArrayInputStream(value));
            } catch (CertificateException e) {
                throw new WSSException(e, WSSException.INVALID_SECURITY_TOKEN);
            }
        }
        if (!valueType.equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1") && !valueType.equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#PKCS7")) {
            throw new WSSException(WSSException.INVALID_SECURITY_TOKEN, "Invalid ValueType" + valueType);
        }
        try {
            return CertificateFactory.getInstance("X.509").generateCertPath((InputStream) new UnsyncByteArrayInputStream(value));
        } catch (CertificateException e2) {
            throw new WSSException(e2, WSSException.INVALID_SECURITY_TOKEN);
        }
    }

    public X509Certificate getX509Certificate() throws WSSException {
        Object token = getToken();
        if (token instanceof X509Certificate) {
            return (X509Certificate) token;
        }
        if (!(token instanceof CertPath)) {
            return null;
        }
        List<? extends Certificate> certificates = ((CertPath) token).getCertificates();
        if (certificates.size() == 0) {
            throw new WSSException(WSSException.INVALID_SECURITY_TOKEN, "No certs in PKIPath");
        }
        return (X509Certificate) certificates.get(0);
    }

    public PublicKey getPublicKey() throws WSSException {
        return getX509Certificate().getPublicKey();
    }

    public boolean equals(X509Certificate x509Certificate) {
        try {
            return Utils.areEqual(getValue(), x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Can't get certificate bytes");
            illegalArgumentException.initCause(e);
            throw illegalArgumentException;
        }
    }

    public void validate() throws WSSException, KeyRetrievalException {
        if (this.alreadyValidated) {
            return;
        }
        Object token = getToken();
        if (token instanceof X509Certificate) {
            KeyRetriever.validateCertificate((X509Certificate) token);
        } else if (token instanceof CertPath) {
            KeyRetriever.validateCertificate((CertPath) token);
        }
    }
}
