package oracle.security.xmlsec.wss.x509;

import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import oracle.security.xmlsec.util.XMLUtils;
import oracle.security.xmlsec.wss.WSSException;
import oracle.security.xmlsec.wss.WSSKeyIdentifier;
import oracle.security.xmlsec.wss.WSSURI;
import oracle.security.xmlsec.wss.WSSecurityToken;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:oracle/security/xmlsec/wss/x509/X509KeyIdentifier.class */
public class X509KeyIdentifier extends WSSKeyIdentifier {
    public static final String vt_x509PKI = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier";
    protected static final String DEFAULT_ENCODING_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    private static ArrayList resolverList = new ArrayList();

    public static void addResolver(X509KeyIdentifierResolver x509KeyIdentifierResolver) {
        resolverList.add(x509KeyIdentifierResolver);
    }

    public static List getResolvers() {
        return resolverList;
    }

    public X509KeyIdentifier(Element element) {
        super(element);
    }

    public X509KeyIdentifier(Element element, String str) {
        super(element, str);
    }

    public X509KeyIdentifier(Document document) {
        super(document, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary");
    }

    public X509KeyIdentifier(Document document, String str) {
        super(document, str);
    }

    public X509KeyIdentifier(Document document, String str, String str2) {
        super(document, str, str2);
    }

    @Override // oracle.security.xmlsec.wss.WSSKeyIdentifier, oracle.security.xmlsec.wss.WSSecurityTokenReferenceType
    public WSSecurityToken getSecurityToken() throws WSSException {
        X509Certificate x509Certificate = null;
        int size = resolverList.size();
        for (int i = 0; i < size && x509Certificate == null; i++) {
            try {
                x509Certificate = ((X509KeyIdentifierResolver) resolverList.get(i)).resolve(this, getValueType());
            } catch (X509KeyIdentifierResolverException e) {
                x509Certificate = null;
            }
        }
        if (x509Certificate == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE);
        }
        X509BinarySecurityToken x509BinarySecurityToken = new X509BinarySecurityToken(getOwnerDocument());
        x509BinarySecurityToken.setToken(x509Certificate);
        x509BinarySecurityToken.removeAttribute(WSSURI.ENCODING_TYPE);
        x509BinarySecurityToken.alreadyValidated = true;
        return x509BinarySecurityToken;
    }

    @Override // oracle.security.xmlsec.wss.WSSKeyIdentifier, oracle.security.xmlsec.wss.WSSecurityTokenReferenceType
    public Object getKey() throws WSSException {
        PrivateKey privateKey = null;
        if (0 == 0) {
            int size = resolverList.size();
            for (int i = 0; i < size && privateKey == null; i++) {
                try {
                    privateKey = ((X509KeyIdentifierResolver) resolverList.get(i)).getPrivateKey(this, getValueType());
                } catch (X509KeyIdentifierResolverException e) {
                    privateKey = null;
                }
            }
        }
        if (privateKey == null) {
            throw new WSSException(WSSException.SECURITY_TOKEN_UNAVAILABLE);
        }
        return privateKey;
    }

    @Override // oracle.security.xmlsec.wss.WSSKeyIdentifier
    protected String getDefaultEncodingType() {
        return "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
    }

    @Override // oracle.security.xmlsec.wss.WSSKeyIdentifier
    public byte[] getThumbprint() {
        if (getValueType().equals("http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1")) {
            return getValue();
        }
        return null;
    }

    public byte[] getSubjectKeyIdentifier() {
        if (getValueType().equals("http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier")) {
            return getValue();
        }
        return null;
    }

    public boolean matches(X509Certificate x509Certificate) {
        byte[] ski;
        byte[] subjectKeyIdentifier = getSubjectKeyIdentifier();
        if (subjectKeyIdentifier != null && (ski = XMLUtils.getSKI(x509Certificate)) != null && Arrays.equals(ski, subjectKeyIdentifier)) {
            return true;
        }
        byte[] thumbprint = getThumbprint();
        if (thumbprint == null) {
            return false;
        }
        try {
            return Arrays.equals(MessageDigest.getInstance("SHA-1").digest(x509Certificate.getEncoded()), thumbprint);
        } catch (NoSuchAlgorithmException e) {
            return false;
        } catch (CertificateEncodingException e2) {
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException("Can't encode certificate");
            illegalArgumentException.initCause(e2);
            throw illegalArgumentException;
        }
    }
}
