package javax.xml.crypto.test.dsig;

import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
import org.jcp.xml.dsig.internal.dom.DOMRetrievalMethod;

/* loaded from: input_file:javax/xml/crypto/test/dsig/X509KeySelector.class */
public class X509KeySelector extends KeySelector {
    private KeyStore ks;
    private boolean trusted;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:javax/xml/crypto/test/dsig/X509KeySelector$SimpleKeySelectorResult.class */
    public static class SimpleKeySelectorResult implements KeySelectorResult {
        private final Key key;

        SimpleKeySelectorResult(Key key) {
            this.key = key;
        }

        public Key getKey() {
            return this.key;
        }
    }

    public X509KeySelector(KeyStore keyStore) throws KeyStoreException {
        this(keyStore, true);
    }

    public X509KeySelector(KeyStore keyStore, boolean z) throws KeyStoreException {
        this.trusted = true;
        if (keyStore == null) {
            throw new NullPointerException("keyStore is null");
        }
        this.trusted = z;
        this.ks = keyStore;
        this.ks.size();
    }

    public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        KeySelectorResult certSelect;
        SignatureMethod signatureMethod = (SignatureMethod) algorithmMethod;
        if (keyInfo != null) {
            try {
                if (this.ks.size() != 0) {
                    for (DOMRetrievalMethod dOMRetrievalMethod : keyInfo.getContent()) {
                        if (dOMRetrievalMethod instanceof X509Data) {
                            KeySelectorResult x509DataSelect = x509DataSelect((X509Data) dOMRetrievalMethod, signatureMethod);
                            if (x509DataSelect != null) {
                                return x509DataSelect;
                            }
                        } else if (dOMRetrievalMethod instanceof KeyName) {
                            Certificate certificate = this.ks.getCertificate(((KeyName) dOMRetrievalMethod).getName());
                            if (certificate != null && algEquals(signatureMethod.getAlgorithm(), certificate.getPublicKey().getAlgorithm())) {
                                return new SimpleKeySelectorResult(certificate.getPublicKey());
                            }
                        } else if (dOMRetrievalMethod instanceof RetrievalMethod) {
                            DOMRetrievalMethod dOMRetrievalMethod2 = (RetrievalMethod) dOMRetrievalMethod;
                            try {
                                if (dOMRetrievalMethod2.getType().equals("http://www.w3.org/2000/09/xmldsig#rawX509Certificate")) {
                                    certSelect = certSelect((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(dOMRetrievalMethod2.dereference(xMLCryptoContext).getOctetStream()), signatureMethod);
                                } else if (dOMRetrievalMethod2.getType().equals("http://www.w3.org/2000/09/xmldsig#X509Data")) {
                                    certSelect = x509DataSelect((X509Data) dOMRetrievalMethod2.dereferenceAsXMLStructure(xMLCryptoContext), signatureMethod);
                                }
                                if (certSelect != null) {
                                    return certSelect;
                                }
                            } catch (Exception e) {
                                throw new KeySelectorException(e);
                            }
                        } else {
                            continue;
                        }
                    }
                    return new SimpleKeySelectorResult(null);
                }
            } catch (KeyStoreException e2) {
                throw new KeySelectorException(e2);
            }
        }
        return new SimpleKeySelectorResult(null);
    }

    private KeySelectorResult keyStoreSelect(CertSelector certSelector) throws KeyStoreException {
        Enumeration<String> aliases = this.ks.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = this.ks.getCertificate(aliases.nextElement());
            if (certificate != null && certSelector.match(certificate)) {
                return new SimpleKeySelectorResult(certificate.getPublicKey());
            }
        }
        return null;
    }

    private KeySelectorResult certSelect(X509Certificate x509Certificate, SignatureMethod signatureMethod) throws KeyStoreException {
        String certificateAlias;
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if ((keyUsage != null && !keyUsage[0]) || (certificateAlias = this.ks.getCertificateAlias(x509Certificate)) == null) {
            return null;
        }
        PublicKey publicKey = this.ks.getCertificate(certificateAlias).getPublicKey();
        if (algEquals(signatureMethod.getAlgorithm(), publicKey.getAlgorithm())) {
            return new SimpleKeySelectorResult(publicKey);
        }
        return null;
    }

    private String getPKAlgorithmOID(String str) {
        if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            return "1.2.840.10040.4.1";
        }
        if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
            return "1.2.840.113549.1.1";
        }
        return null;
    }

    private boolean algEquals(String str, String str2) {
        if (str2.equalsIgnoreCase("DSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            return true;
        }
        return str2.equalsIgnoreCase("RSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }

    private KeySelectorResult x509DataSelect(X509Data x509Data, SignatureMethod signatureMethod) throws KeyStoreException, KeySelectorException {
        String pKAlgorithmOID = getPKAlgorithmOID(signatureMethod.getAlgorithm());
        X509CertSelector x509CertSelector = new X509CertSelector();
        try {
            x509CertSelector.setSubjectPublicKeyAlgID(pKAlgorithmOID);
            ArrayList<X509Certificate> arrayList = new ArrayList();
            for (Object obj : x509Data.getContent()) {
                if (obj instanceof X509IssuerSerial) {
                    X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) obj;
                    try {
                        x509CertSelector.setSerialNumber(x509IssuerSerial.getSerialNumber());
                        String name = new X500Principal(x509IssuerSerial.getIssuerName()).getName();
                        if (name.endsWith("\n")) {
                            name = new String(name.toCharArray(), 0, name.length() - 1);
                        }
                        x509CertSelector.setIssuer(name);
                    } catch (IOException e) {
                        throw new KeySelectorException(e);
                    }
                } else if (obj instanceof String) {
                    try {
                        String name2 = new X500Principal((String) obj).getName();
                        if (name2.endsWith("\n")) {
                            name2 = new String(name2.toCharArray(), 0, name2.length() - 1);
                        }
                        x509CertSelector.setSubject(name2);
                    } catch (IOException e2) {
                        throw new KeySelectorException(e2);
                    }
                } else if (obj instanceof byte[]) {
                    byte[] bArr = (byte[]) obj;
                    byte[] bArr2 = new byte[bArr.length + 2];
                    bArr2[0] = 4;
                    bArr2[1] = (byte) bArr.length;
                    System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
                    x509CertSelector.setSubjectKeyIdentifier(bArr2);
                } else if (obj instanceof X509Certificate) {
                    arrayList.add((X509Certificate) obj);
                }
            }
            KeySelectorResult keyStoreSelect = keyStoreSelect(x509CertSelector);
            if (keyStoreSelect != null) {
                return keyStoreSelect;
            }
            if (arrayList.isEmpty() || this.trusted) {
                return null;
            }
            for (X509Certificate x509Certificate : arrayList) {
                if (x509CertSelector.match(x509Certificate)) {
                    return new SimpleKeySelectorResult(x509Certificate.getPublicKey());
                }
            }
            return null;
        } catch (IOException e3) {
            throw new KeySelectorException(e3);
        }
    }
}
