package org.apache.xml.security.keys.keyresolver.implementations;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.ListIterator;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.content.RetrievalMethod;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.keys.keyresolver.KeyResolver;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.SAXException;

/* loaded from: input_file:webservices-osgi.jar:org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.class */
public class RetrievalMethodResolver extends KeyResolverSpi {
    private static Log log = LogFactory.getLog(RetrievalMethodResolver.class);

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public PublicKey engineLookupAndResolvePublicKey(Element element, String str, StorageResolver storageResolver) {
        if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
            return null;
        }
        try {
            RetrievalMethod retrievalMethod = new RetrievalMethod(element, str);
            String type = retrievalMethod.getType();
            XMLSignatureInput resolveInput = resolveInput(retrievalMethod, str, this.secureValidation);
            if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
                X509Certificate rawCertificate = getRawCertificate(resolveInput);
                if (rawCertificate != null) {
                    return rawCertificate.getPublicKey();
                }
                return null;
            }
            Element obtainReferenceElement = obtainReferenceElement(resolveInput, this.secureValidation);
            if (XMLUtils.elementIsInSignatureSpace(obtainReferenceElement, Constants._TAG_RETRIEVALMETHOD)) {
                if (this.secureValidation) {
                    if (!log.isDebugEnabled()) {
                        return null;
                    }
                    log.debug("Error: It is forbidden to have one RetrievalMethod point to another with secure validation");
                    return null;
                }
                if (obtainReferenceElement(resolveInput(new RetrievalMethod(obtainReferenceElement, str), str, this.secureValidation), this.secureValidation) == element) {
                    if (!log.isDebugEnabled()) {
                        return null;
                    }
                    log.debug("Error: Can't have RetrievalMethods pointing to each other");
                    return null;
                }
            }
            return resolveKey(obtainReferenceElement, str, storageResolver);
        } catch (IOException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("IOException", e);
            return null;
        } catch (CertificateException e2) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("CertificateException", e2);
            return null;
        } catch (ParserConfigurationException e3) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("ParserConfigurationException", e3);
            return null;
        } catch (XMLSecurityException e4) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("XMLSecurityException", e4);
            return null;
        } catch (SAXException e5) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("SAXException", e5);
            return null;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public X509Certificate engineLookupResolveX509Certificate(Element element, String str, StorageResolver storageResolver) {
        if (!XMLUtils.elementIsInSignatureSpace(element, Constants._TAG_RETRIEVALMETHOD)) {
            return null;
        }
        try {
            RetrievalMethod retrievalMethod = new RetrievalMethod(element, str);
            String type = retrievalMethod.getType();
            XMLSignatureInput resolveInput = resolveInput(retrievalMethod, str, this.secureValidation);
            if (RetrievalMethod.TYPE_RAWX509.equals(type)) {
                return getRawCertificate(resolveInput);
            }
            Element obtainReferenceElement = obtainReferenceElement(resolveInput, this.secureValidation);
            if (XMLUtils.elementIsInSignatureSpace(obtainReferenceElement, Constants._TAG_RETRIEVALMETHOD)) {
                if (this.secureValidation) {
                    if (!log.isDebugEnabled()) {
                        return null;
                    }
                    log.debug("Error: It is forbidden to have one RetrievalMethod point to another with secure validation");
                    return null;
                }
                if (obtainReferenceElement(resolveInput(new RetrievalMethod(obtainReferenceElement, str), str, this.secureValidation), this.secureValidation) == element) {
                    if (!log.isDebugEnabled()) {
                        return null;
                    }
                    log.debug("Error: Can't have RetrievalMethods pointing to each other");
                    return null;
                }
            }
            return resolveCertificate(obtainReferenceElement, str, storageResolver);
        } catch (IOException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("IOException", e);
            return null;
        } catch (CertificateException e2) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("CertificateException", e2);
            return null;
        } catch (ParserConfigurationException e3) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("ParserConfigurationException", e3);
            return null;
        } catch (XMLSecurityException e4) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("XMLSecurityException", e4);
            return null;
        } catch (SAXException e5) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("SAXException", e5);
            return null;
        }
    }

    private static X509Certificate resolveCertificate(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        if (log.isDebugEnabled()) {
            log.debug("Now we have a {" + element.getNamespaceURI() + "}" + element.getLocalName() + " Element");
        }
        if (element != null) {
            return KeyResolver.getX509Certificate(element, str, storageResolver);
        }
        return null;
    }

    private static PublicKey resolveKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        if (log.isDebugEnabled()) {
            log.debug("Now we have a {" + element.getNamespaceURI() + "}" + element.getLocalName() + " Element");
        }
        if (element != null) {
            return KeyResolver.getPublicKey(element, str, storageResolver);
        }
        return null;
    }

    private static Element obtainReferenceElement(XMLSignatureInput xMLSignatureInput, boolean z) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException, KeyResolverException {
        Element docFromBytes;
        if (xMLSignatureInput.isElement()) {
            docFromBytes = (Element) xMLSignatureInput.getSubNode();
        } else if (xMLSignatureInput.isNodeSet()) {
            docFromBytes = getDocumentElement(xMLSignatureInput.getNodeSet());
        } else {
            byte[] bytes = xMLSignatureInput.getBytes();
            docFromBytes = getDocFromBytes(bytes, z);
            if (log.isDebugEnabled()) {
                log.debug("we have to parse " + bytes.length + " bytes");
            }
        }
        return docFromBytes;
    }

    private static X509Certificate getRawCertificate(XMLSignatureInput xMLSignatureInput) throws CanonicalizationException, IOException, CertificateException {
        return (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(xMLSignatureInput.getBytes()));
    }

    private static XMLSignatureInput resolveInput(RetrievalMethod retrievalMethod, String str, boolean z) throws XMLSecurityException {
        Attr uRIAttr = retrievalMethod.getURIAttr();
        Transforms transforms = retrievalMethod.getTransforms();
        XMLSignatureInput resolve = ResourceResolver.getInstance(uRIAttr, str, z).resolve(uRIAttr, str, z);
        if (transforms != null) {
            if (log.isDebugEnabled()) {
                log.debug("We have Transforms");
            }
            resolve = transforms.performTransforms(resolve);
        }
        return resolve;
    }

    private static Element getDocFromBytes(byte[] bArr, boolean z) throws KeyResolverException {
        try {
            return XMLUtils.createDocumentBuilder(false, z).parse(new ByteArrayInputStream(bArr)).getDocumentElement();
        } catch (IOException e) {
            throw new KeyResolverException("empty", e);
        } catch (ParserConfigurationException e2) {
            throw new KeyResolverException("empty", e2);
        } catch (SAXException e3) {
            throw new KeyResolverException("empty", e3);
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public SecretKey engineLookupAndResolveSecretKey(Element element, String str, StorageResolver storageResolver) {
        return null;
    }

    private static Element getDocumentElement(Set<Node> set) {
        Iterator<Node> it = set.iterator();
        Element element = null;
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Node next = it.next();
            if (next != null && 1 == next.getNodeType()) {
                element = (Element) next;
                break;
            }
        }
        ArrayList arrayList = new ArrayList();
        while (element != null) {
            arrayList.add(element);
            Node parentNode = element.getParentNode();
            if (parentNode == null || 1 != parentNode.getNodeType()) {
                break;
            }
            element = (Element) parentNode;
        }
        ListIterator listIterator = arrayList.listIterator(arrayList.size() - 1);
        while (listIterator.hasPrevious()) {
            Element element2 = (Element) listIterator.previous();
            if (set.contains(element2)) {
                return element2;
            }
        }
        return null;
    }
}
