package dk.skat.test.wsservlet;

import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import com.sun.org.apache.xml.internal.security.utils.Constants;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.CertSelector;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.OctetStreamData;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyName;
import javax.xml.crypto.dsig.keyinfo.RetrievalMethod;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;

/* loaded from: input_file:WEB-INF/classes/dk/skat/test/wsservlet/X509KeySelector.class */
public class X509KeySelector extends KeySelector {
    private KeyStore ks;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/classes/dk/skat/test/wsservlet/X509KeySelector$SimpleKeySelectorResult.class */
    public static class SimpleKeySelectorResult implements KeySelectorResult {
        private final Key key;

        SimpleKeySelectorResult(Key key) {
            this.key = key;
        }

        @Override // javax.xml.crypto.KeySelectorResult
        public Key getKey() {
            return this.key;
        }
    }

    public X509KeySelector(KeyStore keyStore) throws KeyStoreException {
        if (keyStore == null) {
            throw new NullPointerException("keyStore is null");
        }
        this.ks = keyStore;
        this.ks.size();
    }

    @Override // javax.xml.crypto.KeySelector
    public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        SignatureMethod signatureMethod = (SignatureMethod) algorithmMethod;
        if (keyInfo != null) {
            try {
                if (this.ks.size() != 0) {
                    for (XMLStructure xMLStructure : keyInfo.getContent()) {
                        if (xMLStructure instanceof X509Data) {
                            KeySelectorResult x509DataSelect = x509DataSelect((X509Data) xMLStructure, signatureMethod);
                            if (x509DataSelect != null) {
                                System.out.println("x509");
                                return x509DataSelect;
                            }
                        } else if (xMLStructure instanceof KeyName) {
                            Certificate certificate = this.ks.getCertificate(((KeyName) xMLStructure).getName());
                            if (certificate != null && algEquals(signatureMethod.getAlgorithm(), certificate.getPublicKey().getAlgorithm())) {
                                System.out.println(Constants._TAG_KEYNAME);
                                return new SimpleKeySelectorResult(certificate.getPublicKey());
                            }
                        } else if (xMLStructure instanceof RetrievalMethod) {
                            System.out.println(Constants._TAG_RETRIEVALMETHOD);
                            RetrievalMethod retrievalMethod = (RetrievalMethod) xMLStructure;
                            try {
                                KeySelectorResult keySelectorResult = null;
                                if (retrievalMethod.getType().equals("http://www.w3.org/2000/09/xmldsig#rawX509Certificate")) {
                                    System.out.println("OctetStream");
                                    keySelectorResult = certSelect((X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(((OctetStreamData) retrievalMethod.dereference(xMLCryptoContext)).getOctetStream()), signatureMethod);
                                } else if (retrievalMethod.getType().equals("http://www.w3.org/2000/09/xmldsig#X509Data")) {
                                    System.out.println("NodeSetData");
                                }
                                if (keySelectorResult != null) {
                                    return keySelectorResult;
                                }
                            } catch (Exception e) {
                                throw new KeySelectorException(e);
                            }
                        }
                    }
                    System.out.println("Default cert struct");
                    return new SimpleKeySelectorResult(null);
                }
            } catch (KeyStoreException e2) {
                throw new KeySelectorException(e2);
            }
        }
        System.out.println("No signature found or no ketore found");
        return new SimpleKeySelectorResult(null);
    }

    private KeySelectorResult keyStoreSelect(CertSelector certSelector) throws KeyStoreException {
        Enumeration<String> aliases = this.ks.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = this.ks.getCertificate(aliases.nextElement());
            if (certificate != null && certSelector.match(certificate)) {
                return new SimpleKeySelectorResult(certificate.getPublicKey());
            }
        }
        return null;
    }

    private KeySelectorResult certSelect(X509Certificate x509Certificate, SignatureMethod signatureMethod) throws KeyStoreException {
        String certificateAlias;
        if (!x509Certificate.getKeyUsage()[0] || (certificateAlias = this.ks.getCertificateAlias(x509Certificate)) == null) {
            return null;
        }
        PublicKey publicKey = this.ks.getCertificate(certificateAlias).getPublicKey();
        if (algEquals(signatureMethod.getAlgorithm(), publicKey.getAlgorithm())) {
            return new SimpleKeySelectorResult(publicKey);
        }
        return null;
    }

    private String getPKAlgorithmOID(String str) {
        if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            return "1.2.840.10040.4.1";
        }
        if (str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1")) {
            return "1.2.840.113549.1.1";
        }
        return null;
    }

    private boolean algEquals(String str, String str2) {
        if (str2.equalsIgnoreCase("DSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#dsa-sha1")) {
            return true;
        }
        return str2.equalsIgnoreCase("RSA") && str.equalsIgnoreCase("http://www.w3.org/2000/09/xmldsig#rsa-sha1");
    }

    private KeySelectorResult x509DataSelect(X509Data x509Data, SignatureMethod signatureMethod) throws KeyStoreException, KeySelectorException {
        KeySelectorResult certSelect;
        String pKAlgorithmOID = getPKAlgorithmOID(signatureMethod.getAlgorithm());
        for (Object obj : x509Data.getContent()) {
            if (obj instanceof X509Certificate) {
                certSelect = certSelect((X509Certificate) obj, signatureMethod);
            } else if (obj instanceof X509IssuerSerial) {
                X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) obj;
                X509CertSelector x509CertSelector = new X509CertSelector();
                try {
                    x509CertSelector.setSubjectPublicKeyAlgID(pKAlgorithmOID);
                    x509CertSelector.setSerialNumber(x509IssuerSerial.getSerialNumber());
                    x509CertSelector.setIssuer(new X500Principal(x509IssuerSerial.getIssuerName()).getName());
                    certSelect = keyStoreSelect(x509CertSelector);
                } catch (IOException e) {
                    throw new KeySelectorException(e);
                }
            } else if (obj instanceof String) {
                String str = (String) obj;
                X509CertSelector x509CertSelector2 = new X509CertSelector();
                try {
                    x509CertSelector2.setSubjectPublicKeyAlgID(pKAlgorithmOID);
                    x509CertSelector2.setSubject(new X500Principal(str).getName());
                    certSelect = keyStoreSelect(x509CertSelector2);
                } catch (IOException e2) {
                    throw new KeySelectorException(e2);
                }
            } else if (obj instanceof byte[]) {
                byte[] bArr = (byte[]) obj;
                X509CertSelector x509CertSelector3 = new X509CertSelector();
                try {
                    x509CertSelector3.setSubjectPublicKeyAlgID(pKAlgorithmOID);
                    byte[] bArr2 = new byte[bArr.length + 2];
                    bArr2[0] = 4;
                    bArr2[1] = (byte) bArr.length;
                    System.arraycopy(bArr, 0, bArr2, 2, bArr.length);
                    x509CertSelector3.setSubjectKeyIdentifier(bArr2);
                    certSelect = keyStoreSelect(x509CertSelector3);
                } catch (IOException e3) {
                    throw new KeySelectorException(e3);
                }
            } else {
                continue;
            }
            if (certSelect != null) {
                return certSelect;
            }
        }
        return null;
    }
}
