package com.sun.xml.wss.impl.keyinfo;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.KeyInfoHeaderBlock;
import com.sun.xml.wss.core.SecurityTokenReference;
import com.sun.xml.wss.core.reference.EncryptedKeySHA1Identifier;
import com.sun.xml.wss.core.reference.KeyIdentifier;
import com.sun.xml.wss.core.reference.SamlKeyIdentifier;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import com.sun.xml.wss.core.reference.X509ThumbPrintIdentifier;
import com.sun.xml.wss.impl.SecurableSoapMessage;
import com.sun.xml.wss.impl.misc.Base64;
import java.security.cert.X509Certificate;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.w3c.dom.Document;

/* loaded from: input_file:spg-ui-war-2.1.49.war:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/wss/impl/keyinfo/KeyIdentifierStrategy.class */
public class KeyIdentifierStrategy extends KeyInfoStrategy {
    public static final int THUMBPRINT = 0;
    public static final int ENCRYPTEDKEYSHA1 = 1;
    protected static final Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    X509Certificate cert;
    String alias;
    boolean forSigning;
    boolean thumbprint;
    boolean encryptedKey;
    String samlAssertionId;

    public KeyIdentifierStrategy() {
        this.cert = null;
        this.alias = null;
        this.encryptedKey = false;
        this.samlAssertionId = null;
    }

    public KeyIdentifierStrategy(int i) {
        this.cert = null;
        this.alias = null;
        this.encryptedKey = false;
        this.samlAssertionId = null;
        if (i == 0) {
            this.thumbprint = true;
        } else if (i == 1) {
            this.encryptedKey = true;
        }
    }

    public KeyIdentifierStrategy(String str) {
        this.cert = null;
        this.alias = null;
        this.encryptedKey = false;
        this.samlAssertionId = null;
        this.samlAssertionId = str;
        this.forSigning = false;
    }

    public KeyIdentifierStrategy(String str, boolean z) {
        this.cert = null;
        this.alias = null;
        this.encryptedKey = false;
        this.samlAssertionId = null;
        this.alias = str;
        this.forSigning = z;
    }

    public KeyIdentifierStrategy(String str, boolean z, boolean z2) {
        this.cert = null;
        this.alias = null;
        this.encryptedKey = false;
        this.samlAssertionId = null;
        this.alias = str;
        this.forSigning = z;
        this.thumbprint = z2;
    }

    @Override // com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy
    public void insertKey(SecurityTokenReference securityTokenReference, SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        KeyIdentifier keyIdentifier = getKeyIdentifier(securableSoapMessage);
        if (keyIdentifier == null) {
            log.log(Level.SEVERE, "WSS0701.cannot.locate.certificate", this.alias);
            throw new XWSSecurityException("Unable to locate certificate for the alias '" + this.alias + "'");
        }
        securityTokenReference.setReference(keyIdentifier);
    }

    @Override // com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy
    public void insertKey(KeyInfoHeaderBlock keyInfoHeaderBlock, SecurableSoapMessage securableSoapMessage, String str) throws XWSSecurityException {
        KeyIdentifier keyIdentifier = getKeyIdentifier(securableSoapMessage);
        if (keyIdentifier == null) {
            log.log(Level.SEVERE, "WSS0701.cannot.locate.certificate", this.alias);
            throw new XWSSecurityException("Unable to locate certificate for the alias '" + this.alias + "'");
        }
        SecurityTokenReference securityTokenReference = new SecurityTokenReference(keyInfoHeaderBlock.getOwnerDocument());
        securityTokenReference.setReference(keyIdentifier);
        keyInfoHeaderBlock.addSecurityTokenReference(securityTokenReference);
    }

    private KeyIdentifier getKeyIdentifier(SecurableSoapMessage securableSoapMessage) throws XWSSecurityException {
        KeyIdentifier keyIdentifier = null;
        if (this.samlAssertionId != null) {
            SamlKeyIdentifier samlKeyIdentifier = new SamlKeyIdentifier((Document) securableSoapMessage.getSOAPPart());
            samlKeyIdentifier.setReferenceValue(this.samlAssertionId);
            return samlKeyIdentifier;
        }
        if (this.cert != null) {
            if (this.thumbprint) {
                byte[] thumbPrintIdentifier = X509ThumbPrintIdentifier.getThumbPrintIdentifier(this.cert);
                if (thumbPrintIdentifier == null) {
                    log.log(Level.SEVERE, "WSS0702.no.subject.keyidentifier", this.alias);
                    throw new XWSSecurityException("Error while calculating thumb print identifier");
                }
                String encode = Base64.encode(thumbPrintIdentifier);
                keyIdentifier = new X509ThumbPrintIdentifier((Document) securableSoapMessage.getSOAPPart());
                keyIdentifier.setReferenceValue(encode);
            } else {
                byte[] subjectKeyIdentifier = X509SubjectKeyIdentifier.getSubjectKeyIdentifier(this.cert);
                if (subjectKeyIdentifier == null) {
                    log.log(Level.SEVERE, "WSS0702.no.subject.keyidentifier", this.alias);
                    throw new XWSSecurityException("The found certificate does not contain subject key identifier X509 extension");
                }
                String encode2 = Base64.encode(subjectKeyIdentifier);
                keyIdentifier = new X509SubjectKeyIdentifier((Document) securableSoapMessage.getSOAPPart());
                keyIdentifier.setReferenceValue(encode2);
            }
        } else if (this.encryptedKey) {
            keyIdentifier = new EncryptedKeySHA1Identifier((Document) securableSoapMessage.getSOAPPart());
        }
        return keyIdentifier;
    }

    @Override // com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy
    public void setCertificate(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
    }

    @Override // com.sun.xml.wss.impl.keyinfo.KeyInfoStrategy
    public String getAlias() {
        return this.alias;
    }
}
