package org.opensaml.xml.security.keyinfo;

import java.math.BigInteger;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAParams;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.DSAParameterSpec;
import java.security.spec.DSAPublicKeySpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.XMLObjectBuilderFactory;
import org.opensaml.xml.security.SecurityHelper;
import org.opensaml.xml.security.x509.X509Util;
import org.opensaml.xml.signature.DEREncodedKeyValue;
import org.opensaml.xml.signature.DSAKeyValue;
import org.opensaml.xml.signature.Exponent;
import org.opensaml.xml.signature.G;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.KeyName;
import org.opensaml.xml.signature.KeyValue;
import org.opensaml.xml.signature.Modulus;
import org.opensaml.xml.signature.P;
import org.opensaml.xml.signature.Q;
import org.opensaml.xml.signature.RSAKeyValue;
import org.opensaml.xml.signature.X509Data;
import org.opensaml.xml.signature.X509Digest;
import org.opensaml.xml.signature.X509IssuerName;
import org.opensaml.xml.signature.X509IssuerSerial;
import org.opensaml.xml.signature.X509SKI;
import org.opensaml.xml.signature.X509SerialNumber;
import org.opensaml.xml.signature.X509SubjectName;
import org.opensaml.xml.signature.Y;
import org.opensaml.xml.util.Base64;
import org.opensaml.xml.util.DatatypeHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.opensaml.xmltooling.1.4.4_1.0.20.jar:org/opensaml/xml/security/keyinfo/KeyInfoHelper.class */
public class KeyInfoHelper {
    private static CertificateFactory x509CertFactory;

    protected KeyInfoHelper() {
    }

    public static List<String> getKeyNames(KeyInfo keyInfo) {
        LinkedList linkedList = new LinkedList();
        if (keyInfo == null) {
            return linkedList;
        }
        for (KeyName keyName : keyInfo.getKeyNames()) {
            if (keyName.getValue() != null) {
                linkedList.add(keyName.getValue());
            }
        }
        return linkedList;
    }

    public static void addKeyName(KeyInfo keyInfo, String str) {
        KeyName keyName = (KeyName) Configuration.getBuilderFactory().getBuilder(KeyName.DEFAULT_ELEMENT_NAME).buildObject(KeyName.DEFAULT_ELEMENT_NAME);
        keyName.setValue(str);
        keyInfo.getKeyNames().add(keyName);
    }

    public static List<X509Certificate> getCertificates(KeyInfo keyInfo) throws CertificateException {
        LinkedList linkedList = new LinkedList();
        if (keyInfo == null) {
            return linkedList;
        }
        for (X509Data x509Data : keyInfo.getX509Datas()) {
            if (x509Data != null) {
                linkedList.addAll(getCertificates(x509Data));
            }
        }
        return linkedList;
    }

    public static List<X509Certificate> getCertificates(X509Data x509Data) throws CertificateException {
        LinkedList linkedList = new LinkedList();
        if (x509Data == null) {
            return linkedList;
        }
        for (org.opensaml.xml.signature.X509Certificate x509Certificate : x509Data.getX509Certificates()) {
            if (x509Certificate != null && x509Certificate.getValue() != null) {
                linkedList.add(getCertificate(x509Certificate));
            }
        }
        return linkedList;
    }

    public static X509Certificate getCertificate(org.opensaml.xml.signature.X509Certificate x509Certificate) throws CertificateException {
        Collection<X509Certificate> decodeCertificate;
        if (x509Certificate == null || x509Certificate.getValue() == null || (decodeCertificate = X509Util.decodeCertificate(Base64.decode(x509Certificate.getValue()))) == null || !decodeCertificate.iterator().hasNext()) {
            return null;
        }
        return decodeCertificate.iterator().next();
    }

    public static List<X509CRL> getCRLs(KeyInfo keyInfo) throws CRLException {
        LinkedList linkedList = new LinkedList();
        if (keyInfo == null) {
            return linkedList;
        }
        for (X509Data x509Data : keyInfo.getX509Datas()) {
            if (x509Data != null) {
                linkedList.addAll(getCRLs(x509Data));
            }
        }
        return linkedList;
    }

    public static List<X509CRL> getCRLs(X509Data x509Data) throws CRLException {
        LinkedList linkedList = new LinkedList();
        if (x509Data == null) {
            return linkedList;
        }
        for (org.opensaml.xml.signature.X509CRL x509crl : x509Data.getX509CRLs()) {
            if (x509crl != null && x509crl.getValue() != null) {
                linkedList.add(getCRL(x509crl));
            }
        }
        return linkedList;
    }

    public static X509CRL getCRL(org.opensaml.xml.signature.X509CRL x509crl) throws CRLException {
        if (x509crl == null || x509crl.getValue() == null) {
            return null;
        }
        return X509Util.decodeCRLs(Base64.decode(x509crl.getValue())).iterator().next();
    }

    public static void addCertificate(KeyInfo keyInfo, X509Certificate x509Certificate) throws CertificateEncodingException {
        X509Data x509Data;
        if (keyInfo.getX509Datas().size() == 0) {
            x509Data = (X509Data) Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME);
            keyInfo.getX509Datas().add(x509Data);
        } else {
            x509Data = keyInfo.getX509Datas().get(0);
        }
        x509Data.getX509Certificates().add(buildX509Certificate(x509Certificate));
    }

    public static void addCRL(KeyInfo keyInfo, X509CRL x509crl) throws CRLException {
        X509Data x509Data;
        if (keyInfo.getX509Datas().size() == 0) {
            x509Data = (X509Data) Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME).buildObject(X509Data.DEFAULT_ELEMENT_NAME);
            keyInfo.getX509Datas().add(x509Data);
        } else {
            x509Data = keyInfo.getX509Datas().get(0);
        }
        x509Data.getX509CRLs().add(buildX509CRL(x509crl));
    }

    public static org.opensaml.xml.signature.X509Certificate buildX509Certificate(X509Certificate x509Certificate) throws CertificateEncodingException {
        org.opensaml.xml.signature.X509Certificate x509Certificate2 = (org.opensaml.xml.signature.X509Certificate) Configuration.getBuilderFactory().getBuilder(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME).buildObject(org.opensaml.xml.signature.X509Certificate.DEFAULT_ELEMENT_NAME);
        x509Certificate2.setValue(Base64.encodeBytes(x509Certificate.getEncoded()));
        return x509Certificate2;
    }

    public static org.opensaml.xml.signature.X509CRL buildX509CRL(X509CRL x509crl) throws CRLException {
        org.opensaml.xml.signature.X509CRL x509crl2 = (org.opensaml.xml.signature.X509CRL) Configuration.getBuilderFactory().getBuilder(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME).buildObject(org.opensaml.xml.signature.X509CRL.DEFAULT_ELEMENT_NAME);
        x509crl2.setValue(Base64.encodeBytes(x509crl.getEncoded()));
        return x509crl2;
    }

    public static X509SubjectName buildX509SubjectName(String str) {
        X509SubjectName x509SubjectName = (X509SubjectName) Configuration.getBuilderFactory().getBuilder(X509SubjectName.DEFAULT_ELEMENT_NAME).buildObject(X509SubjectName.DEFAULT_ELEMENT_NAME);
        x509SubjectName.setValue(str);
        return x509SubjectName;
    }

    public static X509IssuerSerial buildX509IssuerSerial(String str, BigInteger bigInteger) {
        X509IssuerName x509IssuerName = (X509IssuerName) Configuration.getBuilderFactory().getBuilder(X509IssuerName.DEFAULT_ELEMENT_NAME).buildObject(X509IssuerName.DEFAULT_ELEMENT_NAME);
        x509IssuerName.setValue(str);
        X509SerialNumber x509SerialNumber = (X509SerialNumber) Configuration.getBuilderFactory().getBuilder(X509SerialNumber.DEFAULT_ELEMENT_NAME).buildObject(X509SerialNumber.DEFAULT_ELEMENT_NAME);
        x509SerialNumber.setValue(bigInteger);
        X509IssuerSerial x509IssuerSerial = (X509IssuerSerial) Configuration.getBuilderFactory().getBuilder(X509IssuerSerial.DEFAULT_ELEMENT_NAME).buildObject(X509IssuerSerial.DEFAULT_ELEMENT_NAME);
        x509IssuerSerial.setX509IssuerName(x509IssuerName);
        x509IssuerSerial.setX509SerialNumber(x509SerialNumber);
        return x509IssuerSerial;
    }

    public static X509SKI buildX509SKI(X509Certificate x509Certificate) {
        byte[] subjectKeyIdentifier = X509Util.getSubjectKeyIdentifier(x509Certificate);
        if (subjectKeyIdentifier == null || subjectKeyIdentifier.length == 0) {
            return null;
        }
        X509SKI x509ski = (X509SKI) Configuration.getBuilderFactory().getBuilder(X509SKI.DEFAULT_ELEMENT_NAME).buildObject(X509SKI.DEFAULT_ELEMENT_NAME);
        x509ski.setValue(Base64.encodeBytes(subjectKeyIdentifier));
        return x509ski;
    }

    public static X509Digest buildX509Digest(X509Certificate x509Certificate, String str) throws NoSuchAlgorithmException, CertificateEncodingException {
        String algorithmIDFromURI = SecurityHelper.getAlgorithmIDFromURI(str);
        if (algorithmIDFromURI == null) {
            throw new NoSuchAlgorithmException("No JCE algorithm found for " + str);
        }
        byte[] digest = MessageDigest.getInstance(algorithmIDFromURI).digest(x509Certificate.getEncoded());
        X509Digest x509Digest = (X509Digest) Configuration.getBuilderFactory().getBuilder(X509Digest.DEFAULT_ELEMENT_NAME).buildObject(X509Digest.DEFAULT_ELEMENT_NAME);
        x509Digest.setAlgorithm(str);
        x509Digest.setValue(Base64.encodeBytes(digest));
        return x509Digest;
    }

    public static void addPublicKey(KeyInfo keyInfo, PublicKey publicKey) throws IllegalArgumentException {
        KeyValue keyValue = (KeyValue) Configuration.getBuilderFactory().getBuilder(KeyValue.DEFAULT_ELEMENT_NAME).buildObject(KeyValue.DEFAULT_ELEMENT_NAME);
        if (publicKey instanceof RSAPublicKey) {
            keyValue.setRSAKeyValue(buildRSAKeyValue((RSAPublicKey) publicKey));
        } else {
            if (!(publicKey instanceof DSAPublicKey)) {
                throw new IllegalArgumentException("Only RSAPublicKey and DSAPublicKey are supported");
            }
            keyValue.setDSAKeyValue(buildDSAKeyValue((DSAPublicKey) publicKey));
        }
        keyInfo.getKeyValues().add(keyValue);
    }

    public static RSAKeyValue buildRSAKeyValue(RSAPublicKey rSAPublicKey) {
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        RSAKeyValue rSAKeyValue = (RSAKeyValue) builderFactory.getBuilder(RSAKeyValue.DEFAULT_ELEMENT_NAME).buildObject(RSAKeyValue.DEFAULT_ELEMENT_NAME);
        Modulus modulus = (Modulus) builderFactory.getBuilder(Modulus.DEFAULT_ELEMENT_NAME).buildObject(Modulus.DEFAULT_ELEMENT_NAME);
        Exponent exponent = (Exponent) builderFactory.getBuilder(Exponent.DEFAULT_ELEMENT_NAME).buildObject(Exponent.DEFAULT_ELEMENT_NAME);
        modulus.setValueBigInt(rSAPublicKey.getModulus());
        rSAKeyValue.setModulus(modulus);
        exponent.setValueBigInt(rSAPublicKey.getPublicExponent());
        rSAKeyValue.setExponent(exponent);
        return rSAKeyValue;
    }

    public static DSAKeyValue buildDSAKeyValue(DSAPublicKey dSAPublicKey) {
        XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory();
        DSAKeyValue dSAKeyValue = (DSAKeyValue) builderFactory.getBuilder(DSAKeyValue.DEFAULT_ELEMENT_NAME).buildObject(DSAKeyValue.DEFAULT_ELEMENT_NAME);
        Y y = (Y) builderFactory.getBuilder(Y.DEFAULT_ELEMENT_NAME).buildObject(Y.DEFAULT_ELEMENT_NAME);
        G g = (G) builderFactory.getBuilder(G.DEFAULT_ELEMENT_NAME).buildObject(G.DEFAULT_ELEMENT_NAME);
        P p = (P) builderFactory.getBuilder(P.DEFAULT_ELEMENT_NAME).buildObject(P.DEFAULT_ELEMENT_NAME);
        Q q = (Q) builderFactory.getBuilder(Q.DEFAULT_ELEMENT_NAME).buildObject(Q.DEFAULT_ELEMENT_NAME);
        y.setValueBigInt(dSAPublicKey.getY());
        dSAKeyValue.setY(y);
        g.setValueBigInt(dSAPublicKey.getParams().getG());
        dSAKeyValue.setG(g);
        p.setValueBigInt(dSAPublicKey.getParams().getP());
        dSAKeyValue.setP(p);
        q.setValueBigInt(dSAPublicKey.getParams().getQ());
        dSAKeyValue.setQ(q);
        return dSAKeyValue;
    }

    public static void addDEREncodedPublicKey(KeyInfo keyInfo, PublicKey publicKey) throws NoSuchAlgorithmException, InvalidKeySpecException {
        DEREncodedKeyValue dEREncodedKeyValue = (DEREncodedKeyValue) Configuration.getBuilderFactory().getBuilder(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME).buildObject(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME);
        dEREncodedKeyValue.setValue(Base64.encodeBytes(((X509EncodedKeySpec) KeyFactory.getInstance(publicKey.getAlgorithm()).getKeySpec(publicKey, X509EncodedKeySpec.class)).getEncoded()));
        keyInfo.getXMLObjects().add(dEREncodedKeyValue);
    }

    public static List<PublicKey> getPublicKeys(KeyInfo keyInfo) throws KeyException {
        LinkedList linkedList = new LinkedList();
        if (keyInfo == null) {
            return linkedList;
        }
        Iterator<KeyValue> it = keyInfo.getKeyValues().iterator();
        while (it.hasNext()) {
            linkedList.add(getKey(it.next()));
        }
        Iterator<XMLObject> it2 = keyInfo.getXMLObjects(DEREncodedKeyValue.DEFAULT_ELEMENT_NAME).iterator();
        while (it2.hasNext()) {
            linkedList.add(getKey((DEREncodedKeyValue) it2.next()));
        }
        return linkedList;
    }

    public static PublicKey getKey(KeyValue keyValue) throws KeyException {
        if (keyValue.getDSAKeyValue() != null) {
            return getDSAKey(keyValue.getDSAKeyValue());
        }
        if (keyValue.getRSAKeyValue() != null) {
            return getRSAKey(keyValue.getRSAKeyValue());
        }
        return null;
    }

    public static PublicKey getDSAKey(DSAKeyValue dSAKeyValue) throws KeyException {
        if (!hasCompleteDSAParams(dSAKeyValue)) {
            throw new KeyException("DSAKeyValue element did not contain at least one of DSA parameters P, Q or G");
        }
        return getDSAKey(dSAKeyValue, new DSAParameterSpec(dSAKeyValue.getP().getValueBigInt(), dSAKeyValue.getQ().getValueBigInt(), dSAKeyValue.getG().getValueBigInt()));
    }

    public static PublicKey getDSAKey(DSAKeyValue dSAKeyValue, DSAParams dSAParams) throws KeyException {
        return buildKey(new DSAPublicKeySpec(dSAKeyValue.getY().getValueBigInt(), dSAParams.getP(), dSAParams.getQ(), dSAParams.getG()), "DSA");
    }

    public static boolean hasCompleteDSAParams(DSAKeyValue dSAKeyValue) {
        return (dSAKeyValue.getG() == null || DatatypeHelper.isEmpty(dSAKeyValue.getG().getValue()) || dSAKeyValue.getP() == null || DatatypeHelper.isEmpty(dSAKeyValue.getP().getValue()) || dSAKeyValue.getQ() == null || DatatypeHelper.isEmpty(dSAKeyValue.getQ().getValue())) ? false : true;
    }

    public static PublicKey getRSAKey(RSAKeyValue rSAKeyValue) throws KeyException {
        return buildKey(new RSAPublicKeySpec(rSAKeyValue.getModulus().getValueBigInt(), rSAKeyValue.getExponent().getValueBigInt()), "RSA");
    }

    public static final BigInteger decodeBigIntegerFromCryptoBinary(String str) {
        return new BigInteger(1, Base64.decode(str));
    }

    public static final String encodeCryptoBinaryFromBigInteger(BigInteger bigInteger) {
        return Base64.encodeBytes(org.apache.xml.security.utils.Base64.encode(bigInteger, bigInteger.bitLength()));
    }

    protected static PublicKey buildKey(KeySpec keySpec, String str) throws KeyException {
        Logger logger = getLogger();
        try {
            return KeyFactory.getInstance(str).generatePublic(keySpec);
        } catch (NoSuchAlgorithmException e) {
            logger.error(str + " algorithm is not supported by this VM", e);
            throw new KeyException(str + "algorithm is not supported by the JCE", e);
        } catch (InvalidKeySpecException e2) {
            logger.error("Invalid key information", e2);
            throw new KeyException("Invalid key information", e2);
        }
    }

    public static PublicKey getKey(DEREncodedKeyValue dEREncodedKeyValue) throws KeyException {
        PublicKey generatePublic;
        String[] strArr = {"RSA", "DSA", "EC"};
        if (dEREncodedKeyValue.getValue() == null) {
            throw new KeyException("No data found in key value element");
        }
        byte[] decode = Base64.decode(dEREncodedKeyValue.getValue());
        for (String str : strArr) {
            try {
                generatePublic = KeyFactory.getInstance(str).generatePublic(new X509EncodedKeySpec(decode));
            } catch (NoSuchAlgorithmException e) {
            } catch (InvalidKeySpecException e2) {
            }
            if (generatePublic != null) {
                return generatePublic;
            }
        }
        throw new KeyException("DEREncodedKeyValue did not contain a supported key type");
    }

    protected static CertificateFactory getX509CertFactory() throws CertificateException {
        if (x509CertFactory == null) {
            x509CertFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        }
        return x509CertFactory;
    }

    private static Logger getLogger() {
        return LoggerFactory.getLogger(KeyInfoHelper.class);
    }
}
