package org.opensaml.lite.security.keyinfo.provider;

import java.security.KeyException;
import java.security.PublicKey;
import java.util.Collection;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.CriteriaSet;
import org.opensaml.lite.security.KeyInfoCredentialResolver;
import org.opensaml.lite.security.criteria.KeyAlgorithmCriteria;
import org.opensaml.lite.security.impl.CredentialImpl;
import org.opensaml.lite.security.keyinfo.KeyInfoCredentialContext;
import org.opensaml.lite.security.keyinfo.KeyInfoResolutionContext;
import org.opensaml.lite.security.keyinfo.impl.KeyInfoHelper;
import org.opensaml.lite.xml.signature.KeyValue;
import org.opensaml.lite.xml.signature.RSAKeyValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.utils.SecurityUtils;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.7.3-SNAPSHOT.jar:org/opensaml/lite/security/keyinfo/provider/RSAKeyValueProvider.class */
public class RSAKeyValueProvider extends AbstractKeyInfoProvider {
    protected final Logger log = LoggerFactory.getLogger(getClass());

    @Override // org.opensaml.lite.security.keyinfo.KeyInfoProvider
    public boolean handles(SAMLObject sAMLObject) {
        return getRSAKeyValue(sAMLObject) != null;
    }

    @Override // org.opensaml.lite.security.keyinfo.KeyInfoProvider
    public Collection<Credential> process(KeyInfoCredentialResolver keyInfoCredentialResolver, SAMLObject sAMLObject, CriteriaSet criteriaSet, KeyInfoResolutionContext keyInfoResolutionContext) throws SecurityException {
        RSAKeyValue rSAKeyValue = getRSAKeyValue(sAMLObject);
        if (rSAKeyValue == null) {
            return null;
        }
        KeyAlgorithmCriteria keyAlgorithmCriteria = (KeyAlgorithmCriteria) criteriaSet.get(KeyAlgorithmCriteria.class);
        if (keyAlgorithmCriteria != null && keyAlgorithmCriteria.getKeyAlgorithm() != null && !keyAlgorithmCriteria.getKeyAlgorithm().equals(SecurityUtils.DEFAULT_ASYM_ALGORITHM)) {
            this.log.debug("Criteria specified non-RSA key algorithm, skipping");
            return null;
        }
        this.log.debug("Attempting to extract credential from an RSAKeyValue");
        try {
            PublicKey rSAKey = KeyInfoHelper.getRSAKey(rSAKeyValue);
            CredentialImpl credentialImpl = new CredentialImpl(null);
            credentialImpl.setPublicKey(rSAKey);
            if (keyInfoResolutionContext != null) {
                credentialImpl.getKeyNames().addAll(keyInfoResolutionContext.getKeyNames());
            }
            KeyInfoCredentialContext buildCredentialContext = buildCredentialContext(keyInfoResolutionContext);
            if (buildCredentialContext != null) {
                credentialImpl.getCredentalContextSet().add(buildCredentialContext);
            }
            this.log.debug("Credential successfully extracted from RSAKeyValue");
            return singletonSet(credentialImpl);
        } catch (KeyException e) {
            this.log.error("Error extracting RSA key value", (Throwable) e);
            throw new SecurityException("Error extracting RSA key value", e);
        }
    }

    protected RSAKeyValue getRSAKeyValue(SAMLObject sAMLObject) {
        if (sAMLObject == null) {
            return null;
        }
        if (sAMLObject instanceof RSAKeyValue) {
            return (RSAKeyValue) sAMLObject;
        }
        if (sAMLObject instanceof KeyValue) {
            return ((KeyValue) sAMLObject).getRSAKeyValue();
        }
        return null;
    }
}
