package org.opensaml.lite.security.keyinfo;

import java.security.Key;
import java.security.KeyException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.crypto.SecretKey;
import org.opensaml.lite.common.SAMLObject;
import org.opensaml.lite.security.AbstractCriteriaFilteringCredentialResolver;
import org.opensaml.lite.security.Credential;
import org.opensaml.lite.security.CriteriaSet;
import org.opensaml.lite.security.KeyInfoCredentialResolver;
import org.opensaml.lite.security.SecurityException;
import org.opensaml.lite.security.SecurityHelper;
import org.opensaml.lite.security.impl.CredentialImpl;
import org.opensaml.lite.security.keyinfo.impl.KeyInfoHelper;
import org.opensaml.lite.xml.signature.KeyInfo;
import org.opensaml.lite.xml.signature.KeyName;
import org.opensaml.lite.xml.signature.KeyValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-4.4.22.jar:org/opensaml/lite/security/keyinfo/BasicProviderKeyInfoCredentialResolver.class */
public class BasicProviderKeyInfoCredentialResolver extends AbstractCriteriaFilteringCredentialResolver implements KeyInfoCredentialResolver {
    protected final Logger log = LoggerFactory.getLogger(getClass());
    private List<KeyInfoProvider> providers = new ArrayList();

    public BasicProviderKeyInfoCredentialResolver(List<KeyInfoProvider> list) {
        this.providers.addAll(list);
    }

    protected List<KeyInfoProvider> getProviders() {
        return this.providers;
    }

    @Override // org.opensaml.lite.security.AbstractCriteriaFilteringCredentialResolver
    protected Iterable<Credential> resolveFromSource(CriteriaSet criteriaSet) throws SecurityException {
        KeyInfoCriteria keyInfoCriteria = (KeyInfoCriteria) criteriaSet.get(KeyInfoCriteria.class);
        if (keyInfoCriteria == null) {
            this.log.error("No KeyInfo criteria supplied, resolver could not process");
            throw new SecurityException("Credential criteria set did not contain an instance ofKeyInfoCredentialCriteria");
        }
        KeyInfo keyInfo = keyInfoCriteria.getKeyInfo();
        ArrayList arrayList = new ArrayList();
        KeyInfoResolutionContext keyInfoResolutionContext = new KeyInfoResolutionContext(arrayList);
        if (keyInfo != null) {
            processKeyInfo(keyInfo, keyInfoResolutionContext, criteriaSet, arrayList);
        } else {
            this.log.info("KeyInfo was null, any credentials will be resolved by post-processing hooks only");
        }
        postProcess(keyInfoResolutionContext, criteriaSet, arrayList);
        if (arrayList.isEmpty()) {
            this.log.debug("No credentials were found, calling empty credentials post-processing hook");
            postProcessEmptyCredentials(keyInfoResolutionContext, criteriaSet, arrayList);
        }
        this.log.debug("A total of " + arrayList.size() + " credentials were resolved");
        return arrayList;
    }

    private void processKeyInfo(KeyInfo keyInfo, KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, List<Credential> list) throws SecurityException {
        Credential buildBasicCredential;
        initResolutionContext(keyInfoResolutionContext, keyInfo, criteriaSet);
        Key key = keyInfoResolutionContext.getKey();
        HashSet hashSet = new HashSet();
        hashSet.addAll(keyInfoResolutionContext.getKeyNames());
        processKeyInfoChildren(keyInfoResolutionContext, criteriaSet, list);
        if (!list.isEmpty() || key == null || (buildBasicCredential = buildBasicCredential(key, hashSet)) == null) {
            return;
        }
        this.log.debug("No credentials were extracted by registered non-KeyValue handling providers, adding KeyValue credential to returned credential set");
        list.add(buildBasicCredential);
    }

    protected void postProcess(KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, List<Credential> list) throws SecurityException {
    }

    protected void postProcessEmptyCredentials(KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, List<Credential> list) throws SecurityException {
    }

    protected void processKeyInfoChildren(KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, List<Credential> list) throws SecurityException {
        for (SAMLObject sAMLObject : keyInfoResolutionContext.getKeyInfo().getSAMLObjects()) {
            if (!(sAMLObject instanceof KeyValue)) {
                this.log.debug("Processing KeyInfo child class: " + sAMLObject.getClass().getName());
                Collection<Credential> processKeyInfoChild = processKeyInfoChild(keyInfoResolutionContext, criteriaSet, sAMLObject);
                if (processKeyInfoChild != null && !processKeyInfoChild.isEmpty()) {
                    list.addAll(processKeyInfoChild);
                } else if (sAMLObject instanceof KeyName) {
                    this.log.debug("KeyName, with value " + ((KeyName) sAMLObject).getValue() + ", did not independently produce a credential based on any registered providers");
                } else {
                    this.log.warn("No credentials could be extracted from KeyInfo child " + sAMLObject.getClass().getName() + " by any registered provider");
                }
            }
        }
    }

    protected Collection<Credential> processKeyInfoChild(KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, SAMLObject sAMLObject) throws SecurityException {
        for (KeyInfoProvider keyInfoProvider : getProviders()) {
            if (keyInfoProvider.handles(sAMLObject)) {
                this.log.debug("Processing KeyInfo child " + sAMLObject.getClass().getName() + " with provider " + keyInfoProvider.getClass().getName());
                Collection<Credential> process = keyInfoProvider.process(this, sAMLObject, criteriaSet, keyInfoResolutionContext);
                if (process != null && !process.isEmpty()) {
                    this.log.debug("Credentials successfully extracted from child " + sAMLObject.getClass().getName() + " by provider " + keyInfoProvider.getClass().getName());
                    return process;
                }
            } else {
                this.log.debug("Provider " + keyInfoProvider.getClass().getName() + " doesn't handle objects of type " + sAMLObject.getClass().getName() + ", skipping");
            }
        }
        return null;
    }

    protected void initResolutionContext(KeyInfoResolutionContext keyInfoResolutionContext, KeyInfo keyInfo, CriteriaSet criteriaSet) throws SecurityException {
        keyInfoResolutionContext.setKeyInfo(keyInfo);
        keyInfoResolutionContext.getKeyNames().addAll(KeyInfoHelper.getKeyNames(keyInfo));
        this.log.debug("Found " + keyInfoResolutionContext.getKeyNames().size() + " key names: " + keyInfoResolutionContext.getKeyNames());
        resolveKeyValue(keyInfoResolutionContext, criteriaSet, keyInfo.getKeyValues());
    }

    protected void resolveKeyValue(KeyInfoResolutionContext keyInfoResolutionContext, CriteriaSet criteriaSet, List<KeyValue> list) throws SecurityException {
        Iterator<KeyValue> it = list.iterator();
        while (it.hasNext()) {
            Collection<Credential> processKeyInfoChild = processKeyInfoChild(keyInfoResolutionContext, criteriaSet, it.next());
            if (processKeyInfoChild != null) {
                Iterator<Credential> it2 = processKeyInfoChild.iterator();
                while (it2.hasNext()) {
                    Key extractKeyValue = extractKeyValue(it2.next());
                    if (extractKeyValue != null) {
                        keyInfoResolutionContext.setKey(extractKeyValue);
                        this.log.debug("Found a credential based on a KeyValue having key type: " + extractKeyValue.getAlgorithm());
                        return;
                    }
                }
            }
        }
    }

    protected Credential buildBasicCredential(Key key, Set<String> set) throws SecurityException {
        if (key == null) {
            this.log.debug("Key supplied was null, could not build credential");
            return null;
        }
        CredentialImpl credentialImpl = new CredentialImpl();
        if (set != null) {
            credentialImpl.getKeyNames().addAll(set);
        }
        if (key instanceof PublicKey) {
            credentialImpl.setPublicKey((PublicKey) key);
        } else if (key instanceof SecretKey) {
            credentialImpl.setSecretKey((SecretKey) key);
        } else {
            if (!(key instanceof PrivateKey)) {
                this.log.error(String.format("Key was of an unsupported type '%s'", key.getClass().getName()));
                return null;
            }
            PrivateKey privateKey = (PrivateKey) key;
            try {
                PublicKey derivePublicKey = SecurityHelper.derivePublicKey(privateKey);
                if (derivePublicKey == null) {
                    this.log.error("Failed to derive public key from private key");
                    return null;
                }
                credentialImpl.setPublicKey(derivePublicKey);
                credentialImpl.setPrivateKey(privateKey);
            } catch (KeyException e) {
                this.log.error("Could not derive public key from private key", (Throwable) e);
                return null;
            }
        }
        return credentialImpl;
    }

    protected Key extractKeyValue(Credential credential) {
        if (credential == null) {
            return null;
        }
        if (credential.getPublicKey() != null) {
            return credential.getPublicKey();
        }
        if (credential.getSecretKey() != null) {
            return credential.getSecretKey();
        }
        if (credential.getPrivateKey() != null) {
            return credential.getPrivateKey();
        }
        return null;
    }
}
