package org.apache.xml.security.keys.keyresolver.implementations;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import javax.crypto.SecretKey;
import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.log4j.spi.Configurator;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyInfoReference;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.keys.keyresolver.KeyResolverSpi;
import org.apache.xml.security.keys.storage.StorageResolver;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.xml.sax.SAXException;

/* loaded from: input_file:WEB-INF/lib/xmlsec-2.1.7.jar:org/apache/xml/security/keys/keyresolver/implementations/KeyInfoReferenceResolver.class */
public class KeyInfoReferenceResolver extends KeyResolverSpi {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KeyInfoReferenceResolver.class);

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public boolean engineCanResolve(Element element, String str, StorageResolver storageResolver) {
        return XMLUtils.elementIsInSignature11Space(element, "KeyInfoReference");
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public PublicKey engineLookupAndResolvePublicKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        LOG.debug("Can I resolve {}", element.getTagName());
        if (!engineCanResolve(element, str, storageResolver)) {
            return null;
        }
        try {
            KeyInfo resolveReferentKeyInfo = resolveReferentKeyInfo(element, str, storageResolver);
            if (resolveReferentKeyInfo != null) {
                return resolveReferentKeyInfo.getPublicKey();
            }
            return null;
        } catch (XMLSecurityException e) {
            LOG.debug("XMLSecurityException", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public X509Certificate engineLookupResolveX509Certificate(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        LOG.debug("Can I resolve {}", element.getTagName());
        if (!engineCanResolve(element, str, storageResolver)) {
            return null;
        }
        try {
            KeyInfo resolveReferentKeyInfo = resolveReferentKeyInfo(element, str, storageResolver);
            if (resolveReferentKeyInfo != null) {
                return resolveReferentKeyInfo.getX509Certificate();
            }
            return null;
        } catch (XMLSecurityException e) {
            LOG.debug("XMLSecurityException", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public SecretKey engineLookupAndResolveSecretKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        LOG.debug("Can I resolve {}", element.getTagName());
        if (!engineCanResolve(element, str, storageResolver)) {
            return null;
        }
        try {
            KeyInfo resolveReferentKeyInfo = resolveReferentKeyInfo(element, str, storageResolver);
            if (resolveReferentKeyInfo != null) {
                return resolveReferentKeyInfo.getSecretKey();
            }
            return null;
        } catch (XMLSecurityException e) {
            LOG.debug("XMLSecurityException", (Throwable) e);
            return null;
        }
    }

    @Override // org.apache.xml.security.keys.keyresolver.KeyResolverSpi
    public PrivateKey engineLookupAndResolvePrivateKey(Element element, String str, StorageResolver storageResolver) throws KeyResolverException {
        LOG.debug("Can I resolve " + element.getTagName());
        if (!engineCanResolve(element, str, storageResolver)) {
            return null;
        }
        try {
            KeyInfo resolveReferentKeyInfo = resolveReferentKeyInfo(element, str, storageResolver);
            if (resolveReferentKeyInfo != null) {
                return resolveReferentKeyInfo.getPrivateKey();
            }
            return null;
        } catch (XMLSecurityException e) {
            LOG.debug("XMLSecurityException", (Throwable) e);
            return null;
        }
    }

    private KeyInfo resolveReferentKeyInfo(Element element, String str, StorageResolver storageResolver) throws XMLSecurityException {
        Attr uRIAttr = new KeyInfoReference(element, str).getURIAttr();
        try {
            Element obtainReferenceElement = obtainReferenceElement(resolveInput(uRIAttr, str, this.secureValidation));
            if (obtainReferenceElement == null) {
                LOG.debug("De-reference of KeyInfoReference URI returned null: {}", uRIAttr.getValue());
                return null;
            }
            validateReference(obtainReferenceElement);
            KeyInfo keyInfo = new KeyInfo(obtainReferenceElement, str);
            keyInfo.setSecureValidation(this.secureValidation);
            keyInfo.addStorageResolver(storageResolver);
            return keyInfo;
        } catch (Exception e) {
            LOG.debug("XMLSecurityException", (Throwable) e);
            return null;
        }
    }

    private void validateReference(Element element) throws XMLSecurityException {
        if (!XMLUtils.elementIsInSignatureSpace(element, "KeyInfo")) {
            throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.WrongType", new Object[]{new QName(element.getNamespaceURI(), element.getLocalName())});
        }
        KeyInfo keyInfo = new KeyInfo(element, "");
        if (keyInfo.containsKeyInfoReference() || keyInfo.containsRetrievalMethod()) {
            if (!this.secureValidation) {
                throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithoutSecure");
            }
            throw new XMLSecurityException("KeyInfoReferenceResolver.InvalidReferentElement.ReferenceWithSecure");
        }
    }

    private XMLSignatureInput resolveInput(Attr attr, String str, boolean z) throws XMLSecurityException {
        if (ResourceResolver.isURISafeToResolve(attr, str)) {
            return ResourceResolver.getInstance(attr, str, z).resolve(attr, str, z);
        }
        String value = attr != null ? attr.getValue() : null;
        Object[] objArr = new Object[2];
        objArr[0] = value != null ? value : Configurator.NULL;
        objArr[1] = str;
        throw new ResourceResolverException("utils.resolver.noClass", objArr, value, str);
    }

    private Element obtainReferenceElement(XMLSignatureInput xMLSignatureInput) throws CanonicalizationException, ParserConfigurationException, IOException, SAXException, KeyResolverException {
        Element docFromBytes;
        if (xMLSignatureInput.isElement()) {
            docFromBytes = (Element) xMLSignatureInput.getSubNode();
        } else {
            if (xMLSignatureInput.isNodeSet()) {
                LOG.debug("De-reference of KeyInfoReference returned an unsupported NodeSet");
                return null;
            }
            docFromBytes = getDocFromBytes(xMLSignatureInput.getBytes(), this.secureValidation);
        }
        return docFromBytes;
    }
}
