package xades4j.verification;

import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
import xades4j.properties.data.CertRef;
import xades4j.providers.CertificateValidationException;
import xades4j.providers.X500NameStyleProvider;

/* loaded from: input_file:xades4j/verification/KeyInfoProcessor.class */
class KeyInfoProcessor {

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:xades4j/verification/KeyInfoProcessor$KeyInfoRes.class */
    public static class KeyInfoRes {
        final X509CertSelector certSelector;
        final List<X509Certificate> keyInfoCerts;
        final XMLX509IssuerSerial issuerSerial;

        KeyInfoRes(X509CertSelector x509CertSelector, List<X509Certificate> list, XMLX509IssuerSerial xMLX509IssuerSerial) {
            this.keyInfoCerts = list;
            this.certSelector = x509CertSelector;
            this.issuerSerial = xMLX509IssuerSerial;
        }

        KeyInfoRes(X509CertSelector x509CertSelector) {
            this.certSelector = x509CertSelector;
            this.keyInfoCerts = Collections.emptyList();
            this.issuerSerial = null;
        }
    }

    private KeyInfoProcessor() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyInfoRes process(KeyInfo keyInfo, CertRef certRef, X500NameStyleProvider x500NameStyleProvider) throws CertificateValidationException {
        if (null == keyInfo || !keyInfo.containsX509Data()) {
            return tryUseSigningCertificateReference(certRef, x500NameStyleProvider);
        }
        ArrayList arrayList = new ArrayList(1);
        XMLX509IssuerSerial xMLX509IssuerSerial = null;
        X509CertSelector x509CertSelector = new X509CertSelector();
        boolean z = false;
        for (int i = 0; i < keyInfo.lengthX509Data(); i++) {
            try {
                X509Data itemX509Data = keyInfo.itemX509Data(i);
                if (!z) {
                    if (itemX509Data.containsIssuerSerial()) {
                        xMLX509IssuerSerial = itemX509Data.itemIssuerSerial(0);
                        x509CertSelector.setIssuer(x500NameStyleProvider.fromString(xMLX509IssuerSerial.getIssuerName()));
                        x509CertSelector.setSerialNumber(xMLX509IssuerSerial.getSerialNumber());
                        z = true;
                    } else if (itemX509Data.containsSubjectName()) {
                        x509CertSelector.setSubject(x500NameStyleProvider.fromString(itemX509Data.itemSubjectName(0).getSubjectName()));
                        z = true;
                    }
                }
                if (itemX509Data.containsCertificate()) {
                    for (int i2 = 0; i2 < itemX509Data.lengthCertificate(); i2++) {
                        arrayList.add(itemX509Data.itemCertificate(i2).getX509Certificate());
                    }
                }
            } catch (XMLSecurityException e) {
                throw new InvalidKeyInfoDataException("Cannot process X509Data", e);
            }
        }
        if (!z) {
            if (arrayList.isEmpty()) {
                return tryUseSigningCertificateReference(certRef, x500NameStyleProvider);
            }
            x509CertSelector.setCertificate((X509Certificate) arrayList.get(0));
        }
        return new KeyInfoRes(x509CertSelector, arrayList, xMLX509IssuerSerial);
    }

    private static KeyInfoRes tryUseSigningCertificateReference(CertRef certRef, X500NameStyleProvider x500NameStyleProvider) throws CertificateValidationException {
        if (certRef == null) {
            throw new InvalidKeyInfoDataException("Could not identify the leaf certificate using X509Datas in KeyInfo");
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setIssuer(x500NameStyleProvider.fromString(certRef.getIssuerDN()));
        x509CertSelector.setSerialNumber(certRef.getSerialNumber());
        return new KeyInfoRes(x509CertSelector);
    }
}
