package oracle.security.xmlsec.keys.retrieval;

import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Vector;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.util.Utils;
import oracle.security.xmlsec.dsig.ReferenceException;
import oracle.security.xmlsec.enc.OriginatorKeyInfo;
import oracle.security.xmlsec.enc.RecipientKeyInfo;
import oracle.security.xmlsec.enc.XECipherException;
import oracle.security.xmlsec.enc.XEEncryptedKey;
import oracle.security.xmlsec.enc.XEEncryptedObject;
import oracle.security.xmlsec.enc.XEEncryptionMethod;
import oracle.security.xmlsec.enc.XEException;
import oracle.security.xmlsec.enc.XESchemaException;
import oracle.security.xmlsec.keys.DHAgreementMethod;
import oracle.security.xmlsec.keys.KeyInfoData;
import oracle.security.xmlsec.keys.KeyName;
import oracle.security.xmlsec.keys.KeyValue;
import oracle.security.xmlsec.keys.RawX509Cert;
import oracle.security.xmlsec.keys.RetrievalMethod;
import oracle.security.xmlsec.keys.X509Data;
import oracle.security.xmlsec.util.XMLURI;
import oracle.security.xmlsec.util.XMLUtils;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

/* loaded from: input_file:oracle/security/xmlsec/keys/retrieval/KeyInfoTool.class */
public class KeyInfoTool extends KeyRetriever {
    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public PublicKey retrievePublicKey(KeyInfoData keyInfoData) throws KeyRetrievalException {
        PublicKey publicKey = null;
        KeyInfoData keyInfoData2 = keyInfoData;
        String type = keyInfoData2.getType();
        if (XMLURI.obj_RetrievalMethod.equals(type) && !XMLUtils.getAllowRetrievalMethodFlag()) {
            throw new KeyRetrievalException("RetrievalMethod cannot be used by default.To use it, change the JVM variable osdt.allow.retrievalMethod to true, but be aware of security risks by using RetrievalMethod.");
        }
        while (XMLURI.obj_RetrievalMethod.equals(type)) {
            try {
                keyInfoData2 = ((RetrievalMethod) keyInfoData2).getKeyInfoData();
                type = keyInfoData2.getType();
            } catch (ReferenceException e) {
                throw new KeyRetrievalException(e);
            }
        }
        if (XMLURI.obj_DSAKeyValue.equals(type) || XMLURI.obj_RSAKeyValue.equals(type) || XMLURI.obj_DHKeyValue.equals(type) || XMLURI.obj_ECDSAKeyValue.equals(type) || XMLURI.obj_ECKeyValue.equals(type)) {
            if (!XMLUtils.getAllowUnvalidatedCertFlag()) {
                throw new KeyRetrievalException("ERROR: DSA, RSA, DH or EC public keys are not allowed unless the JVM variable osdt.allow.unvalidatedCert  to true, or osdt.allow.all to true");
            }
            publicKey = ((KeyValue) keyInfoData2).getPublicKey();
        } else if (XMLURI.obj_X509Data.equals(type)) {
            X509Certificate certFromX509Data = getCertFromX509Data((X509Data) keyInfoData2);
            if (certFromX509Data != null && !XMLUtils.getAllowUnvalidatedCertFlag()) {
                try {
                    validateCertificate(((X509Data) keyInfoData2).getCertificates());
                } catch (IOException e2) {
                    throw new KeyRetrievalException(e2);
                }
            }
            if (certFromX509Data != null) {
                publicKey = certFromX509Data.getPublicKey();
            }
        } else if (XMLURI.obj_rawX509Certificate.equals(type)) {
            try {
                X509Certificate certificate = ((RawX509Cert) keyInfoData2).getCertificate();
                if (certificate != null && !XMLUtils.getAllowUnvalidatedCertFlag()) {
                    validateCertificate(certificate);
                }
                if (certificate != null) {
                    publicKey = certificate.getPublicKey();
                }
            } catch (IOException e3) {
                throw new KeyRetrievalException(e3);
            }
        }
        return publicKey;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v76, types: [javax.crypto.SecretKey] */
    /* JADX WARN: Type inference failed for: r0v81, types: [javax.crypto.SecretKey] */
    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public SecretKey retrieveSymmetricKey(KeyInfoData keyInfoData) throws KeyRetrievalException {
        Element element;
        XEEncryptionMethod encryptionMethod;
        SecretKeySpec secretKeySpec = null;
        KeyInfoData keyInfoData2 = keyInfoData;
        String type = keyInfoData2.getType();
        if (XMLUtils.getAllowRetrievalMethodFlag()) {
            while (XMLURI.obj_RetrievalMethod.equals(type)) {
                try {
                    keyInfoData2 = ((RetrievalMethod) keyInfoData2).getKeyInfoData();
                    type = keyInfoData2.getType();
                } catch (ReferenceException e) {
                    throw new KeyRetrievalException(e);
                }
            }
        }
        if (XMLURI.obj_EncryptedKey.equals(type)) {
            try {
                secretKeySpec = ((XEEncryptedKey) keyInfoData2).getKey(null);
            } catch (XEException e2) {
            }
        } else if (XMLURI.obj_KeyName.equals(type)) {
            KeyName keyName = (KeyName) keyInfoData2;
            String name = keyName.getName();
            if (name != null) {
                NodeList elementsByTagNameNS = keyName.getOwnerDocument().getElementsByTagNameNS(XMLURI.ns_xmlenc, "EncryptedKey");
                int length = elementsByTagNameNS.getLength();
                for (int i = 0; i < length && secretKeySpec == null; i++) {
                    XEEncryptedKey xEEncryptedKey = new XEEncryptedKey((Element) elementsByTagNameNS.item(i), keyName.getSystemId());
                    if (name.equals(xEEncryptedKey.getCarriedKeyName())) {
                        secretKeySpec = KeyRetriever.getSymmetricKey(xEEncryptedKey);
                    }
                }
            }
        } else if (XMLURI.alg_dh.equals(type)) {
            DHAgreementMethod dHAgreementMethod = (DHAgreementMethod) keyInfoData2;
            Element element2 = (Element) dHAgreementMethod.getParentNode();
            if (element2 != null && XMLURI.ns_xmldsig.equals(element2.getNamespaceURI()) && "KeyInfo".equals(element2.getLocalName()) && (element = (Element) element2.getParentNode()) != null && XMLURI.ns_xmlenc.equals(element.getNamespaceURI()) && (("EncryptedKey".equals(element.getLocalName()) || "EncryptedData".equals(element.getLocalName())) && (encryptionMethod = XEEncryptedObject.getInstance(element, dHAgreementMethod.getSystemId()).getEncryptionMethod()) != null)) {
                OriginatorKeyInfo originatorKeyInfo = dHAgreementMethod.getOriginatorKeyInfo();
                RecipientKeyInfo recipientKeyInfo = dHAgreementMethod.getRecipientKeyInfo();
                if (originatorKeyInfo != null && recipientKeyInfo != null) {
                    PublicKey publicKey = KeyRetriever.getPublicKey(originatorKeyInfo);
                    PrivateKey privateKey = KeyRetriever.getPrivateKey(recipientKeyInfo);
                    if (publicKey != null && privateKey != null) {
                        try {
                            secretKeySpec = new SecretKeySpec(dHAgreementMethod.generateKeyMaterial(encryptionMethod, privateKey, publicKey), encryptionMethod.getJCEKeyAlgorithm());
                        } catch (XECipherException e3) {
                            throw new KeyRetrievalException(e3);
                        } catch (XESchemaException e4) {
                            throw new KeyRetrievalException(e4);
                        }
                    }
                }
            }
        }
        return secretKeySpec;
    }

    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public X509Certificate retrieveCertificate(KeyInfoData keyInfoData) throws KeyRetrievalException {
        X509Certificate x509Certificate = null;
        KeyInfoData keyInfoData2 = keyInfoData;
        String type = keyInfoData2.getType();
        if (XMLUtils.getAllowRetrievalMethodFlag()) {
            while (XMLURI.obj_RetrievalMethod.equals(type)) {
                try {
                    keyInfoData2 = ((RetrievalMethod) keyInfoData2).getKeyInfoData();
                    type = keyInfoData2.getType();
                } catch (ReferenceException e) {
                    throw new KeyRetrievalException(e);
                }
            }
        }
        if (XMLURI.obj_X509Data.equals(type)) {
            x509Certificate = getCertFromX509Data((X509Data) keyInfoData2);
            if (x509Certificate != null && !XMLUtils.getAllowUnvalidatedCertFlag()) {
                try {
                    validateCertificate(((X509Data) keyInfoData2).getCertificates());
                } catch (IOException e2) {
                    throw new KeyRetrievalException(e2);
                }
            }
        }
        return x509Certificate;
    }

    private static X509Certificate getCertFromX509Data(X509Data x509Data) throws KeyRetrievalException {
        try {
            Vector certificates = x509Data.getCertificates();
            if (certificates.size() == 0) {
                return null;
            }
            if (certificates.size() == 1) {
                return (X509Certificate) certificates.elementAt(0);
            }
            Vector issuerSerials = x509Data.getIssuerSerials();
            Vector subjectKeyIDs = x509Data.getSubjectKeyIDs();
            Vector subjectNames = x509Data.getSubjectNames();
            int size = certificates.size();
            for (int i = 0; i < size; i++) {
                X509Certificate x509Certificate = (X509Certificate) certificates.elementAt(i);
                X509Data.IssuerAndSerialNo issuerAndSerialNo = new X509Data.IssuerAndSerialNo(x509Certificate.getIssuerX500Principal(), x509Certificate.getSerialNumber());
                int size2 = issuerSerials.size();
                for (int i2 = 0; i2 < size2; i2++) {
                    if (((X509Data.IssuerAndSerialNo) issuerSerials.elementAt(i2)).equals(issuerAndSerialNo)) {
                        return x509Certificate;
                    }
                }
                byte[] ski = XMLUtils.getSKI(x509Certificate);
                if (ski != null) {
                    int size3 = subjectKeyIDs.size();
                    for (int i3 = 0; i3 < size3; i3++) {
                        if (Utils.areEqual((byte[]) subjectKeyIDs.elementAt(i3), ski)) {
                            return x509Certificate;
                        }
                    }
                }
                X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
                int size4 = subjectNames.size();
                for (int i4 = 0; i4 < size4; i4++) {
                    if (((X500Principal) subjectNames.elementAt(i4)).equals(subjectX500Principal)) {
                        return x509Certificate;
                    }
                }
            }
            return (X509Certificate) certificates.elementAt(0);
        } catch (IOException e) {
            throw new KeyRetrievalException(e);
        }
    }
}
