package com.ibm.wsspi.wssecurity.keyinfo;

import com.ibm.ws.webservices.wssecurity.keyinfo.WSSKeyInfoComponent;
import com.ibm.ws.webservices.wssecurity.token.TokenManager;
import com.ibm.ws.wssecurity.xss4j.dsig.KeyInfo;
import com.ibm.wsspi.wssecurity.Constants;
import com.ibm.wsspi.wssecurity.SoapSecurityException;
import com.ibm.wsspi.wssecurity.auth.token.X509BSToken;
import com.ibm.wsspi.wssecurity.config.TokenConsumerConfig;
import com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator;
import com.ibm.xml.soapsec.util.ConfigUtil;
import com.ibm.xml.soapsec.util.Tr;
import com.ibm.xml.soapsec.util.TraceComponent;
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.Map;

/* loaded from: input_file:com/ibm/wsspi/wssecurity/keyinfo/X509TokenKeyLocator.class */
public class X509TokenKeyLocator extends KeyStoreKeyLocator {
    private static final String comp = "security.wssecurity";
    private static final TraceComponent tc = Tr.register(X509TokenKeyLocator.class, "Web Services Security", "com.ibm.ws.webservices.wssecurity.resources.was-wssecurity");
    private static final String clsName = X509TokenKeyLocator.class.getName();

    @Override // com.ibm.wsspi.wssecurity.keyinfo.KeyStoreKeyLocator, com.ibm.wsspi.wssecurity.keyinfo.KeyLocator
    public Key getKey(Map map, Map map2) throws SoapSecurityException {
        boolean isKeyInfoKeyname;
        boolean isKeyInfoKeyid;
        boolean isKeyInfoStrref;
        boolean isKeyInfoEmb;
        boolean isKeyInfoX509issuer;
        boolean equals;
        boolean equals2;
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getKey(Map type,Map context)");
        }
        if (!this._initialized) {
            doInit();
        }
        String str = (String) map.get(Constants.WSSECURITY_KEYINFO_TYPE);
        if (str == null) {
            isKeyInfoX509issuer = false;
            isKeyInfoEmb = false;
            isKeyInfoStrref = false;
            isKeyInfoKeyid = false;
            isKeyInfoKeyname = false;
        } else {
            isKeyInfoKeyname = ConfigUtil.isKeyInfoKeyname(str);
            isKeyInfoKeyid = ConfigUtil.isKeyInfoKeyid(str);
            isKeyInfoStrref = ConfigUtil.isKeyInfoStrref(str);
            isKeyInfoEmb = ConfigUtil.isKeyInfoEmb(str);
            isKeyInfoX509issuer = ConfigUtil.isKeyInfoX509issuer(str);
        }
        String str2 = (String) map.get(Constants.WSSECURITY_KEY_TYPE);
        if (str2 == null) {
            equals2 = false;
            equals = false;
        } else {
            equals = WSSKeyInfoComponent.KEY_VERIFYING.equals(str2);
            equals2 = WSSKeyInfoComponent.KEY_DECRYPTING.equals(str2);
        }
        if (!equals && !equals2) {
            throw SoapSecurityException.format("security.wssecurity.KeyStoreKeyLocator.getKey02", str2);
        }
        TokenConsumerConfig tokenConsumerConfig = (TokenConsumerConfig) map.get(Constants.WSSECURITY_KEYINFO_TOKEN_REFERENCE);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "KeyInfoType [" + str + "].");
            Tr.debug(tc, "KeyType [" + str2 + "].");
            Tr.debug(tc, "Configuration of a TokenConsumer [" + tokenConsumerConfig + "].");
        }
        Key key = (Key) map2.remove(getClass());
        if (key == null) {
            X509Certificate cert = getCert(isKeyInfoKeyname, isKeyInfoKeyid, isKeyInfoStrref, isKeyInfoEmb, isKeyInfoX509issuer, tokenConsumerConfig, map, map2);
            if (cert == null) {
                throw SoapSecurityException.format("security.wssecurity.X509IssuerContentGenerator.getKey01");
            }
            map2.put(cert.getPublicKey(), cert);
            if (tc.isEntryEnabled()) {
                Tr.debug(tc, "(key, certificate) put in context");
            }
            if (equals2) {
                key = getPrivateKey(cert);
            } else if (equals) {
                key = getPublicKey(cert);
            }
        }
        map2.put(getClass(), key);
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getKey(Map type, Map context) returns Key[" + key + "]");
        }
        return key;
    }

    private X509Certificate getCert(boolean z, boolean z2, boolean z3, boolean z4, boolean z5, TokenConsumerConfig tokenConsumerConfig, Map map, Map map2) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getCert(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],TokenConsumerConfig tconfig,Map type,Map context)");
        }
        X509Certificate x509Certificate = null;
        String str = null;
        if (z) {
            str = (String) map.get(Constants.WSSECURITY_KEY_NAME);
        } else if (z2) {
            str = (String) map.get(Constants.WSSECURITY_KEY_ID);
        } else if (z3) {
            str = (String) map.get(Constants.WSSECURITY_KEY_REFERENCE);
        } else if (z4) {
            str = (String) map.get(Constants.WSSECURITY_KEY_EMBID);
        } else if (z5) {
            String str2 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERNAME);
            String str3 = (String) map.get(Constants.WSSECURITY_KEY_ISSUERSERIAL);
            if (str2 != null && str3 != null) {
                str = str2 + ":" + str3;
            }
        }
        X509BSToken x509BSToken = (X509BSToken) TokenManager.getToken(map2, tokenConsumerConfig, str);
        if (x509BSToken != null) {
            if (x509BSToken.getError() != null) {
                throw x509BSToken.getError();
            }
            x509Certificate = x509BSToken.getCert();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getToken(boolean isKeyName[" + z + "],boolean isKeyId[" + z2 + "],boolean isStrref[" + z3 + "],boolean isEmb[" + z4 + "],boolean isX509[" + z5 + "],Map context) returns X509Certificate[" + x509Certificate + "]");
        }
        return x509Certificate;
    }

    private Key getPrivateKey(X509Certificate x509Certificate) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPrivateKey(X509Certificate cert)");
        }
        Key key = null;
        if (x509Certificate != null && this._keylist != null) {
            String encodeDName = KeyInfo.X509Data.encodeDName(x509Certificate.getSubjectDN().getName());
            Iterator it = this._keylist.keySet().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String encodeDName2 = KeyInfo.X509Data.encodeDName((String) it.next());
                if (encodeDName.equals(encodeDName2)) {
                    key = ((KeyStoreKeyLocator.KeyInformation) this._keylist.get(encodeDName2)).getPrivateOrSecretKey();
                    break;
                }
            }
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPrivateKey(X509Certificate cert) returns Key[" + key + "]");
        }
        return key;
    }

    private Key getPublicKey(X509Certificate x509Certificate) throws SoapSecurityException {
        if (tc.isEntryEnabled()) {
            Tr.entry(tc, "getPublicKey(X509Certificate cert[" + x509Certificate + "])");
        }
        PublicKey publicKey = null;
        if (x509Certificate != null) {
            publicKey = x509Certificate.getPublicKey();
        }
        if (tc.isEntryEnabled()) {
            Tr.exit(tc, "getPublicKey(X509Certificate cert) returns Key[" + publicKey + "]");
        }
        return publicKey;
    }
}
