package org.opensaml.xml.security.x509;

import java.security.cert.CRLException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import org.opensaml.xml.Configuration;
import org.opensaml.xml.XMLObject;
import org.opensaml.xml.security.SecurityException;
import org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory;
import org.opensaml.xml.security.credential.Credential;
import org.opensaml.xml.security.keyinfo.KeyInfoGenerator;
import org.opensaml.xml.security.keyinfo.KeyInfoHelper;
import org.opensaml.xml.signature.KeyInfo;
import org.opensaml.xml.signature.X509Data;
import org.opensaml.xml.signature.X509SKI;
import org.opensaml.xml.signature.impl.KeyInfoBuilder;
import org.opensaml.xml.signature.impl.X509DataBuilder;
import org.opensaml.xml.util.DatatypeHelper;
import org.opensaml.xml.util.LazySet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/xmltooling-1.3.2-1.jar:org/opensaml/xml/security/x509/X509KeyInfoGeneratorFactory.class */
public class X509KeyInfoGeneratorFactory extends BasicKeyInfoGeneratorFactory {
    private X509Options options = (X509Options) super.getOptions();

    /* loaded from: input_file:WEB-INF/lib/xmltooling-1.3.2-1.jar:org/opensaml/xml/security/x509/X509KeyInfoGeneratorFactory$X509KeyInfoGenerator.class */
    public class X509KeyInfoGenerator extends BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator {
        private final Logger log;
        private X509Options options;
        private KeyInfoBuilder keyInfoBuilder;
        private X509DataBuilder x509DataBuilder;

        protected X509KeyInfoGenerator(X509Options x509Options) {
            super(x509Options);
            this.log = LoggerFactory.getLogger(X509KeyInfoGenerator.class);
            this.options = x509Options;
            this.keyInfoBuilder = (KeyInfoBuilder) Configuration.getBuilderFactory().getBuilder(KeyInfo.DEFAULT_ELEMENT_NAME);
            this.x509DataBuilder = (X509DataBuilder) Configuration.getBuilderFactory().getBuilder(X509Data.DEFAULT_ELEMENT_NAME);
        }

        @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory.BasicKeyInfoGenerator, org.opensaml.xml.security.keyinfo.KeyInfoGenerator
        public KeyInfo generate(Credential credential) throws SecurityException {
            if (!(credential instanceof X509Credential)) {
                this.log.warn("X509KeyInfoGenerator was passed a credential that was not an instance of X509Credential: {}", credential.getClass().getName());
                return null;
            }
            X509Credential x509Credential = (X509Credential) credential;
            KeyInfo generate = super.generate(credential);
            if (generate == null) {
                generate = this.keyInfoBuilder.buildObject();
            }
            X509Data buildObject = this.x509DataBuilder.buildObject();
            processEntityCertificate(generate, buildObject, x509Credential);
            processEntityCertificateChain(generate, buildObject, x509Credential);
            processCRLs(generate, buildObject, x509Credential);
            List<XMLObject> orderedChildren = buildObject.getOrderedChildren();
            if (orderedChildren != null && orderedChildren.size() > 0) {
                generate.getX509Datas().add(buildObject);
            }
            List<XMLObject> orderedChildren2 = generate.getOrderedChildren();
            if (orderedChildren2 == null || orderedChildren2.size() <= 0) {
                return null;
            }
            return generate;
        }

        protected void processEntityCertificate(KeyInfo keyInfo, X509Data x509Data, X509Credential x509Credential) throws SecurityException {
            if (x509Credential.getEntityCertificate() == null) {
                return;
            }
            X509Certificate entityCertificate = x509Credential.getEntityCertificate();
            processCertX509DataOptions(x509Data, entityCertificate);
            processCertKeyNameOptions(keyInfo, entityCertificate);
            if (!this.options.emitEntityCertificate || this.options.emitEntityCertificateChain) {
                return;
            }
            try {
                x509Data.getX509Certificates().add(KeyInfoHelper.buildX509Certificate(entityCertificate));
            } catch (CertificateEncodingException e) {
                throw new SecurityException("Error generating X509Certificate element from credential's end-entity certificate", e);
            }
        }

        protected void processCertX509DataOptions(X509Data x509Data, X509Certificate x509Certificate) {
            processCertX509SubjectName(x509Data, x509Certificate);
            processCertX509IssuerSerial(x509Data, x509Certificate);
            processCertX509SKI(x509Data, x509Certificate);
        }

        protected void processCertKeyNameOptions(KeyInfo keyInfo, X509Certificate x509Certificate) {
            processSubjectDNKeyName(keyInfo, x509Certificate);
            processSubjectCNKeyName(keyInfo, x509Certificate);
            processSubjectAltNameKeyNames(keyInfo, x509Certificate);
        }

        protected void processCertX509SubjectName(X509Data x509Data, X509Certificate x509Certificate) {
            if (this.options.emitX509SubjectName) {
                String subjectName = getSubjectName(x509Certificate);
                if (DatatypeHelper.isEmpty(subjectName)) {
                    return;
                }
                x509Data.getX509SubjectNames().add(KeyInfoHelper.buildX509SubjectName(subjectName));
            }
        }

        protected void processCertX509IssuerSerial(X509Data x509Data, X509Certificate x509Certificate) {
            if (this.options.emitX509IssuerSerial) {
                String issuerName = getIssuerName(x509Certificate);
                if (DatatypeHelper.isEmpty(issuerName)) {
                    return;
                }
                x509Data.getX509IssuerSerials().add(KeyInfoHelper.buildX509IssuerSerial(issuerName, x509Certificate.getSerialNumber()));
            }
        }

        protected void processCertX509SKI(X509Data x509Data, X509Certificate x509Certificate) {
            X509SKI buildX509SKI;
            if (!this.options.emitX509SKI || (buildX509SKI = KeyInfoHelper.buildX509SKI(x509Certificate)) == null) {
                return;
            }
            x509Data.getX509SKIs().add(buildX509SKI);
        }

        protected String getSubjectName(X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                return null;
            }
            return !DatatypeHelper.isEmpty(this.options.x500SubjectDNFormat) ? this.options.x500DNHandler.getName(x509Certificate.getSubjectX500Principal(), this.options.x500SubjectDNFormat) : this.options.x500DNHandler.getName(x509Certificate.getSubjectX500Principal());
        }

        protected String getIssuerName(X509Certificate x509Certificate) {
            if (x509Certificate == null) {
                return null;
            }
            return !DatatypeHelper.isEmpty(this.options.x500IssuerDNFormat) ? this.options.x500DNHandler.getName(x509Certificate.getIssuerX500Principal(), this.options.x500IssuerDNFormat) : this.options.x500DNHandler.getName(x509Certificate.getIssuerX500Principal());
        }

        protected void processSubjectDNKeyName(KeyInfo keyInfo, X509Certificate x509Certificate) {
            if (this.options.emitSubjectDNAsKeyName) {
                String subjectName = getSubjectName(x509Certificate);
                if (DatatypeHelper.isEmpty(subjectName)) {
                    return;
                }
                KeyInfoHelper.addKeyName(keyInfo, subjectName);
            }
        }

        protected void processSubjectCNKeyName(KeyInfo keyInfo, X509Certificate x509Certificate) {
            if (this.options.emitSubjectCNAsKeyName) {
                for (String str : X509Util.getCommonNames(x509Certificate.getSubjectX500Principal())) {
                    if (!DatatypeHelper.isEmpty(str)) {
                        KeyInfoHelper.addKeyName(keyInfo, str);
                    }
                }
            }
        }

        protected void processSubjectAltNameKeyNames(KeyInfo keyInfo, X509Certificate x509Certificate) {
            if (!this.options.emitSubjectAltNamesAsKeyNames || this.options.subjectAltNames.size() <= 0) {
                return;
            }
            Integer[] numArr = new Integer[this.options.subjectAltNames.size()];
            this.options.subjectAltNames.toArray(numArr);
            for (Object obj : X509Util.getAltNames(x509Certificate, numArr)) {
                if (obj instanceof String) {
                    KeyInfoHelper.addKeyName(keyInfo, (String) obj);
                } else if (obj instanceof byte[]) {
                    this.log.warn("Certificate contained an alt name value as a DER-encoded byte[] (not supported)");
                } else {
                    this.log.warn("Certificate contained an alt name value with an unexpected type: {}", obj.getClass().getName());
                }
            }
        }

        protected void processEntityCertificateChain(KeyInfo keyInfo, X509Data x509Data, X509Credential x509Credential) throws SecurityException {
            if (!this.options.emitEntityCertificateChain || x509Credential.getEntityCertificateChain() == null) {
                return;
            }
            Iterator<X509Certificate> it = x509Credential.getEntityCertificateChain().iterator();
            while (it.hasNext()) {
                try {
                    x509Data.getX509Certificates().add(KeyInfoHelper.buildX509Certificate(it.next()));
                } catch (CertificateEncodingException e) {
                    throw new SecurityException("Error generating X509Certificate element from a certificate in credential's certificate chain", e);
                }
            }
        }

        protected void processCRLs(KeyInfo keyInfo, X509Data x509Data, X509Credential x509Credential) throws SecurityException {
            if (!this.options.emitCRLs || x509Credential.getCRLs() == null) {
                return;
            }
            Iterator<X509CRL> it = x509Credential.getCRLs().iterator();
            while (it.hasNext()) {
                try {
                    x509Data.getX509CRLs().add(KeyInfoHelper.buildX509CRL(it.next()));
                } catch (CRLException e) {
                    throw new SecurityException("Error generating X509CRL element from a CRL in credential's CRL list", e);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:WEB-INF/lib/xmltooling-1.3.2-1.jar:org/opensaml/xml/security/x509/X509KeyInfoGeneratorFactory$X509Options.class */
    public class X509Options extends BasicKeyInfoGeneratorFactory.BasicOptions {
        private boolean emitEntityCertificate;
        private boolean emitEntityCertificateChain;
        private boolean emitCRLs;
        private boolean emitX509SubjectName;
        private boolean emitX509IssuerSerial;
        private boolean emitX509SKI;
        private boolean emitSubjectDNAsKeyName;
        private boolean emitSubjectCNAsKeyName;
        private boolean emitSubjectAltNamesAsKeyNames;
        private Set<Integer> subjectAltNames;
        private X500DNHandler x500DNHandler;
        private String x500SubjectDNFormat;
        private String x500IssuerDNFormat;

        protected X509Options() {
            super();
            this.subjectAltNames = new LazySet();
            this.x500DNHandler = new InternalX500DNHandler();
            this.x500SubjectDNFormat = X500DNHandler.FORMAT_RFC2253;
            this.x500IssuerDNFormat = X500DNHandler.FORMAT_RFC2253;
        }

        /* JADX INFO: Access modifiers changed from: protected */
        @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory.BasicOptions
        /* renamed from: clone */
        public X509Options mo4781clone() {
            X509Options x509Options = (X509Options) super.mo4781clone();
            x509Options.subjectAltNames = new LazySet();
            x509Options.subjectAltNames.addAll(this.subjectAltNames);
            x509Options.x500DNHandler = this.x500DNHandler.m4784clone();
            return x509Options;
        }
    }

    @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory, org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory
    public Class<? extends Credential> getCredentialType() {
        return X509Credential.class;
    }

    @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory, org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory
    public boolean handles(Credential credential) {
        return credential instanceof X509Credential;
    }

    @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory, org.opensaml.xml.security.keyinfo.KeyInfoGeneratorFactory
    public KeyInfoGenerator newInstance() {
        return new X509KeyInfoGenerator(this.options.mo4781clone());
    }

    public boolean emitCRLs() {
        return this.options.emitCRLs;
    }

    public void setEmitCRLs(boolean z) {
        this.options.emitCRLs = z;
    }

    public boolean emitEntityCertificate() {
        return this.options.emitEntityCertificate;
    }

    public void setEmitEntityCertificate(boolean z) {
        this.options.emitEntityCertificate = z;
    }

    public boolean emitEntityCertificateChain() {
        return this.options.emitEntityCertificateChain;
    }

    public void setEmitEntityCertificateChain(boolean z) {
        this.options.emitEntityCertificateChain = z;
    }

    public boolean emitSubjectAltNamesAsKeyNames() {
        return this.options.emitSubjectAltNamesAsKeyNames;
    }

    public void setEmitSubjectAltNamesAsKeyNames(boolean z) {
        this.options.emitSubjectAltNamesAsKeyNames = z;
    }

    public boolean emitSubjectCNAsKeyName() {
        return this.options.emitSubjectCNAsKeyName;
    }

    public void setEmitSubjectCNAsKeyName(boolean z) {
        this.options.emitSubjectCNAsKeyName = z;
    }

    public boolean emitSubjectDNAsKeyName() {
        return this.options.emitSubjectDNAsKeyName;
    }

    public void setEmitSubjectDNAsKeyName(boolean z) {
        this.options.emitSubjectDNAsKeyName = z;
    }

    public boolean emitX509IssuerSerial() {
        return this.options.emitX509IssuerSerial;
    }

    public void setEmitX509IssuerSerial(boolean z) {
        this.options.emitX509IssuerSerial = z;
    }

    public boolean emitX509SKI() {
        return this.options.emitX509SKI;
    }

    public void setEmitX509SKI(boolean z) {
        this.options.emitX509SKI = z;
    }

    public boolean emitX509SubjectName() {
        return this.options.emitX509SubjectName;
    }

    public void setEmitX509SubjectName(boolean z) {
        this.options.emitX509SubjectName = z;
    }

    public Set<Integer> getSubjectAltNames() {
        return this.options.subjectAltNames;
    }

    public X500DNHandler getX500DNHandler() {
        return this.options.x500DNHandler;
    }

    public void setX500DNHandler(X500DNHandler x500DNHandler) {
        if (x500DNHandler == null) {
            throw new IllegalArgumentException("X500DNHandler may not be null");
        }
        this.options.x500DNHandler = x500DNHandler;
    }

    public String getX500SubjectDNFormat() {
        return this.options.x500SubjectDNFormat;
    }

    public void setX500SubjectDNFormat(String str) {
        this.options.x500SubjectDNFormat = str;
    }

    public String getX500IssuerDNFormat() {
        return this.options.x500IssuerDNFormat;
    }

    public void setX500IssuerDNFormat(String str) {
        this.options.x500IssuerDNFormat = str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory
    public X509Options getOptions() {
        return this.options;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.opensaml.xml.security.credential.BasicKeyInfoGeneratorFactory
    public X509Options newOptions() {
        return new X509Options();
    }
}
