package org.apache.xml.security.stax.impl.securityToken;

import java.math.BigInteger;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.spec.ECFieldFp;
import java.security.spec.ECParameterSpec;
import java.security.spec.ECPoint;
import java.security.spec.ECPublicKeySpec;
import java.security.spec.EllipticCurve;
import java.security.spec.InvalidKeySpecException;
import org.apache.xml.security.algorithms.implementations.ECDSAUtils;
import org.apache.xml.security.binding.xmldsig11.ECKeyValueType;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.stax.ext.InboundSecurityContext;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;

/* loaded from: input_file:lib/xmlsec-3.0.3.jar:org/apache/xml/security/stax/impl/securityToken/ECKeyValueSecurityToken.class */
public class ECKeyValueSecurityToken extends AbstractInboundSecurityToken {
    private ECKeyValueType ecKeyValueType;

    public ECKeyValueSecurityToken(ECKeyValueType eCKeyValueType, InboundSecurityContext inboundSecurityContext) throws XMLSecurityException {
        super(inboundSecurityContext, IDGenerator.generateID(null), SecurityTokenConstants.KeyIdentifier_KeyValue, true);
        if (eCKeyValueType.getECParameters() != null) {
            throw new XMLSecurityException("stax.ecParametersNotSupported");
        }
        if (eCKeyValueType.getNamedCurve() == null) {
            throw new XMLSecurityException("stax.namedCurveMissing");
        }
        this.ecKeyValueType = eCKeyValueType;
    }

    private PublicKey buildPublicKey(ECKeyValueType eCKeyValueType) throws InvalidKeySpecException, NoSuchAlgorithmException, XMLSecurityException {
        String uri = eCKeyValueType.getNamedCurve().getURI();
        if (uri.startsWith("urn:oid:")) {
            uri = uri.substring(8);
        }
        ECDSAUtils.ECCurveDefinition eCCurveDefinition = ECDSAUtils.getECCurveDefinition(uri);
        if (eCCurveDefinition == null) {
            throw new XMLSecurityException("stax.unsupportedKeyValue");
        }
        EllipticCurve ellipticCurve = new EllipticCurve(new ECFieldFp(new BigInteger(eCCurveDefinition.getField(), 16)), new BigInteger(eCCurveDefinition.getA(), 16), new BigInteger(eCCurveDefinition.getB(), 16));
        ECPoint decodePoint = ECDSAUtils.decodePoint(eCKeyValueType.getPublicKey(), ellipticCurve);
        return KeyFactory.getInstance("EC").generatePublic(new ECPublicKeySpec(new ECPoint(decodePoint.getAffineX(), decodePoint.getAffineY()), new ECParameterSpec(ellipticCurve, new ECPoint(new BigInteger(eCCurveDefinition.getX(), 16), new BigInteger(eCCurveDefinition.getY(), 16)), new BigInteger(eCCurveDefinition.getN(), 16), eCCurveDefinition.getH())));
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
    public PublicKey getPublicKey() throws XMLSecurityException {
        if (super.getPublicKey() == null) {
            try {
                setPublicKey(buildPublicKey(this.ecKeyValueType));
            } catch (NoSuchAlgorithmException e) {
                throw new XMLSecurityException(e);
            } catch (InvalidKeySpecException e2) {
                throw new XMLSecurityException(e2);
            }
        }
        return super.getPublicKey();
    }

    @Override // org.apache.xml.security.stax.impl.securityToken.AbstractSecurityToken, org.apache.xml.security.stax.securityToken.SecurityToken
    public boolean isAsymmetric() {
        return true;
    }

    @Override // org.apache.xml.security.stax.securityToken.SecurityToken
    public SecurityTokenConstants.TokenType getTokenType() {
        return SecurityTokenConstants.KeyValueToken;
    }
}
