package iaik.xml.crypto.pki.impl;

import iaik.logging.Log;
import iaik.logging.LogFactory;
import iaik.logging.TransactionId;
import iaik.pki.PKIConfiguration;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.PKIModule;
import iaik.pki.PKIProfile;
import iaik.utils.Util;
import iaik.x509.X509CRL;
import iaik.x509.X509Certificate;
import iaik.x509.ocsp.OCSPResponse;
import iaik.xml.crypto.pki.CertificatePathValidationException;
import iaik.xml.crypto.pki.CertificatePathValidationResult;
import iaik.xml.crypto.pki.CertificatePathValidator;
import iaik.xml.crypto.utils.X509KeySelectorResult;
import java.security.Key;
import java.security.PublicKey;
import java.util.Date;
import java.util.List;
import javax.crypto.SecretKey;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.dsig.XMLSignature;

/* loaded from: input_file:iaik/xml/crypto/pki/impl/CertificatePathValidatorImpl.class */
public class CertificatePathValidatorImpl implements CertificatePathValidator {
    protected PKIConfiguration pkiConfiguration_;
    protected PKIProfile pkiProfile_;
    protected TransactionId tid_;
    protected static Log log_ = LogFactory.getLog("pki");

    public CertificatePathValidatorImpl(PKIConfiguration pKIConfiguration, PKIProfile pKIProfile, TransactionId transactionId) throws CertificatePathValidationException {
        if (pKIConfiguration == null) {
            throw new NullPointerException("Argument \"pkiConfiguration\" must not be null.");
        }
        if (pKIProfile == null) {
            throw new NullPointerException("Argument \"pkiProfile\" must not be null.");
        }
        this.pkiConfiguration_ = pKIConfiguration;
        this.pkiProfile_ = pKIProfile;
        this.tid_ = transactionId;
        try {
            PKIFactory.getInstance().configure(this.pkiConfiguration_, transactionId);
        } catch (PKIException e) {
            throw new CertificatePathValidationException("Could not configure IAIK PKI module.", e);
        }
    }

    protected PKIModule getPKIModule(PKIProfile pKIProfile) throws CertificatePathValidationException {
        try {
            return PKIFactory.getInstance().getPKIModule(pKIProfile);
        } catch (PKIException e) {
            throw new CertificatePathValidationException("Could not create an IAIK PKI module for the given profile.", e);
        }
    }

    @Override // iaik.xml.crypto.pki.CertificatePathValidator
    public synchronized CertificatePathValidationResult validateCertificate(X509Certificate x509Certificate, Date date) throws CertificatePathValidationException {
        if (x509Certificate == null) {
            throw new NullPointerException("Argument \"certificate\" must not be null.");
        }
        if (date == null) {
            throw new NullPointerException("Argument \"validationDate\" must not be null.");
        }
        try {
            return new CertificatePathValidationResultImpl(getPKIModule(this.pkiProfile_).validateCertificate(date, x509Certificate, (X509Certificate[]) null, (boolean[]) null, this.tid_));
        } catch (PKIException e) {
            throw new CertificatePathValidationException(new StringBuffer().append("Could not validate certificate: ").append(e.getMessage()).toString(), e);
        }
    }

    @Override // iaik.xml.crypto.pki.CertificatePathValidator
    public synchronized CertificatePathValidationResult validateCertificate(KeySelectorResult keySelectorResult, Date date) throws CertificatePathValidationException {
        CertificatePathValidationResultImpl certificatePathValidationResultImpl;
        X509Certificate x509Certificate;
        if (keySelectorResult == null) {
            throw new NullPointerException("Argument \"keySelectorResult\" must not be null.");
        }
        if (date == null) {
            throw new NullPointerException("Argument \"validationDate\" must not be null.");
        }
        Key key = keySelectorResult.getKey();
        if (key == null) {
            log_.info(this.tid_, "KeySelctorResult does not provide a public key.", (Throwable) null);
            return new CertificatePathValidationResultImpl();
        }
        if (!(key instanceof PublicKey) && !(key instanceof SecretKey)) {
            log_.info(this.tid_, "Key provided by KeySelctorResult is neither a public nor a secret key.", (Throwable) null);
            return new CertificatePathValidationResultImpl();
        }
        if (keySelectorResult instanceof X509KeySelectorResult) {
            X509KeySelectorResult x509KeySelectorResult = (X509KeySelectorResult) keySelectorResult;
            X509Certificate[] x509CertificateArr = null;
            X509CRL[] x509crlArr = null;
            List certificates = x509KeySelectorResult.getCertificates();
            List cRLs = x509KeySelectorResult.getCRLs();
            if (cRLs != null && !cRLs.isEmpty()) {
                x509crlArr = (X509CRL[]) cRLs.toArray();
            }
            if (certificates == null || certificates.size() <= 0) {
                certificatePathValidationResultImpl = new CertificatePathValidationResultImpl();
            } else {
                if (certificates.size() == 1) {
                    x509Certificate = (X509Certificate) certificates.get(0);
                } else {
                    x509CertificateArr = Util.arrangeCertificateChain((X509Certificate[]) certificates.toArray(), false);
                    x509Certificate = x509CertificateArr[0];
                }
                try {
                    certificatePathValidationResultImpl = new CertificatePathValidationResultImpl(getPKIModule(this.pkiProfile_).validateCertificate(date, x509Certificate, x509CertificateArr, x509crlArr, (OCSPResponse[]) null, false, (boolean[]) null, this.tid_));
                } catch (PKIException e) {
                    throw new CertificatePathValidationException(new StringBuffer().append("Could not validate certificate: ").append(e.getMessage()).toString(), e);
                }
            }
        } else {
            certificatePathValidationResultImpl = new CertificatePathValidationResultImpl();
        }
        return certificatePathValidationResultImpl;
    }

    @Override // iaik.xml.crypto.pki.CertificatePathValidator
    public synchronized CertificatePathValidationResult validateCertificate(XMLSignature xMLSignature, Date date) throws CertificatePathValidationException {
        if (xMLSignature == null) {
            throw new NullPointerException("Argument \"xmlSignature\" must not be null.");
        }
        if (date == null) {
            throw new NullPointerException("Argument \"validationDate\" must not be null.");
        }
        KeySelectorResult keySelectorResult = xMLSignature.getKeySelectorResult();
        if (keySelectorResult != null) {
            return validateCertificate(keySelectorResult, date);
        }
        log_.info(this.tid_, "XMLSignature does not provide a key slector result.", (Throwable) null);
        return new CertificatePathValidationResultImpl();
    }
}
