package org.apache.tsik.xmlsig;

import java.security.GeneralSecurityException;
import java.security.MessageDigest;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import org.apache.tsik.domutil.DOMCursor;
import org.apache.tsik.domutil.DOMWriteCursor;
import org.apache.tsik.domutil.elements.ElementException;
import org.apache.tsik.util.InternalRuntimeException;
import org.apache.tsik.verifier.TrustVerificationException;
import org.apache.tsik.verifier.TrustVerifier;

/* loaded from: input_file:org/apache/tsik/xmlsig/KeyInfo.class */
public class KeyInfo {
    private boolean immutable;
    private X509Certificate[] certs;
    private PublicKey keyValue;
    private byte[] ski;
    private String keyName;
    private String subjectName;
    private String issuerName;
    private String serialNumber;

    public PublicKey getKeyValue() {
        if (this.keyValue != null) {
            return this.keyValue;
        }
        if (this.certs != null) {
            return this.certs[0].getPublicKey();
        }
        return null;
    }

    public void setKeyValue(PublicKey publicKey) {
        if (this.immutable) {
            throwImmutable();
        }
        this.keyValue = publicKey;
    }

    public X509Certificate[] getCertificateChain() {
        return this.certs;
    }

    public X509Certificate getCertificate() {
        if (this.certs != null) {
            return this.certs[0];
        }
        return null;
    }

    public void setCertificate(X509Certificate x509Certificate) {
        if (this.immutable) {
            throwImmutable();
        }
        if (x509Certificate == null) {
            this.certs = null;
        } else {
            this.certs = new X509Certificate[]{x509Certificate};
            setCertificateInfo(x509Certificate);
        }
    }

    public void setCertificateChain(X509Certificate[] x509CertificateArr) {
        if (this.immutable) {
            throwImmutable();
        }
        if (x509CertificateArr == null || x509CertificateArr.length <= 0) {
            this.certs = null;
        } else {
            this.certs = x509CertificateArr;
            setCertificateInfo(x509CertificateArr[0]);
        }
    }

    public void setCertificateInfo(X509Certificate x509Certificate) {
        if (this.immutable) {
            throwImmutable();
        }
        setSubjectName(x509Certificate.getSubjectDN().getName());
        setIssuerSerial(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber().toString());
    }

    public byte[] getKeyIdentifier() {
        if (this.ski == null && this.certs != null) {
            this.ski = getSKIExtension(this.certs[0]);
        }
        return this.ski;
    }

    public void setKeyIdentifier(byte[] bArr) {
        if (this.immutable) {
            throwImmutable();
        }
        this.ski = bArr;
    }

    public String getKeyName() {
        return this.keyName;
    }

    public void setKeyName(String str) {
        if (this.immutable) {
            throwImmutable();
        }
        this.keyName = str;
    }

    public String getSubjectName() {
        return this.subjectName;
    }

    public void setSubjectName(String str) {
        if (this.immutable) {
            throwImmutable();
        }
        this.subjectName = str;
    }

    public String getIssuerName() {
        return this.issuerName;
    }

    public String getSerialNumber() {
        return this.serialNumber;
    }

    public void setIssuerSerial(String str, String str2) {
        if (this.immutable) {
            throwImmutable();
        }
        if (str == null && str2 != null) {
            throw new IllegalArgumentException("issuerName is null");
        }
        this.issuerName = str;
        this.serialNumber = str2;
    }

    public boolean verifyTrust(TrustVerifier trustVerifier) throws TrustVerificationException {
        X509Certificate[] certificateChain = getCertificateChain();
        if (certificateChain != null && certificateChain.length > 0) {
            trustVerifier.verifyTrust(certificateChain);
            return true;
        }
        PublicKey keyValue = getKeyValue();
        if (keyValue == null) {
            return false;
        }
        trustVerifier.verifyTrust(keyValue, getKeyName());
        return true;
    }

    public DOMWriteCursor toXML(DOMWriteCursor dOMWriteCursor, boolean z) {
        return new org.apache.tsik.xmlsig.elements.KeyInfo(this).toXml(dOMWriteCursor, z);
    }

    public static KeyInfo fromXML(DOMCursor dOMCursor) {
        try {
            return org.apache.tsik.xmlsig.elements.KeyInfo.fromXml(dOMCursor).getKeyInfo();
        } catch (ElementException e) {
            throw new InternalRuntimeException(e);
        }
    }

    public static byte[] getSKIExtension(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        try {
            PublicKey publicKey = x509Certificate.getPublicKey();
            if (!(publicKey instanceof RSAPublicKey)) {
                return null;
            }
            byte[] encoded = publicKey.getEncoded();
            byte[] bArr2 = new byte[encoded.length - 22];
            System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
            return MessageDigest.getInstance("SHA1").digest(bArr2);
        } catch (GeneralSecurityException e) {
            return null;
        }
    }

    private void throwImmutable() {
        throw new UnsupportedOperationException("KeyInfo is immutable");
    }
}
