package at.gv.egovernment.moa.sig.tsl.engine.verify;

import at.gv.egovernment.moa.sig.tsl.exception.TSLSecurityException;
import at.gv.egovernment.moa.sig.tsl.exception.TslVerificationException;
import at.gv.egovernment.moa.sig.tsl.utils.SecurityCheckUtils;
import iaik.server.modules.xmlverify.MOAKeySelector;
import iaik.xml.crypto.utils.KeySelectorImpl;
import iaik.xml.crypto.utils.X509KeySelectorResult;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.ListIterator;
import javax.xml.crypto.AlgorithmMethod;
import javax.xml.crypto.KeySelector;
import javax.xml.crypto.KeySelectorException;
import javax.xml.crypto.KeySelectorResult;
import javax.xml.crypto.XMLCryptoContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:at/gv/egovernment/moa/sig/tsl/engine/verify/MOATslKeySelector.class */
public class MOATslKeySelector extends MOAKeySelector {
    private static final Logger log = LoggerFactory.getLogger(MOATslKeySelector.class);
    private final ListIterator<X509Certificate> tslSignerCerts_;

    public MOATslKeySelector(ListIterator<X509Certificate> listIterator) throws TslVerificationException {
        if (listIterator == null) {
            throw new TslVerificationException("TSL verfification error! Msg: TSL signer can not be trusted, due to missing information.");
        }
        this.tslSignerCerts_ = listIterator;
    }

    protected KeySelectorImpl.KeyInfoHints newKeyInfoHints(KeyInfo keyInfo, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        return new TslKeyInfoHints(keyInfo, xMLCryptoContext);
    }

    protected KeySelectorResult select(KeySelectorImpl.KeyInfoHints keyInfoHints, KeySelectorResult[] keySelectorResultArr) {
        if (keySelectorResultArr.length != 1) {
            log.error("TSL verfification error! Msg: TSL signer is not trusted.");
            return null;
        }
        KeySelectorResult keySelectorResult = keySelectorResultArr[0];
        return keySelectorResult instanceof X509KeySelectorResult ? new MOAKeySelector.MOAX509KeySelectorResult(this, (X509KeySelectorResult) keySelectorResult) : new MOAKeySelector.MOAKeySelectorResult(this, keySelectorResult.getKey());
    }

    public KeySelectorResult select(X509Data x509Data, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        try {
            X509KeySelectorResult select = super.select(x509Data, purpose, algorithmMethod, xMLCryptoContext);
            if (select == null) {
                log.error("TSL verfification error! Msg: TSL signer certificate error.");
                return null;
            }
            List certificates = select.getCertificates();
            try {
                SecurityCheckUtils.securityCheck(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, (X509Certificate[]) certificates.toArray(new X509Certificate[certificates.size()]), this.tslSignerCerts_);
                return select;
            } catch (TslVerificationException e) {
                log.error("TSL verfification error! Msg: Certificate check FAILED.", e);
                return null;
            }
        } catch (ClassCastException e2) {
            log.error("TSL verfification error! Msg: TSL signer is not trusted.", e2);
            return null;
        }
    }

    protected KeySelectorResult select(X509Certificate x509Certificate, KeySelector.Purpose purpose, AlgorithmMethod algorithmMethod, XMLCryptoContext xMLCryptoContext) throws KeySelectorException {
        try {
            SecurityCheckUtils.securityCheck(TSLSecurityException.Type.UNTRUSTED_TSL_SIGNER, x509Certificate, this.tslSignerCerts_);
            return super.select(x509Certificate, purpose, algorithmMethod, xMLCryptoContext);
        } catch (TslVerificationException e) {
            log.error("TSL verfification error! Msg: Certificate check FAILED.", e);
            return null;
        }
    }
}
