package com.sun.xml.ws.security.opt.impl.keyinfo;

import com.sun.xml.ws.security.opt.api.keyinfo.BuilderResult;
import com.sun.xml.ws.security.opt.impl.JAXBFilterProcessingContext;
import com.sun.xml.ws.security.opt.impl.crypto.OctectStreamData;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.misc.SecurityUtil;
import com.sun.xml.wss.impl.policy.mls.AuthenticationTokenPolicy;
import com.sun.xml.wss.logging.impl.opt.token.LogStringsMessages;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.logging.Level;

/* loaded from: input_file:WEB-INF/lib/xws-security-3.0.jar:com/sun/xml/ws/security/opt/impl/keyinfo/X509TokenBuilder.class */
public class X509TokenBuilder extends TokenBuilder {
    AuthenticationTokenPolicy.X509CertificateBinding binding;

    public X509TokenBuilder(JAXBFilterProcessingContext jAXBFilterProcessingContext, AuthenticationTokenPolicy.X509CertificateBinding x509CertificateBinding) {
        super(jAXBFilterProcessingContext);
        this.binding = null;
        this.binding = x509CertificateBinding;
    }

    @Override // com.sun.xml.ws.security.opt.api.keyinfo.TokenBuilder
    public BuilderResult process() throws XWSSecurityException {
        String uuid = this.binding.getUUID();
        if (uuid == null || uuid.equals("")) {
            uuid = this.context.generateID();
        }
        SecurityUtil.checkIncludeTokenPolicyOpt(this.context, this.binding, uuid);
        String referenceType = this.binding.getReferenceType();
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, LogStringsMessages.WSS_1851_REFERENCETYPE_X_509_TOKEN(referenceType));
        }
        BuilderResult builderResult = new BuilderResult();
        if (referenceType.equals("Direct")) {
            com.sun.xml.ws.security.opt.api.keyinfo.BinarySecurityToken createBinarySecurityToken = createBinarySecurityToken(this.binding, this.binding.getX509Certificate());
            if (createBinarySecurityToken == null) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
                throw new XWSSecurityException(LogStringsMessages.WSS_1802_WRONG_TOKENINCLUSION_POLICY());
            }
            buildKeyInfo(buildDirectReference(createBinarySecurityToken.getId(), "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"), this.binding.getSTRID());
        } else if (referenceType.equals("Identifier")) {
            createBinarySecurityToken(this.binding, this.binding.getX509Certificate());
            buildKeyInfoWithKI(this.binding, "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier");
            try {
                if (this.binding.getSTRID() != null) {
                    this.context.getElementCache().put(this.binding.getSTRID(), new OctectStreamData(new String(this.binding.getX509Certificate().getEncoded())));
                }
            } catch (CertificateEncodingException e) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE());
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), e);
            }
        } else if (referenceType.equals(MessageConstants.THUMB_PRINT_TYPE)) {
            createBinarySecurityToken(this.binding, this.binding.getX509Certificate());
            buildKeyInfoWithKI(this.binding, "http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1");
            try {
                if (this.binding.getSTRID() != null) {
                    this.context.getElementCache().put(this.binding.getSTRID(), new OctectStreamData(new String(this.binding.getX509Certificate().getEncoded())));
                }
            } catch (CertificateEncodingException e2) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE());
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), e2);
            }
        } else {
            if (!referenceType.equals("IssuerSerialNumber")) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
                throw new XWSSecurityException(LogStringsMessages.WSS_1803_UNSUPPORTED_REFERENCE_TYPE(referenceType));
            }
            X509Certificate x509Certificate = this.binding.getX509Certificate();
            buildKeyInfo(this.elementFactory.createX509DataWithIssuerSerial(this.elementFactory.createX509IssuerSerial(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber())), this.binding.getSTRID());
            try {
                if (this.binding.getSTRID() != null) {
                    this.context.getElementCache().put(this.binding.getSTRID(), new OctectStreamData(new String(this.binding.getX509Certificate().getEncoded())));
                }
            } catch (CertificateEncodingException e3) {
                logger.log(Level.SEVERE, LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE());
                throw new XWSSecurityException(LogStringsMessages.WSS_1814_ERROR_ENCODING_CERTIFICATE(), e3);
            }
        }
        builderResult.setKeyInfo(this.keyInfo);
        return builderResult;
    }
}
