package com.sun.identity.wss.security;

import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.AMSignatureProvider;
import com.sun.identity.shared.debug.Debug;
import java.security.cert.X509Certificate;
import java.util.ResourceBundle;
import javax.xml.transform.TransformerException;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:com/sun/identity/wss/security/KeyIdentifier.class */
public class KeyIdentifier {
    private String valueType;
    private String encodingType;
    private String value;
    private String id;
    private X509Certificate cert;
    private static ResourceBundle bundle = WSSUtils.bundle;
    private static Debug debug = WSSUtils.debug;

    public KeyIdentifier(String str, String str2, String str3) {
        this.valueType = null;
        this.encodingType = null;
        this.value = null;
        this.id = null;
        this.cert = null;
        this.valueType = str;
        this.encodingType = str2;
        this.value = str3;
        this.id = SAMLUtils.generateID();
    }

    public KeyIdentifier(Element element) throws SecurityException {
        this.valueType = null;
        this.encodingType = null;
        this.value = null;
        this.id = null;
        this.cert = null;
        if (element == null) {
            throw new IllegalArgumentException(bundle.getString("nullInputParameter"));
        }
        if (!"KeyIdentifier".equals(element.getLocalName()) || !WSSConstants.WSSE_NS.equals(element.getNamespaceURI())) {
            debug.error("KeyIdentifier.Constructor:: Invalid key identifier");
            throw new SecurityException(bundle.getString("invalidElement"));
        }
        this.valueType = element.getAttribute(WSSConstants.TAG_VALUETYPE);
        this.encodingType = element.getAttribute(WSSConstants.TAG_ENCODING_TYPE);
        if (this.valueType == null || this.encodingType == null) {
            debug.error("KeyIdentifier.constructor:: Key Identifier does not have ValueType or EncodingType");
            throw new SecurityException(bundle.getString("invalidElement"));
        }
        this.value = element.getFirstChild().getNodeValue().trim();
    }

    public X509Certificate getX509Certificate() throws SecurityException {
        if (this.cert != null) {
            return this.cert;
        }
        this.cert = AMTokenProvider.getX509CertForKeyIdentifier(this.value);
        return this.cert;
    }

    public String getValueType() {
        return this.valueType;
    }

    public String getEncodingType() {
        return this.encodingType;
    }

    public String getReferenceValue() {
        return this.value;
    }

    public String getValue() {
        return this.value;
    }

    public void setValue(String str) {
        this.value = str;
    }

    public String getId() {
        return this.id;
    }

    public Element getTokenElement(Document document) throws SecurityException {
        Element element;
        try {
            if ("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID".equals(this.valueType)) {
                element = (Element) XPathAPI.selectSingleNode(document, "//*[@AssertionID=\"" + this.value + "\"]");
            } else if (WSSConstants.SAML2_ASSERTION_VALUE_TYPE.equals(this.valueType)) {
                element = (Element) XPathAPI.selectSingleNode(document, "//*[@ID=\"" + this.value + "\"]");
            } else {
                AMSignatureProvider.createDSctx(document, WSSConstants.WSU_TAG, WSSConstants.WSU_NS);
                element = (Element) XPathAPI.selectSingleNode(document, "//*[@wsu:Id=\"" + this.value + "\"]");
            }
            return element;
        } catch (TransformerException e) {
            debug.error("SecurityTokenReference.getTokenElement: XPath exception.", e);
            throw new SecurityException(e.getMessage());
        }
    }

    public void addToParent(Element element) throws SecurityException {
        try {
            if (element == null) {
                throw new IllegalArgumentException(bundle.getString("nullInputParameter"));
            }
            Document ownerDocument = element.getOwnerDocument();
            Element createElementNS = ownerDocument.createElementNS(WSSConstants.WSSE_NS, "KeyIdentifier");
            createElementNS.setPrefix(WSSConstants.WSSE_TAG);
            createElementNS.setAttributeNS(WSSConstants.WSU_NS, WSSConstants.WSU_ID, this.id);
            if (this.valueType != null) {
                createElementNS.setAttributeNS(null, WSSConstants.TAG_VALUETYPE, this.valueType);
            }
            if (this.value == null) {
                throw new SecurityException(bundle.getString("invalidKeyIdentifier"));
            }
            createElementNS.appendChild(ownerDocument.createTextNode(this.value));
            element.appendChild(createElementNS);
        } catch (Exception e) {
            debug.error("KeyIdentifier.addToParent::can not add to parent", e);
            throw new SecurityException(bundle.getString("cannotAddElement"));
        }
    }
}
