package org.opensaml.xmlsec.keyinfo.impl.provider;

import java.security.KeyException;
import java.security.PublicKey;
import java.util.Collection;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import net.shibboleth.utilities.java.support.collection.LazySet;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import org.opensaml.core.xml.XMLObject;
import org.opensaml.security.SecurityException;
import org.opensaml.security.credential.BasicCredential;
import org.opensaml.security.credential.Credential;
import org.opensaml.security.criteria.KeyAlgorithmCriterion;
import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver;
import org.opensaml.xmlsec.keyinfo.KeyInfoSupport;
import org.opensaml.xmlsec.keyinfo.impl.KeyInfoCredentialContext;
import org.opensaml.xmlsec.keyinfo.impl.KeyInfoResolutionContext;
import org.opensaml.xmlsec.signature.DEREncodedKeyValue;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/opensaml-xmlsec-impl-4.3.2.jar:org/opensaml/xmlsec/keyinfo/impl/provider/DEREncodedKeyValueProvider.class */
public class DEREncodedKeyValueProvider extends AbstractKeyInfoProvider {
    private final Logger log = LoggerFactory.getLogger((Class<?>) DEREncodedKeyValueProvider.class);

    @Override // org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider
    public boolean handles(@Nonnull XMLObject xMLObject) {
        return getDEREncodedKeyValue(xMLObject) != null;
    }

    @Override // org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider
    @Nullable
    public Collection<Credential> process(@Nonnull KeyInfoCredentialResolver keyInfoCredentialResolver, @Nonnull XMLObject xMLObject, @Nullable CriteriaSet criteriaSet, @Nonnull KeyInfoResolutionContext keyInfoResolutionContext) throws SecurityException {
        DEREncodedKeyValue dEREncodedKeyValue = getDEREncodedKeyValue(xMLObject);
        if (dEREncodedKeyValue == null) {
            return null;
        }
        this.log.debug("Attempting to extract credential from a DEREncodedKeyValue");
        try {
            PublicKey key = KeyInfoSupport.getKey(dEREncodedKeyValue);
            KeyAlgorithmCriterion keyAlgorithmCriterion = (KeyAlgorithmCriterion) criteriaSet.get(KeyAlgorithmCriterion.class);
            if (keyAlgorithmCriterion != null && keyAlgorithmCriterion.getKeyAlgorithm() != null && !keyAlgorithmCriterion.getKeyAlgorithm().equals(key.getAlgorithm())) {
                this.log.debug("Criteria specified key algorithm {}, actually {}, skipping", keyAlgorithmCriterion.getKeyAlgorithm(), key.getAlgorithm());
                return null;
            }
            BasicCredential basicCredential = new BasicCredential(key);
            if (keyInfoResolutionContext != null) {
                basicCredential.getKeyNames().addAll(keyInfoResolutionContext.getKeyNames());
            }
            KeyInfoCredentialContext buildCredentialContext = buildCredentialContext(keyInfoResolutionContext);
            if (buildCredentialContext != null) {
                basicCredential.getCredentialContextSet().add(buildCredentialContext);
            }
            this.log.debug("Credential successfully extracted from DEREncodedKeyValue");
            LazySet lazySet = new LazySet();
            lazySet.add(basicCredential);
            return lazySet;
        } catch (KeyException e) {
            this.log.error("Error extracting DER-encoded key value: {}", e.getMessage());
            throw new SecurityException("Error extracting DER-encoded key value", e);
        }
    }

    @Nullable
    protected DEREncodedKeyValue getDEREncodedKeyValue(@Nonnull XMLObject xMLObject) {
        if (xMLObject instanceof DEREncodedKeyValue) {
            return (DEREncodedKeyValue) xMLObject;
        }
        return null;
    }
}
