package org.apache.cxf.ws.security.wss4j.policyvalidators;

import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.apache.ws.security.WSSecurityEngineResult;
import org.apache.ws.security.saml.SAMLKeyInfo;
import org.apache.ws.security.saml.ext.AssertionWrapper;
import org.apache.ws.security.saml.ext.OpenSAMLUtil;

/* loaded from: input_file:WEB-INF/lib/cxf-bundle-minimal-2.4.0-easy.jar:org/apache/cxf/ws/security/wss4j/policyvalidators/AbstractSamlPolicyValidator.class */
public abstract class AbstractSamlPolicyValidator {
    public boolean checkHolderOfKey(AssertionWrapper assertionWrapper, List<WSSecurityEngineResult> list, Certificate[] certificateArr) {
        Iterator<String> it = assertionWrapper.getConfirmationMethods().iterator();
        while (it.hasNext()) {
            if (OpenSAMLUtil.isMethodHolderOfKey(it.next()) && ((certificateArr == null && (list == null || list.isEmpty())) || !compareCredentials(assertionWrapper.getSubjectKeyInfo(), list, certificateArr))) {
                return false;
            }
        }
        return true;
    }

    private boolean compareCredentials(SAMLKeyInfo sAMLKeyInfo, List<WSSecurityEngineResult> list, Certificate[] certificateArr) {
        X509Certificate[] certs = sAMLKeyInfo.getCerts();
        PublicKey publicKey = sAMLKeyInfo.getPublicKey();
        byte[] secret = sAMLKeyInfo.getSecret();
        if (certificateArr != null && certificateArr.length > 0 && certs != null && certs.length > 0 && certificateArr[0].equals(certs[0])) {
            return true;
        }
        if (certificateArr != null && certificateArr.length > 0 && publicKey != null && certificateArr[0].getPublicKey().equals(publicKey)) {
            return true;
        }
        for (WSSecurityEngineResult wSSecurityEngineResult : list) {
            X509Certificate[] x509CertificateArr = (X509Certificate[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_X509_CERTIFICATES);
            PublicKey publicKey2 = (PublicKey) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_PUBLIC_KEY);
            byte[] bArr = (byte[]) wSSecurityEngineResult.get(WSSecurityEngineResult.TAG_SECRET);
            if (x509CertificateArr != null && x509CertificateArr.length > 0 && certs != null && certs.length > 0 && x509CertificateArr[0].equals(certs[0])) {
                return true;
            }
            if (publicKey2 != null && publicKey2.equals(publicKey)) {
                return true;
            }
            if (bArr != null && secret != null && Arrays.equals(bArr, secret)) {
                return true;
            }
        }
        return false;
    }
}
