package de.bos_bremen.gov.autent.common;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Properties;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:BOOT-INF/lib/autent-common-3.70.5.jar:de/bos_bremen/gov/autent/common/WebServiceCallbackHandler.class */
public class WebServiceCallbackHandler extends DefaultCallbackHandler {
    private final X509Certificate serversSignatureCert;
    private final X509Certificate signatureCert;
    private final PrivateKey signatureKey;

    /* loaded from: input_file:BOOT-INF/lib/autent-common-3.70.5.jar:de/bos_bremen/gov/autent/common/WebServiceCallbackHandler$MyCertificateValidator.class */
    public static class MyCertificateValidator implements CertificateValidationCallback.CertificateValidator {
        private final X509Certificate expectedCert;

        public MyCertificateValidator(X509Certificate x509Certificate) {
            this.expectedCert = x509Certificate;
        }

        @Override // com.sun.xml.wss.impl.callback.CertificateValidationCallback.CertificateValidator
        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            return this.expectedCert.equals(x509Certificate);
        }
    }

    public WebServiceCallbackHandler(X509Certificate x509Certificate, PrivateKey privateKey, X509Certificate x509Certificate2) throws XWSSecurityException {
        super("client", new Properties());
        this.signatureCert = x509Certificate2;
        this.signatureKey = privateKey;
        this.serversSignatureCert = x509Certificate;
    }

    @Override // com.sun.xml.wss.impl.misc.DefaultCallbackHandler, javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (Callback callback : callbackArr) {
            if (callback instanceof SignatureKeyCallback) {
                SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest = (SignatureKeyCallback.DefaultPrivKeyCertRequest) ((SignatureKeyCallback) callback).getRequest();
                defaultPrivKeyCertRequest.setPrivateKey(this.signatureKey);
                defaultPrivKeyCertRequest.setX509Certificate(this.signatureCert);
            } else if (callback instanceof SignatureVerificationKeyCallback) {
                handleSignatureVerificationKeyCallback((SignatureVerificationKeyCallback) callback);
            } else if (callback instanceof CertificateValidationCallback) {
                ((CertificateValidationCallback) callback).setValidator(new MyCertificateValidator(this.serversSignatureCert));
            } else {
                super.handle(new Callback[]{callback});
            }
        }
    }

    private void handleSignatureVerificationKeyCallback(SignatureVerificationKeyCallback signatureVerificationKeyCallback) throws UnsupportedCallbackException {
        SignatureVerificationKeyCallback.Request request = signatureVerificationKeyCallback.getRequest();
        if (request instanceof SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) {
            ((SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest) request).setX509Certificate(this.serversSignatureCert);
        } else {
            if (!(request instanceof SignatureVerificationKeyCallback.PublicKeyBasedRequest)) {
                throw new UnsupportedCallbackException(signatureVerificationKeyCallback, request.getClass().getName());
            }
            SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest = (SignatureVerificationKeyCallback.PublicKeyBasedRequest) request;
            if (publicKeyBasedRequest.getPublicKey().equals(this.serversSignatureCert.getPublicKey())) {
                publicKeyBasedRequest.setX509Certificate(this.serversSignatureCert);
            }
        }
    }
}
