package org.apache.ws.security.message.token;

import java.io.ByteArrayInputStream;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

/* loaded from: input_file:cxf/wss4j-1.6.11.jar:org/apache/ws/security/message/token/X509Security.class */
public class X509Security extends BinarySecurity {
    public static final String X509_V3_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
    private X509Certificate cachedCert;

    public X509Security(Element element) throws WSSecurityException {
        this(element, true);
    }

    public X509Security(Element element, boolean z) throws WSSecurityException {
        super(element, z);
        this.cachedCert = null;
        String valueType = getValueType();
        if (z && !X509_V3_TYPE.equals(valueType)) {
            throw new WSSecurityException(4, "invalidValueType", new Object[]{valueType});
        }
    }

    public X509Security(Document document) {
        super(document);
        this.cachedCert = null;
        setValueType(X509_V3_TYPE);
    }

    public X509Certificate getX509Certificate(Crypto crypto) throws WSSecurityException {
        if (this.cachedCert != null) {
            return this.cachedCert;
        }
        if (crypto == null) {
            throw new WSSecurityException(0, "noSigCryptoFile");
        }
        byte[] token = getToken();
        if (token == null) {
            throw new WSSecurityException(0, "invalidCertData", new Object[]{0});
        }
        this.cachedCert = crypto.loadCertificate(new ByteArrayInputStream(token));
        return this.cachedCert;
    }

    public void setX509Certificate(X509Certificate x509Certificate) throws WSSecurityException {
        if (x509Certificate == null) {
            throw new WSSecurityException(0, "noCert");
        }
        this.cachedCert = x509Certificate;
        try {
            setToken(x509Certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError", null, e);
        }
    }
}
