package org.apache.cxf.fediz.core.saml;

import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Iterator;
import org.apache.wss4j.common.saml.OpenSAMLUtil;
import org.apache.wss4j.common.saml.SAMLKeyInfo;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;

/* loaded from: input_file:WEB-INF/lib/fediz-core-1.5.1.jar:org/apache/cxf/fediz/core/saml/SAMLUtil.class */
public final class SAMLUtil {
    private SAMLUtil() {
    }

    public static boolean checkHolderOfKey(SamlAssertionWrapper samlAssertionWrapper, Certificate[] certificateArr) {
        Iterator<String> it = samlAssertionWrapper.getConfirmationMethods().iterator();
        while (it.hasNext()) {
            if (OpenSAMLUtil.isMethodHolderOfKey(it.next()) && (certificateArr == null || certificateArr.length == 0 || !compareCredentials(samlAssertionWrapper.getSubjectKeyInfo(), certificateArr))) {
                return false;
            }
        }
        return true;
    }

    private static boolean compareCredentials(SAMLKeyInfo sAMLKeyInfo, Certificate[] certificateArr) {
        X509Certificate[] certs = sAMLKeyInfo.getCerts();
        return (certs != null && certs.length > 0 && certificateArr[0].equals(certs[0])) || certificateArr[0].getPublicKey().equals(sAMLKeyInfo.getPublicKey());
    }
}
