package org.apache.ws.security.components.crypto;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;

/* loaded from: input_file:org/apache/ws/security/components/crypto/CryptoBase.class */
public abstract class CryptoBase implements Crypto {
    private static final Constructor BC_509CLASS_CONS;
    protected KeyStore keystore = null;
    protected KeyStore cacerts = null;
    private static Log log = LogFactory.getLog(CryptoBase.class);
    protected static Map certFactMap = new HashMap();
    static String SKI_OID = "2.5.29.14";

    protected abstract String getCryptoProvider();

    private String mapKeystoreProviderToCertProvider(String str) {
        return "SunJSSE".equals(str) ? "SUN" : str;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public synchronized CertificateFactory getCertificateFactory() throws WSSecurityException {
        CertificateFactory certificateFactory;
        String cryptoProvider = getCryptoProvider();
        String name = this.keystore == null ? null : this.keystore.getProvider().getName();
        if (cryptoProvider != null) {
            certificateFactory = (CertificateFactory) certFactMap.get(cryptoProvider);
        } else if (name != null) {
            certificateFactory = (CertificateFactory) certFactMap.get(mapKeystoreProviderToCertProvider(name));
            if (certificateFactory == null) {
                certificateFactory = (CertificateFactory) certFactMap.get(name);
            }
        } else {
            certificateFactory = (CertificateFactory) certFactMap.get("DEFAULT");
        }
        if (certificateFactory == null) {
            if (cryptoProvider != null) {
                try {
                    if (cryptoProvider.length() != 0) {
                        certificateFactory = CertificateFactory.getInstance("X.509", cryptoProvider);
                        certFactMap.put(cryptoProvider, certificateFactory);
                        certFactMap.put(certificateFactory.getProvider().getName(), certificateFactory);
                    }
                } catch (NoSuchProviderException e) {
                    throw new WSSecurityException(7, "noSecProvider", null, e);
                } catch (CertificateException e2) {
                    throw new WSSecurityException(7, "unsupportedCertType", null, e2);
                }
            }
            if (name != null && name.length() != 0) {
                try {
                    certificateFactory = CertificateFactory.getInstance("X.509", mapKeystoreProviderToCertProvider(name));
                    certFactMap.put(name, certificateFactory);
                    certFactMap.put(mapKeystoreProviderToCertProvider(name), certificateFactory);
                } catch (Exception e3) {
                    log.debug(e3);
                }
            }
            if (certificateFactory == null) {
                certificateFactory = CertificateFactory.getInstance("X.509");
                certFactMap.put("DEFAULT", certificateFactory);
            }
            certFactMap.put(certificateFactory.getProvider().getName(), certificateFactory);
        }
        return certificateFactory;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate loadCertificate(InputStream inputStream) throws WSSecurityException {
        try {
            return (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError", null, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKey(String str, String str2) throws Exception {
        if (str == null) {
            throw new Exception("alias is null");
        }
        if (!this.keystore.isKeyEntry(str)) {
            String str3 = "Cannot find key for alias: [" + str + "]";
            log.error(str3 + createKeyStoreErrorMessage(this.keystore));
            throw new Exception(str3);
        }
        Key key = this.keystore.getKey(str, str2 == null ? new char[0] : str2.toCharArray());
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        String str4 = "Key is not a private key, alias: [" + str + "]";
        log.error(str4 + createKeyStoreErrorMessage(this.keystore));
        throw new Exception(str4);
    }

    protected static String createKeyStoreErrorMessage(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        StringBuffer stringBuffer = new StringBuffer(keyStore.size() * 7);
        boolean z = true;
        while (true) {
            boolean z2 = z;
            if (!aliases.hasMoreElements()) {
                return " in keystore of type [" + keyStore.getType() + "] from provider [" + keyStore.getProvider() + "] with size [" + keyStore.size() + "] and aliases: {" + stringBuffer.toString() + "}";
            }
            if (!z2) {
                stringBuffer.append(", ");
            }
            stringBuffer.append((Object) aliases.nextElement());
            z = false;
        }
    }

    protected Vector splitAndTrim(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        Vector vector = new Vector();
        while (x509NameTokenizer.hasMoreTokens()) {
            vector.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(vector);
        return vector;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str) throws WSSecurityException {
        return getAliasForX509Cert(str, null, false);
    }

    private Object createBCX509Name(String str) {
        if (BC_509CLASS_CONS != null) {
            try {
                return BC_509CLASS_CONS.newInstance(str);
            } catch (Exception e) {
            }
        }
        return new X500Principal(str);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws WSSecurityException {
        return getAliasForX509Cert(str, bigInteger, true);
    }

    private String getAliasForX509Cert(String str, BigInteger bigInteger, boolean z) throws WSSecurityException {
        Object createBCX509Name;
        Certificate certificate;
        if (this.keystore == null) {
            return null;
        }
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException e) {
            createBCX509Name = createBCX509Name(str);
        }
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if ((!z || x509Certificate.getSerialNumber().compareTo(bigInteger) == 0) && createBCX509Name(x509Certificate.getIssuerX500Principal().getName()).equals(createBCX509Name)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(0, "keystore", null, e2);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(byte[] bArr) throws WSSecurityException {
        Object certificate;
        if (this.keystore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Object[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate);
                    if (sKIBytesFromCert.length == bArr.length && Arrays.equals(sKIBytesFromCert, bArr)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(Certificate certificate) throws WSSecurityException {
        try {
            if (this.keystore == null) {
                return null;
            }
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate certificate2 = this.keystore.getCertificate(nextElement);
                if (certificate2 != null && certificate2.equals(certificate)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v23, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.security.cert.Certificate[]] */
    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getCertificates(String str) throws WSSecurityException {
        X509Certificate[] x509CertificateArr = null;
        Certificate certificate = null;
        try {
            if (this.keystore != null) {
                x509CertificateArr = this.keystore.getCertificateChain(str);
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    certificate = this.keystore.getCertificate(str);
                }
            }
            if (x509CertificateArr == null && certificate == null && this.cacerts != null) {
                x509CertificateArr = this.cacerts.getCertificateChain(str);
                if (x509CertificateArr == null) {
                    certificate = this.cacerts.getCertificate(str);
                }
            }
            if (certificate != null) {
                x509CertificateArr = new Certificate[]{certificate};
            } else if (x509CertificateArr == null) {
                return null;
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr2[i] = x509CertificateArr[i];
            }
            return x509CertificateArr2;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509CertThumb(byte[] bArr) throws WSSecurityException {
        Certificate certificate;
        if (this.keystore == null) {
            return null;
        }
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            try {
                Enumeration<String> aliases = this.keystore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate[] certificateChain = this.keystore.getCertificateChain(nextElement);
                    if (certificateChain == null || certificateChain.length == 0) {
                        certificate = this.keystore.getCertificate(nextElement);
                        if (certificate == null) {
                        }
                    } else {
                        certificate = certificateChain[0];
                    }
                    if (certificate instanceof X509Certificate) {
                        try {
                            messageDigest.update(certificate.getEncoded());
                            if (Arrays.equals(messageDigest.digest(), bArr)) {
                                return nextElement;
                            }
                        } catch (CertificateEncodingException e) {
                            throw new WSSecurityException(7, "encodeError", null, e);
                        }
                    }
                }
                return null;
            } catch (KeyStoreException e2) {
                throw new WSSecurityException(0, "keystore", null, e2);
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new WSSecurityException(0, "noSHA1availabe", null, e3);
        }
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
        byte[] extensionValue = x509Certificate.getExtensionValue(SKI_OID);
        if (x509Certificate.getVersion() >= 3 && extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Support for RSA key only"});
        }
        byte[] encoded = publicKey.getEncoded();
        byte[] bArr2 = new byte[encoded.length - 22];
        System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Wrong certificate version (<3) and no SHA1 message digest availabe"}, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public KeyStore getKeyStore() {
        return this.keystore;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String[] getAliasesForDN(String str) throws WSSecurityException {
        Object createBCX509Name;
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException e) {
            createBCX509Name = createBCX509Name(str);
        }
        Vector alias = getAlias(createBCX509Name, this.keystore);
        if (alias.size() == 0 && this.cacerts != null) {
            alias = getAlias(createBCX509Name, this.cacerts);
        }
        String[] strArr = new String[alias.size()];
        for (int i = 0; i < alias.size(); i++) {
            strArr[i] = (String) alias.elementAt(i);
        }
        return strArr;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getCertificateData(boolean z, X509Certificate[] x509CertificateArr) throws WSSecurityException {
        Vector vector = new Vector();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (z) {
                vector.insertElementAt(x509CertificateArr[i], 0);
            } else {
                vector.add(x509CertificateArr[i]);
            }
        }
        try {
            return getCertificateFactory().generateCertPath(vector).getEncoded();
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError", null, e);
        } catch (CertificateException e2) {
            throw new WSSecurityException(7, "parseError", null, e2);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getX509Certificates(byte[] bArr, boolean z) throws WSSecurityException {
        try {
            List<? extends Certificate> certificates = getCertificateFactory().generateCertPath(new ByteArrayInputStream(bArr)).getCertificates();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
            Iterator<? extends Certificate> it = certificates.iterator();
            for (int i = 0; i < certificates.size(); i++) {
                x509CertificateArr[z ? (certificates.size() - 1) - i : i] = (X509Certificate) it.next();
            }
            return x509CertificateArr;
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError", null, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public boolean validateCertPath(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr));
            PKIXParameters pKIXParameters = new PKIXParameters(this.keystore);
            pKIXParameters.setRevocationEnabled(false);
            String cryptoProvider = getCryptoProvider();
            ((cryptoProvider == null || cryptoProvider.length() == 0) ? CertPathValidator.getInstance("PKIX") : CertPathValidator.getInstance("PKIX", cryptoProvider)).validate(generateCertPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new WSSecurityException(0, "certpath", new Object[]{e.getMessage()}, e);
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(0, "certpath", new Object[]{e2.getMessage()}, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new WSSecurityException(0, "certpath", new Object[]{e3.getMessage()}, e3);
        } catch (NoSuchProviderException e4) {
            throw new WSSecurityException(0, "certpath", new Object[]{e4.getMessage()}, e4);
        } catch (CertPathValidatorException e5) {
            throw new WSSecurityException(0, "certpath", new Object[]{e5.getMessage()}, e5);
        } catch (CertificateException e6) {
            throw new WSSecurityException(0, "certpath", new Object[]{e6.getMessage()}, e6);
        }
    }

    private Vector getAlias(Object obj, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        Vector vector = new Vector();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null) {
                        new Certificate[1][0] = certificate;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && obj.equals(createBCX509Name(((X509Certificate) certificate).getSubjectX500Principal().getName()))) {
                    vector.add(nextElement);
                }
            }
            return vector;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    static {
        Constructor<?> constructor = null;
        try {
            constructor = Class.forName("org.bouncycastle.asn1.x509.X509Name").getConstructor(String.class);
        } catch (Exception e) {
        }
        BC_509CLASS_CONS = constructor;
    }
}
