package com.cybersource.ws.client;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Properties;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CryptoFactory;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/cybersource/ws/client/ApacheSignatureWrapper.class */
public class ApacheSignatureWrapper {
    private static final String KEY_FILE_TYPE = "PKCS12";
    private static X509Certificate merchantCertificate = null;
    private static PrivateKey merchantPrivateKey = null;
    private static String currentMerchantId = null;
    public static final String SIGNATURE_ALGORITHM = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    public static final String DIGEST_ALGORITHM = "http://www.w3.org/2001/04/xmlenc#sha256";

    ApacheSignatureWrapper() {
    }

    public static Document soapWrapAndSign(String str, MerchantConfig merchantConfig, Logger logger) throws SignException {
        Document documentFromString = getDocumentFromString(str, logger);
        loadMerchantP12File(merchantConfig, logger);
        WSSecSignature wSSecSignature = new WSSecSignature();
        wSSecSignature.setX509Certificate(merchantCertificate);
        wSSecSignature.setUseSingleCertificate(true);
        wSSecSignature.setDigestAlgo(DIGEST_ALGORITHM);
        wSSecSignature.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
        wSSecSignature.setKeyIdentifierType(1);
        wSSecSignature.setParts(Collections.singletonList(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "")));
        WSSecHeader wSSecHeader = new WSSecHeader();
        try {
            wSSecHeader.insertSecurityHeader(documentFromString);
            String str2 = "";
            if (merchantConfig.getKeyFilename() == null) {
                str2 = merchantConfig.getKeysDirectory() + File.separatorChar + merchantConfig.getMerchantID() + ".p12";
            } else if (merchantConfig.getKeysDirectory() != null) {
                str2 = merchantConfig.getKeysDirectory() + File.separatorChar + merchantConfig.getKeyFilename();
            }
            Properties properties = new Properties();
            properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.provider", "BC");
            properties.setProperty("org.apache.ws.security.crypto.merlin.cert.provider", "BC");
            properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.file", str2);
            properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.password", merchantConfig.getKeyPassword());
            properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.type", KEY_FILE_TYPE);
            String name = merchantCertificate.getSubjectDN().getName();
            if (name == null) {
                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                throw new SignException("Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
            }
            String[] split = name.split("SERIALNUMBER=");
            if (split.length != 2) {
                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                throw new SignException("Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
            }
            String str3 = "serialNumber=" + split[1] + ",CN=" + merchantConfig.getMerchantID();
            properties.setProperty("org.apache.ws.security.crypto.merlin.keystore.alias", str3);
            wSSecSignature.setUserInfo(str3, merchantConfig.getKeyPassword());
            try {
                return wSSecSignature.build(documentFromString, CryptoFactory.getInstance(properties), wSSecHeader);
            } catch (WSSecurityException e) {
                logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
                throw new SignException((Exception) e);
            }
        } catch (WSSecurityException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException((Exception) e2);
        }
    }

    private static Document getDocumentFromString(String str, Logger logger) throws SignException {
        try {
            DocumentBuilderFactory.newInstance().setNamespaceAware(true);
            DocumentBuilder newDocumentBuilder = Utility.newDocumentBuilder();
            StringReader stringReader = new StringReader(str);
            Document parse = newDocumentBuilder.parse(new InputSource(stringReader));
            stringReader.close();
            return parse;
        } catch (IOException e) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException(e);
        } catch (ParserConfigurationException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException(e2);
        } catch (SAXException e3) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException(e3);
        }
    }

    private static void loadMerchantP12File(MerchantConfig merchantConfig, Logger logger) throws SignException {
        if (merchantCertificate == null || merchantPrivateKey == null) {
            readAndStoreCertificateAndPrivateKey(merchantConfig, logger);
        } else {
            if (currentMerchantId.equals(merchantConfig.getMerchantID())) {
                return;
            }
            readAndStoreCertificateAndPrivateKey(merchantConfig, logger);
        }
    }

    private static void readAndStoreCertificateAndPrivateKey(MerchantConfig merchantConfig, Logger logger) throws SignException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_FILE_TYPE, (Provider) new BouncyCastleProvider());
            try {
                keyStore.load(new FileInputStream(merchantConfig.getKeyFile()), merchantConfig.getKeyPassword().toCharArray());
                String str = null;
                try {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        str = aliases.nextElement();
                        if (str.contains(merchantConfig.getKeyAlias())) {
                            break;
                        }
                    }
                    try {
                        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
                        merchantCertificate = (X509Certificate) privateKeyEntry.getCertificate();
                        merchantPrivateKey = privateKeyEntry.getPrivateKey();
                        currentMerchantId = merchantConfig.getMerchantID();
                        if (merchantCertificate == null || merchantPrivateKey == null) {
                            logger.log(Logger.LT_EXCEPTION, "No valid entries found in the KeyStore, check alias, '" + merchantConfig.getKeyAlias() + "'");
                            throw new SignException("No valid entries found in the KeyStore, check alias, '" + merchantConfig.getKeyAlias() + "'");
                        }
                    } catch (KeyStoreException e) {
                        logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                        throw new SignException(e);
                    } catch (NoSuchAlgorithmException e2) {
                        logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                        throw new SignException(e2);
                    } catch (UnrecoverableEntryException e3) {
                        logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                        throw new SignException(e3);
                    }
                } catch (KeyStoreException e4) {
                    logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                    throw new SignException(e4);
                }
            } catch (ConfigException e5) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e5);
            } catch (IOException e6) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e6);
            } catch (NoSuchAlgorithmException e7) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e7);
            } catch (CertificateException e8) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e8);
            }
        } catch (KeyStoreException e9) {
            logger.log(Logger.LT_EXCEPTION, "Exception while instantiating KeyStore");
            throw new SignException(e9);
        }
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
