package com.cybersource.ws.client;

import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.ws.security.WSEncryptionPart;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CredentialException;
import org.apache.ws.security.message.WSSecEncrypt;
import org.apache.ws.security.message.WSSecHeader;
import org.apache.ws.security.message.WSSecSignature;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;

/* loaded from: input_file:com/cybersource/ws/client/SecurityUtil.class */
public class SecurityUtil {
    private static final String KEY_FILE_TYPE = "PKCS12";
    private static final String SERVER_ALIAS = "CyberSource_SJC_US";
    private static MessageHandlerKeyStore localKeyStoreHandler;
    private static final String SIGNATURE_ALGORITHM = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    private static final String DIGEST_ALGORITHM = "http://www.w3.org/2001/04/xmlenc#sha256";
    private static ConcurrentHashMap<String, Identity> identities = new ConcurrentHashMap<>();
    private static BouncyCastleProvider bcProvider = new BouncyCastleProvider();

    private static void initKeystore() throws KeyStoreException, CredentialException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null, null);
        localKeyStoreHandler = new MessageHandlerKeyStore();
        localKeyStoreHandler.setKeyStore(keyStore);
    }

    public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException {
        if (identities.get(merchantConfig.getMerchantID()) == null) {
            try {
                if (localKeyStoreHandler == null) {
                    initKeystore();
                }
                readAndStoreCertificateAndPrivateKey(merchantConfig, logger);
            } catch (Exception e) {
                logger.log(Logger.LT_EXCEPTION, "SecurityUtil, cannot instantiate class with keystore error. " + e.getMessage());
                throw new SignException(e.getMessage());
            }
        }
    }

    private static void readAndStoreCertificateAndPrivateKey(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_FILE_TYPE, (Provider) bcProvider);
            try {
                keyStore.load(new FileInputStream(merchantConfig.getKeyFile()), merchantConfig.getKeyPassword().toCharArray());
                try {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (nextElement.contains(merchantConfig.getKeyAlias())) {
                            try {
                                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
                                Identity identity = new Identity(merchantConfig, (X509Certificate) privateKeyEntry.getCertificate(), privateKeyEntry.getPrivateKey());
                                localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                                identities.put(identity.getName(), identity);
                            } catch (KeyStoreException e) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(e);
                            } catch (NoSuchAlgorithmException e2) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(e2);
                            } catch (UnrecoverableEntryException e3) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(e3);
                            }
                        } else {
                            Identity identity2 = new Identity(merchantConfig, (X509Certificate) keyStore.getCertificate(nextElement));
                            localKeyStoreHandler.addIdentityToKeyStore(identity2, logger);
                            identities.put(identity2.getName(), identity2);
                        }
                    }
                } catch (KeyStoreException e4) {
                    logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                    throw new SignException(e4);
                }
            } catch (ConfigException e5) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e5);
            } catch (IOException e6) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e6);
            } catch (NoSuchAlgorithmException e7) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e7);
            } catch (CertificateException e8) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e8);
            }
        } catch (KeyStoreException e9) {
            logger.log(Logger.LT_EXCEPTION, "Exception while instantiating KeyStore");
            throw new SignException(e9);
        }
    }

    public static Document handleMessageCreation(Document document, String str, Logger logger) throws SignEncryptException, SignException {
        logger.log(Logger.LT_INFO, "Encrypting Signed doc ...");
        WSSecHeader wSSecHeader = new WSSecHeader();
        try {
            wSSecHeader.insertSecurityHeader(document);
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt();
            wSSecEncrypt.setUserInfo(identities.get(SERVER_ALIAS).getKeyAlias());
            wSSecEncrypt.setKeyIdentifierType(3);
            wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
            try {
                Document build = wSSecEncrypt.build(document, localKeyStoreHandler, wSSecHeader);
                wSSecEncrypt.prependToHeader(wSSecHeader);
                return build;
            } catch (WSSecurityException e) {
                logger.log(Logger.LT_EXCEPTION, "Failed while encrypting signed requeest for , '" + str + "' with " + SERVER_ALIAS);
                throw new SignEncryptException("Failed while encrypting signed requeest for , '" + str + "' with " + SERVER_ALIAS, e);
            }
        } catch (WSSecurityException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while adding docuemnt in soap securiy header for MLE");
            throw new SignException((Exception) e2);
        }
    }

    public static Document createSignedDoc(Document document, String str, String str2, Logger logger) throws SignException {
        logger.log(Logger.LT_INFO, "Signing request...");
        WSSecHeader wSSecHeader = new WSSecHeader();
        try {
            wSSecHeader.insertSecurityHeader(document);
            WSSecSignature wSSecSignature = new WSSecSignature();
            wSSecSignature.setUserInfo(identities.get(str).getKeyAlias(), str2);
            wSSecSignature.setDigestAlgo(DIGEST_ALGORITHM);
            wSSecSignature.setSignatureAlgorithm(SIGNATURE_ALGORITHM);
            wSSecSignature.setKeyIdentifierType(1);
            wSSecSignature.setUseSingleCertificate(true);
            wSSecSignature.setParts(Collections.singletonList(new WSEncryptionPart("Body", "http://schemas.xmlsoap.org/soap/envelope/", "")));
            try {
                return wSSecSignature.build(document, localKeyStoreHandler, wSSecHeader);
            } catch (WSSecurityException e) {
                logger.log(Logger.LT_EXCEPTION, "Failed while signing requeest for , '" + str + "'");
                throw new SignException(e.getMessage());
            }
        } catch (WSSecurityException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException((Exception) e2);
        }
    }

    static {
        localKeyStoreHandler = null;
        Security.addProvider(bcProvider);
        try {
            initKeystore();
        } catch (Exception e) {
            localKeyStoreHandler = null;
        }
    }
}
