package org.wso2.carbon.core.util;

import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.internal.CarbonCoreDataHolder;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.core-4.6.1-m7.jar:org/wso2/carbon/core/util/SignatureUtil.class */
public class SignatureUtil {
    private static final String THUMB_DIGEST_ALGORITHM = "SHA-1";
    private static String signatureAlgorithm = "SHA1withRSA";
    private static String provider = BouncyCastleProvider.PROVIDER_NAME;

    private SignatureUtil() {
    }

    public static void init() throws Exception {
        Security.addProvider(new BouncyCastleProvider());
    }

    public static byte[] getThumbPrintForAlias(String str) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.reset();
        messageDigest.update(getCertificate(str).getEncoded());
        return messageDigest.digest();
    }

    public static boolean validateSignature(byte[] bArr, String str, byte[] bArr2) throws Exception {
        Signature signature = Signature.getInstance(signatureAlgorithm, provider);
        signature.initVerify(getPublicKey(bArr));
        signature.update(str.getBytes());
        return signature.verify(bArr2);
    }

    public static boolean validateSignature(String str, byte[] bArr) throws Exception {
        Signature signature = Signature.getInstance(signatureAlgorithm, provider);
        signature.initVerify(getDefaultPublicKey());
        signature.update(str.getBytes());
        return signature.verify(bArr);
    }

    public static byte[] doSignature(String str) throws Exception {
        Signature signature = Signature.getInstance(signatureAlgorithm, provider);
        signature.initSign(getDefaultPrivateKey());
        signature.update(str.getBytes());
        return signature.sign();
    }

    private static PrivateKey getDefaultPrivateKey() throws Exception {
        KeyStore primaryKeyStore = KeyStoreManager.getInstance(-1234).getPrimaryKeyStore();
        ServerConfigurationService serverConfigurationService = CarbonCoreDataHolder.getInstance().getServerConfigurationService();
        return (PrivateKey) primaryKeyStore.getKey(serverConfigurationService.getFirstProperty("Security.KeyStore.KeyAlias"), serverConfigurationService.getFirstProperty("Security.KeyStore.Password").toCharArray());
    }

    private static PublicKey getDefaultPublicKey() throws Exception {
        return KeyStoreManager.getInstance(-1234).getPrimaryKeyStore().getCertificate(CarbonCoreDataHolder.getInstance().getServerConfigurationService().getFirstProperty("Security.KeyStore.KeyAlias")).getPublicKey();
    }

    private static PublicKey getPublicKey(byte[] bArr) throws Exception {
        KeyStore primaryKeyStore = KeyStoreManager.getInstance(-1234).getPrimaryKeyStore();
        PublicKey publicKey = null;
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
        messageDigest.reset();
        Enumeration<String> aliases = primaryKeyStore.aliases();
        while (true) {
            if (!aliases.hasMoreElements()) {
                break;
            }
            Certificate certificate = getCertificate(aliases.nextElement());
            messageDigest.update(certificate.getEncoded());
            if (Arrays.equals(messageDigest.digest(), bArr)) {
                publicKey = certificate.getPublicKey();
                break;
            }
        }
        return publicKey;
    }

    private static Certificate getCertificate(String str) throws Exception {
        KeyStore primaryKeyStore = KeyStoreManager.getInstance(-1234).getPrimaryKeyStore();
        Certificate[] certificateChain = primaryKeyStore.getCertificateChain(str);
        Certificate certificate = (certificateChain == null || certificateChain.length == 0) ? primaryKeyStore.getCertificate(str) : certificateChain[0];
        if (certificate instanceof X509Certificate) {
            return certificate;
        }
        throw new Exception("Please check alias. Cannot retrieve valid certificate");
    }
}
