package org.apache.ws.security.components.crypto;

import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import org.apache.commons.discovery.ResourceIterator;
import org.apache.commons.discovery.jdk.JDKHooks;
import org.apache.commons.discovery.resource.DiscoverResources;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;

/* loaded from: input_file:org/apache/ws/security/components/crypto/Merlin.class */
public class Merlin implements Crypto {
    private static Log log;
    protected static CertificateFactory certFact;
    protected Properties properties;
    protected KeyStore keystore = null;
    static String SKI_OID;
    static Class class$org$apache$ws$security$components$crypto$Merlin;

    public Merlin(Properties properties) throws CredentialException, IOException {
        this.properties = null;
        if (properties == null) {
            return;
        }
        this.properties = properties;
        String property = this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
        InputStream inputStream = null;
        DiscoverResources discoverResources = new DiscoverResources();
        discoverResources.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
        discoverResources.addClassLoader(getClass().getClassLoader());
        ResourceIterator findResources = discoverResources.findResources(property);
        inputStream = findResources.hasNext() ? findResources.nextResource().getResourceAsStream() : inputStream;
        if (inputStream == null) {
            try {
                inputStream = new FileInputStream(property);
            } catch (Exception e) {
                throw new CredentialException(3, "proxyNotFound", new Object[]{property});
            }
        }
        try {
            load(inputStream);
            inputStream.close();
        } catch (Throwable th) {
            inputStream.close();
            throw th;
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public synchronized CertificateFactory getCertificateFactory() throws WSSecurityException {
        if (certFact == null) {
            try {
                String property = this.properties.getProperty("org.apache.ws.security.crypto.merlin.cert.provider");
                if (property == null || property.length() == 0) {
                    certFact = CertificateFactory.getInstance("X.509");
                } else {
                    certFact = CertificateFactory.getInstance("X.509", property);
                }
            } catch (NoSuchProviderException e) {
                throw new WSSecurityException(7, "noSecProvider");
            } catch (CertificateException e2) {
                throw new WSSecurityException(7, "unsupportedCertType");
            }
        }
        return certFact;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate loadCertificate(InputStream inputStream) throws WSSecurityException {
        try {
            return (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getX509Certificates(byte[] bArr, boolean z) throws WSSecurityException {
        try {
            List<? extends Certificate> certificates = getCertificateFactory().generateCertPath(new ByteArrayInputStream(bArr)).getCertificates();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
            Iterator<? extends Certificate> it = certificates.iterator();
            for (int i = 0; i < certificates.size(); i++) {
                x509CertificateArr[z ? (certificates.size() - 1) - i : i] = (X509Certificate) it.next();
            }
            return x509CertificateArr;
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getCertificateData(boolean z, X509Certificate[] x509CertificateArr) throws WSSecurityException {
        Vector vector = new Vector();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (z) {
                vector.insertElementAt(x509CertificateArr[i], 0);
            } else {
                vector.add(x509CertificateArr[i]);
            }
        }
        try {
            return getCertificateFactory().generateCertPath(vector).getEncoded();
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError");
        } catch (CertificateException e2) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKey(String str, String str2) throws Exception {
        if (str == null) {
            throw new Exception("alias is null");
        }
        if (!this.keystore.isKeyEntry(str)) {
            log.error(new StringBuffer().append("Cannot find key for alias: ").append(str).toString());
            throw new Exception(new StringBuffer().append("Cannot find key for alias: ").append(str).toString());
        }
        Key key = this.keystore.getKey(str, str2.toCharArray());
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        throw new Exception(new StringBuffer().append("Key is not a private key, alias: ").append(str).toString());
    }

    private Vector splitAndTrim(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        Vector vector = new Vector();
        while (x509NameTokenizer.hasMoreTokens()) {
            vector.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(vector);
        return vector;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str) throws WSSecurityException {
        return getAliasForX509Cert(str, null, false);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws WSSecurityException {
        return getAliasForX509Cert(str, bigInteger, true);
    }

    private String getAliasForX509Cert(String str, BigInteger bigInteger, boolean z) throws WSSecurityException {
        Certificate certificate;
        Vector splitAndTrim = splitAndTrim(str);
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if ((!z || (z && x509Certificate.getSerialNumber().compareTo(bigInteger) == 0)) && splitAndTrim(x509Certificate.getIssuerDN().getName()).equals(splitAndTrim)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(byte[] bArr) throws WSSecurityException {
        Object certificate;
        boolean z = false;
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Object[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate);
                    if (sKIBytesFromCert.length == bArr.length) {
                        int i = 0;
                        while (true) {
                            if (i >= sKIBytesFromCert.length) {
                                break;
                            }
                            if (sKIBytesFromCert[i] != bArr[i]) {
                                z = false;
                                break;
                            }
                            z = true;
                            i++;
                        }
                        if (z) {
                            return nextElement;
                        }
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(Certificate certificate) throws WSSecurityException {
        try {
            String certificateAlias = this.keystore.getCertificateAlias(certificate);
            if (certificateAlias != null) {
                return certificateAlias;
            }
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (((X509Certificate) this.keystore.getCertificate(nextElement)).equals(certificate)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getDefaultX509Alias() {
        if (this.properties == null) {
            return null;
        }
        return this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getCertificates(String str) throws WSSecurityException {
        try {
            Certificate[] certificateChain = this.keystore.getCertificateChain(str);
            if (certificateChain == null || certificateChain.length == 0) {
                Certificate certificate = this.keystore.getCertificate(str);
                if (certificate == null) {
                    return null;
                }
                certificateChain = new Certificate[]{certificate};
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            for (int i = 0; i < certificateChain.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateChain[i];
            }
            return x509CertificateArr;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public void load(InputStream inputStream) throws CredentialException {
        if (inputStream == null) {
            throw new IllegalArgumentException("input stream cannot be null");
        }
        try {
            String property = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.provider");
            if (property == null || property.length() == 0) {
                this.keystore = KeyStore.getInstance(this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type", KeyStore.getDefaultType()));
            } else {
                this.keystore = KeyStore.getInstance(this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type", KeyStore.getDefaultType()), property);
            }
            String property2 = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.password", "security");
            this.keystore.load(inputStream, (property2 == null || property2.length() == 0) ? new char[0] : property2.toCharArray());
        } catch (IOException e) {
            e.printStackTrace();
            throw new CredentialException(3, "ioError00", e);
        } catch (GeneralSecurityException e2) {
            e2.printStackTrace();
            throw new CredentialException(3, "secError00", e2);
        } catch (Exception e3) {
            e3.printStackTrace();
            throw new CredentialException(-1, "error00", e3);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
        byte[] extensionValue = x509Certificate.getExtensionValue(SKI_OID);
        if (x509Certificate.getVersion() >= 3 && extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Support for RSA key only"});
        }
        byte[] encoded = publicKey.getEncoded();
        byte[] bArr2 = new byte[encoded.length - 22];
        System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Wrong certificate version (<3) and no SHA1 message digest availabe"});
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public KeyStore getKeyStore() {
        return this.keystore;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public boolean validateCertPath(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr));
            PKIXParameters pKIXParameters = new PKIXParameters(this.keystore);
            pKIXParameters.setRevocationEnabled(false);
            CertPathValidator.getInstance("PKIX").validate(generateCertPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new WSSecurityException(0, "certpath", new Object[]{e.getMessage()}, e);
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(0, "certpath", new Object[]{e2.getMessage()}, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new WSSecurityException(0, "certpath", new Object[]{e3.getMessage()}, e3);
        } catch (CertPathValidatorException e4) {
            throw new WSSecurityException(0, "certpath", new Object[]{e4.getMessage()}, e4);
        } catch (CertificateException e5) {
            throw new WSSecurityException(0, "certpath", new Object[]{e5.getMessage()}, e5);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String[] getAliasesForDN(String str) throws WSSecurityException {
        Certificate certificate;
        Vector vector = new Vector();
        Vector splitAndTrim = splitAndTrim(str);
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                    new Certificate[1][0] = certificate;
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && splitAndTrim.equals(splitAndTrim(((X509Certificate) certificate).getSubjectDN().getName()))) {
                    vector.add(nextElement);
                }
            }
            String[] strArr = new String[vector.size()];
            for (int i = 0; i < vector.size(); i++) {
                strArr[i] = (String) vector.elementAt(i);
            }
            return strArr;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$org$apache$ws$security$components$crypto$Merlin == null) {
            cls = class$("org.apache.ws.security.components.crypto.Merlin");
            class$org$apache$ws$security$components$crypto$Merlin = cls;
        } else {
            cls = class$org$apache$ws$security$components$crypto$Merlin;
        }
        log = LogFactory.getLog(cls);
        SKI_OID = "2.5.29.14";
    }
}
