package org.apache.ws.security.components.crypto;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CollectionCertStoreParameters;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Properties;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSPasswordCallback;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.CryptoType;
import org.apache.ws.security.util.Loader;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:wlp/lib/com.ibm.ws.org.apache.ws.security.wss4j.1.6.7_1.0.16.jar:org/apache/ws/security/components/crypto/Merlin.class */
public class Merlin extends CryptoBase {
    public static final String OLD_KEYSTORE_FILE = "org.apache.ws.security.crypto.merlin.file";
    public static final String CRYPTO_KEYSTORE_PROVIDER = "org.apache.ws.security.crypto.merlin.keystore.provider";
    public static final String CRYPTO_CERT_PROVIDER = "org.apache.ws.security.crypto.merlin.cert.provider";
    public static final String KEYSTORE_FILE = "org.apache.ws.security.crypto.merlin.keystore.file";
    public static final String KEYSTORE_PASSWORD = "org.apache.ws.security.crypto.merlin.keystore.password";
    public static final String KEYSTORE_TYPE = "org.apache.ws.security.crypto.merlin.keystore.type";
    public static final String KEYSTORE_ALIAS = "org.apache.ws.security.crypto.merlin.keystore.alias";
    public static final String KEYSTORE_PRIVATE_PASSWORD = "org.apache.ws.security.crypto.merlin.keystore.private.password";
    public static final String LOAD_CA_CERTS = "org.apache.ws.security.crypto.merlin.load.cacerts";
    public static final String TRUSTSTORE_FILE = "org.apache.ws.security.crypto.merlin.truststore.file";
    public static final String TRUSTSTORE_PASSWORD = "org.apache.ws.security.crypto.merlin.truststore.password";
    public static final String TRUSTSTORE_TYPE = "org.apache.ws.security.crypto.merlin.truststore.type";
    public static final String X509_CRL_FILE = "org.apache.ws.security.crypto.merlin.x509crl.file";
    private static final Log LOG = LogFactory.getLog(Merlin.class);
    private static final boolean DO_DEBUG = LOG.isDebugEnabled();
    protected static CertificateFactory certFact;
    protected Properties properties;
    protected KeyStore keystore;
    protected KeyStore truststore;
    protected CertStore crlCertStore;
    protected boolean loadCACerts;
    protected boolean privatePasswordSet;

    public Merlin() {
        this.properties = null;
        this.keystore = null;
        this.truststore = null;
        this.crlCertStore = null;
        this.loadCACerts = false;
        this.privatePasswordSet = false;
    }

    public Merlin(Properties properties) throws CredentialException, IOException {
        this(properties, Loader.getClassLoader(Merlin.class));
    }

    public Merlin(Properties properties, ClassLoader classLoader) throws CredentialException, IOException {
        this.properties = null;
        this.keystore = null;
        this.truststore = null;
        this.crlCertStore = null;
        this.loadCACerts = false;
        this.privatePasswordSet = false;
        loadProperties(properties, classLoader);
    }

    public void loadProperties(Properties properties) throws CredentialException, IOException {
        loadProperties(properties, Loader.getClassLoader(Merlin.class));
    }

    public void loadProperties(Properties properties, ClassLoader classLoader) throws CredentialException, IOException {
        InputStream loadInputStream;
        if (properties == null) {
            return;
        }
        this.properties = properties;
        String property = properties.getProperty(CRYPTO_KEYSTORE_PROVIDER);
        if (property != null) {
            property = property.trim();
        }
        String property2 = properties.getProperty(CRYPTO_CERT_PROVIDER);
        if (property2 != null) {
            setCryptoProvider(property2);
        }
        String property3 = properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.alias");
        if (property3 != null) {
            this.defaultAlias = property3.trim();
        }
        String property4 = properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.file");
        if (property4 == null) {
            property4 = properties.getProperty(OLD_KEYSTORE_FILE);
        }
        if (property4 != null) {
            String trim = property4.trim();
            loadInputStream = loadInputStream(classLoader, trim);
            try {
                String property5 = properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.password", "security");
                if (property5 != null) {
                    property5 = property5.trim();
                }
                String property6 = properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.type", KeyStore.getDefaultType());
                if (property6 != null) {
                    property6 = property6.trim();
                }
                this.keystore = load(loadInputStream, property5, property, property6);
                if (DO_DEBUG) {
                    LOG.debug("The KeyStore " + trim + " of type " + property6 + " has been loaded");
                }
                if (properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.private.password") != null) {
                    this.privatePasswordSet = true;
                }
            } finally {
                if (loadInputStream != null) {
                    loadInputStream.close();
                }
            }
        } else if (DO_DEBUG) {
            LOG.debug("The KeyStore is not loaded as KEYSTORE_FILE is null");
        }
        String property7 = properties.getProperty(TRUSTSTORE_FILE);
        if (property7 != null) {
            String trim2 = property7.trim();
            InputStream loadInputStream2 = loadInputStream(classLoader, trim2);
            try {
                String property8 = properties.getProperty("org.apache.ws.security.crypto.merlin.truststore.password", "changeit");
                if (property8 != null) {
                    property8 = property8.trim();
                }
                String property9 = properties.getProperty(TRUSTSTORE_TYPE, KeyStore.getDefaultType());
                if (property9 != null) {
                    property9 = property9.trim();
                }
                this.truststore = load(loadInputStream2, property8, property, property9);
                if (DO_DEBUG) {
                    LOG.debug("The TrustStore " + trim2 + " of type " + property9 + " has been loaded");
                }
                this.loadCACerts = false;
                if (loadInputStream2 != null) {
                    loadInputStream2.close();
                }
            } finally {
                if (loadInputStream2 != null) {
                    loadInputStream2.close();
                }
            }
        } else {
            String property10 = properties.getProperty(LOAD_CA_CERTS, "false");
            if (property10 != null) {
                property10 = property10.trim();
            }
            if (Boolean.valueOf(property10).booleanValue()) {
                String str = System.getProperty("java.home") + "/lib/security/cacerts";
                if (str != null) {
                    str = str.trim();
                }
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    String property11 = properties.getProperty("org.apache.ws.security.crypto.merlin.truststore.password", "changeit");
                    if (property11 != null) {
                        property11 = property11.trim();
                    }
                    this.truststore = load(fileInputStream, property11, null, KeyStore.getDefaultType());
                    if (DO_DEBUG) {
                        LOG.debug("CA certs have been loaded");
                    }
                    this.loadCACerts = true;
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                } catch (Throwable th) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th;
                }
            }
        }
        String property12 = properties.getProperty(X509_CRL_FILE);
        if (property12 != null) {
            String trim3 = property12.trim();
            loadInputStream = loadInputStream(classLoader, trim3);
            try {
                try {
                    X509CRL x509crl = (X509CRL) getCertificateFactory().generateCRL(loadInputStream);
                    if (property == null || property.length() == 0) {
                        this.crlCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(x509crl)));
                    } else {
                        this.crlCertStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(Collections.singletonList(x509crl)), property);
                    }
                    if (DO_DEBUG) {
                        LOG.debug("The CRL " + trim3 + " has been loaded");
                    }
                    if (loadInputStream != null) {
                        loadInputStream.close();
                    }
                } catch (Exception e) {
                    if (DO_DEBUG) {
                        LOG.debug(e.getMessage(), e);
                    }
                    throw new CredentialException(3, "ioError00", e);
                }
            } finally {
            }
        }
    }

    public static InputStream loadInputStream(ClassLoader classLoader, String str) throws CredentialException, IOException {
        InputStream inputStream = null;
        if (str != null) {
            URL resource = Loader.getResource(classLoader, str);
            if (resource != null) {
                inputStream = resource.openStream();
            }
            if (inputStream == null) {
                try {
                    inputStream = new FileInputStream(str);
                } catch (Exception e) {
                    if (DO_DEBUG) {
                        LOG.debug(e.getMessage(), e);
                    }
                    throw new CredentialException(3, "proxyNotFound", new Object[]{str}, e);
                }
            }
        }
        return inputStream;
    }

    public KeyStore load(InputStream inputStream, String str, String str2, String str3) throws CredentialException {
        KeyStore keyStore;
        if (str2 != null) {
            try {
                if (str2.length() != 0) {
                    keyStore = KeyStore.getInstance(str3, str2);
                    keyStore.load(inputStream, (str != null || str.length() == 0) ? new char[0] : str.toCharArray());
                    return keyStore;
                }
            } catch (IOException e) {
                if (DO_DEBUG) {
                    LOG.debug(e.getMessage(), e);
                }
                throw new CredentialException(3, "ioError00", e);
            } catch (GeneralSecurityException e2) {
                if (DO_DEBUG) {
                    LOG.debug(e2.getMessage(), e2);
                }
                throw new CredentialException(4, "secError00", e2);
            } catch (Exception e3) {
                if (DO_DEBUG) {
                    LOG.debug(e3.getMessage(), e3);
                }
                throw new CredentialException(-1, "error00", e3);
            }
        }
        keyStore = KeyStore.getInstance(str3);
        keyStore.load(inputStream, (str != null || str.length() == 0) ? new char[0] : str.toCharArray());
        return keyStore;
    }

    public KeyStore getKeyStore() {
        return this.keystore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public KeyStore getTrustStore() {
        return this.truststore;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.truststore = keyStore;
    }

    public void setCRLCertStore(CertStore certStore) {
        this.crlCertStore = certStore;
    }

    public CertStore getCRLCertStore() {
        return this.crlCertStore;
    }

    @Override // org.apache.ws.security.components.crypto.CryptoBase, org.apache.ws.security.components.crypto.Crypto
    public CertificateFactory getCertificateFactory() throws WSSecurityException {
        CertificateFactory certificateFactory;
        String cryptoProvider = getCryptoProvider();
        String str = null;
        if (this.keystore != null) {
            str = this.keystore.getProvider().getName();
        }
        if (cryptoProvider != null) {
            certificateFactory = this.certFactMap.get(cryptoProvider);
        } else if (str != null) {
            certificateFactory = this.certFactMap.get(mapKeystoreProviderToCertProvider(str));
            if (certificateFactory == null) {
                certificateFactory = this.certFactMap.get(str);
            }
        } else {
            certificateFactory = this.certFactMap.get("DEFAULT");
        }
        if (certificateFactory == null) {
            if (cryptoProvider != null) {
                try {
                    if (cryptoProvider.length() != 0) {
                        certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, cryptoProvider);
                        this.certFactMap.put(cryptoProvider, certificateFactory);
                        this.certFactMap.put(certificateFactory.getProvider().getName(), certificateFactory);
                    }
                } catch (NoSuchProviderException e) {
                    throw new WSSecurityException(7, "noSecProvider", null, e);
                } catch (CertificateException e2) {
                    throw new WSSecurityException(7, "unsupportedCertType", null, e2);
                }
            }
            if (str != null && str.length() != 0) {
                try {
                    certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, mapKeystoreProviderToCertProvider(str));
                    this.certFactMap.put(str, certificateFactory);
                    this.certFactMap.put(mapKeystoreProviderToCertProvider(str), certificateFactory);
                } catch (Exception e3) {
                    LOG.debug(e3);
                }
            }
            if (certificateFactory == null) {
                certificateFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
                this.certFactMap.put("DEFAULT", certificateFactory);
            }
            this.certFactMap.put(certificateFactory.getProvider().getName(), certificateFactory);
        }
        return certificateFactory;
    }

    private String mapKeystoreProviderToCertProvider(String str) {
        return "SunJSSE".equals(str) ? "SUN" : str;
    }

    @Override // org.apache.ws.security.components.crypto.CryptoBase, org.apache.ws.security.components.crypto.Crypto
    public String getDefaultX509Identifier() throws WSSecurityException {
        if (this.defaultAlias != null) {
            return this.defaultAlias;
        }
        if (this.keystore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            if (!aliases.hasMoreElements()) {
                return null;
            }
            String nextElement = aliases.nextElement();
            if (aliases.hasMoreElements()) {
                return null;
            }
            this.defaultAlias = nextElement;
            return nextElement;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
        if (cryptoType == null) {
            return null;
        }
        X509Certificate[] x509CertificateArr = null;
        switch (cryptoType.getType()) {
            case ISSUER_SERIAL:
                x509CertificateArr = getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
                break;
            case THUMBPRINT_SHA1:
                x509CertificateArr = getX509Certificates(cryptoType.getBytes());
                break;
            case SKI_BYTES:
                x509CertificateArr = getX509CertificatesSKI(cryptoType.getBytes());
                break;
            case SUBJECT_DN:
                x509CertificateArr = getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
                break;
            case ALIAS:
                x509CertificateArr = getX509Certificates(cryptoType.getAlias());
                break;
        }
        return x509CertificateArr;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getX509Identifier(X509Certificate x509Certificate) throws WSSecurityException {
        String str = null;
        if (this.keystore != null) {
            str = getIdentifier(x509Certificate, this.keystore);
        }
        if (str == null && this.truststore != null) {
            str = getIdentifier(x509Certificate, this.truststore);
        }
        return str;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKey(X509Certificate x509Certificate, CallbackHandler callbackHandler) throws WSSecurityException {
        if (this.keystore == null) {
            throw new WSSecurityException("The keystore is null");
        }
        if (callbackHandler == null) {
            throw new WSSecurityException("The CallbackHandler is null");
        }
        String identifier = getIdentifier(x509Certificate, this.keystore);
        if (identifier != null) {
            try {
                if (this.keystore.isKeyEntry(identifier)) {
                    String password = getPassword(identifier, callbackHandler);
                    if (password == null && this.privatePasswordSet) {
                        password = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.private.password");
                        if (password != null) {
                            password = password.trim();
                        }
                    }
                    Key key = this.keystore.getKey(identifier, password == null ? new char[0] : password.toCharArray());
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    String str = "Key is not a private key, alias: [" + identifier + "]";
                    LOG.error(str + createKeyStoreErrorMessage(this.keystore));
                    throw new WSSecurityException(str);
                }
            } catch (KeyStoreException e) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e.getMessage()}, e);
            } catch (NoSuchAlgorithmException e2) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e2.getMessage()}, e2);
            } catch (UnrecoverableKeyException e3) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e3.getMessage()}, e3);
            }
        }
        String str2 = "Cannot find key for alias: [" + identifier + "]";
        LOG.error(str2 + createKeyStoreErrorMessage(this.keystore));
        throw new WSSecurityException(str2);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKey(String str, String str2) throws WSSecurityException {
        if (this.keystore == null) {
            throw new WSSecurityException("The keystore is null");
        }
        if (str != null) {
            try {
                if (this.keystore.isKeyEntry(str)) {
                    if (str2 == null && this.privatePasswordSet) {
                        str2 = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.private.password");
                        if (str2 != null) {
                            str2 = str2.trim();
                        }
                    }
                    Key key = this.keystore.getKey(str, str2 == null ? new char[0] : str2.toCharArray());
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    String str3 = "Key is not a private key, alias: [" + str + "]";
                    LOG.error(str3 + createKeyStoreErrorMessage(this.keystore));
                    throw new WSSecurityException(str3);
                }
            } catch (KeyStoreException e) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e.getMessage()}, e);
            } catch (NoSuchAlgorithmException e2) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e2.getMessage()}, e2);
            } catch (UnrecoverableKeyException e3) {
                throw new WSSecurityException(0, "noPrivateKey", new Object[]{e3.getMessage()}, e3);
            }
        }
        String str4 = "Cannot find key for alias: [" + str + "]";
        LOG.error(str4 + createKeyStoreErrorMessage(this.keystore));
        throw new WSSecurityException(str4);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    @Deprecated
    public boolean verifyTrust(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        return verifyTrust(x509CertificateArr, false);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public boolean verifyTrust(X509Certificate[] x509CertificateArr, boolean z) throws WSSecurityException {
        if (x509CertificateArr.length == 1 && !z) {
            String name = x509CertificateArr[0].getIssuerX500Principal().getName();
            BigInteger serialNumber = x509CertificateArr[0].getSerialNumber();
            CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ISSUER_SERIAL);
            cryptoType.setIssuerSerial(name, serialNumber);
            X509Certificate[] x509Certificates = getX509Certificates(cryptoType);
            if (x509Certificates != null && x509Certificates[0] != null && x509Certificates[0].equals(x509CertificateArr[0])) {
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug("Direct trust for certificate with " + x509CertificateArr[0].getSubjectX500Principal().getName());
                return true;
            }
        }
        X509Certificate[] x509CertificateArr2 = x509CertificateArr;
        String name2 = x509CertificateArr[0].getIssuerX500Principal().getName();
        if (x509CertificateArr.length == 1) {
            CryptoType cryptoType2 = new CryptoType(CryptoType.TYPE.SUBJECT_DN);
            cryptoType2.setSubjectDN(name2);
            X509Certificate[] x509Certificates2 = getX509Certificates(cryptoType2);
            if (x509Certificates2 == null || x509Certificates2.length < 1) {
                String name3 = x509CertificateArr[0].getSubjectX500Principal().getName();
                if (!LOG.isDebugEnabled()) {
                    return false;
                }
                LOG.debug("No certs found in keystore for issuer " + name2 + " of certificate for " + name3);
                return false;
            }
            x509CertificateArr2 = new X509Certificate[x509Certificates2.length + 1];
            x509CertificateArr2[0] = x509CertificateArr[0];
            System.arraycopy(x509Certificates2, 0, x509CertificateArr2, 1, x509Certificates2.length);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Preparing to validate certificate path for issuer " + name2);
        }
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr2));
            HashSet hashSet = new HashSet();
            if (this.truststore != null) {
                Enumeration<String> aliases = this.truststore.aliases();
                while (aliases.hasMoreElements()) {
                    X509Certificate x509Certificate = (X509Certificate) this.truststore.getCertificate(aliases.nextElement());
                    if (x509Certificate != null) {
                        hashSet.add(new TrustAnchor(x509Certificate, x509Certificate.getExtensionValue(CryptoBase.NAME_CONSTRAINTS_OID)));
                    }
                }
            }
            if (this.keystore != null && (this.truststore == null || this.loadCACerts)) {
                Enumeration<String> aliases2 = this.keystore.aliases();
                while (aliases2.hasMoreElements()) {
                    X509Certificate x509Certificate2 = (X509Certificate) this.keystore.getCertificate(aliases2.nextElement());
                    if (x509Certificate2 != null) {
                        hashSet.add(new TrustAnchor(x509Certificate2, x509Certificate2.getExtensionValue(CryptoBase.NAME_CONSTRAINTS_OID)));
                    }
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(z);
            if (z && this.crlCertStore != null) {
                pKIXParameters.addCertStore(this.crlCertStore);
            }
            String cryptoProvider = getCryptoProvider();
            ((cryptoProvider == null || cryptoProvider.length() == 0) ? CertPathValidator.getInstance("PKIX") : CertPathValidator.getInstance("PKIX", cryptoProvider)).validate(generateCertPath, pKIXParameters);
            return true;
        } catch (NullPointerException e) {
            throw new WSSecurityException(0, "certpath", new Object[]{e.getMessage()}, e);
        } catch (InvalidAlgorithmParameterException e2) {
            throw new WSSecurityException(0, "certpath", new Object[]{e2.getMessage()}, e2);
        } catch (KeyStoreException e3) {
            throw new WSSecurityException(0, "certpath", new Object[]{e3.getMessage()}, e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new WSSecurityException(0, "certpath", new Object[]{e4.getMessage()}, e4);
        } catch (NoSuchProviderException e5) {
            throw new WSSecurityException(0, "certpath", new Object[]{e5.getMessage()}, e5);
        } catch (CertPathValidatorException e6) {
            throw new WSSecurityException(0, "certpath", new Object[]{e6.getMessage()}, e6);
        } catch (CertificateException e7) {
            throw new WSSecurityException(0, "certpath", new Object[]{e7.getMessage()}, e7);
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public boolean verifyTrust(PublicKey publicKey) throws WSSecurityException {
        if (publicKey == null) {
            return false;
        }
        return findPublicKeyInKeyStore(publicKey, this.keystore) || findPublicKeyInKeyStore(publicKey, this.truststore);
    }

    private X509Certificate[] getX509Certificates(String str, BigInteger bigInteger) throws WSSecurityException {
        Object createBCX509Name;
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException e) {
            createBCX509Name = createBCX509Name(str);
        }
        Certificate[] certificates = this.keystore != null ? getCertificates(createBCX509Name, bigInteger, this.keystore) : null;
        if ((certificates == null || certificates.length == 0) && this.truststore != null) {
            certificates = getCertificates(createBCX509Name, bigInteger, this.truststore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificates[i];
        }
        return x509CertificateArr;
    }

    private Certificate[] getCertificates(Object obj, BigInteger bigInteger, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null) {
                        certificateChain = new Certificate[]{certificate};
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getSerialNumber().compareTo(bigInteger) == 0 && createBCX509Name(x509Certificate.getIssuerX500Principal().getName()).equals(obj)) {
                        return certificateChain;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    private X509Certificate[] getX509Certificates(byte[] bArr) throws WSSecurityException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
            Certificate[] certificates = this.keystore != null ? getCertificates(bArr, this.keystore, messageDigest) : null;
            if ((certificates == null || certificates.length == 0) && this.truststore != null) {
                certificates = getCertificates(bArr, this.truststore, messageDigest);
            }
            if (certificates == null || certificates.length == 0) {
                return null;
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.length];
            for (int i = 0; i < certificates.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificates[i];
            }
            return x509CertificateArr;
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(0, "noSHA1availabe", null, e);
        }
    }

    private Certificate[] getCertificates(byte[] bArr, KeyStore keyStore, MessageDigest messageDigest) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null) {
                        certificateChain = new Certificate[]{certificate};
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    try {
                        messageDigest.update(((X509Certificate) certificate).getEncoded());
                        if (Arrays.equals(messageDigest.digest(), bArr)) {
                            return certificateChain;
                        }
                    } catch (CertificateEncodingException e) {
                        throw new WSSecurityException(7, "encodeError", null, e);
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(0, "keystore", null, e2);
        }
    }

    private X509Certificate[] getX509CertificatesSKI(byte[] bArr) throws WSSecurityException {
        Certificate[] certificates = this.keystore != null ? getCertificates(bArr, this.keystore) : null;
        if ((certificates == null || certificates.length == 0) && this.truststore != null) {
            certificates = getCertificates(bArr, this.truststore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificates[i];
        }
        return x509CertificateArr;
    }

    private Certificate[] getCertificates(byte[] bArr, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null) {
                        certificateChain = new Certificate[]{certificate};
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate);
                    if (sKIBytesFromCert.length == bArr.length && Arrays.equals(sKIBytesFromCert, bArr)) {
                        return certificateChain;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    private X509Certificate[] getX509CertificatesSubjectDN(String str) throws WSSecurityException {
        Object createBCX509Name;
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException e) {
            createBCX509Name = createBCX509Name(str);
        }
        Certificate[] certificates = this.keystore != null ? getCertificates(createBCX509Name, this.keystore) : null;
        if ((certificates == null || certificates.length == 0) && this.truststore != null) {
            certificates = getCertificates(createBCX509Name, this.truststore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        X509Certificate[] x509CertificateArr = new X509Certificate[certificates.length];
        for (int i = 0; i < certificates.length; i++) {
            x509CertificateArr[i] = (X509Certificate) certificates[i];
        }
        return x509CertificateArr;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v18, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v25, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v28, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v35, types: [java.security.cert.Certificate[]] */
    private X509Certificate[] getX509Certificates(String str) throws WSSecurityException {
        Certificate certificate;
        Certificate certificate2;
        X509Certificate[] x509CertificateArr = null;
        try {
            if (this.keystore != null) {
                x509CertificateArr = this.keystore.getCertificateChain(str);
                if ((x509CertificateArr == null || x509CertificateArr.length == 0) && (certificate2 = this.keystore.getCertificate(str)) != null) {
                    x509CertificateArr = new Certificate[]{certificate2};
                }
            }
            if (x509CertificateArr == null && this.truststore != null) {
                x509CertificateArr = this.truststore.getCertificateChain(str);
                if (x509CertificateArr == null && (certificate = this.truststore.getCertificate(str)) != null) {
                    x509CertificateArr = new Certificate[]{certificate};
                }
            }
            if (x509CertificateArr == null) {
                return null;
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr2[i] = x509CertificateArr[i];
            }
            return x509CertificateArr2;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    private boolean findPublicKeyInKeyStore(PublicKey publicKey, KeyStore keyStore) {
        Certificate certificate;
        if (keyStore == null) {
            return false;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && publicKey.equals(((X509Certificate) certificate).getPublicKey())) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            return false;
        }
    }

    private Certificate[] getCertificates(Object obj, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate != null) {
                        certificateChain = new Certificate[]{certificate};
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && obj.equals(createBCX509Name(((X509Certificate) certificate).getSubjectX500Principal().getName()))) {
                    return certificateChain;
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    private static String createKeyStoreErrorMessage(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        StringBuilder sb = new StringBuilder(keyStore.size() * 7);
        boolean z = true;
        while (true) {
            boolean z2 = z;
            if (!aliases.hasMoreElements()) {
                return " in keystore of type [" + keyStore.getType() + "] from provider [" + keyStore.getProvider() + "] with size [" + keyStore.size() + "] and aliases: {" + sb.toString() + "}";
            }
            if (!z2) {
                sb.append(", ");
            }
            sb.append(aliases.nextElement());
            z = false;
        }
    }

    private String getIdentifier(X509Certificate x509Certificate, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && certificate.equals(x509Certificate)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore", null, e);
        }
    }

    private String getPassword(String str, CallbackHandler callbackHandler) throws WSSecurityException {
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, 1);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback.getPassword();
        } catch (IOException e) {
            throw new WSSecurityException(0, "noPassword", new Object[]{str}, e);
        } catch (UnsupportedCallbackException e2) {
            throw new WSSecurityException(0, "noPassword", new Object[]{str}, e2);
        }
    }
}
