package com.ibm.security.krb5.wss.util;

import com.ibm.ws.wssecurity.xss4j.dsig.util.Base64;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import sun.misc.HexDumpEncoder;

/* loaded from: input_file:lib/com.ibm.jaxws.thinclient_9.0.jar:com/ibm/security/krb5/wss/util/KeyStoreUtils.class */
public class KeyStoreUtils {
    private KeyStore ks;
    private Map props;
    private char[] kspw;
    private String phaseMessage;
    public static final String KEYSTORENAME = "keystorename";
    public static final String KEYSTOREPW = "keystorepw";
    public static final String KEYSTORETYPE = "keystoretype";
    public static final String MYALIAS = "myalias";
    public static final String[] PARAMS = {KEYSTORENAME, KEYSTOREPW, KEYSTORETYPE, MYALIAS};

    public KeyStoreUtils(Map map) {
        this.props = new HashMap(map);
    }

    public KeyStore openKeystore() {
        KeyStore keyStore = this.ks;
        if (keyStore == null) {
            try {
                this.phaseMessage = "getting keystore password";
                String str = (String) this.props.get(KEYSTOREPW);
                if (str == null) {
                    throw new RuntimeException();
                }
                this.kspw = str.toCharArray();
                String str2 = (String) this.props.get(KEYSTORETYPE);
                if (str2 == null) {
                    str2 = "jks";
                }
                try {
                    try {
                        this.phaseMessage = "getting keystore type";
                        keyStore = KeyStore.getInstance(str2);
                        this.phaseMessage = "getting keystore inputstream";
                        String str3 = (String) this.props.get(KEYSTORENAME);
                        if (str3 == null) {
                            throw new RuntimeException();
                        }
                        FileInputStream fileInputStream = new FileInputStream(str3);
                        this.phaseMessage = "opening keystore";
                        keyStore.load(fileInputStream, this.kspw);
                    } catch (FileNotFoundException e) {
                        throw new RuntimeException(e);
                    } catch (IOException e2) {
                    }
                } catch (RuntimeException e3) {
                } catch (KeyStoreException e4) {
                    throw new RuntimeException(e4);
                } catch (NoSuchAlgorithmException e5) {
                } catch (CertificateException e6) {
                }
            } catch (Exception e7) {
                throw new RuntimeException(this.phaseMessage, e7);
            }
        }
        return keyStore;
    }

    public PrivateKey getMyPrivateKey() {
        PrivateKey privateKey = null;
        this.ks = openKeystore();
        if (this.ks != null) {
            this.phaseMessage = "locating my alias";
            if ("tomcat" == 0) {
                throw new RuntimeException();
            }
            try {
                this.phaseMessage = "getting private key";
                privateKey = (PrivateKey) this.ks.getKey("tomcat", this.kspw);
            } catch (KeyStoreException e) {
            } catch (NoSuchAlgorithmException e2) {
            } catch (UnrecoverableKeyException e3) {
            }
        }
        return privateKey;
    }

    public Certificate getMyCert() {
        return getThisCert("tomcat");
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.security.Key] */
    public KeyAndCert getMyKeyAndCert() {
        PublicKey publicKey;
        KeyAndCert keyAndCert = null;
        this.ks = openKeystore();
        if (this.ks != null) {
            this.phaseMessage = "locating my alias";
            String str = (String) this.props.get(MYALIAS);
            if (str == null) {
                str = "tomcat";
            }
            try {
                if (!this.ks.containsAlias(str)) {
                    throw new RuntimeException(this.phaseMessage);
                }
                this.phaseMessage = "getting cert from keystore";
                Certificate certificate = this.ks.getCertificate(str);
                if (this.ks.isKeyEntry(str)) {
                    this.phaseMessage = "getting private key";
                    publicKey = this.ks.getKey(str, this.kspw);
                } else {
                    this.phaseMessage = "getting public key";
                    publicKey = certificate.getPublicKey();
                }
                keyAndCert = new KeyAndCert(publicKey, certificate);
            } catch (KeyStoreException e) {
            } catch (NoSuchAlgorithmException e2) {
            } catch (UnrecoverableKeyException e3) {
            }
        }
        return keyAndCert;
    }

    public Certificate getThisCert(String str) {
        Certificate certificate = null;
        this.ks = openKeystore();
        if (this.ks != null) {
            this.phaseMessage = "locating Identity Provider alias";
            if (str == null) {
                throw new RuntimeException();
            }
            try {
                this.phaseMessage = "getting certificate";
                certificate = this.ks.getCertificate(str);
            } catch (KeyStoreException e) {
            }
        }
        return certificate;
    }

    public static String getB64Skid(Certificate certificate, boolean z) {
        String str = null;
        byte[] bArr = null;
        if (certificate instanceof X509Certificate) {
            bArr = getSkiWithTrim((X509Certificate) certificate);
        }
        if (bArr == null) {
            try {
                bArr = computeKID(certificate.getPublicKey(), z);
            } catch (Exception e) {
            }
        }
        if (bArr != null) {
            str = Base64.encode(bArr);
        }
        return str;
    }

    public static String getB64Skid(Certificate certificate) {
        return getB64Skid(certificate, false);
    }

    public static String getB64Skid(Certificate certificate, String str) {
        String str2 = null;
        byte[] bArr = null;
        if (certificate instanceof X509Certificate) {
            bArr = getSkiWithTrim((X509Certificate) certificate);
        }
        if (bArr == null) {
            PublicKey publicKey = certificate.getPublicKey();
            try {
                boolean z = false;
                if (str.length() < 28) {
                    z = true;
                }
                bArr = computeKID(publicKey, z);
            } catch (Exception e) {
            }
        }
        if (bArr != null) {
            str2 = Base64.encode(bArr);
        }
        return str2;
    }

    public static Key getPublicKeyBySKI(String str, X509Certificate x509Certificate) {
        PublicKey publicKey = null;
        byte[] skiWithTrim = getSkiWithTrim(x509Certificate);
        if (skiWithTrim == null) {
            try {
                PublicKey publicKey2 = x509Certificate.getPublicKey();
                byte[] computeKID = computeKID(publicKey2, false);
                System.out.println("Computed ski = " + new HexDumpEncoder().encodeBuffer(computeKID));
                if (Base64.encode(computeKID).equals(str)) {
                    publicKey = publicKey2;
                } else {
                    byte[] computeKID2 = computeKID(publicKey2, true);
                    System.out.println("Computed ski = " + new HexDumpEncoder().encodeBuffer(computeKID2));
                    if (Base64.encode(computeKID2).equals(str)) {
                        publicKey = publicKey2;
                    }
                }
            } catch (NoSuchAlgorithmException e) {
                throw new RuntimeException(e);
            }
        } else if (Base64.encode(skiWithTrim).equals(str)) {
            publicKey = x509Certificate.getPublicKey();
        }
        return publicKey;
    }

    public String getAliasBySKI(String str) {
        String str2 = null;
        this.ks = openKeystore();
        try {
            Enumeration<String> aliases = this.ks.aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                if (str.equals(getB64Skid(this.ks.getCertificate(nextElement), str))) {
                    str2 = nextElement;
                    break;
                }
            }
            return str2;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore getKeyStoreRef() {
        this.ks = openKeystore();
        return this.ks;
    }

    /* JADX WARN: Code restructure failed: missing block: B:12:0x004a, code lost:
    
        r6 = r4.ks.getKey(r0, r4.kspw);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.Key getPrivateKeyBySKI(java.lang.String r5) {
        /*
            r4 = this;
            r0 = 0
            r6 = r0
            r0 = r4
            r1 = r4
            java.security.KeyStore r1 = r1.openKeystore()
            r0.ks = r1
            r0 = r4
            java.security.KeyStore r0 = r0.ks     // Catch: java.lang.Exception -> L5d
            java.util.Enumeration r0 = r0.aliases()     // Catch: java.lang.Exception -> L5d
            r9 = r0
        L13:
            r0 = r9
            boolean r0 = r0.hasMoreElements()     // Catch: java.lang.Exception -> L5d
            if (r0 == 0) goto L5a
            r0 = r9
            java.lang.Object r0 = r0.nextElement()     // Catch: java.lang.Exception -> L5d
            java.lang.String r0 = (java.lang.String) r0     // Catch: java.lang.Exception -> L5d
            r7 = r0
            r0 = r4
            java.security.KeyStore r0 = r0.ks     // Catch: java.lang.Exception -> L5d
            r1 = r7
            boolean r0 = r0.isKeyEntry(r1)     // Catch: java.lang.Exception -> L5d
            if (r0 == 0) goto L13
            r0 = r4
            java.security.KeyStore r0 = r0.ks     // Catch: java.lang.Exception -> L5d
            r1 = r7
            java.security.cert.Certificate r0 = r0.getCertificate(r1)     // Catch: java.lang.Exception -> L5d
            r8 = r0
            r0 = r5
            r1 = r8
            r2 = r5
            java.lang.String r1 = getB64Skid(r1, r2)     // Catch: java.lang.Exception -> L5d
            boolean r0 = r0.equals(r1)     // Catch: java.lang.Exception -> L5d
            if (r0 == 0) goto L13
            r0 = r4
            java.security.KeyStore r0 = r0.ks     // Catch: java.lang.Exception -> L5d
            r1 = r7
            r2 = r4
            char[] r2 = r2.kspw     // Catch: java.lang.Exception -> L5d
            java.security.Key r0 = r0.getKey(r1, r2)     // Catch: java.lang.Exception -> L5d
            r6 = r0
            goto L5a
        L5a:
            goto L69
        L5d:
            r9 = move-exception
            java.lang.RuntimeException r0 = new java.lang.RuntimeException
            r1 = r0
            r2 = r9
            r1.<init>(r2)
            throw r0
        L69:
            r0 = r6
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.ibm.security.krb5.wss.util.KeyStoreUtils.getPrivateKeyBySKI(java.lang.String):java.security.Key");
    }

    public Key getPublicKeyBySKI(String str) {
        Key key = null;
        this.ks = openKeystore();
        System.out.println("looking for this ski " + str);
        if (this.ks != null) {
            try {
                Enumeration<String> aliases = this.ks.aliases();
                while (aliases.hasMoreElements()) {
                    key = getPublicKeyBySKI(str, (X509Certificate) this.ks.getCertificate(aliases.nextElement()));
                    if (key != null) {
                        break;
                    }
                }
            } catch (KeyStoreException e) {
                e.printStackTrace();
            }
        }
        if (key == null) {
            throw new RuntimeException("could not find a matching SKI in the keystore");
        }
        return key;
    }

    private static byte[] getSkiWithTrim(X509Certificate x509Certificate) {
        byte[] bArr = null;
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue != null) {
            bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
        }
        return bArr;
    }

    private static byte[] computeKID(PublicKey publicKey, boolean z) throws NoSuchAlgorithmException {
        byte[] encoded = publicKey.getEncoded();
        if (encoded == null || 0 >= encoded.length) {
            return null;
        }
        MessageDigest messageDigest = MessageDigest.getInstance("SHA1");
        messageDigest.update(encoded, 0, encoded.length - 0);
        if (!z) {
            return messageDigest.digest();
        }
        byte[] digest = messageDigest.digest();
        byte[] bArr = new byte[8];
        for (int i = 0; i < 8; i++) {
            bArr[i] = digest[(i + digest.length) - 8];
        }
        bArr[0] = (byte) ((bArr[0] & 15) | 64);
        return bArr;
    }

    public void finalize() {
        if (this.kspw != null) {
            for (int i = 0; i < this.kspw.length; i++) {
                this.kspw[i] = 0;
            }
        }
    }
}
