package com.ibm.pvcws.wss;

import com.ibm.crypto.microedition.KeyGenerator;
import com.ibm.crypto.microedition.KeyStore;
import com.ibm.crypto.microedition.MessageDigest;
import com.ibm.crypto.microedition.PrivateKey;
import com.ibm.crypto.microedition.PublicKey;
import com.ibm.crypto.microedition.cert.Certificate;
import com.ibm.crypto.microedition.cert.CertificateFactory;
import com.ibm.crypto.microedition.cert.X509Certificate;
import com.ibm.crypto.microedition.spec.SecretKeySpec;
import com.ibm.pvcws.jaxp.util.CharUtils;
import com.ibm.pvcws.jaxp.util.Logger;
import com.ibm.pvcws.wss.util.Copyright;
import com.ibm.pvcws.wss.util.WSSUtils;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Enumeration;

/* loaded from: input_file:fixed/ive-2.2/runtimes/win32/x86/midp20/lib/jclMidp20/ext/WS-Security.jar:com/ibm/pvcws/wss/KeyStoreSupport.class */
public class KeyStoreSupport {
    private static final byte BER_SEQUENCE = 48;
    private static final byte BER_BITSTRING = 3;
    private KeyStore _keystore;
    private boolean _isLoad;
    private WSSKeyMappings _keyMappings;

    static String copyright() {
        return Copyright.IBM_COPYRIGHT_SHORT;
    }

    private KeyStoreSupport() {
    }

    public static KeyStoreSupport newInstance() {
        return new KeyStoreSupport();
    }

    public boolean isLoad() {
        return this._isLoad;
    }

    public void load(String str, String str2) throws WSSException {
        try {
            this._keystore = KeyStore.getInstance("JKS");
            this._keystore.load(getClass().getResourceAsStream(str), (str2 == null || str2.length() == 0) ? null : str2.toCharArray());
            this._isLoad = true;
            this._keyMappings = new WSSKeyMappings();
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:201, loading keystore failed.", e);
        }
    }

    public void load(InputStream inputStream, String str) throws WSSException {
        try {
            this._keystore = KeyStore.getInstance("JKS");
            this._keystore.load(inputStream, (str == null || str.length() == 0) ? null : str.toCharArray());
            this._isLoad = true;
            this._keyMappings = new WSSKeyMappings();
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:201, loading keystore failed.", e);
        }
    }

    public void addMapping(String str, String str2, String str3) throws WSSException {
        if (str == null || str.equals("")) {
            throw new WSSException("FaultCode:201, null or empty string is not allowed to the alias.");
        }
        this._keyMappings.addMapping(str, str2, str3);
    }

    public WSSKey getKey(int i, String str, String str2) throws WSSException {
        com.ibm.crypto.microedition.Key key;
        if (this._keystore == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the keystore.");
        }
        try {
            switch (i) {
                case 2:
                case 4:
                    Certificate certificateByAlias = getCertificateByAlias(str);
                    if (certificateByAlias != null) {
                        key = certificateByAlias.getPublicKey();
                        break;
                    } else {
                        throw new WSSException("FaultCode:203, null is not allowed to the certificate.");
                    }
                default:
                    key = this._keystore.getKey(str, str2.toCharArray());
                    break;
            }
            if (key == null) {
                throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the key whose alias is ").append(str).append(" failed.").toString());
            }
            WSSKey wSSKey = new WSSKey();
            wSSKey.setAlias(str);
            wSSKey.setType(i);
            wSSKey.setKey(key);
            switch (i) {
                case 1:
                case 2:
                case 3:
                case 4:
                    if (this._keystore.getCertificate(str) != null) {
                        String str3 = null;
                        if (0 == 0) {
                            str3 = this._keyMappings.getKeyName(str);
                        }
                        if (str3 != null) {
                            wSSKey.setKeyName(str3);
                            break;
                        } else {
                            wSSKey.setKeyName(str);
                            break;
                        }
                    } else {
                        throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the key whose alias is ").append(str).append(" failed.").toString());
                    }
                case 5:
                case 6:
                case Logger.DEBUG /* 7 */:
                case 8:
                case CharUtils.TAB /* 9 */:
                case CharUtils.LF /* 10 */:
                default:
                    throw new WSSException(new StringBuffer().append("FaultCode:202, unsupported type [").append(i).append("].").toString());
                case 11:
                case 12:
                case 13:
                    String keyName = this._keyMappings.getKeyName(str);
                    if (keyName == null) {
                        wSSKey.setKeyName(str);
                        break;
                    } else {
                        wSSKey.setKeyName(keyName);
                        break;
                    }
            }
            return wSSKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the key whose alias is ").append(str).append(" failed.").toString(), e);
        }
    }

    public WSSKey getKey(String str) throws WSSException {
        if (this._keystore == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the keystore.");
        }
        String[] keyInfo = this._keyMappings.getKeyInfo(str);
        if (keyInfo == null || keyInfo[0] == null || keyInfo[0].length() == 0) {
            throw new WSSException(new StringBuffer().append("FaultCode:201, unknown subject name [").append(str).append("].").toString());
        }
        try {
            com.ibm.crypto.microedition.Key key = this._keystore.getKey(keyInfo[0], (keyInfo[1] == null || keyInfo[1].length() == 0) ? null : keyInfo[1].toCharArray());
            if (key == null) {
                throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the private key whose alias is ").append(keyInfo[0]).append(" failed.").toString());
            }
            WSSKey wSSKey = new WSSKey();
            wSSKey.setAlias(keyInfo[0]);
            wSSKey.setKeyName(str);
            wSSKey.setKey(key);
            wSSKey.setType(getKeyType(key));
            return wSSKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the private key whose alias is ").append(keyInfo[0]).append(" failed.").toString(), e);
        }
    }

    public static WSSKey getKey(Certificate certificate) throws WSSException {
        if (certificate == null) {
            throw new WSSException("FaultCode:203, null is not allowed to the parameter.");
        }
        try {
            WSSKey wSSKey = new WSSKey();
            com.ibm.crypto.microedition.Key publicKey = certificate.getPublicKey();
            wSSKey.setKey(publicKey);
            wSSKey.setKeyName(null);
            wSSKey.setType(getKeyType(publicKey));
            return wSSKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:203, acquisition of the public key failed.", e);
        }
    }

    public static Certificate getCertificate(byte[] bArr) throws WSSException {
        if (bArr == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the parameter.");
        }
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(WSSKey.FORMAT_X509);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
            Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
            byteArrayInputStream.close();
            return generateCertificate;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:203, acquisition of the certificate failed.", e);
        }
    }

    public Certificate getCertificateByAlias(String str) throws WSSException {
        if (this._keystore == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the keystore.");
        }
        try {
            return this._keystore.getCertificate(str);
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the certificate whose alias is ").append(str).append(" failed.").toString(), e);
        }
    }

    public Certificate getCertificateBySDN(Object obj) throws WSSException {
        Object subject;
        if (this._keystore == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the keystore.");
        }
        try {
            Enumeration aliases = this._keystore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this._keystore.getCertificate(aliases.nextElement().toString());
                if ((certificate instanceof X509Certificate) && (subject = ((X509Certificate) certificate).getSubject()) != null && subject.equals(obj)) {
                    return certificate;
                }
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException(new StringBuffer().append("FaultCode:201, acquisition of the certificate whose issuerDN is ").append(obj).append(" failed.").toString(), e);
        }
    }

    public static byte[] getKey2Id(WSSKey wSSKey) throws WSSException {
        if (wSSKey == null || wSSKey.getKey() == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the parameter.");
        }
        if (wSSKey.getType() != 4) {
            throw new WSSException(new StringBuffer().append("FaultCode:202, unsupported type of a key [").append(wSSKey.getType()).append("].").toString());
        }
        return getKeyId(wSSKey.getKey().getEncoded());
    }

    public WSSKey getId2Key(byte[] bArr) throws WSSException {
        com.ibm.crypto.microedition.Key publicKey;
        byte[] encoded;
        if (this._keystore == null) {
            throw new WSSException("FaultCode:201, null is not allowed to the keystore.");
        }
        try {
            Enumeration aliases = this._keystore.aliases();
            while (aliases.hasMoreElements()) {
                String obj = aliases.nextElement().toString();
                Certificate certificate = this._keystore.getCertificate(obj);
                if (certificate != null && (encoded = (publicKey = certificate.getPublicKey()).getEncoded()) != null && WSSUtils.equals(bArr, getKeyId(encoded)) && getKeyType(publicKey) == 4) {
                    String keyPass = this._keyMappings.getKeyPass(obj);
                    com.ibm.crypto.microedition.Key key = this._keystore.getKey(obj, keyPass == null ? null : keyPass.toCharArray());
                    WSSKey wSSKey = new WSSKey();
                    wSSKey.setAlias(obj);
                    wSSKey.setKeyName(null);
                    wSSKey.setKey(key);
                    wSSKey.setType(3);
                    if (key != null) {
                        return wSSKey;
                    }
                }
            }
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:201, acquisition of the identifier of the selected key.", e);
        }
    }

    private static byte[] getKeyId(byte[] bArr) throws WSSException {
        int i;
        if (bArr[0] != 48) {
            throw new WSSException("FaultCode:201, unknown encoded key in calculation of key identifier.");
        }
        int i2 = bArr[1] & 255;
        int i3 = (i2 & 128) == 0 ? 2 : 2 + (i2 & 127);
        int i4 = bArr[i3 + 1] & 255;
        if ((i4 & 128) == 0) {
            i = i3 + 2;
        } else {
            int i5 = i3 + 2;
            i = i3 + 2 + (i4 & 127);
            switch (i4 & 127) {
                case 1:
                    i4 = bArr[i5] & 255;
                    break;
                case 2:
                    i4 = ((bArr[i5] & 255) << 8) + (bArr[i5 + 1] & 255);
                    break;
                case 3:
                    i4 = ((bArr[i5] & 255) << 16) + ((bArr[i5 + 1] & 255) << 8) + (bArr[i5 + 2] & 255);
                    break;
                case 4:
                    i4 = ((bArr[i5] & 255) << 24) + ((bArr[i5 + 1] & 255) << 16) + ((bArr[i5 + 2] & 255) << 8) + (bArr[i5 + 3] & 255);
                    break;
                default:
                    throw new WSSException("FaultCode:201, integer overflow in calculaion of key identifier.");
            }
        }
        int i6 = i + i4;
        if (bArr[i6] != 3) {
            throw new WSSException(new StringBuffer().append("FaultCode:201, non BIT STRING: 0x").append(Integer.toString(bArr[i6] & 255)).toString());
        }
        int i7 = bArr[i6 + 1] & 255;
        int i8 = i6 + ((i7 & 128) == 0 ? 3 : 3 + (i7 & 127));
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA");
            messageDigest.update(bArr, i8, bArr.length - i8);
            return messageDigest.digest();
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:201, calculation of key identifier failed.", e);
        }
    }

    public static WSSKey genSymmetricKey(int i, int i2) throws WSSException {
        KeyGenerator keyGenerator;
        try {
            switch (i) {
                case 11:
                    keyGenerator = KeyGenerator.getInstance(WSSKey.ALGORITHM_3DES);
                    break;
                case 12:
                case 13:
                    keyGenerator = KeyGenerator.getInstance(WSSKey.ALGORITHM_AES);
                    break;
                default:
                    throw new WSSException(new StringBuffer().append("FaultCode:202, unsupported type for symmetric key generation [").append(i).append("].").toString());
            }
            keyGenerator.init(i2);
            com.ibm.crypto.microedition.Key generateKey = keyGenerator.generateKey();
            WSSKey wSSKey = new WSSKey();
            wSSKey.setKey(generateKey);
            wSSKey.setType(i);
            return wSSKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:202, genaration of the symmetric key failed.", e);
        }
    }

    public static WSSKey getSymmetricKey(int i, byte[] bArr) throws WSSException {
        SecretKeySpec secretKeySpec;
        try {
            switch (i) {
                case 11:
                    secretKeySpec = new SecretKeySpec(bArr, "DESede");
                    break;
                case 12:
                case 13:
                    secretKeySpec = new SecretKeySpec(bArr, WSSKey.ALGORITHM_AES);
                    break;
                default:
                    throw new WSSException(new StringBuffer().append("FaultCode:202, unsupported type for symmetric key [").append(i).append("].").toString());
            }
            WSSKey wSSKey = new WSSKey();
            wSSKey.setKey(secretKeySpec);
            wSSKey.setType(i);
            return wSSKey;
        } catch (Exception e) {
            e.printStackTrace();
            throw new WSSException("FaultCode:202, genaration of the symmetric key failed.", e);
        }
    }

    public static int getKeyType(com.ibm.crypto.microedition.Key key) throws WSSException {
        String algorithm = key.getAlgorithm();
        if (WSSKey.ALGORITHM_DSA.equals(algorithm)) {
            if (key instanceof PrivateKey) {
                return 1;
            }
            if (key instanceof PublicKey) {
                return 2;
            }
            throw new WSSException("FaultCode:201, neither pubic nor private key.");
        }
        if (WSSKey.ALGORITHM_RSA.equals(algorithm)) {
            if (key instanceof PrivateKey) {
                return 3;
            }
            if (key instanceof PublicKey) {
                return 4;
            }
            throw new WSSException("FaultCode:201, neither public nor private key.");
        }
        if (WSSKey.ALGORITHM_HMAC.equals(algorithm)) {
            return 21;
        }
        if (WSSKey.ALGORITHM_3DES.equals(algorithm)) {
            return 11;
        }
        if (!WSSKey.ALGORITHM_AES.equals(algorithm)) {
            throw new WSSException(new StringBuffer().append("FaultCode:201, unknown algorithm [").append(algorithm).append("].").toString());
        }
        int length = key.getEncoded().length;
        if (length == 16) {
            return 12;
        }
        if (length == 32) {
            return 13;
        }
        throw new WSSException(new StringBuffer().append("FaultCode:201, unknown key length for AES algorithm [").append(length).append("].").toString());
    }
}
