package org.jboss.ws.extensions.security;

import java.io.BufferedReader;
import java.io.File;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.StringTokenizer;
import org.jboss.logging.Logger;
import org.jboss.ws.extensions.security.exception.FailedAuthenticationException;
import org.jboss.ws.extensions.security.exception.WSSecurityException;

/* loaded from: input_file:org/jboss/ws/extensions/security/SecurityStore.class */
public class SecurityStore {
    private static Logger log = Logger.getLogger(SecurityStore.class);
    private KeyStore keyStore;
    private String keyStorePassword;
    private KeyStore trustStore;
    private String trustStorePassword;
    private HashMap<String, String> keyPasswords;

    public SecurityStore() throws WSSecurityException {
        this(null, null, null, null, null, null, null);
    }

    public SecurityStore(URL url, String str, String str2, HashMap<String, String> hashMap) throws WSSecurityException {
        loadKeyStore(url, str, str2);
        loadTrustStore(url, str, str2);
        this.keyPasswords = hashMap;
    }

    public SecurityStore(URL url, String str, String str2, HashMap<String, String> hashMap, URL url2, String str3, String str4) throws WSSecurityException {
        loadKeyStore(url, str, str2);
        loadTrustStore(url2, str3, str4);
        this.keyPasswords = hashMap;
    }

    private void loadKeyStore(URL url, String str, String str2) throws WSSecurityException {
        if (str2 == null) {
            str2 = System.getProperty("org.jboss.ws.wsse.keyStorePassword");
        }
        this.keyStore = loadStore("org.jboss.ws.wsse.keyStore", "Keystore", url, str, str2);
        this.keyStorePassword = str2;
    }

    private void loadTrustStore(URL url, String str, String str2) throws WSSecurityException {
        if (str2 == null) {
            str2 = System.getProperty("org.jboss.ws.wsse.trustStorePassword");
        }
        this.trustStore = loadStore("org.jboss.ws.wsse.trustStore", "Truststore", url, str, str2);
        this.trustStorePassword = str2;
    }

    private KeyStore loadStore(String str, String str2, URL url, String str3, String str4) throws WSSecurityException {
        if (url == null) {
            String property = System.getProperty(str);
            if (property == null) {
                return null;
            }
            try {
                url = new File(property).toURL();
            } catch (MalformedURLException e) {
                throw new WSSecurityException("Problems loading " + str2 + ": " + e.getMessage(), e);
            }
        }
        if (str3 == null) {
            str3 = System.getProperty(str + "Type");
        }
        if (str3 == null) {
            str3 = "jks";
        }
        try {
            log.debug("loadStore: " + url);
            InputStream openStream = url.openStream();
            if (openStream == null) {
                throw new WSSecurityException("Cannot load store from: " + url);
            }
            KeyStore keyStore = KeyStore.getInstance(str3);
            if (keyStore == null) {
                throw new WSSecurityException("Cannot get keystore for type: " + str3);
            }
            String decryptPassword = decryptPassword(str4);
            if (decryptPassword == null) {
                throw new WSSecurityException("Cannot decrypt store password");
            }
            keyStore.load(openStream, decryptPassword.toCharArray());
            return keyStore;
        } catch (RuntimeException e2) {
            throw e2;
        } catch (WSSecurityException e3) {
            throw e3;
        } catch (Exception e4) {
            throw new WSSecurityException("Problems loading " + str2 + ": " + e4.getMessage(), e4);
        }
    }

    private String decryptPassword(String str) throws WSSecurityException {
        log.trace("decrypt password: " + str);
        if (str == null) {
            throw new WSSecurityException("Invalid null password for security store");
        }
        if (str.charAt(0) == '{') {
            StringTokenizer stringTokenizer = new StringTokenizer(str, "{}");
            String nextToken = stringTokenizer.nextToken();
            String nextToken2 = stringTokenizer.nextToken();
            if (nextToken.equals("EXT")) {
                str = execPasswordCmd(nextToken2);
            } else {
                if (!nextToken.equals("CLASS")) {
                    throw new WSSecurityException("Unknown keyStorePasswordCmdType: " + nextToken);
                }
                str = invokePasswordClass(nextToken2);
            }
        }
        if (str == null) {
            throw new WSSecurityException("Cannot decrypt password, result is null");
        }
        log.trace("decrypted password: " + str);
        return str;
    }

    private String execPasswordCmd(String str) throws WSSecurityException {
        log.debug("Executing cmd: " + str);
        try {
            String str2 = null;
            Process exec = Runtime.getRuntime().exec(str);
            int waitFor = exec.waitFor();
            if (waitFor == 0) {
                InputStream inputStream = exec.getInputStream();
                str2 = new BufferedReader(new InputStreamReader(inputStream)).readLine();
                inputStream.close();
            } else {
                InputStream errorStream = exec.getErrorStream();
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(errorStream));
                for (String readLine = bufferedReader.readLine(); readLine != null; readLine = bufferedReader.readLine()) {
                    log.error(readLine);
                }
                errorStream.close();
            }
            log.debug("Command exited with: " + waitFor);
            return str2;
        } catch (Exception e) {
            throw new WSSecurityException("Problems executing password cmd: " + str, e);
        }
    }

    private String invokePasswordClass(String str) throws WSSecurityException {
        String obj;
        String str2 = str;
        String str3 = null;
        int indexOf = str.indexOf(58);
        if (indexOf > 0) {
            str2 = str.substring(0, indexOf);
            str3 = str.substring(indexOf + 1);
        }
        log.debug("Loading class: " + str2 + ", ctorArg=" + str3);
        try {
            Class<?> loadClass = Thread.currentThread().getContextClassLoader().loadClass(str2);
            Object newInstance = str3 != null ? loadClass.getConstructor(String.class).newInstance(str3) : loadClass.newInstance();
            try {
                log.debug("Checking for toCharArray");
                log.debug("Invoking toCharArray");
                obj = new String((char[]) loadClass.getMethod("toCharArray", new Class[0]).invoke(newInstance, new Object[0]));
            } catch (NoSuchMethodException e) {
                log.debug("No toCharArray found, invoking toString");
                obj = newInstance.toString();
            }
            return obj;
        } catch (Exception e2) {
            throw new WSSecurityException("Problems loading or invoking Password class : " + str2, e2);
        }
    }

    public static byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        int length = extensionValue.length - 4;
        byte[] bArr = new byte[length];
        System.arraycopy(extensionValue, 4, bArr, 0, length);
        return bArr;
    }

    public X509Certificate getCertificate(String str) throws WSSecurityException {
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
            if (x509Certificate == null) {
                throw new WSSecurityException("Certificate (" + str + ") not in keystore");
            }
            return x509Certificate;
        } catch (Exception e) {
            throw new WSSecurityException("Problems retrieving cert: " + e.getMessage(), e);
        }
    }

    public X509Certificate getCertificateByPublicKey(PublicKey publicKey) throws WSSecurityException {
        if (publicKey == null) {
            return null;
        }
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if ((certificate instanceof X509Certificate) && certificate.getPublicKey().equals(publicKey)) {
                    return (X509Certificate) certificate;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException("Problems retrieving cert: " + e.getMessage(), e);
        }
    }

    public X509Certificate getCertificateBySubjectKeyIdentifier(byte[] bArr) throws WSSecurityException {
        byte[] subjectKeyIdentifier;
        if (bArr == null) {
            return null;
        }
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if ((certificate instanceof X509Certificate) && (subjectKeyIdentifier = getSubjectKeyIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return (X509Certificate) certificate;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException("Problems retrieving cert: " + e.getMessage(), e);
        }
    }

    public X509Certificate getCertificateByIssuerSerial(String str, String str2) throws WSSecurityException {
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (str.equals(x509Certificate.getIssuerDN().toString()) && str2.equals(x509Certificate.getSerialNumber().toString())) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException("Problems retrieving cert: " + e.getMessage(), e);
        }
    }

    public PrivateKey getPrivateKey(String str) throws WSSecurityException {
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            String str2 = this.keyStorePassword;
            if (this.keyPasswords != null && this.keyPasswords.containsKey(str)) {
                str2 = this.keyPasswords.get(str);
            }
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, decryptPassword(str2).toCharArray());
            if (privateKey == null) {
                throw new WSSecurityException("Private key (" + str + ") not in keystore");
            }
            return privateKey;
        } catch (Exception e) {
            throw new WSSecurityException("Problems retrieving private key: " + e.getMessage(), e);
        }
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws WSSecurityException {
        if (this.keyStore == null) {
            throw new WSSecurityException("KeyStore not set.");
        }
        try {
            return getPrivateKey(this.keyStore.getCertificateAlias(x509Certificate));
        } catch (Exception e) {
            throw new WSSecurityException("Problems retrieving private key: " + e.getMessage(), e);
        }
    }

    public void validateCertificate(X509Certificate x509Certificate) throws WSSecurityException {
        try {
            x509Certificate.checkValidity();
            if (this.keyStore == null) {
                throw new WSSecurityException("TrustStore not set.");
            }
            try {
                if (this.trustStore.getCertificateAlias(x509Certificate) != null) {
                    return;
                }
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(x509Certificate);
                try {
                    CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                    PKIXParameters pKIXParameters = new PKIXParameters(this.trustStore);
                    pKIXParameters.setRevocationEnabled(false);
                    try {
                        certPathValidator.validate(generateCertPath, pKIXParameters);
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new WSSecurityException("Problems setting up certificate validation", e);
                    } catch (CertPathValidatorException e2) {
                        log.debug("Certificate is invalid:", e2);
                        throw new FailedAuthenticationException();
                    }
                } catch (Exception e3) {
                    throw new WSSecurityException("Problems setting up certificate validation", e3);
                }
            } catch (KeyStoreException e4) {
                throw new WSSecurityException("Problems searching truststore", e4);
            }
        } catch (Exception e5) {
            log.debug("Certificate is invalid", e5);
            throw new FailedAuthenticationException();
        }
    }
}
