package org.jboss.ws.wsse;

import java.io.FileInputStream;
import java.io.InputStream;
import java.net.URL;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import org.jboss.logging.Logger;

/* loaded from: input_file:org/jboss/ws/wsse/SecurityStore.class */
public class SecurityStore {
    private static Logger log;
    private KeyStore keyStore;
    private String keyStorePassword;
    private KeyStore trustStore;
    private String trustStorePassword;
    static /* synthetic */ Class class$0;
    static /* synthetic */ Class class$org$jboss$ws$wsse$SecurityStore;

    static {
        Class cls;
        if (class$org$jboss$ws$wsse$SecurityStore == null) {
            cls = class$("org.jboss.ws.wsse.SecurityStore");
            class$org$jboss$ws$wsse$SecurityStore = cls;
        } else {
            cls = class$org$jboss$ws$wsse$SecurityStore;
        }
        log = Logger.getLogger(cls);
    }

    public SecurityStore() throws WSSecurityException {
        this(null, null, null, null, null, null);
    }

    public SecurityStore(URL url, String str, String str2) throws WSSecurityException {
        loadKeyStore(url, str, str2);
        loadTrustStore(url, str, str2);
    }

    public SecurityStore(URL url, String str, String str2, URL url2, String str3, String str4) throws WSSecurityException {
        loadKeyStore(url, str, str2);
        loadTrustStore(url2, str3, str4);
    }

    private void loadKeyStore(URL url, String str, String str2) throws WSSecurityException {
        if (str2 == null) {
            str2 = System.getProperty("org.jboss.ws.wsse.keyStorePassword");
        }
        this.keyStore = loadStore("org.jboss.ws.wsse.keyStore", "Keystore", url, str, str2);
        this.keyStorePassword = str2;
    }

    private void loadTrustStore(URL url, String str, String str2) throws WSSecurityException {
        if (str2 == null) {
            str2 = System.getProperty("org.jboss.ws.wsse.trustStorePassword");
        }
        this.trustStore = loadStore("org.jboss.ws.wsse.trustStore", "Truststore", url, str, str2);
        this.trustStorePassword = str2;
    }

    private KeyStore loadStore(String str, String str2, URL url, String str3, String str4) throws WSSecurityException {
        InputStream openStream;
        if (str3 == null) {
            str3 = System.getProperty(new StringBuffer(String.valueOf(str)).append("Type").toString());
        }
        if (str3 == null) {
            str3 = "jks";
        }
        try {
            if (url == null) {
                String property = System.getProperty(str);
                if (property == null) {
                    throw new WSSecurityException(new StringBuffer(String.valueOf(str2)).append(" url not specified").toString());
                }
                openStream = new FileInputStream(property);
            } else {
                openStream = url.openStream();
            }
            KeyStore keyStore = KeyStore.getInstance(str3);
            keyStore.load(openStream, str4.toCharArray());
            return keyStore;
        } catch (Exception e) {
            throw new WSSecurityException(new StringBuffer("Problems loading ").append(str2).append(": ").append(e.getMessage()).toString(), e);
        }
    }

    public static byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        int length = extensionValue.length - 4;
        byte[] bArr = new byte[length];
        System.arraycopy(extensionValue, 4, bArr, 0, length);
        return bArr;
    }

    public X509Certificate getCertificate(String str) throws WSSecurityException {
        try {
            X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(str);
            if (x509Certificate == null) {
                throw new WSSecurityException(new StringBuffer("Certificate (").append(str).append(") not in keystore").toString());
            }
            return x509Certificate;
        } catch (Exception e) {
            throw new WSSecurityException(new StringBuffer("Problems retrieving cert: ").append(e.getMessage()).toString(), e);
        }
    }

    public X509Certificate getCertificateBySubjectKeyIdentifier(byte[] bArr) throws WSSecurityException {
        byte[] subjectKeyIdentifier;
        if (bArr == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if ((certificate instanceof X509Certificate) && (subjectKeyIdentifier = getSubjectKeyIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return (X509Certificate) certificate;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(new StringBuffer("Problems retrieving cert: ").append(e.getMessage()).toString(), e);
        }
    }

    public X509Certificate getCertificateByIssuerSerial(String str, String str2) throws WSSecurityException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.keyStore.getCertificate(aliases.nextElement());
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (str.equals(x509Certificate.getIssuerDN().toString()) && str2.equals(x509Certificate.getSerialNumber().toString())) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(new StringBuffer("Problems retrieving cert: ").append(e.getMessage()).toString(), e);
        }
    }

    public PrivateKey getPrivateKey(String str) throws WSSecurityException {
        try {
            PrivateKey privateKey = (PrivateKey) this.keyStore.getKey(str, this.keyStorePassword.toCharArray());
            if (privateKey == null) {
                throw new WSSecurityException(new StringBuffer("Private key (").append(str).append(") not in keystore").toString());
            }
            return privateKey;
        } catch (Exception e) {
            throw new WSSecurityException(new StringBuffer("Problems retrieving private key: ").append(e.getMessage()).toString(), e);
        }
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws WSSecurityException {
        try {
            return getPrivateKey(this.keyStore.getCertificateAlias(x509Certificate));
        } catch (Exception e) {
            throw new WSSecurityException(new StringBuffer("Problems retrieving private key: ").append(e.getMessage()).toString(), e);
        }
    }

    /* JADX WARN: Unreachable blocks removed: 1, instructions: 1 */
    public void validateCertificate(X509Certificate x509Certificate) throws WSSecurityException {
        try {
            x509Certificate.checkValidity();
            try {
                if (this.trustStore.getCertificateAlias(x509Certificate) != null) {
                    return;
                }
                ArrayList arrayList = new ArrayList(1);
                arrayList.add(x509Certificate);
                try {
                    CertPath generateCertPath = CertificateFactory.getInstance("X.509").generateCertPath(arrayList);
                    CertPathValidator certPathValidator = CertPathValidator.getInstance("PKIX");
                    PKIXParameters pKIXParameters = new PKIXParameters(this.trustStore);
                    pKIXParameters.setRevocationEnabled(false);
                    try {
                        certPathValidator.validate(generateCertPath, pKIXParameters);
                    } catch (InvalidAlgorithmParameterException e) {
                        throw new WSSecurityException("Problems setting up certificate validation", e);
                    } catch (CertPathValidatorException e2) {
                        log.debug("Certificate is invalid:", e2);
                        throw new FailedAuthenticationException();
                    }
                } catch (Exception e3) {
                    throw new WSSecurityException("Problems setting up certificate validation", e3);
                }
            } catch (KeyStoreException e4) {
                throw new WSSecurityException("Problems searching truststore", e4);
            }
        } catch (Exception e5) {
            log.debug("Certificate is invalid", e5);
            throw new FailedAuthenticationException();
        }
    }

    static /* synthetic */ Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }
}
