package com.sun.xml.ws.security.impl.policy;

import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException;
import com.sun.org.apache.xml.internal.security.keys.content.x509.XMLX509Certificate;
import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.policy.AssertionSet;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.policy.PolicyMap;
import com.sun.xml.ws.security.opt.impl.util.StreamUtil;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.impl.misc.DefaultCallbackHandler;
import com.sun.xml.wss.jaxws.impl.TubeConfiguration;
import com.sun.xml.wss.provider.wsit.PipeConstants;
import com.sun.xml.wss.provider.wsit.logging.LogDomainConstants;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.jvnet.staxex.Base64Data;
import org.jvnet.staxex.XMLStreamReaderEx;

/* loaded from: input_file:com/sun/xml/ws/security/impl/policy/CertificateRetriever.class */
public class CertificateRetriever {
    protected static final Logger log = Logger.getLogger("com.sun.xml.wss.provider.wsit", LogDomainConstants.WSIT_PVD_DOMAIN_BUNDLE);
    protected TubeConfiguration pipeConfig = null;
    private String location = null;
    private String password = null;
    private String alias = null;
    private Certificate cs = null;
    private FileInputStream fis = null;

    public Certificate getServerKeyStore(Map<Object, Object> map) throws IOException, XWSSecurityException {
        setLocationPasswordAndAlias(new QName("http://schemas.sun.com/2006/03/wss/server", Constants.KeyStore), map);
        if (this.password == null || this.location == null || this.alias == null) {
            return null;
        }
        try {
            try {
                try {
                    java.security.KeyStore keyStore = java.security.KeyStore.getInstance("JKS");
                    this.fis = new FileInputStream(this.location);
                    keyStore.load(this.fis, this.password.toCharArray());
                    this.cs = keyStore.getCertificate(this.alias);
                    this.fis.close();
                    return this.cs;
                } catch (IOException e) {
                    log.log(Level.SEVERE, (String) null, (Throwable) e);
                    throw new RuntimeException(e);
                } catch (CertificateException e2) {
                    log.log(Level.SEVERE, (String) null, (Throwable) e2);
                    throw new XWSSecurityException(e2);
                }
            } catch (FileNotFoundException e3) {
                log.log(Level.SEVERE, (String) null, (Throwable) e3);
                throw new XWSSecurityException(e3);
            } catch (KeyStoreException e4) {
                log.log(Level.SEVERE, (String) null, (Throwable) e4);
                throw new XWSSecurityException(e4);
            } catch (NoSuchAlgorithmException e5) {
                log.log(Level.SEVERE, (String) null, (Throwable) e5);
                throw new XWSSecurityException(e5);
            }
        } catch (Throwable th) {
            this.fis.close();
            throw th;
        }
    }

    public byte[] digestBST(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        byte[] bArr = null;
        if (xMLStreamReader == null) {
            throw new RuntimeException("XML stream reader is null");
        }
        while (xMLStreamReader.getEventType() != 4 && xMLStreamReader.getEventType() != 2) {
            xMLStreamReader.next();
        }
        if (xMLStreamReader.getEventType() == 4) {
            if (xMLStreamReader instanceof XMLStreamReaderEx) {
                CharSequence pcdata = ((XMLStreamReaderEx) xMLStreamReader).getPCDATA();
                if (pcdata instanceof Base64Data) {
                    ((Base64Data) pcdata).getExact();
                }
            }
            try {
                bArr = Base64.decode(StreamUtil.getCV(xMLStreamReader));
            } catch (Base64DecodingException e) {
                log.log(Level.SEVERE, (String) null, (Throwable) e);
                throw new RuntimeException(e);
            } catch (XMLStreamException e2) {
                log.log(Level.SEVERE, (String) null, e2);
                throw new RuntimeException(e2);
            }
        }
        return bArr;
    }

    public X509Certificate constructCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            log.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public boolean validateCertificate(Certificate certificate, Map map) {
        try {
            setLocationPasswordAndAlias(new QName("http://schemas.sun.com/2006/03/wss/client", Constants.TrustStore), map);
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance("JKS");
            if (this.location == null) {
                throw new KeyStoreException("trustStore location is null");
            }
            this.fis = new FileInputStream(this.location);
            if (this.password == null) {
                throw new KeyStoreException("trustStore password is null");
            }
            keyStore.load(this.fis, this.password.toCharArray());
            DefaultCallbackHandler defaultCallbackHandler = new DefaultCallbackHandler(null, null);
            defaultCallbackHandler.getClass();
            DefaultCallbackHandler.X509CertificateValidatorImpl x509CertificateValidatorImpl = new DefaultCallbackHandler.X509CertificateValidatorImpl(keyStore, null, false);
            if (certificate == null) {
                throw new RuntimeException("certificate is null");
            }
            return x509CertificateValidatorImpl.validate((X509Certificate) certificate);
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new RuntimeException(e);
        } catch (CertificateValidationCallback.CertificateValidationException e2) {
            log.log(Level.SEVERE, (String) null, (Throwable) e2);
            throw new RuntimeException(e2);
        } catch (IOException e3) {
            log.log(Level.SEVERE, (String) null, (Throwable) e3);
            throw new RuntimeException(e3);
        } catch (KeyStoreException e4) {
            log.log(Level.SEVERE, (String) null, (Throwable) e4);
            throw new RuntimeException(e4);
        } catch (NoSuchAlgorithmException e5) {
            log.log(Level.SEVERE, (String) null, (Throwable) e5);
            throw new RuntimeException(e5);
        } catch (CertificateException e6) {
            log.log(Level.SEVERE, (String) null, (Throwable) e6);
            throw new RuntimeException(e6);
        }
    }

    private void setLocationPasswordAndAlias(QName qName, Map map) throws IOException {
        PolicyMap policyMap = (PolicyMap) map.get(PipeConstants.POLICY);
        WSDLPort wSDLPort = (WSDLPort) map.get(PipeConstants.WSDL_MODEL);
        QName name = wSDLPort.getOwner().getName();
        QName name2 = wSDLPort.getName();
        try {
            Policy endpointEffectivePolicy = policyMap.getEndpointEffectivePolicy(PolicyMap.createWsdlEndpointScopeKey(name, name2));
            if (endpointEffectivePolicy == null) {
                for (WSDLBoundOperation wSDLBoundOperation : wSDLPort.getBinding().getBindingOperations()) {
                    endpointEffectivePolicy = policyMap.getOperationEffectivePolicy(PolicyMap.createWsdlOperationScopeKey(name, name2, new QName(wSDLBoundOperation.getBoundPortType().getName().getNamespaceURI(), wSDLBoundOperation.getName().getLocalPart())));
                    if (endpointEffectivePolicy != null) {
                        break;
                    }
                }
            }
            if (endpointEffectivePolicy == null) {
                return;
            }
            Iterator<AssertionSet> it = endpointEffectivePolicy.iterator();
            while (it.hasNext()) {
                Iterator<PolicyAssertion> it2 = it.next().iterator();
                while (it2.hasNext()) {
                    PolicyAssertion next = it2.next();
                    if (PolicyUtil.isConfigPolicyAssertion(next)) {
                        if (next.getName().equals(qName)) {
                            HashMap hashMap = (HashMap) next.getAttributes();
                            for (QName qName2 : hashMap.keySet()) {
                                if (qName2.getLocalPart().equals("storepass")) {
                                    this.password = (String) hashMap.get(qName2);
                                } else if (qName2.getLocalPart().equals("location")) {
                                    this.location = (String) hashMap.get(qName2);
                                    StringBuffer stringBuffer = new StringBuffer(this.location);
                                    if (this.location.startsWith("$WSIT")) {
                                        stringBuffer.replace(0, 10, System.getProperty("WSIT_HOME"));
                                        this.location = stringBuffer.toString();
                                    }
                                } else if (qName2.getLocalPart().equals("alias")) {
                                    this.alias = (String) hashMap.get(qName2);
                                }
                            }
                        }
                    }
                }
            }
        } catch (PolicyException e) {
            log.log(Level.SEVERE, (String) null, (Throwable) e);
            throw new RuntimeException(e);
        }
    }
}
