package org.apache.servicemix.soap.handlers.security;

import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;
import org.apache.ws.security.components.crypto.X509NameTokenizer;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/servicemix-soap-2011.02.1.jar:org/apache/servicemix/soap/handlers/security/BaseCrypto.class */
public abstract class BaseCrypto implements Crypto {
    private static final String SKI_OID = "2.5.29.14";
    private String provider;
    private CertificateFactory certFact;
    private String defaultX509Alias;

    public void setDefaultX509Alias(String str) {
        this.defaultX509Alias = str;
    }

    public String getProvider() {
        return this.provider;
    }

    public void setProvider(String str) {
        this.provider = str;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(Certificate certificate) throws WSSecurityException {
        try {
            String certificateAlias = getCertificateAlias(certificate);
            if (certificateAlias != null) {
                return certificateAlias;
            }
            String[] aliases = getAliases();
            for (int i = 0; i < aliases.length; i++) {
                if (getCertificate(certificateAlias).equals(certificate)) {
                    return certificateAlias;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str) throws WSSecurityException {
        return getAliasForX509Cert(str, null, false);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(byte[] bArr) throws WSSecurityException {
        try {
            for (String str : getAliases()) {
                Certificate certificateChainOrCertificate = getCertificateChainOrCertificate(str);
                if ((certificateChainOrCertificate instanceof X509Certificate) && Arrays.equals(getSKIBytesFromCert((X509Certificate) certificateChainOrCertificate), bArr)) {
                    return str;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws WSSecurityException {
        return getAliasForX509Cert(str, bigInteger, true);
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getAliasForX509CertThumb(byte[] bArr) throws WSSecurityException {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            try {
                for (String str : getAliases()) {
                    Certificate certificateChainOrCertificate = getCertificateChainOrCertificate(str);
                    if (certificateChainOrCertificate instanceof X509Certificate) {
                        messageDigest.reset();
                        try {
                            messageDigest.update(certificateChainOrCertificate.getEncoded());
                            if (Arrays.equals(messageDigest.digest(), bArr)) {
                                return str;
                            }
                        } catch (CertificateEncodingException e) {
                            throw new WSSecurityException(7, "encodeError");
                        }
                    }
                }
                return null;
            } catch (KeyStoreException e2) {
                throw new WSSecurityException(0, "keystore");
            }
        } catch (NoSuchAlgorithmException e3) {
            throw new WSSecurityException(0, "noSHA1availabe");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String[] getAliasesForDN(String str) throws WSSecurityException {
        Vector vector = new Vector();
        Vector splitAndTrim = splitAndTrim(str);
        try {
            for (String str2 : getAliases()) {
                Certificate certificateChainOrCertificate = getCertificateChainOrCertificate(str2);
                if ((certificateChainOrCertificate instanceof X509Certificate) && splitAndTrim.equals(splitAndTrim(((X509Certificate) certificateChainOrCertificate).getSubjectDN().getName()))) {
                    vector.add(str2);
                }
            }
            return (String[]) vector.toArray(new String[vector.size()]);
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getCertificateData(boolean z, X509Certificate[] x509CertificateArr) throws WSSecurityException {
        Vector vector = new Vector();
        for (int i = 0; i < x509CertificateArr.length; i++) {
            if (z) {
                vector.insertElementAt(x509CertificateArr[i], 0);
            } else {
                vector.add(x509CertificateArr[i]);
            }
        }
        try {
            return getCertificateFactory().generateCertPath(vector).getEncoded();
        } catch (CertificateEncodingException e) {
            throw new WSSecurityException(7, "encodeError");
        } catch (CertificateException e2) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public synchronized CertificateFactory getCertificateFactory() throws WSSecurityException {
        if (this.certFact == null) {
            try {
                if (this.provider == null || this.provider.length() == 0) {
                    this.certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
                } else {
                    this.certFact = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID, this.provider);
                }
            } catch (NoSuchProviderException e) {
                throw new WSSecurityException(7, "noSecProvider");
            } catch (CertificateException e2) {
                throw new WSSecurityException(7, "unsupportedCertType");
            }
        }
        return this.certFact;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getCertificates(String str) throws WSSecurityException {
        try {
            Certificate[] certificateChain = getCertificateChain(str);
            if (certificateChain == null || certificateChain.length <= 0) {
                Certificate certificate = getCertificate(str);
                if (certificate instanceof X509Certificate) {
                    return new X509Certificate[]{(X509Certificate) certificate};
                }
                return null;
            }
            ArrayList arrayList = new ArrayList();
            for (int i = 0; i < certificateChain.length; i++) {
                if (certificateChain[i] instanceof X509Certificate) {
                    arrayList.add(certificateChain[i]);
                }
            }
            return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public String getDefaultX509Alias() {
        return this.defaultX509Alias;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public KeyStore getKeyStore() {
        return null;
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public abstract PrivateKey getPrivateKey(String str, String str2) throws WSSecurityException;

    @Override // org.apache.ws.security.components.crypto.Crypto
    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (x509Certificate.getVersion() >= 3 && extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Support for RSA key only"});
        }
        byte[] encoded = publicKey.getEncoded();
        byte[] bArr2 = new byte[encoded.length - 22];
        System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(1, "noSKIHandling", new Object[]{"Wrong certificate version (<3) and no SHA1 message digest availabe"});
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate[] getX509Certificates(byte[] bArr, boolean z) throws WSSecurityException {
        try {
            List<? extends Certificate> certificates = getCertificateFactory().generateCertPath(new ByteArrayInputStream(bArr)).getCertificates();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
            Iterator<? extends Certificate> it = certificates.iterator();
            for (int i = 0; i < certificates.size(); i++) {
                x509CertificateArr[z ? (certificates.size() - 1) - i : i] = (X509Certificate) it.next();
            }
            return x509CertificateArr;
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public X509Certificate loadCertificate(InputStream inputStream) throws WSSecurityException {
        try {
            return (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError");
        }
    }

    @Override // org.apache.ws.security.components.crypto.Crypto
    public boolean validateCertPath(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr));
            HashSet hashSet = new HashSet();
            for (String str : getTrustCertificates()) {
                Certificate certificate = getCertificate(str);
                if (certificate instanceof X509Certificate) {
                    hashSet.add(new TrustAnchor((X509Certificate) certificate, null));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            ((this.provider == null || this.provider.length() == 0) ? CertPathValidator.getInstance("PKIX") : CertPathValidator.getInstance("PKIX", this.provider)).validate(generateCertPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new WSSecurityException(0, "certpath", new Object[]{e.getMessage()}, e);
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(0, "certpath", new Object[]{e2.getMessage()}, e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new WSSecurityException(0, "certpath", new Object[]{e3.getMessage()}, e3);
        } catch (NoSuchProviderException e4) {
            throw new WSSecurityException(0, "certpath", new Object[]{e4.getMessage()}, e4);
        } catch (CertPathValidatorException e5) {
            throw new WSSecurityException(0, "certpath", new Object[]{e5.getMessage()}, e5);
        } catch (CertificateException e6) {
            throw new WSSecurityException(0, "certpath", new Object[]{e6.getMessage()}, e6);
        }
    }

    protected Vector splitAndTrim(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        Vector vector = new Vector();
        while (x509NameTokenizer.hasMoreTokens()) {
            vector.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(vector);
        return vector;
    }

    protected Certificate getCertificateChainOrCertificate(String str) throws KeyStoreException {
        Certificate certificate;
        Certificate[] certificateChain = getCertificateChain(str);
        if (certificateChain == null || certificateChain.length == 0) {
            certificate = getCertificate(str);
            if (certificate == null) {
                return null;
            }
        } else {
            certificate = certificateChain[0];
        }
        return certificate;
    }

    private String getAliasForX509Cert(String str, BigInteger bigInteger, boolean z) throws WSSecurityException {
        Vector splitAndTrim = splitAndTrim(str);
        try {
            for (String str2 : getAliases()) {
                Certificate certificateChainOrCertificate = getCertificateChainOrCertificate(str2);
                if (certificateChainOrCertificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificateChainOrCertificate;
                    if ((!z || (z && x509Certificate.getSerialNumber().compareTo(bigInteger) == 0)) && splitAndTrim(x509Certificate.getIssuerDN().getName()).equals(splitAndTrim)) {
                        return str2;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(0, "keystore");
        }
    }

    protected abstract String[] getAliases() throws KeyStoreException;

    protected abstract Certificate[] getCertificateChain(String str) throws KeyStoreException;

    protected abstract Certificate getCertificate(String str) throws KeyStoreException;

    protected abstract String getCertificateAlias(Certificate certificate) throws KeyStoreException;

    protected abstract String[] getTrustCertificates() throws KeyStoreException;
}
