package com.alfaariss.oa.profile.aselect.ws.security;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.engine.core.Engine;
import com.alfaariss.oa.engine.core.crypto.CryptoException;
import com.alfaariss.oa.engine.core.crypto.CryptoManager;
import com.alfaariss.oa.engine.core.crypto.factory.AbstractSigningFactory;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.WSSecurityException;
import org.apache.ws.security.components.crypto.Crypto;

/* loaded from: input_file:com/alfaariss/oa/profile/aselect/ws/security/OACrypto.class */
public class OACrypto implements Crypto {
    private AbstractSigningFactory _factory;
    private static CertificateFactory _certFactory;
    private static Log _logger;

    public OACrypto() throws OAException {
        _logger = LogFactory.getLog(OACrypto.class);
        try {
            CryptoManager cryptoManager = Engine.getInstance().getCryptoManager();
            if (cryptoManager == null) {
                _logger.warn("Could not create OACrypto, OAS cryptomanager not initialized");
                throw new OAException(49);
            }
            this._factory = cryptoManager.getSigningFactory();
            if (this._factory == null) {
                _logger.warn("Could not create OACrypto, OAS signing not enabled");
                throw new OAException(49);
            }
        } catch (OAException e) {
            throw e;
        } catch (Exception e2) {
            _logger.error("Could not create OACrypto, due to internal error", e2);
            throw new OAException(1);
        }
    }

    public OACrypto(Properties properties) throws OAException {
        this();
    }

    public OACrypto(Properties properties, ClassLoader classLoader) throws OAException {
        this();
    }

    public OACrypto(AbstractSigningFactory abstractSigningFactory) {
        _logger = LogFactory.getLog(OACrypto.class);
        this._factory = abstractSigningFactory;
    }

    public String getAliasForX509Cert(Certificate certificate) throws WSSecurityException {
        try {
            String certificateAlias = this._factory.getCertificateAlias(certificate);
            if (certificateAlias == null) {
                Enumeration aliases = this._factory.getAliases();
                while (true) {
                    if (!(certificateAlias == null) || !aliases.hasMoreElements()) {
                        break;
                    }
                    String str = (String) aliases.nextElement();
                    if (((X509Certificate) this._factory.getCertificate(certificateAlias)).equals(certificate)) {
                        certificateAlias = str;
                    }
                }
            }
            return certificateAlias;
        } catch (CryptoException e) {
            _logger.error("Could not retrieve alias for X509 certificate", e);
            throw new WSSecurityException(0);
        }
    }

    public String getAliasForX509Cert(String str) throws WSSecurityException {
        try {
            return this._factory.getAliasForX509Cert(str, (BigInteger) null);
        } catch (OAException e) {
            _logger.error("Could not retrieve alias for issuer", e);
            throw new WSSecurityException(0);
        }
    }

    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws WSSecurityException {
        try {
            return this._factory.getAliasForX509Cert(str, bigInteger);
        } catch (OAException e) {
            _logger.error("Could not retrieve alias for issuer and serial number", e);
            throw new WSSecurityException(0);
        }
    }

    public String getAliasForX509Cert(byte[] bArr) throws WSSecurityException {
        _logger.error("Could not retrieve alias for SubjectKeyIdentifier, not supported");
        throw new WSSecurityException(0);
    }

    public String getAliasForX509CertThumb(byte[] bArr) throws WSSecurityException {
        _logger.error("Could not retrieve alias for Thumbprint, not supported");
        throw new WSSecurityException(0);
    }

    public String[] getAliasesForDN(String str) throws WSSecurityException {
        _logger.error("Could not retrieve alias for Thumbprint, not supported");
        throw new WSSecurityException(0);
    }

    public byte[] getCertificateData(boolean z, X509Certificate[] x509CertificateArr) throws WSSecurityException {
        try {
            Vector vector = new Vector();
            for (int i = 0; i < x509CertificateArr.length; i++) {
                if (z) {
                    vector.insertElementAt(x509CertificateArr[i], 0);
                } else {
                    vector.add(x509CertificateArr[i]);
                }
            }
            return getCertificateFactory().generateCertPath(vector).getEncoded();
        } catch (CertificateEncodingException e) {
            _logger.warn("Could not encode certificate path", e);
            throw new WSSecurityException(7, "encodeError", (Object[]) null, e);
        } catch (CertificateException e2) {
            _logger.warn("Could not generate certificate path", e2);
            throw new WSSecurityException(7, "parseError", (Object[]) null, e2);
        }
    }

    public CertificateFactory getCertificateFactory() throws WSSecurityException {
        if (_certFactory == null) {
            try {
                Provider provider = this._factory.getKeyStore().getProvider();
                String str = null;
                if (provider != null) {
                    str = provider.getName();
                }
                if (str == null || str.length() == 0) {
                    _certFactory = CertificateFactory.getInstance("X.509");
                } else {
                    _certFactory = CertificateFactory.getInstance("X.509", provider);
                }
            } catch (CertificateException e) {
                throw new WSSecurityException(7, "unsupportedCertType", (Object[]) null, e);
            }
        }
        return _certFactory;
    }

    public X509Certificate[] getCertificates(String str) throws WSSecurityException {
        try {
            return str.equals(getDefaultX509Alias()) ? new X509Certificate[]{(X509Certificate) this._factory.getCertificate()} : new X509Certificate[]{(X509Certificate) this._factory.getCertificate(str)};
        } catch (OAException e) {
            _logger.warn("Could not retrieve certificate", e);
            throw new WSSecurityException(0);
        }
    }

    public String getDefaultX509Alias() {
        return this._factory.getAlias();
    }

    public KeyStore getKeyStore() {
        return this._factory.getKeyStore();
    }

    public PrivateKey getPrivateKey(String str, String str2) throws Exception {
        if (!str.equals(getDefaultX509Alias())) {
            _logger.warn("Could not retrieve private key, alias invalid");
            throw new WSSecurityException(0);
        }
        if (str2.equals(this._factory.getPrivateKeyPassword())) {
            return this._factory.getPrivateKey();
        }
        _logger.warn("Could not retrieve private key, password invalid");
        throw new WSSecurityException(0);
    }

    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws WSSecurityException {
        _logger.error("Could not retrieve SKIBytes certificate, not supported");
        throw new WSSecurityException(0);
    }

    public X509Certificate[] getX509Certificates(byte[] bArr, boolean z) throws WSSecurityException {
        try {
            List<? extends Certificate> certificates = getCertificateFactory().generateCertPath(new ByteArrayInputStream(bArr)).getCertificates();
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates.size()];
            int size = certificates.size();
            for (X509Certificate x509Certificate : x509CertificateArr) {
                x509CertificateArr[z ? (size - 1) - 0 : 0] = x509Certificate;
            }
            return x509CertificateArr;
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError", (Object[]) null, e);
        }
    }

    public X509Certificate loadCertificate(InputStream inputStream) throws WSSecurityException {
        try {
            return (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (CertificateException e) {
            throw new WSSecurityException(7, "parseError", (Object[]) null, e);
        }
    }

    public boolean validateCertPath(X509Certificate[] x509CertificateArr) throws WSSecurityException {
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr));
            HashSet hashSet = new HashSet();
            if (x509CertificateArr.length == 1) {
                String aliasForX509Cert = this._factory.getAliasForX509Cert(x509CertificateArr[0].getIssuerDN().getName(), x509CertificateArr[0].getSerialNumber());
                if (aliasForX509Cert == null) {
                    _logger.debug("Certificate not trusted");
                    return false;
                }
                X509Certificate x509Certificate = (X509Certificate) this._factory.getCertificate(aliasForX509Cert);
                hashSet.add(new TrustAnchor(x509Certificate, x509Certificate.getExtensionValue("2.5.29.30")));
            } else {
                Enumeration aliases = this._factory.getAliases();
                while (aliases.hasMoreElements()) {
                    X509Certificate x509Certificate2 = (X509Certificate) this._factory.getCertificate((String) aliases.nextElement());
                    hashSet.add(new TrustAnchor(x509Certificate2, x509Certificate2.getExtensionValue("2.5.29.30")));
                }
            }
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            pKIXParameters.setRevocationEnabled(false);
            Provider provider = this._factory.getKeyStore().getProvider();
            String str = null;
            if (provider != null) {
                str = provider.getName();
            }
            ((str == null || str.length() == 0) ? CertPathValidator.getInstance("PKIX") : CertPathValidator.getInstance("PKIX", str)).validate(generateCertPath, pKIXParameters);
            return true;
        } catch (CryptoException e) {
            throw new WSSecurityException(0, "certpath", new Object[]{e.getMessage()}, e);
        } catch (ClassCastException e2) {
            _logger.warn("Certificate is not an X509Certificate", e2);
            throw new WSSecurityException(0, "certpath", new Object[]{e2.getMessage()}, e2);
        } catch (InvalidAlgorithmParameterException e3) {
            _logger.warn("Invalid algorithm param", e3);
            throw new WSSecurityException(0, "certpath", new Object[]{e3.getMessage()}, e3);
        } catch (NoSuchAlgorithmException e4) {
            _logger.warn("No such algorithm", e4);
            throw new WSSecurityException(0, "certpath", new Object[]{e4.getMessage()}, e4);
        } catch (NoSuchProviderException e5) {
            _logger.warn("No such provider", e5);
            throw new WSSecurityException(0, "certpath", new Object[]{e5.getMessage()}, e5);
        } catch (CertPathValidatorException e6) {
            _logger.warn("Could not validate Cert Path", e6);
            throw new WSSecurityException(0, "certpath", new Object[]{e6.getMessage()}, e6);
        } catch (CertificateException e7) {
            _logger.warn("Invalid certificate", e7);
            throw new WSSecurityException(0, "certpath", new Object[]{e7.getMessage()}, e7);
        }
    }
}
