package com.tmax.ws.security.components.crypto;

import com.tmax.ws.security.WSSecurityException;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXCertPathValidatorResult;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Hashtable;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.x500.X500Principal;
import jeus.security.base.SKI;
import jeus.security.util.Base64Coder;
import jeus.security.util.PasswordVerifier;
import jeus.security.util.X509Util;
import jeus.util.logging.JeusLogger;
import jeus.util.message.JeusMessage_Webservices_SEC;
import jeus.webservices.wssecurity.WSSProperties;
import jeus.webservices.wssecurity.WSSUserInfo;

/* loaded from: input_file:com/tmax/ws/security/components/crypto/SimpleWSSecurityItf.class */
public class SimpleWSSecurityItf extends AbstractCrypto {
    protected KeyStore keystore;
    protected KeyStore truststore;
    protected static final JeusLogger logger = JeusLogger.getLogger("jeus.webservices.wss");
    static CertificateFactory certFact;
    static CertPathValidator cpv;

    public SimpleWSSecurityItf(Hashtable hashtable, ClassLoader classLoader) throws CredentialException, IOException {
        super(hashtable, classLoader);
        init();
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v42, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v57, types: [java.io.InputStream] */
    private void init() {
        if (this.properties == null) {
            return;
        }
        String str = (String) this.properties.get(WSSProperties.KEYSTORE_TYPE);
        String str2 = (String) this.properties.get(WSSProperties.KEYSTORE_PATH);
        String str3 = (String) this.properties.get(WSSProperties.KEYSTORE_STOREPASS);
        if (str != null && str2 != null && str3 != null) {
            try {
                this.keystore = KeyStore.getInstance(str);
                File file = new File(str2);
                FileInputStream resourceAsStream = !file.isAbsolute() ? Thread.currentThread().getContextClassLoader().getResourceAsStream(str2) : new FileInputStream(file);
                this.keystore.load(resourceAsStream, str3.toCharArray());
                resourceAsStream.close();
            } catch (Exception e) {
                e.printStackTrace();
            }
        }
        String str4 = (String) this.properties.get(WSSProperties.TRUSTSTORE_TYPE);
        String str5 = (String) this.properties.get(WSSProperties.TRUSTSTORE_PATH);
        String str6 = (String) this.properties.get(WSSProperties.TRUSTSTORE_STOREPASS);
        if (str4 == null || str5 == null || str6 == null) {
            return;
        }
        try {
            this.truststore = KeyStore.getInstance(str4);
            File file2 = new File(str5);
            FileInputStream resourceAsStream2 = !file2.isAbsolute() ? Thread.currentThread().getContextClassLoader().getResourceAsStream(str5) : new FileInputStream(file2);
            this.truststore.load(resourceAsStream2, str6.toCharArray());
            resourceAsStream2.close();
        } catch (Exception e2) {
            e2.printStackTrace();
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public X509Certificate getCertificateWithIssuerSerial(String str, BigInteger bigInteger) throws WSSecurityException {
        try {
            X509Certificate x509Certificate = null;
            if (this.keystore != null) {
                x509Certificate = X509Util.getCertInKeyStore(this.keystore, new X500Principal(str), bigInteger);
            }
            if (x509Certificate == null && this.truststore != null) {
                x509Certificate = X509Util.getCertInTrustStore(this.truststore, new X500Principal(str), bigInteger);
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public X509Certificate getCertificateWithKeyName(String str) throws WSSecurityException {
        try {
            X509Certificate x509Certificate = null;
            if (this.keystore != null) {
                x509Certificate = X509Util.getCertInKeyStore(this.keystore, new X500Principal(str));
            }
            if (x509Certificate == null && this.truststore != null) {
                x509Certificate = X509Util.getCertInTrustStore(this.truststore, new X500Principal(str));
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public X509Certificate getCertificateWithSubjectKeyId(String str) throws WSSecurityException {
        try {
            X509Certificate x509Certificate = null;
            if (this.keystore != null) {
                x509Certificate = X509Util.getCertInKeyStore(this.keystore, new SKI(str));
            }
            if (x509Certificate == null && this.truststore != null) {
                x509Certificate = X509Util.getCertInTrustStore(this.truststore, new SKI(str));
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public X509Certificate getCertificateWithUser(String str) throws WSSecurityException {
        WSSUserInfo wSSUserInfo = (WSSUserInfo) this.properties.get(WSSProperties._userinfo_prefix + str);
        if (wSSUserInfo == null || wSSUserInfo.alias == null) {
            return null;
        }
        try {
            X509Certificate x509Certificate = null;
            if (this.keystore != null) {
                Certificate[] certificateChain = this.keystore.getCertificateChain(wSSUserInfo.alias);
                x509Certificate = (certificateChain == null || certificateChain.length <= 0) ? (X509Certificate) this.keystore.getCertificate(wSSUserInfo.alias) : (X509Certificate) certificateChain[0];
            }
            if (x509Certificate == null && this.truststore != null) {
                x509Certificate = (X509Certificate) this.truststore.getCertificate(wSSUserInfo.alias);
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKeyWithIssuerSerial(String str, BigInteger bigInteger, CallbackHandler callbackHandler) throws WSSecurityException {
        String aliasForX509Cert;
        try {
            if (this.keystore == null || (aliasForX509Cert = X509Util.getAliasForX509Cert(this.keystore, str, bigInteger)) == null) {
                return null;
            }
            WSSUserInfo wSSUserInfo = getWSSUserInfo(aliasForX509Cert, this.keystore);
            if (wSSUserInfo != null && wSSUserInfo.keyPass != null) {
                return (PrivateKey) this.keystore.getKey(aliasForX509Cert, wSSUserInfo.keyPass.toCharArray());
            }
            logger.log(JeusMessage_Webservices_SEC._6021_LEVEL, "Can't get key password for '" + aliasForX509Cert + "' alias.");
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    private WSSUserInfo getWSSUserInfo(String str, KeyStore keyStore) throws KeyStoreException {
        if (!keyStore.containsAlias(str)) {
            return null;
        }
        Enumeration keys = this.properties.keys();
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            if (str2.startsWith(WSSProperties._userinfo_prefix)) {
                WSSUserInfo wSSUserInfo = (WSSUserInfo) this.properties.get(str2);
                if (wSSUserInfo.alias.equals(str)) {
                    return wSSUserInfo;
                }
            }
        }
        return null;
    }

    private WSSUserInfo getWSSUserInfo(String str) {
        Enumeration keys = this.properties.keys();
        while (keys.hasMoreElements()) {
            String str2 = (String) keys.nextElement();
            if (str2.startsWith(WSSProperties._userinfo_prefix)) {
                WSSUserInfo wSSUserInfo = (WSSUserInfo) this.properties.get(str2);
                if (wSSUserInfo.secret != null && wSSUserInfo.secret.getKeyName().equals(str)) {
                    return wSSUserInfo;
                }
            }
        }
        return null;
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKeyWithKeyName(String str, CallbackHandler callbackHandler) throws WSSecurityException {
        String aliasForDN;
        try {
            if (this.keystore == null || (aliasForDN = X509Util.getAliasForDN(this.keystore, str)) == null) {
                return null;
            }
            WSSUserInfo wSSUserInfo = getWSSUserInfo(aliasForDN, this.keystore);
            if (wSSUserInfo != null && wSSUserInfo.keyPass != null) {
                return (PrivateKey) this.keystore.getKey(aliasForDN, wSSUserInfo.keyPass.toCharArray());
            }
            logger.log(JeusMessage_Webservices_SEC._6021_LEVEL, "Can't get key password for '" + aliasForDN + "' alias.");
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKeyWithSubjectKeyId(String str, CallbackHandler callbackHandler) throws WSSecurityException {
        String aliasForX509Cert;
        try {
            if (this.keystore == null || (aliasForX509Cert = X509Util.getAliasForX509Cert(this.keystore, Base64Coder.base64ToByteArray(str))) == null) {
                return null;
            }
            WSSUserInfo wSSUserInfo = getWSSUserInfo(aliasForX509Cert, this.keystore);
            if (wSSUserInfo != null && wSSUserInfo.keyPass != null) {
                return (PrivateKey) this.keystore.getKey(aliasForX509Cert, wSSUserInfo.keyPass.toCharArray());
            }
            logger.log(JeusMessage_Webservices_SEC._6021_LEVEL, "Can't get key password for '" + aliasForX509Cert + "' alias.");
            return null;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public PrivateKey getPrivateKeyWithUser(String str, String str2) throws WSSecurityException {
        WSSUserInfo wSSUserInfo = (WSSUserInfo) this.properties.get(WSSProperties._userinfo_prefix + str);
        if (this.keystore == null || wSSUserInfo == null || !wSSUserInfo.user.equals(str) || wSSUserInfo.keyPass == null) {
            return null;
        }
        try {
            return (PrivateKey) this.keystore.getKey(wSSUserInfo.alias, wSSUserInfo.keyPass.toCharArray());
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public boolean isValid(X509Certificate x509Certificate) throws WSSecurityException {
        try {
            if (this.truststore != null && this.truststore.getCertificateAlias(x509Certificate) != null) {
                return true;
            }
            if (this.keystore != null && this.keystore.getCertificateAlias(x509Certificate) != null) {
                return true;
            }
            CertPath generateCertPath = certFact.generateCertPath(Arrays.asList(x509Certificate));
            X509Certificate certificateWithKeyName = getCertificateWithKeyName(x509Certificate.getSubjectDN().getName());
            if (certificateWithKeyName == null) {
                return false;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(new TrustAnchor(certificateWithKeyName, null));
            PKIXParameters pKIXParameters = new PKIXParameters(hashSet);
            CertStore certStore = (CertStore) this.properties.get(WSSProperties.CERTSTORE);
            if (certStore != null) {
                pKIXParameters.addCertStore(certStore);
                pKIXParameters.setRevocationEnabled(true);
            } else {
                pKIXParameters.setRevocationEnabled(false);
            }
            pKIXParameters.setPolicyQualifiersRejected(false);
            try {
                logger.log(JeusMessage_Webservices_SEC._6031_LEVEL, ((PKIXCertPathValidatorResult) cpv.validate(generateCertPath, pKIXParameters)).getPolicyTree().toString());
                return true;
            } catch (CertPathValidatorException e) {
                e.printStackTrace();
                return false;
            }
        } catch (Exception e2) {
            e2.printStackTrace();
            return false;
        }
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public WSSSecretKeyInfo getSecretKeyWithKeyName(String str) throws WSSecurityException {
        WSSUserInfo wSSUserInfo = getWSSUserInfo(str);
        if (wSSUserInfo != null) {
            return wSSUserInfo.secret;
        }
        return null;
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public WSSSecretKeyInfo getSecretKeyWithUser(String str) throws WSSecurityException {
        WSSUserInfo wSSUserInfo = (WSSUserInfo) this.properties.get(WSSProperties._userinfo_prefix + str);
        if (wSSUserInfo == null || !wSSUserInfo.user.equals(str)) {
            return null;
        }
        return wSSUserInfo.secret;
    }

    @Override // com.tmax.ws.security.components.crypto.Crypto
    public boolean authenticate(PasswordVerifier passwordVerifier) throws WSSecurityException {
        WSSUserInfo wSSUserInfo;
        String username = passwordVerifier.getUsername();
        if (username == null || (wSSUserInfo = (WSSUserInfo) this.properties.get(WSSProperties._userinfo_prefix + username)) == null) {
            return false;
        }
        return passwordVerifier.verify(wSSUserInfo.userPass);
    }

    static {
        try {
            certFact = CertificateFactory.getInstance("X.509");
            cpv = CertPathValidator.getInstance("PKIX");
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
