package com.sun.xml.ws.security.opt.impl.util;

import com.sun.xml.ws.api.model.wsdl.WSDLBoundOperation;
import com.sun.xml.ws.api.model.wsdl.WSDLPort;
import com.sun.xml.ws.api.security.trust.client.STSIssuedTokenConfiguration;
import com.sun.xml.ws.api.server.WSEndpoint;
import com.sun.xml.ws.policy.AssertionSet;
import com.sun.xml.ws.policy.Policy;
import com.sun.xml.ws.policy.PolicyAssertion;
import com.sun.xml.ws.policy.PolicyException;
import com.sun.xml.ws.policy.PolicyMap;
import com.sun.xml.ws.security.impl.policy.PolicyUtil;
import com.sun.xml.ws.wsdl.parser.WSDLConstants;
import com.sun.xml.wss.AliasSelector;
import com.sun.xml.wss.SecurityEnvironment;
import com.sun.xml.wss.XWSSConstants;
import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.impl.MessageConstants;
import com.sun.xml.wss.impl.ProcessingContextImpl;
import com.sun.xml.wss.impl.WssSoapFaultException;
import com.sun.xml.wss.impl.callback.KeyStoreCallback;
import com.sun.xml.wss.impl.misc.Base64;
import com.sun.xml.wss.jaxws.impl.TubeConfiguration;
import com.sun.xml.wss.logging.LogStringsMessages;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.utils.Constants;
import org.jvnet.staxex.Base64Data;
import org.jvnet.staxex.XMLStreamReaderEx;

/* loaded from: input_file:WEB-INF/lib/wssx-impl-3.0.3.jar:com/sun/xml/ws/security/opt/impl/util/CertificateRetriever.class */
public class CertificateRetriever {
    private static Logger log = Logger.getLogger("javax.enterprise.resource.xml.webservices.security", "com.sun.xml.wss.logging.LogStrings");
    protected TubeConfiguration pipeConfig = null;
    private String location = null;
    private String password = null;
    private String alias = null;
    private Certificate cs = null;
    private FileInputStream fis = null;
    private Policy ep = null;
    private String callbackHandler = null;
    private String aliasSelector = null;

    public byte[] getBSTFromIdentityExtension(XMLStreamReader xMLStreamReader) throws XMLStreamException {
        byte[] bArr = null;
        while (xMLStreamReader.hasNext()) {
            if (xMLStreamReader.getEventType() == 1) {
                boolean z = MessageConstants.WSSE_BINARY_SECURITY_TOKEN_LNAME.equals(xMLStreamReader.getLocalName()) && "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd".equals(xMLStreamReader.getNamespaceURI());
                boolean z2 = "KeyInfo".equals(xMLStreamReader.getLocalName()) && "http://www.w3.org/2000/09/xmldsig#".equals(xMLStreamReader.getNamespaceURI());
                if (z || z2) {
                    if (z) {
                        xMLStreamReader.next();
                    } else if (z2) {
                        while (xMLStreamReader.hasNext() && !Constants._TAG_X509CERTIFICATE.equals(xMLStreamReader.getLocalName())) {
                            xMLStreamReader.next();
                        }
                        xMLStreamReader.next();
                    }
                    if (xMLStreamReader.getEventType() == 4) {
                        if (xMLStreamReader instanceof XMLStreamReaderEx) {
                            CharSequence pcdata = ((XMLStreamReaderEx) xMLStreamReader).getPCDATA();
                            if (pcdata instanceof Base64Data) {
                                return ((Base64Data) pcdata).getExact();
                            }
                        }
                        try {
                            bArr = Base64.decode(StreamUtil.getCV(xMLStreamReader));
                        } catch (Base64DecodingException e) {
                            log.log(Level.WARNING, LogStringsMessages.WSS_0819_ERROR_GETTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e);
                        }
                    } else {
                        log.log(Level.WARNING, LogStringsMessages.WSS_0819_ERROR_GETTING_CERTIFICATE_EPRIDENTITY());
                    }
                    return bArr;
                }
            }
            xMLStreamReader.next();
        }
        return null;
    }

    public Certificate getServerKeyStore(WSEndpoint wSEndpoint) throws IOException, XWSSecurityException {
        setLocationPasswordAndAlias(new QName("http://schemas.sun.com/2006/03/wss/server", com.sun.xml.ws.security.impl.policy.Constants.KeyStore), wSEndpoint);
        if (this.password == null || this.location == null) {
            if (this.callbackHandler == null) {
                return null;
            }
            this.cs = getCertificateUsingCallbackHandler(this.callbackHandler);
            return this.cs;
        }
        if (this.alias == null) {
            this.alias = getAliasUsingAliasSelector();
        }
        try {
            try {
                try {
                    try {
                        try {
                            KeyStore keyStore = KeyStore.getInstance("JKS");
                            this.fis = new FileInputStream(this.location);
                            keyStore.load(this.fis, this.password.toCharArray());
                            this.cs = keyStore.getCertificate(this.alias);
                            if (this.cs == null) {
                                log.log(Level.WARNING, LogStringsMessages.WSS_0821_CERTIFICATE_NOT_FOUND_FOR_ALIAS(this.alias));
                            }
                            this.fis.close();
                            return this.cs;
                        } catch (KeyStoreException e) {
                            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e);
                            this.fis.close();
                            return null;
                        }
                    } catch (IOException e2) {
                        log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e2);
                        this.fis.close();
                        return null;
                    }
                } catch (NoSuchAlgorithmException e3) {
                    log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e3);
                    this.fis.close();
                    return null;
                }
            } catch (FileNotFoundException e4) {
                log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e4);
                this.fis.close();
                return null;
            } catch (CertificateException e5) {
                log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e5);
                this.fis.close();
                return null;
            }
        } catch (Throwable th) {
            this.fis.close();
            throw th;
        }
    }

    public X509Certificate constructCertificate(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            log.log(Level.SEVERE, "error while constructing the certificate from bst value ", (Throwable) e);
            throw new RuntimeException(e);
        }
    }

    public boolean checkforEPRIdentity(WSEndpoint wSEndpoint, QName qName) {
        if (wSEndpoint.getPort() == null) {
            return true;
        }
        getEndpointOROperationalLevelPolicy(wSEndpoint);
        if (this.ep == null) {
            return false;
        }
        Iterator<AssertionSet> it = this.ep.iterator();
        while (it.hasNext()) {
            Iterator<PolicyAssertion> it2 = it.next().iterator();
            while (it2.hasNext()) {
                if (it2.next().getName().equals(qName)) {
                    return true;
                }
            }
        }
        return false;
    }

    private String getAliasUsingAliasSelector() {
        if (this.aliasSelector == null) {
            return null;
        }
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Class<?> cls = null;
        if (contextClassLoader != null) {
            try {
                cls = contextClassLoader.loadClass(this.aliasSelector);
            } catch (ClassNotFoundException e) {
                return null;
            }
        }
        if (cls == null) {
            try {
                cls = getClass().getClassLoader().loadClass(this.aliasSelector);
            } catch (ClassNotFoundException e2) {
                return null;
            }
        }
        if (cls == null) {
            return null;
        }
        try {
            String select = ((AliasSelector) cls.newInstance()).select(new HashMap());
            if (select == null) {
                log.log(Level.WARNING, LogStringsMessages.WSS_0823_ALIAS_NOTFOUND_FOR_ALIAS_SELECTOR());
            }
            return select;
        } catch (IllegalAccessException e3) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e3);
            return null;
        } catch (InstantiationException e4) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e4);
            return null;
        }
    }

    private X509Certificate getCertificateUsingCallbackHandler(String str) {
        ClassLoader contextClassLoader = Thread.currentThread().getContextClassLoader();
        Class<?> cls = null;
        if (contextClassLoader != null) {
            try {
                cls = contextClassLoader.loadClass(str);
            } catch (ClassNotFoundException e) {
                return null;
            }
        }
        if (cls == null) {
            try {
                cls = getClass().getClassLoader().loadClass(str);
            } catch (ClassNotFoundException e2) {
                return null;
            }
        }
        if (cls == null) {
            return null;
        }
        KeyStoreCallback keyStoreCallback = new KeyStoreCallback();
        try {
            ((CallbackHandler) cls.newInstance()).handle(new Callback[]{keyStoreCallback});
            X509Certificate x509Certificate = (X509Certificate) (keyStoreCallback.getKeystore() != null ? keyStoreCallback.getKeystore().getCertificate(this.alias) : null);
            if (x509Certificate == null && this.alias != null) {
                log.log(Level.WARNING, LogStringsMessages.WSS_0821_CERTIFICATE_NOT_FOUND_FOR_ALIAS(this.alias));
            }
            return x509Certificate;
        } catch (IOException e3) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e3);
            return null;
        } catch (IllegalAccessException e4) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e4);
            return null;
        } catch (InstantiationException e5) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e5);
            return null;
        } catch (KeyStoreException e6) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e6);
            return null;
        } catch (UnsupportedCallbackException e7) {
            log.log(Level.WARNING, LogStringsMessages.WSS_0818_ERROR_PUTTING_CERTIFICATE_EPRIDENTITY(), (Throwable) e7);
            return null;
        }
    }

    private void getEndpointOROperationalLevelPolicy(WSEndpoint wSEndpoint) {
        PolicyMap policyMap = wSEndpoint.getPolicyMap();
        WSDLPort port = wSEndpoint.getPort();
        QName name = port.getOwner().getName();
        QName name2 = port.getName();
        try {
            this.ep = policyMap.getEndpointEffectivePolicy(PolicyMap.createWsdlEndpointScopeKey(name, name2));
            if (this.ep == null) {
                for (WSDLBoundOperation wSDLBoundOperation : port.getBinding().getBindingOperations()) {
                    this.ep = policyMap.getOperationEffectivePolicy(PolicyMap.createWsdlOperationScopeKey(name, name2, new QName(wSDLBoundOperation.getBoundPortType().getName().getNamespaceURI(), wSDLBoundOperation.getName().getLocalPart())));
                    if (this.ep != null) {
                        break;
                    }
                }
            }
        } catch (PolicyException e) {
            throw new RuntimeException(e);
        } catch (IllegalArgumentException e2) {
            throw new RuntimeException(e2);
        }
    }

    private void setLocationPasswordAndAlias(QName qName, WSEndpoint wSEndpoint) {
        if (wSEndpoint.getPort() == null || this.ep == null) {
            return;
        }
        Iterator<AssertionSet> it = this.ep.iterator();
        while (it.hasNext()) {
            Iterator<PolicyAssertion> it2 = it.next().iterator();
            while (it2.hasNext()) {
                PolicyAssertion next = it2.next();
                if (PolicyUtil.isConfigPolicyAssertion(next) && next.getName().equals(qName)) {
                    this.password = next.getAttributeValue(new QName("storepass"));
                    this.location = next.getAttributeValue(new QName(WSDLConstants.ATTR_LOCATION));
                    this.alias = next.getAttributeValue(new QName("alias"));
                    this.callbackHandler = next.getAttributeValue(new QName("callbackHandler"));
                    this.aliasSelector = next.getAttributeValue(new QName("aliasSelector"));
                    if (this.location != null) {
                        StringBuffer stringBuffer = new StringBuffer(this.location);
                        if (this.location.startsWith("$WSIT")) {
                            stringBuffer.replace(0, 10, System.getProperty("WSIT_HOME"));
                            this.location = stringBuffer.toString();
                        }
                    }
                }
            }
        }
    }

    public boolean setServerCertInTheContext(ProcessingContextImpl processingContextImpl, SecurityEnvironment securityEnvironment, X509Certificate x509Certificate) {
        boolean z = false;
        try {
            z = securityEnvironment.validateCertificate(x509Certificate, processingContextImpl.getExtraneousProperties());
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0820_ERROR_VALIDATE_CERTIFICATE_EPRIDENTITY(), (Throwable) e);
        } catch (WssSoapFaultException e2) {
        }
        if (z) {
            log.log(Level.INFO, LogStringsMessages.WSS_0824_USING_SERVER_CERTIFICATE_FROM_EPR_IDENTITY());
            processingContextImpl.getExtraneousProperties().put(XWSSConstants.SERVER_CERTIFICATE_PROPERTY, x509Certificate);
        } else {
            log.log(Level.WARNING, LogStringsMessages.WSS_0822_ERROR_VALIDATING_SERVER_CERTIFICATE());
        }
        return z;
    }

    public boolean setServerCertInTheSTSConfig(STSIssuedTokenConfiguration sTSIssuedTokenConfiguration, SecurityEnvironment securityEnvironment, X509Certificate x509Certificate) {
        boolean z = false;
        try {
            z = securityEnvironment.validateCertificate(x509Certificate, sTSIssuedTokenConfiguration.getOtherOptions());
        } catch (XWSSecurityException e) {
            log.log(Level.SEVERE, LogStringsMessages.WSS_0820_ERROR_VALIDATE_CERTIFICATE_EPRIDENTITY(), (Throwable) e);
        } catch (WssSoapFaultException e2) {
        }
        if (z) {
            log.log(Level.INFO, LogStringsMessages.WSS_0824_USING_SERVER_CERTIFICATE_FROM_EPR_IDENTITY());
            sTSIssuedTokenConfiguration.getOtherOptions().put(com.sun.xml.ws.security.impl.policy.Constants.IDENTITY, x509Certificate);
        } else {
            log.log(Level.WARNING, LogStringsMessages.WSS_0822_ERROR_VALIDATING_SERVER_CERTIFICATE());
        }
        return z;
    }
}
