package com.sun.identity.saml2.key;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2SDKUtils;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.RoleDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.XACMLAuthzDecisionQueryDescriptorElement;
import com.sun.identity.saml2.jaxb.metadata.XACMLPDPDescriptorElement;
import com.sun.identity.saml2.jaxb.xmlenc.EncryptionMethodType;
import com.sun.identity.saml2.jaxb.xmlsig.KeyInfoType;
import com.sun.identity.saml2.jaxb.xmlsig.X509DataElement;
import com.sun.identity.saml2.jaxb.xmlsig.X509DataType;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import com.sun.identity.xmlenc.EncryptionConstants;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.forgerock.openam.utils.CollectionUtils;
import org.forgerock.openam.utils.StringUtils;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/saml2/key/KeyUtil.class */
public class KeyUtil {
    private static KeyProvider keyProvider;
    protected static Hashtable encHash = new Hashtable();
    protected static Map<String, Set<X509Certificate>> sigHash = new Hashtable();

    private KeyUtil() {
    }

    public static KeyProvider getKeyProviderInstance() {
        return keyProvider;
    }

    public static String getSigningCertAlias(BaseConfigType baseConfigType) {
        String str;
        List<String> list = SAML2MetaUtils.getAttributes(baseConfigType).get("signingCertAlias");
        if (list == null || list.isEmpty() || (str = list.get(0)) == null || str.length() == 0 || keyProvider == null) {
            return null;
        }
        return str;
    }

    public static Set<PrivateKey> getDecryptionKeys(String str, String str2, String str3) {
        return getDecryptionKeys((List<String>) SAML2Utils.getEncryptionCertAliases(str, str2, str3));
    }

    public static Set<PrivateKey> getDecryptionKeys(BaseConfigType baseConfigType) {
        return getDecryptionKeys(SAML2MetaUtils.getAttributes(baseConfigType).get("encryptionCertAlias"));
    }

    private static Set<PrivateKey> getDecryptionKeys(List<String> list) {
        LinkedHashSet linkedHashSet = new LinkedHashSet(3);
        if (list == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getDecryptionKeys: passed aliases list was null.");
        } else if (keyProvider != null) {
            for (String str : list) {
                if (StringUtils.isNotEmpty(str)) {
                    PrivateKey privateKey = keyProvider.getPrivateKey(str);
                    if (privateKey != null) {
                        linkedHashSet.add(privateKey);
                    } else {
                        SAML2SDKUtils.debug.error("KeyUtil.getDecryptionKeys: No decryptionKey found for alias: {}", str);
                    }
                } else {
                    SAML2SDKUtils.debug.error("KeyUtil.getDecryptionKeys: alias was empty.");
                }
            }
        } else {
            SAML2SDKUtils.debug.error("KeyUtil.getDecryptionKeys: keyProvider was null.");
        }
        return linkedHashSet;
    }

    public static PrivateKey getDecryptionKey(BaseConfigType baseConfigType) {
        return (PrivateKey) CollectionUtils.getFirstItem(getDecryptionKeys(baseConfigType), null);
    }

    public static Set<X509Certificate> getVerificationCerts(RoleDescriptorType roleDescriptorType, String str, String str2) {
        String str3 = str.trim() + "|" + str2;
        Set<X509Certificate> set = sigHash.get(str3);
        if (set != null) {
            return set;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet(3);
        if (roleDescriptorType == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getVerificationCerts: Null RoleDescriptorType input for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        List<KeyDescriptorType> keyDescriptors = getKeyDescriptors(roleDescriptorType, "signing");
        if (keyDescriptors.isEmpty()) {
            SAML2SDKUtils.debug.error("KeyUtil.getVerificationCerts: No signing KeyDescriptor for entityID=" + str + " in " + str2 + " role.");
            return linkedHashSet;
        }
        Iterator<KeyDescriptorType> it = keyDescriptors.iterator();
        while (it.hasNext()) {
            linkedHashSet.add(getCert(it.next()));
        }
        if (linkedHashSet.isEmpty()) {
            SAML2SDKUtils.debug.error("KeyUtil.getVerificationCerts: No signing cert for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        sigHash.put(str3, linkedHashSet);
        return linkedHashSet;
    }

    public static EncInfo getEncInfo(RoleDescriptorType roleDescriptorType, String str, String str2) {
        EncryptionMethodType encryptionMethodType;
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("KeyUtil.getEncInfo: Entering... \nEntityID=" + str + "\nRole=" + str2);
        }
        String str3 = str.trim() + "|" + str2;
        EncInfo encInfo = (EncInfo) encHash.get(str3);
        if (encInfo != null) {
            return encInfo;
        }
        if (roleDescriptorType == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getEncInfo: Null RoleDescriptorType input for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        KeyDescriptorType keyDescriptor = getKeyDescriptor(roleDescriptorType, "encryption");
        if (keyDescriptor == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getEncInfo: No encryption KeyDescriptor for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        X509Certificate cert = getCert(keyDescriptor);
        if (cert == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getEncInfo: No encryption cert for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        List encryptionMethod = keyDescriptor.getEncryptionMethod();
        String str4 = null;
        int i = 0;
        if (encryptionMethod != null && !encryptionMethod.isEmpty() && (encryptionMethodType = (EncryptionMethodType) encryptionMethod.get(0)) != null) {
            str4 = encryptionMethodType.getAlgorithm();
            List content = encryptionMethodType.getContent();
            if (content != null) {
                Iterator it = content.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    if (it.next() instanceof EncryptionMethodType.KeySize) {
                        i = ((EncryptionMethodType.KeySize) content.get(0)).getValue().intValue();
                        break;
                    }
                }
            }
        }
        if (str4 == null || str4.length() == 0) {
            str4 = EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128;
            i = 128;
        }
        PublicKey publicKey = cert.getPublicKey();
        if (publicKey != null) {
            encInfo = new EncInfo(publicKey, str4, i);
        }
        if (encInfo != null) {
            encHash.put(str3, encInfo);
        }
        return encInfo;
    }

    public static List<KeyDescriptorType> getKeyDescriptors(RoleDescriptorType roleDescriptorType, String str) {
        List<KeyDescriptorType> keyDescriptor = roleDescriptorType.getKeyDescriptor();
        ArrayList arrayList = new ArrayList(keyDescriptor.size());
        ArrayList arrayList2 = new ArrayList(keyDescriptor.size());
        for (KeyDescriptorType keyDescriptorType : keyDescriptor) {
            String use = keyDescriptorType.getUse();
            if (StringUtils.isBlank(use)) {
                arrayList2.add(keyDescriptorType);
            } else if (use.trim().toLowerCase().equals(str)) {
                arrayList.add(keyDescriptorType);
            }
        }
        arrayList.addAll(arrayList2);
        return arrayList;
    }

    public static KeyDescriptorType getKeyDescriptor(RoleDescriptorType roleDescriptorType, String str) {
        return (KeyDescriptorType) CollectionUtils.getFirstItem(getKeyDescriptors(roleDescriptorType, str), null);
    }

    public static X509Certificate getCert(KeyDescriptorType keyDescriptorType) {
        KeyInfoType keyInfo = keyDescriptorType.getKeyInfo();
        if (keyInfo == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getCert: No KeyInfo.");
            return null;
        }
        Iterator it = keyInfo.getContent().iterator();
        X509DataElement x509DataElement = null;
        while (x509DataElement == null && it.hasNext()) {
            Object next = it.next();
            if (next instanceof X509DataElement) {
                x509DataElement = (X509DataElement) next;
            }
        }
        if (x509DataElement == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getCert: No X509DataElement.");
            return null;
        }
        Iterator it2 = x509DataElement.getX509IssuerSerialOrX509SKIOrX509SubjectName().iterator();
        X509DataType.X509Certificate x509Certificate = null;
        while (x509Certificate == null && it2.hasNext()) {
            Object next2 = it2.next();
            if (next2 instanceof X509DataType.X509Certificate) {
                x509Certificate = (X509DataType.X509Certificate) next2;
            }
        }
        if (x509Certificate == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getCert: No X509Certificate.");
            return null;
        }
        byte[] value = x509Certificate.getValue();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(value);
            X509Certificate x509Certificate2 = null;
            while (byteArrayInputStream.available() > 0) {
                try {
                    x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                } catch (CertificateException e) {
                    SAML2SDKUtils.debug.error("KeyUtil.getCert: Unable to generate certificate from byte array input stream.", e);
                    return null;
                }
            }
            return x509Certificate2;
        } catch (CertificateException e2) {
            SAML2SDKUtils.debug.error("KeyUtil.getCert: Unable to get CertificateFactory for X.509 type", e2);
            return null;
        }
    }

    public static Set<X509Certificate> getPEPVerificationCerts(XACMLAuthzDecisionQueryDescriptorElement xACMLAuthzDecisionQueryDescriptorElement, String str) {
        return getVerificationCerts(xACMLAuthzDecisionQueryDescriptorElement, str, SAML2Constants.PEP_ROLE);
    }

    public static EncInfo getPEPEncInfo(XACMLAuthzDecisionQueryDescriptorElement xACMLAuthzDecisionQueryDescriptorElement, String str) {
        if (SAML2SDKUtils.debug.messageEnabled()) {
            SAML2SDKUtils.debug.message("KeyUtil.getEncInfo: Entering... \nEntityID=" + str + "\nRole=" + SAML2Constants.PEP_ROLE);
        }
        EncInfo encInfo = (EncInfo) encHash.get(str.trim() + "|" + SAML2Constants.PEP_ROLE);
        if (encInfo != null) {
            return encInfo;
        }
        if (xACMLAuthzDecisionQueryDescriptorElement == null) {
            SAML2SDKUtils.debug.error("KeyUtil.getEncInfo: Null PEP Descriptor input for entityID=" + str + " in " + SAML2Constants.PEP_ROLE + " role.");
            return null;
        }
        KeyDescriptorType keyDescriptor = getKeyDescriptor(xACMLAuthzDecisionQueryDescriptorElement, "encryption");
        if (keyDescriptor != null) {
            return getEncryptionInfo(keyDescriptor, str, SAML2Constants.PEP_ROLE);
        }
        SAML2SDKUtils.debug.error("KeyUtil.getEncInfo: No encryption KeyDescriptor for entityID=" + str + " in " + SAML2Constants.PEP_ROLE + " role.");
        return null;
    }

    private static EncInfo getEncryptionInfo(KeyDescriptorType keyDescriptorType, String str, String str2) {
        EncryptionMethodType encryptionMethodType;
        X509Certificate cert = getCert(keyDescriptorType);
        if (cert == null) {
            SAML2SDKUtils.debug.error("KeyUtil:getEncryptionInfo:No encryption cert for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        List encryptionMethod = keyDescriptorType.getEncryptionMethod();
        String str3 = null;
        int i = 0;
        if (encryptionMethod != null && !encryptionMethod.isEmpty() && (encryptionMethodType = (EncryptionMethodType) encryptionMethod.get(0)) != null) {
            str3 = encryptionMethodType.getAlgorithm();
            List content = encryptionMethodType.getContent();
            if (content != null) {
                i = ((EncryptionMethodType.KeySize) content.get(0)).getValue().intValue();
            }
        }
        if (str3 == null || str3.length() == 0) {
            str3 = EncryptionConstants.ENC_DATA_ENC_METHOD_AES_128;
            i = 128;
        }
        PublicKey publicKey = cert.getPublicKey();
        EncInfo encInfo = null;
        if (publicKey != null) {
            encInfo = new EncInfo(publicKey, str3, i);
        }
        String str4 = str.trim() + "|" + str2;
        if (encInfo != null) {
            encHash.put(str4, encInfo);
        }
        return encInfo;
    }

    public static Set<X509Certificate> getPDPVerificationCerts(XACMLPDPDescriptorElement xACMLPDPDescriptorElement, String str) {
        return getVerificationCerts(xACMLPDPDescriptorElement, str, SAML2Constants.PDP_ROLE);
    }

    public static void clear() {
        sigHash.clear();
        encHash.clear();
    }

    static {
        keyProvider = null;
        try {
            keyProvider = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS, SAMLConstants.JKS_KEY_PROVIDER)).newInstance();
        } catch (ClassNotFoundException e) {
            SAML2SDKUtils.debug.error("KeyUtil static block: Couldn't find the class.", e);
            keyProvider = null;
        } catch (IllegalAccessException e2) {
            SAML2SDKUtils.debug.error("KeyUtil static block: Couldn't access the default constructor.", e2);
            keyProvider = null;
        } catch (InstantiationException e3) {
            SAML2SDKUtils.debug.error("KeyUtil static block: Couldn't instantiate the key provider instance.", e3);
            keyProvider = null;
        }
    }
}
