package com.sun.identity.wss.security;

import com.iplanet.security.x509.CertUtils;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import com.sun.identity.shared.debug.Debug;
import com.sun.identity.shared.encode.Base64;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.ResourceBundle;
import org.forgerock.openam.sdk.org.apache.xml.security.exceptions.XMLSecurityException;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.X509Data;
import org.forgerock.openam.sdk.org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;

/* loaded from: input_file:WEB-INF/lib/openam-clientsdk-15.0.0.jar:com/sun/identity/wss/security/AMTokenProvider.class */
public class AMTokenProvider implements TokenProvider {
    private SSOToken ssoToken;
    private SecurityTokenSpec tokenSpec = null;
    private static XMLSignatureManager sigManager = null;
    private static KeyProvider keyProvider = null;
    private static Debug debug = WSSUtils.debug;
    private static ResourceBundle bundle = WSSUtils.bundle;

    public AMTokenProvider(SSOToken sSOToken) throws SSOException {
        this.ssoToken = null;
        SSOTokenManager.getInstance().validateToken(sSOToken);
        this.ssoToken = sSOToken;
        sigManager = WSSUtils.getXMLSignatureManager();
        keyProvider = sigManager.getKeyProvider();
    }

    @Override // com.sun.identity.wss.security.TokenProvider
    public void init(SecurityTokenSpec securityTokenSpec) {
        this.tokenSpec = securityTokenSpec;
    }

    @Override // com.sun.identity.wss.security.TokenProvider
    public SecurityToken getSecurityToken() throws SecurityException {
        if (this.tokenSpec == null) {
            throw new SecurityException(WSSUtils.bundle.getString("tokenSpecNotSpecified"));
        }
        if (this.tokenSpec instanceof AssertionTokenSpec) {
            AssertionTokenSpec assertionTokenSpec = (AssertionTokenSpec) this.tokenSpec;
            AssertionToken assertionToken = new AssertionToken(assertionTokenSpec, this.ssoToken);
            String signingAlias = assertionTokenSpec.getSigningAlias();
            if (signingAlias == null) {
                signingAlias = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
            }
            assertionToken.sign(signingAlias);
            return assertionToken;
        }
        if (this.tokenSpec instanceof X509TokenSpec) {
            return new BinarySecurityToken((X509TokenSpec) this.tokenSpec);
        }
        if (this.tokenSpec instanceof KerberosTokenSpec) {
            return new BinarySecurityToken((KerberosTokenSpec) this.tokenSpec);
        }
        if (this.tokenSpec instanceof UserNameTokenSpec) {
            return new UserNameToken((UserNameTokenSpec) this.tokenSpec);
        }
        if (!(this.tokenSpec instanceof SAML2TokenSpec)) {
            debug.error("AMTokenProvider.getSecurityToken:: unsupported token specification");
            throw new SecurityException(bundle.getString("unsupportedTokenSpec"));
        }
        SAML2TokenSpec sAML2TokenSpec = (SAML2TokenSpec) this.tokenSpec;
        SAML2Token sAML2Token = new SAML2Token(sAML2TokenSpec, this.ssoToken);
        String signingAlias2 = sAML2TokenSpec.getSigningAlias();
        if (signingAlias2 == null) {
            signingAlias2 = SystemConfigurationUtil.getProperty("com.sun.identity.saml.xmlsig.certalias");
        }
        sAML2Token.sign(signingAlias2);
        return sAML2Token;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyProvider getKeyProvider() {
        return getSignatureManager().getKeyProvider();
    }

    static XMLSignatureManager getSignatureManager() {
        return WSSUtils.getXMLSignatureManager();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate getX509Certificate(String str) {
        return keyProvider.getX509Certificate(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static List getX509Certificates(String[] strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            if (getX509Certificate(str) != null) {
                arrayList.add(strArr);
            }
        }
        return arrayList;
    }

    static X509Certificate loadCertificate(InputStream inputStream) throws SecurityException {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) getCertificateFactory().generateCertificate(inputStream);
        } catch (CertificateException e) {
            debug.error("AMTokenProvider.loadCertificate:: failed to load certificate", e);
        }
        return x509Certificate;
    }

    static CertificateFactory getCertificateFactory() throws SecurityException {
        try {
            return CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new SecurityException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate getX509Certificate(X509Data x509Data) throws SecurityException {
        Certificate certificate;
        try {
            XMLX509IssuerSerial itemIssuerSerial = x509Data.itemIssuerSerial(0);
            String issuerName = itemIssuerSerial.getIssuerName();
            BigInteger serialNumber = itemIssuerSerial.getSerialNumber();
            try {
                KeyStore keyStore = null;
                if (keyProvider != null) {
                    keyStore = keyProvider.getKeyStore();
                }
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                    if (certificateChain == null || certificateChain.length == 0) {
                        certificate = keyStore.getCertificate(nextElement);
                        if (certificate == null) {
                        }
                    } else {
                        certificate = certificateChain[0];
                    }
                    if (certificate instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        if (x509Certificate.getSerialNumber().compareTo(serialNumber) == 0 && CertUtils.getIssuerName(x509Certificate).equals(issuerName)) {
                            return x509Certificate;
                        }
                    }
                }
                return null;
            } catch (KeyStoreException e) {
                throw new SecurityException(bundle.getString("keystoreException"));
            }
        } catch (XMLSecurityException e2) {
            throw new SecurityException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate getX509CertForKeyIdentifier(String str) throws SecurityException {
        Certificate certificate;
        try {
            KeyStore keyStore = null;
            if (keyProvider != null) {
                keyStore = keyProvider.getKeyStore();
            }
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
                    if (extensionValue == null) {
                        return null;
                    }
                    if (Base64.encode(extensionValue).equals(str)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new SecurityException(bundle.getString("keystoreException"));
        }
    }
}
