package com.sun.identity.liberty.ws.meta;

import com.sun.identity.liberty.ws.common.jaxb.xmlsig.KeyInfoType;
import com.sun.identity.liberty.ws.common.jaxb.xmlsig.ObjectFactory;
import com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataElement;
import com.sun.identity.liberty.ws.common.jaxb.xmlsig.X509DataType;
import com.sun.identity.liberty.ws.idpp.common.IDPPConstants;
import com.sun.identity.liberty.ws.meta.jaxb.KeyDescriptorType;
import com.sun.identity.saml.xmlsig.JKSKeyProvider;
import com.sun.identity.saml.xmlsig.XMLSignatureManager;
import java.io.ByteArrayInputStream;
import java.math.BigInteger;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;

/* loaded from: input_file:119465-02/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/liberty/ws/meta/KeyUtils.class */
public class KeyUtils {
    static ObjectFactory xmlsigF = new ObjectFactory();
    static JKSKeyProvider keys = new JKSKeyProvider();
    static XMLSignatureManager sigm = XMLSignatureManager.getInstance();

    private KeyUtils() {
    }

    public static Map storeKeyInfo(List list) {
        HashMap hashMap = new HashMap();
        boolean z = false;
        boolean z2 = false;
        if (list != null) {
            try {
            } catch (Exception e) {
                MetaUtils.debug.error(new StringBuffer().append("storeKeyInfo exception").append(e.getMessage()).toString());
            }
            if (!list.isEmpty()) {
                Iterator it = list.iterator();
                while (true) {
                    if ((z && z2) || !it.hasNext()) {
                        break;
                    }
                    KeyDescriptorType keyDescriptorType = (KeyDescriptorType) it.next();
                    String use = keyDescriptorType.getUse();
                    if (!z && (use == null || use.equals("signing"))) {
                        hashMap.put("KeyInfo", getCert(keyDescriptorType, "signing"));
                        z = true;
                    } else if (!z2 && use.equals("encryption")) {
                        String encryptionMethod = keyDescriptorType.getEncryptionMethod();
                        if (encryptionMethod != null && !encryptionMethod.equals("")) {
                            hashMap.put(MetaConstants.ENCRYPTION_METHOD, encryptionMethod);
                        } else if (MetaUtils.debug.messageEnabled()) {
                            MetaUtils.debug.message("MapToFSProviderDesc: EncryptionMethod isn't defined.");
                        }
                        BigInteger keySize = keyDescriptorType.getKeySize();
                        if (keySize != null && keySize != BigInteger.ZERO) {
                            hashMap.put(MetaConstants.KEY_SIZE, keySize);
                        } else if (MetaUtils.debug.messageEnabled()) {
                            MetaUtils.debug.message("MapToFSProviderDesc: KeySize isn't defined.");
                        }
                        hashMap.put(MetaConstants.ENCRYPTION_KEYALIAS, getCert(keyDescriptorType, "encryption"));
                        z2 = true;
                    }
                }
                return hashMap;
            }
        }
        if (MetaUtils.debug.messageEnabled()) {
            MetaUtils.debug.message("storeKeyInfo: KeyDescriptor is empty");
        }
        return hashMap;
    }

    private static String getCert(KeyDescriptorType keyDescriptorType, String str) throws Exception {
        X509Certificate x509Certificate;
        KeyInfoType keyInfo = keyDescriptorType.getKeyInfo();
        if (keyInfo == null) {
            return null;
        }
        byte[] value = ((X509DataType.X509Certificate) ((X509DataElement) keyInfo.getContent().get(0)).getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0)).getValue();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(value);
        X509Certificate x509Certificate2 = null;
        while (true) {
            x509Certificate = x509Certificate2;
            if (byteArrayInputStream.available() <= 0) {
                break;
            }
            x509Certificate2 = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
        }
        if (x509Certificate == null) {
            MetaUtils.debug.error("Created Cert is null");
            return null;
        }
        String name = x509Certificate.getSubjectDN().getName();
        int indexOf = name.indexOf(IDPPConstants.CN_ELEMENT) + 3;
        String substring = name.substring(indexOf, name.indexOf(",", indexOf));
        if (substring == null) {
            throw new MetaException("Cert alias name from subjectDN is null");
        }
        if (str == null || str.equals("") || !(str.equals("signing") || str.equals("encryption"))) {
            throw new MetaException("Invalid key role.");
        }
        String stringBuffer = new StringBuffer().append(substring).append("-").append(str).toString();
        keys.setCertificateEntry(stringBuffer, x509Certificate);
        keys.store();
        return stringBuffer;
    }

    public static KeyInfoType LoadKeyInfo(String str) {
        if (str == null) {
            return null;
        }
        try {
            X509DataType.X509Certificate createX509DataTypeX509Certificate = xmlsigF.createX509DataTypeX509Certificate();
            X509DataElement createX509DataElement = xmlsigF.createX509DataElement();
            X509Certificate x509Certificate = keys.getX509Certificate(str);
            if (x509Certificate == null) {
                MetaUtils.debug.error("Cert is null");
                return null;
            }
            try {
                createX509DataTypeX509Certificate.setValue(x509Certificate.getEncoded());
                createX509DataElement.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(createX509DataTypeX509Certificate);
                KeyInfoType createKeyInfoType = xmlsigF.createKeyInfoType();
                createKeyInfoType.getContent().add(createX509DataElement);
                return createKeyInfoType;
            } catch (CertificateEncodingException e) {
                throw new MetaException(new StringBuffer().append("KeyInfo: Certificate encoding error.").append(e.getMessage()).toString());
            }
        } catch (Exception e2) {
            MetaUtils.debug.error("storeKeyInfo exception", e2);
            return null;
        }
    }
}
