package com.sun.identity.federation.services.util;

import com.sun.identity.federation.common.FSUtils;
import com.sun.identity.federation.common.IFSConstants;
import com.sun.identity.saml.xmlsig.JKSKeyProvider;
import com.sun.identity.saml.xmlsig.KeyProvider;
import java.io.ByteArrayOutputStream;
import java.io.PrintStream;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.security.cert.X509Certificate;
import sun.security.provider.Sun;

/* loaded from: input_file:120955-03/SUNWamsdk/reloc/SUNWam/lib/am_services.jar:com/sun/identity/federation/services/util/FSSignatureProvider.class */
public class FSSignatureProvider implements SignatureProviderSPI {
    private KeyProvider keystore;

    public FSSignatureProvider() {
        this.keystore = null;
        this.keystore = new JKSKeyProvider();
    }

    @Override // com.sun.identity.federation.services.util.SignatureProviderSPI
    public void initialize(KeyProvider keyProvider) {
        if (keyProvider == null) {
            FSUtils.debug.error("FSSignatureProvider.initialize: Key Provider is null");
        } else {
            this.keystore = keyProvider;
        }
    }

    @Override // com.sun.identity.federation.services.util.SignatureProviderSPI
    public byte[] signBuffer(String str, String str2) throws FSSignatureException {
        return signBuffer(str, str2, "SHA1withRSA");
    }

    @Override // com.sun.identity.federation.services.util.SignatureProviderSPI
    public byte[] signBuffer(String str, String str2, String str3) throws FSSignatureException {
        if (str == null) {
            FSUtils.debug.error("FSSignatureProvider.signBuffer: data to be signed is null.");
            throw new FSSignatureException(FSUtils.bundle.getString("nullInput"));
        }
        if (str2 == null || str2.equals("")) {
            FSUtils.debug.error("FSSignatureProvider.signBuffer: certAlias is null.");
            throw new FSSignatureException(FSUtils.bundle.getString("nullInput"));
        }
        try {
            PrivateKey privateKey = this.keystore.getPrivateKey(str2);
            if (str3 == null || str3.equals("")) {
                str3 = "SHA1withRSA";
                FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.signBuffer: algorithm is null assigning  algorithm= ").append(str3).toString());
            }
            if (!isValidAlgorithm(str3)) {
                FSUtils.debug.error("FSSignatureProvider.signBuffer: algorithm is invalid ");
                throw new FSSignatureException(FSUtils.bundle.getString("invalidAlgorithm"));
            }
            Provider[] providers = Security.getProviders();
            boolean z = false;
            int i = 0;
            while (true) {
                if (i >= providers.length) {
                    break;
                }
                if (providers[i].getName().equals("SUN")) {
                    z = true;
                    break;
                }
                i++;
            }
            if (!z && Security.insertProviderAt(new Sun(), 2) == -1) {
                FSUtils.debug.error("FSSignatureProvider.signBuffer: could not add default provider");
            }
            Signature signature = Signature.getInstance(str3);
            if (str3.equals("SHA1withRSA")) {
                signature = Signature.getInstance(str3, "SunRsaSign");
                FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.signBuffer: ").append(signature.getProvider().getName()).toString());
            } else if (str3.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
                signature = Signature.getInstance(str3, "SUN");
                FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.signBuffer: ").append(signature.getProvider().getName()).toString());
            }
            signature.initSign(privateKey);
            signature.update(str.getBytes());
            return signature.sign();
        } catch (Exception e) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            e.printStackTrace(new PrintStream(byteArrayOutputStream));
            FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.signBuffer: ").append(byteArrayOutputStream.toString()).toString());
            throw new FSSignatureException(e.getMessage());
        }
    }

    @Override // com.sun.identity.federation.services.util.SignatureProviderSPI
    public boolean verifySignature(String str, byte[] bArr, String str2, String str3) throws FSSignatureException {
        if (str == null || str.equals("")) {
            FSUtils.debug.error("FSSignatureProvider.verifySignature: data to be signed is null.");
            throw new FSSignatureException(FSUtils.bundle.getString("nullInput"));
        }
        if (str2 != null) {
            try {
                if (!str2.equals("")) {
                    if (!isValidAlgorithm(str2)) {
                        throw new FSSignatureException(FSUtils.bundle.getString("invalidAlgorithm"));
                    }
                    Provider[] providers = Security.getProviders();
                    boolean z = false;
                    int i = 0;
                    while (true) {
                        if (i >= providers.length) {
                            break;
                        }
                        if (providers[i].getName().equals("SUN")) {
                            z = true;
                            break;
                        }
                        i++;
                    }
                    if (!z && Security.insertProviderAt(new Sun(), 2) == -1) {
                        FSUtils.debug.error("FSSignatureProvider.signBuffer: could not add default provider");
                    }
                    Signature signature = Signature.getInstance(str2);
                    if (str2.equals("SHA1withRSA")) {
                        signature = Signature.getInstance(str2, "SunRsaSign");
                        FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.verifySignature: ").append(signature.getProvider().getName()).toString());
                    } else if (str2.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA)) {
                        signature = Signature.getInstance(str2, "SUN");
                        FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.verifySignature: ").append(signature.getProvider().getName()).toString());
                    }
                    X509Certificate x509Certificate = this.keystore.getX509Certificate(str3);
                    if (x509Certificate != null) {
                        FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.verifySignature: Certificate: ").append(x509Certificate.toString()).toString());
                        signature.initVerify(x509Certificate);
                    } else {
                        PublicKey publicKey = this.keystore.getPublicKey(str3);
                        if (publicKey == null) {
                            FSUtils.debug.error("FSSignatureProvider.verifySignature: Could not find public key based on certAlias to verify signature");
                            return false;
                        }
                        signature.initVerify(publicKey);
                    }
                    signature.update(str.getBytes());
                    return signature.verify(bArr);
                }
            } catch (Exception e) {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                e.printStackTrace(new PrintStream(byteArrayOutputStream));
                FSUtils.debug.message(new StringBuffer().append("FSSignatureProvider.verifySignature: ").append(byteArrayOutputStream.toString()).toString());
                throw new FSSignatureException(e.getMessage());
            }
        }
        throw new FSSignatureException(FSUtils.bundle.getString("invalidAlgorithm"));
    }

    @Override // com.sun.identity.federation.services.util.SignatureProviderSPI
    public KeyProvider getKeyProvider() {
        return this.keystore;
    }

    private boolean isValidAlgorithm(String str) {
        return str.equals(IFSConstants.ALGO_ID_SIGNATURE_DSA_JCA) || str.equals("SHA1withRSA");
    }
}
