package com.sun.identity.saml2.key;

import com.sun.identity.saml.common.SAMLUtils;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.saml2.common.SAML2Constants;
import com.sun.identity.saml2.common.SAML2Utils;
import com.sun.identity.saml2.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.saml2.jaxb.metadata.KeyDescriptorType;
import com.sun.identity.saml2.jaxb.metadata.SSODescriptorType;
import com.sun.identity.saml2.jaxb.xmlenc.EncryptionMethodType;
import com.sun.identity.saml2.jaxb.xmlsig.KeyInfoType;
import com.sun.identity.saml2.jaxb.xmlsig.X509DataElement;
import com.sun.identity.saml2.jaxb.xmlsig.X509DataType;
import com.sun.identity.saml2.meta.SAML2MetaUtils;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.List;

/* loaded from: input_file:122984-01/SUNWsaml2/reloc/SUNWam/saml2/lib/saml2.jar:com/sun/identity/saml2/key/KeyUtil.class */
public class KeyUtil {
    private static KeyProvider kp;
    protected static Hashtable encHash = new Hashtable();
    protected static Hashtable sigHash = new Hashtable();

    private KeyUtil() {
    }

    public static KeyProvider getKeyProviderInstance() {
        return kp;
    }

    public static String getSigningCertAlias(BaseConfigType baseConfigType) {
        String str;
        List list = (List) SAML2MetaUtils.getAttributes(baseConfigType).get(SAML2Constants.SIGNING_CERT_ALIAS);
        if (list == null || list.isEmpty() || (str = (String) list.get(0)) == null || str.length() == 0 || kp == null) {
            return null;
        }
        return str;
    }

    public static PrivateKey getDecryptionKey(BaseConfigType baseConfigType) {
        String str;
        List list = (List) SAML2MetaUtils.getAttributes(baseConfigType).get(SAML2Constants.ENCRYPTION_CERT_ALIAS);
        PrivateKey privateKey = null;
        if (list != null && !list.isEmpty() && (str = (String) list.get(0)) != null && str.length() != 0 && kp != null) {
            privateKey = kp.getPrivateKey(str);
        }
        return privateKey;
    }

    public static X509Certificate getVerificationCert(SSODescriptorType sSODescriptorType, String str, boolean z) {
        String str2 = z ? "idp" : "sp";
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("KeyUtil.getVerificationCert: ").append("Entering... \nEntityID=").append(str).append("\nRole=").append(str2).toString());
        }
        String stringBuffer = new StringBuffer().append(str.trim()).append("|").append(str2).toString();
        X509Certificate x509Certificate = (X509Certificate) sigHash.get(stringBuffer);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        if (sSODescriptorType == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getVerificationCert: ").append("Null SSODescriptorType input for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        KeyDescriptorType keyDescriptor = getKeyDescriptor(sSODescriptorType, "signing");
        if (keyDescriptor == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getVerificationCert: ").append("No signing KeyDescriptor for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        X509Certificate cert = getCert(keyDescriptor);
        if (cert == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getVerificationCert: ").append("No signing cert for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        sigHash.put(stringBuffer, cert);
        return cert;
    }

    public static EncInfo getEncInfo(SSODescriptorType sSODescriptorType, String str, boolean z) {
        EncryptionMethodType encryptionMethodType;
        String str2 = z ? "idp" : "sp";
        if (SAML2Utils.debug.messageEnabled()) {
            SAML2Utils.debug.message(new StringBuffer().append("KeyUtil.getEncInfo: ").append("Entering... \nEntityID=").append(str).append("\nRole=").append(str2).toString());
        }
        String stringBuffer = new StringBuffer().append(str.trim()).append("|").append(str2).toString();
        EncInfo encInfo = (EncInfo) encHash.get(stringBuffer);
        if (encInfo != null) {
            return encInfo;
        }
        if (sSODescriptorType == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getEncInfo: ").append("Null SSODescriptorType input for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        KeyDescriptorType keyDescriptor = getKeyDescriptor(sSODescriptorType, "encryption");
        if (keyDescriptor == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getEncInfo: ").append("No encryption KeyDescriptor for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        X509Certificate cert = getCert(keyDescriptor);
        if (cert == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getEncInfo: ").append("No encryption cert for entityID=").append(str).append(" in ").append(str2).append(" role.").toString());
            return null;
        }
        List encryptionMethod = keyDescriptor.getEncryptionMethod();
        String str3 = null;
        int i = 0;
        if (encryptionMethod != null && !encryptionMethod.isEmpty() && (encryptionMethodType = (EncryptionMethodType) encryptionMethod.get(0)) != null) {
            str3 = encryptionMethodType.getAlgorithm();
            List content = encryptionMethodType.getContent();
            if (content != null) {
                i = ((EncryptionMethodType.KeySize) content.get(0)).getValue().intValue();
            }
        }
        if (str3 == null || str3.length() == 0) {
            str3 = "http://www.w3.org/2001/04/xmlenc#aes128-cbc";
            i = 128;
        }
        PublicKey publicKey = cert.getPublicKey();
        if (publicKey != null) {
            encInfo = new EncInfo(publicKey, str3, i);
        }
        if (encInfo != null) {
            encHash.put(stringBuffer, encInfo);
        }
        return encInfo;
    }

    public static KeyDescriptorType getKeyDescriptor(SSODescriptorType sSODescriptorType, String str) {
        r7 = null;
        for (KeyDescriptorType keyDescriptorType : sSODescriptorType.getKeyDescriptor()) {
            if (keyDescriptorType.getUse().trim().toLowerCase().equals(str)) {
                break;
            }
            keyDescriptorType = null;
        }
        return keyDescriptorType;
    }

    public static X509Certificate getCert(KeyDescriptorType keyDescriptorType) {
        KeyInfoType keyInfo = keyDescriptorType.getKeyInfo();
        if (keyInfo == null) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getCert: ").append("No KeyInfo.").toString());
            return null;
        }
        byte[] value = ((X509DataType.X509Certificate) ((X509DataElement) keyInfo.getContent().get(0)).getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0)).getValue();
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(value);
            X509Certificate x509Certificate = null;
            while (byteArrayInputStream.available() > 0) {
                try {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                } catch (CertificateException e) {
                    SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getCert: ").append("Unable to generate certificate from byte ").append("array input stream.").toString(), e);
                    return null;
                }
            }
            return x509Certificate;
        } catch (CertificateException e2) {
            SAML2Utils.debug.error(new StringBuffer().append("KeyUtil.getCert: ").append("Unable to get CertificateFactory ").append("for X.509 type").toString(), e2);
            return null;
        }
    }

    static {
        kp = null;
        try {
            kp = (KeyProvider) Class.forName(SAMLUtils.bundle.getString("keyproviderimplclass")).newInstance();
        } catch (ClassNotFoundException e) {
            SAML2Utils.debug.error("KeyUtil static block: Couldn't find the class.", e);
            kp = null;
        } catch (IllegalAccessException e2) {
            SAML2Utils.debug.error("KeyUtil static block: Couldn't access the default constructor.", e2);
            kp = null;
        } catch (InstantiationException e3) {
            SAML2Utils.debug.error("KeyUtil static block: Couldn't instantiate the key provider instance.", e3);
            kp = null;
        }
    }
}
