package oracle.security.xmlsec.keys.retrieval;

import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import javax.security.auth.x500.X500Principal;
import oracle.security.crypto.asn1.ASN1String;
import oracle.security.crypto.cert.GeneralName;
import oracle.security.crypto.cert.PKIX;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.ext.SubjectAltNameExtension;
import oracle.security.crypto.core.PrivateKeyPKCS8;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.xmlsec.keys.KeyInfoData;
import oracle.security.xmlsec.keys.KeyName;
import oracle.security.xmlsec.keys.X509Data;
import oracle.security.xmlsec.util.Base64;
import oracle.security.xmlsec.util.XMLURI;
import oracle.security.xmlsec.util.XMLUtils;

/* loaded from: input_file:oracle/security/xmlsec/keys/retrieval/PKCS8KeyRetriever.class */
public class PKCS8KeyRetriever extends KeyRetriever {
    private PrivateKeyPKCS8 pkcs8;
    private String keyName;

    public PKCS8KeyRetriever(InputStream inputStream, String str) throws IOException {
        this(new PrivateKeyPKCS8(inputStream), str);
    }

    public PKCS8KeyRetriever(PrivateKeyPKCS8 privateKeyPKCS8, String str) throws IOException {
        this.pkcs8 = privateKeyPKCS8;
        this.keyName = str;
    }

    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public PrivateKey retrievePrivateKey(KeyInfoData keyInfoData) throws KeyRetrievalException {
        doPasswordAuth();
        boolean z = false;
        String type = keyInfoData.getType();
        if (XMLURI.obj_KeyName.equals(type)) {
            String name = ((KeyName) keyInfoData).getName();
            if (name != null && name.equals(this.keyName)) {
                z = true;
            }
        } else if (XMLURI.obj_X509Data.equals(type) && matchX509Data((X509Data) keyInfoData)) {
            z = true;
        }
        if (!z) {
            return null;
        }
        try {
            return CryptoUtils.toJCEPrivateKey(this.pkcs8.getKey());
        } catch (IllegalStateException e) {
            throw new StorageAuthenticationException(e);
        }
    }

    private void doPasswordAuth() throws StorageAuthenticationException {
        try {
            this.pkcs8.getKey();
        } catch (IllegalStateException e) {
            StorageAuthenticator authenticator = getAuthenticator();
            authenticator.getCredential();
            this.pkcs8.setPassword(authenticator.getPassword());
        }
    }

    private boolean matchX509Data(X509Data x509Data) throws KeyRetrievalException {
        ASN1String value;
        Vector subjectNames = x509Data.getSubjectNames();
        x509Data.getIssuerSerials();
        Vector subjectKeyIDs = x509Data.getSubjectKeyIDs();
        try {
            Vector certificates = x509Data.getCertificates();
            int size = subjectKeyIDs.size();
            for (int i = 0; i < size; i++) {
                byte[] bArr = (byte[]) subjectKeyIDs.elementAt(i);
                if (bArr != null && Base64.toBase64(bArr, false).equals(XMLUtils.stripWS(this.keyName))) {
                    return true;
                }
            }
            int size2 = subjectNames.size();
            for (int i2 = 0; i2 < size2; i2++) {
                X500Principal x500Principal = (X500Principal) subjectNames.elementAt(i2);
                if (x500Principal != null && x500Principal.equals(this.keyName)) {
                    return true;
                }
            }
            int size3 = certificates.size();
            for (int i3 = 0; i3 < size3; i3++) {
                X509Certificate x509Certificate = (X509Certificate) certificates.elementAt(i3);
                byte[] ski = XMLUtils.getSKI(x509Certificate);
                if (ski != null && Base64.toBase64(ski, false).equals(XMLUtils.stripWS(this.keyName))) {
                    return true;
                }
                X500Name x500Name = null;
                try {
                    x500Name = new X500Name(new UnsyncByteArrayInputStream(x509Certificate.getSubjectX500Principal().getEncoded()));
                } catch (IOException e) {
                }
                if (x500Name.toString().equals(this.keyName)) {
                    return true;
                }
                ASN1String attributeValue = x500Name.getAttributeValue(PKIX.id_at_commonName);
                if (attributeValue != null && (attributeValue instanceof ASN1String) && attributeValue.getValue().equals(this.keyName)) {
                    return true;
                }
                ASN1String attributeValue2 = x500Name.getAttributeValue(PKIX.emailAddress);
                if (attributeValue2 != null && (attributeValue2 instanceof ASN1String) && attributeValue2.getValue().equals(this.keyName)) {
                    return true;
                }
                SubjectAltNameExtension subjectAltNameExtension = null;
                try {
                    subjectAltNameExtension = new SubjectAltNameExtension(new UnsyncByteArrayInputStream(x509Certificate.getExtensionValue(PKIX.id_ce_subjectAltName.toString())));
                } catch (IOException e2) {
                }
                if (subjectAltNameExtension != null) {
                    Enumeration subjectAltName = subjectAltNameExtension.subjectAltName();
                    while (subjectAltName.hasMoreElements()) {
                        GeneralName generalName = (GeneralName) subjectAltName.nextElement();
                        if (GeneralName.Type.RFC822_NAME.equals(generalName.getType()) && (value = generalName.getValue()) != null && (value instanceof ASN1String) && value.getValue().equals(this.keyName)) {
                            return true;
                        }
                    }
                }
            }
            return false;
        } catch (IOException e3) {
            throw new KeyRetrievalException(e3);
        }
    }
}
