package oracle.security.xmlsec.keys.retrieval;

import java.io.IOException;
import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Vector;
import oracle.security.crypto.asn1.ASN1String;
import oracle.security.crypto.cert.GeneralName;
import oracle.security.crypto.cert.IssuerAndSerialNo;
import oracle.security.crypto.cert.PKCS12;
import oracle.security.crypto.cert.PKCS12Bag;
import oracle.security.crypto.cert.PKCS12CertBag;
import oracle.security.crypto.cert.PKCS12KeyBag;
import oracle.security.crypto.cert.PKCS12Safe;
import oracle.security.crypto.cert.PKCS12ShroudedKeyBag;
import oracle.security.crypto.cert.PKIX;
import oracle.security.crypto.cert.X500Name;
import oracle.security.crypto.cert.X509;
import oracle.security.crypto.cert.ext.SubjectAltNameExtension;
import oracle.security.crypto.cert.ext.SubjectKeyIDExtension;
import oracle.security.crypto.util.CryptoUtils;
import oracle.security.crypto.util.UnsyncByteArrayInputStream;
import oracle.security.crypto.util.Utils;
import oracle.security.xmlsec.keys.KeyInfoData;
import oracle.security.xmlsec.keys.KeyName;
import oracle.security.xmlsec.keys.X509Data;
import oracle.security.xmlsec.util.XMLURI;

/* loaded from: input_file:oracle/security/xmlsec/keys/retrieval/PKCS12KeyRetriever.class */
public class PKCS12KeyRetriever extends KeyRetriever {
    private static final boolean debug;
    private InputStream p12Stream;
    private PKCS12 pkcs12;

    public PKCS12KeyRetriever(InputStream inputStream) throws IOException {
        this.p12Stream = inputStream;
    }

    public PKCS12KeyRetriever(PKCS12 pkcs12) throws IOException {
        this.pkcs12 = pkcs12;
    }

    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public PublicKey retrievePublicKey(KeyInfoData keyInfoData) throws KeyRetrievalException {
        doPasswordAuth();
        X509Certificate retrieveCertificate = retrieveCertificate(keyInfoData);
        if (retrieveCertificate != null) {
            return retrieveCertificate.getPublicKey();
        }
        return null;
    }

    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public X509Certificate retrieveCertificate(KeyInfoData keyInfoData) throws KeyRetrievalException {
        doPasswordAuth();
        X509Certificate x509Certificate = null;
        String type = keyInfoData.getType();
        if (XMLURI.obj_KeyName.equals(type)) {
            String name = ((KeyName) keyInfoData).getName();
            if (name != null) {
                x509Certificate = getCertByName(name);
            }
        } else if (XMLURI.obj_X509Data.equals(type)) {
            x509Certificate = getCertByX509Data((X509Data) keyInfoData);
        }
        return x509Certificate;
    }

    @Override // oracle.security.xmlsec.keys.retrieval.KeyRetriever
    public PrivateKey retrievePrivateKey(KeyInfoData keyInfoData) throws KeyRetrievalException {
        PKCS12CertBag certBagByX509Data;
        PKCS12CertBag certBagByName;
        if (debug) {
            System.err.println("\n+++ PKCS12KeyRetriever.retrievePrivateKey():");
        }
        doPasswordAuth();
        PKCS12Bag pKCS12Bag = null;
        String str = null;
        byte[] bArr = null;
        String type = keyInfoData.getType();
        if (XMLURI.obj_KeyName.equals(type)) {
            str = ((KeyName) keyInfoData).getName();
            bArr = str != null ? str.getBytes() : null;
            pKCS12Bag = getPKCS12Bag(str, bArr);
            if (pKCS12Bag == null && (certBagByName = getCertBagByName(str)) != null) {
                str = certBagByName.getFriendlyName();
                bArr = certBagByName.getLocalKeyID();
            }
        } else if (XMLURI.obj_X509Data.equals(type) && (certBagByX509Data = getCertBagByX509Data((X509Data) keyInfoData)) != null) {
            str = certBagByX509Data.getFriendlyName();
            bArr = certBagByX509Data.getLocalKeyID();
        }
        if (debug) {
            System.err.println("KeyInfo.Type=" + type);
            System.err.println("name=" + str);
            System.err.println("kid=" + Utils.toHexString(bArr));
        }
        if (pKCS12Bag == null) {
            pKCS12Bag = getPKCS12Bag(str, bArr);
        }
        if (pKCS12Bag == null) {
            return null;
        }
        if (pKCS12Bag instanceof PKCS12ShroudedKeyBag) {
            return CryptoUtils.toJCEPrivateKey(((PKCS12ShroudedKeyBag) pKCS12Bag).getPrivateKey());
        }
        if (pKCS12Bag instanceof PKCS12KeyBag) {
            return CryptoUtils.toJCEPrivateKey(((PKCS12KeyBag) pKCS12Bag).getPrivateKey());
        }
        return null;
    }

    private void doPasswordAuth() throws StorageAuthenticationException {
        if (this.pkcs12 == null) {
            StorageAuthenticator authenticator = getAuthenticator();
            if (authenticator == null) {
                throw new StorageAuthenticationException("No authenticator set");
            }
            authenticator.getCredential();
            try {
                this.pkcs12 = new PKCS12(authenticator.getPassword(), this.p12Stream);
                return;
            } catch (IOException e) {
                throw new StorageAuthenticationException(e);
            }
        }
        if (this.pkcs12.getPassword() == null) {
            StorageAuthenticator authenticator2 = getAuthenticator();
            if (authenticator2 == null) {
                throw new StorageAuthenticationException("No authenticator set");
            }
            authenticator2.getCredential();
            this.pkcs12.setPassword(authenticator2.getPassword());
        }
    }

    private PKCS12Bag getPKCS12Bag(String str, byte[] bArr) {
        if (debug) {
            System.err.println("\n+++ PKCS12KeyRetriever.getPKCS12Bag():");
        }
        Vector authSafes = this.pkcs12.getAuthSafes();
        int size = authSafes.size();
        for (int i = 0; i < size; i++) {
            Vector bags = ((PKCS12Safe) authSafes.elementAt(i)).getBags();
            int size2 = bags.size();
            for (int i2 = 0; i2 < size2; i2++) {
                PKCS12Bag pKCS12Bag = (PKCS12Bag) bags.elementAt(i2);
                if (debug) {
                    System.err.println("\nBagType=" + pKCS12Bag.getClass().getName());
                    System.err.println("FriendlyName=" + pKCS12Bag.getFriendlyName());
                    System.err.println("LocalKeyId=" + Utils.toHexString(pKCS12Bag.getLocalKeyID()));
                }
                if (str != null && str.equals(pKCS12Bag.getFriendlyName())) {
                    return pKCS12Bag;
                }
                if (bArr != null && Utils.areEqual(bArr, pKCS12Bag.getLocalKeyID())) {
                    return pKCS12Bag;
                }
            }
        }
        return null;
    }

    private X509Certificate getCertByX509Data(X509Data x509Data) throws KeyRetrievalException {
        PKCS12CertBag certBagByX509Data = getCertBagByX509Data(x509Data);
        if (certBagByX509Data == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new UnsyncByteArrayInputStream(certBagByX509Data.getCert().getEncoded()));
        } catch (CertificateException e) {
            throw new KeyRetrievalException(e);
        }
    }

    private PKCS12CertBag getCertBagByX509Data(X509Data x509Data) throws KeyRetrievalException {
        Vector subjectNames = x509Data.getSubjectNames();
        Vector issuerSerials = x509Data.getIssuerSerials();
        Vector subjectKeyIDs = x509Data.getSubjectKeyIDs();
        try {
            Vector certificates = x509Data.getCertificates();
            if (debug) {
                System.err.println("\n+++ PKCS12KeyRetriever.getCertBagByX509Data():");
                System.err.println("X509Data.certs:");
                int size = certificates.size();
                for (int i = 0; i < size; i++) {
                    System.err.println("\n" + ((X509Certificate) certificates.elementAt(i)));
                }
            }
            Vector authSafes = this.pkcs12.getAuthSafes();
            int size2 = authSafes.size();
            for (int i2 = 0; i2 < size2; i2++) {
                Vector bags = ((PKCS12Safe) authSafes.elementAt(i2)).getBags();
                int size3 = bags.size();
                for (int i3 = 0; i3 < size3; i3++) {
                    PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bags.elementAt(i3);
                    if (pKCS12CertBag instanceof PKCS12CertBag) {
                        PKCS12CertBag pKCS12CertBag2 = pKCS12CertBag;
                        X509 x509 = null;
                        try {
                            x509 = new X509(pKCS12CertBag2.getCert().getEncoded());
                        } catch (IOException e) {
                        }
                        if (debug) {
                            System.err.println("\nBagType=" + pKCS12CertBag.getClass().getName());
                            System.err.println("FriendlyName=" + pKCS12CertBag.getFriendlyName());
                            System.err.println("LocalKeyId=" + Utils.toHexString(pKCS12CertBag.getLocalKeyID()));
                            System.err.println("subject=" + x509.getSubject());
                            System.err.println("issuer=" + x509.getIssuer());
                            System.err.println("serialNo=" + x509.getSerialNo());
                        }
                        IssuerAndSerialNo issuerAndSerialNo = new IssuerAndSerialNo(x509.getIssuer(), x509.getSerialNo());
                        if (issuerSerials.size() > 0) {
                            int size4 = issuerSerials.size();
                            for (int i4 = 0; i4 < size4; i4++) {
                                if (((IssuerAndSerialNo) issuerSerials.elementAt(i4)).equals(issuerAndSerialNo)) {
                                    return pKCS12CertBag2;
                                }
                            }
                        } else {
                            SubjectKeyIDExtension extension = x509.getExtension(PKIX.id_ce_subjectKeyIdentifier);
                            byte[] subjectKeyID = extension != null ? extension.getSubjectKeyID() : null;
                            if (subjectKeyID == null || subjectKeyIDs.size() <= 0) {
                                X500Name subject = x509.getSubject();
                                if (subjectNames.size() > 0) {
                                    int size5 = subjectNames.size();
                                    for (int i5 = 0; i5 < size5; i5++) {
                                        if (((X500Name) subjectNames.elementAt(i5)).equals(subject)) {
                                            return pKCS12CertBag2;
                                        }
                                    }
                                } else {
                                    int size6 = certificates.size();
                                    for (int i6 = 0; i6 < size6; i6++) {
                                        X509 x5092 = null;
                                        try {
                                            x5092 = new X509(((X509Certificate) certificates.elementAt(i6)).getEncoded());
                                        } catch (IOException e2) {
                                        } catch (CertificateEncodingException e3) {
                                        }
                                        boolean z = subject.equals(x5092.getSubject()) && issuerAndSerialNo.equals(new IssuerAndSerialNo(x5092.getIssuer(), x5092.getSerialNo()));
                                        if (z) {
                                            SubjectKeyIDExtension extension2 = x5092.getExtension(PKIX.id_ce_subjectKeyIdentifier);
                                            byte[] subjectKeyID2 = extension2 != null ? extension2.getSubjectKeyID() : null;
                                            if (subjectKeyID != null) {
                                                z = Utils.areEqual(subjectKeyID, subjectKeyID2);
                                            }
                                        }
                                        if (z) {
                                            return pKCS12CertBag2;
                                        }
                                    }
                                }
                            } else {
                                int size7 = subjectKeyIDs.size();
                                for (int i7 = 0; i7 < size7; i7++) {
                                    if (Utils.areEqual(subjectKeyID, (byte[]) subjectKeyIDs.elementAt(i7))) {
                                        return pKCS12CertBag2;
                                    }
                                }
                            }
                        }
                    }
                }
            }
            return null;
        } catch (IOException e4) {
            throw new KeyRetrievalException(e4);
        }
    }

    private PKCS12CertBag getCertBagByName(String str) throws KeyRetrievalException {
        ASN1String value;
        Vector authSafes = this.pkcs12.getAuthSafes();
        int size = authSafes.size();
        for (int i = 0; i < size; i++) {
            Vector bags = ((PKCS12Safe) authSafes.elementAt(i)).getBags();
            int size2 = bags.size();
            for (int i2 = 0; i2 < size2; i2++) {
                PKCS12CertBag pKCS12CertBag = (PKCS12Bag) bags.elementAt(i2);
                if (pKCS12CertBag instanceof PKCS12CertBag) {
                    PKCS12CertBag pKCS12CertBag2 = pKCS12CertBag;
                    X509 cert = pKCS12CertBag2.getCert();
                    X500Name subject = cert.getSubject();
                    if (str.equals(subject.toString())) {
                        return pKCS12CertBag2;
                    }
                    ASN1String attributeValue = subject.getAttributeValue(PKIX.id_at_commonName);
                    if (attributeValue != null && (attributeValue instanceof ASN1String) && str.equals(attributeValue.getValue())) {
                        return pKCS12CertBag2;
                    }
                    ASN1String attributeValue2 = subject.getAttributeValue(PKIX.emailAddress);
                    if (attributeValue2 != null && (attributeValue2 instanceof ASN1String) && str.equals(attributeValue2.getValue())) {
                        return pKCS12CertBag2;
                    }
                    SubjectAltNameExtension extension = cert.getExtension(PKIX.id_ce_subjectAltName);
                    if (extension != null) {
                        Enumeration subjectAltName = extension.subjectAltName();
                        while (subjectAltName.hasMoreElements()) {
                            GeneralName generalName = (GeneralName) subjectAltName.nextElement();
                            if (GeneralName.Type.RFC822_NAME.equals(generalName.getType()) && (value = generalName.getValue()) != null && (value instanceof ASN1String) && str.equals(value.getValue())) {
                                return pKCS12CertBag2;
                            }
                        }
                    }
                    if (!str.equals(pKCS12CertBag2.getFriendlyName()) && !Utils.areEqual(str.getBytes(), pKCS12CertBag2.getLocalKeyID())) {
                    }
                    return pKCS12CertBag2;
                }
            }
        }
        return null;
    }

    private X509Certificate getCertByName(String str) throws KeyRetrievalException {
        PKCS12CertBag certBagByName = getCertBagByName(str);
        if (certBagByName == null) {
            return null;
        }
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new UnsyncByteArrayInputStream(certBagByName.getCert().getEncoded()));
        } catch (CertificateException e) {
            throw new KeyRetrievalException(e);
        }
    }

    static {
        debug = System.getProperty("xml.debug.p12") != null;
    }
}
