package org.apache.wss4j.common.crypto;

import com.itextpdf.text.pdf.security.SecurityConstants;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.TrustAnchor;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Properties;
import java.util.Set;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.x500.X500Principal;
import org.apache.wss4j.common.crypto.CryptoType;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.Loader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: classes4.dex */
public class Merlin extends CryptoBase {
    public static final String CRYPTO_CERT_PROVIDER = "cert.provider";
    public static final String CRYPTO_KEYSTORE_PROVIDER = "keystore.provider";
    private static final boolean DO_DEBUG;
    public static final String ENCRYPTED_PASSWORD_PREFIX = "ENC(";
    public static final String ENCRYPTED_PASSWORD_SUFFIX = ")";
    public static final String KEYSTORE_ALIAS = "keystore.alias";
    public static final String KEYSTORE_FILE = "keystore.file";
    public static final String KEYSTORE_PASSWORD = "keystore.password";
    public static final String KEYSTORE_PRIVATE_PASSWORD = "keystore.private.password";
    public static final String KEYSTORE_TYPE = "keystore.type";
    public static final String LOAD_CA_CERTS = "load.cacerts";
    private static final Logger LOG;
    public static final String OLD_KEYSTORE_FILE = "file";
    public static final String OLD_PREFIX = "org.apache.ws.security.crypto.merlin.";
    public static final String PREFIX = "org.apache.wss4j.crypto.merlin.";
    public static final String TRUSTSTORE_FILE = "truststore.file";
    public static final String TRUSTSTORE_PASSWORD = "truststore.password";
    public static final String TRUSTSTORE_TYPE = "truststore.type";
    public static final String X509_CRL_FILE = "x509crl.file";
    protected CertStore crlCertStore;
    protected KeyStore keystore;
    protected boolean loadCACerts;
    protected PasswordEncryptor passwordEncryptor;
    protected boolean privatePasswordSet;
    protected Properties properties;
    protected KeyStore truststore;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.wss4j.common.crypto.Merlin$1, reason: invalid class name */
    /* loaded from: classes4.dex */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE;

        static {
            int[] iArr = new int[CryptoType.TYPE.values().length];
            $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE = iArr;
            try {
                iArr[CryptoType.TYPE.ISSUER_SERIAL.ordinal()] = 1;
            } catch (NoSuchFieldError unused) {
            }
            try {
                $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[CryptoType.TYPE.THUMBPRINT_SHA1.ordinal()] = 2;
            } catch (NoSuchFieldError unused2) {
            }
            try {
                $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[CryptoType.TYPE.SKI_BYTES.ordinal()] = 3;
            } catch (NoSuchFieldError unused3) {
            }
            try {
                $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[CryptoType.TYPE.SUBJECT_DN.ordinal()] = 4;
            } catch (NoSuchFieldError unused4) {
            }
            try {
                $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[CryptoType.TYPE.ALIAS.ordinal()] = 5;
            } catch (NoSuchFieldError unused5) {
            }
            try {
                $SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[CryptoType.TYPE.ENDPOINT.ordinal()] = 6;
            } catch (NoSuchFieldError unused6) {
            }
        }
    }

    static {
        Logger logger = LoggerFactory.getLogger((Class<?>) Merlin.class);
        LOG = logger;
        DO_DEBUG = logger.isDebugEnabled();
    }

    public Merlin() {
    }

    public Merlin(Properties properties, ClassLoader classLoader, PasswordEncryptor passwordEncryptor) throws WSSecurityException, IOException {
        loadProperties(properties, classLoader, passwordEncryptor);
    }

    public Merlin(boolean z, String str) {
        if (this.truststore != null || !z) {
            return;
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(System.getProperty("java.home") + "/lib/security/cacerts");
            try {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                this.truststore = keyStore;
                keyStore.load(fileInputStream, str.toCharArray());
                this.loadCACerts = true;
                fileInputStream.close();
            } finally {
            }
        } catch (Exception e) {
            LOG.warn("CA certs could not be loaded: " + e.getMessage());
        }
    }

    private static String createKeyStoreErrorMessage(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        StringBuilder sb = new StringBuilder(keyStore.size() * 7);
        boolean z = true;
        while (aliases.hasMoreElements()) {
            if (!z) {
                sb.append(", ");
            }
            sb.append(aliases.nextElement());
            z = false;
        }
        return " in keystore of type [" + keyStore.getType() + "] from provider [" + keyStore.getProvider() + "] with size [" + keyStore.size() + "] and aliases: {" + sb.toString() + "}";
    }

    private boolean findPublicKeyInKeyStore(PublicKey publicKey, KeyStore keyStore) {
        Certificate certificate;
        if (keyStore == null) {
            return false;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0) {
                    Certificate certificate2 = certificateChain[0];
                    if ((certificate2 instanceof X509Certificate) && publicKey.equals(((X509Certificate) certificate2).getPublicKey())) {
                        return true;
                    }
                }
            }
        } catch (KeyStoreException unused) {
        }
        return false;
    }

    private Certificate[] getCertificates(Object obj, BigInteger bigInteger, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0) {
                    Certificate certificate2 = certificateChain[0];
                    if (certificate2 instanceof X509Certificate) {
                        X509Certificate x509Certificate = (X509Certificate) certificate2;
                        if (x509Certificate.getSerialNumber().compareTo(bigInteger) == 0 && createBCX509Name(x509Certificate.getIssuerX500Principal().getName()).equals(obj)) {
                            return certificateChain;
                        }
                    } else {
                        continue;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    private Certificate[] getCertificates(Object obj, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0) {
                    Certificate certificate2 = certificateChain[0];
                    if ((certificate2 instanceof X509Certificate) && obj.equals(createBCX509Name(((X509Certificate) certificate2).getSubjectX500Principal().getName()))) {
                        return certificateChain;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    private Certificate[] getCertificates(byte[] bArr, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0) {
                    Certificate certificate2 = certificateChain[0];
                    if (certificate2 instanceof X509Certificate) {
                        byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate2);
                        if (sKIBytesFromCert.length == bArr.length && Arrays.equals(sKIBytesFromCert, bArr)) {
                            return certificateChain;
                        }
                    } else {
                        continue;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    private Certificate[] getCertificates(byte[] bArr, KeyStore keyStore, MessageDigest messageDigest) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0) {
                    Certificate certificate2 = certificateChain[0];
                    if (certificate2 instanceof X509Certificate) {
                        try {
                            messageDigest.update(((X509Certificate) certificate2).getEncoded());
                            if (Arrays.equals(messageDigest.digest(), bArr)) {
                                return certificateChain;
                            }
                        } catch (CertificateEncodingException e) {
                            throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "encodeError");
                        }
                    } else {
                        continue;
                    }
                }
            }
            return new Certificate[0];
        } catch (KeyStoreException e2) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e2, "keystore");
        }
    }

    private String getIdentifier(X509Certificate x509Certificate, KeyStore keyStore) throws WSSecurityException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if ((certificateChain == null || certificateChain.length == 0) && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    certificateChain = new Certificate[]{certificate};
                }
                if (certificateChain != null && certificateChain.length > 0 && certificateChain[0].equals(x509Certificate)) {
                    return nextElement;
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    private String getPassword(String str, CallbackHandler callbackHandler) throws WSSecurityException {
        WSPasswordCallback wSPasswordCallback = new WSPasswordCallback(str, 1);
        try {
            callbackHandler.handle(new Callback[]{wSPasswordCallback});
            return wSPasswordCallback.getPassword();
        } catch (IOException | UnsupportedCallbackException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "noPassword", new Object[]{str});
        }
    }

    private X509Certificate[] getX509Certificates(String str) throws WSSecurityException {
        Certificate[] certificateArr;
        KeyStore keyStore;
        Certificate certificate;
        Certificate certificate2;
        try {
            KeyStore keyStore2 = this.keystore;
            if (keyStore2 != null) {
                certificateArr = keyStore2.getCertificateChain(str);
                if ((certificateArr == null || certificateArr.length == 0) && (certificate2 = this.keystore.getCertificate(str)) != null) {
                    certificateArr = new Certificate[]{certificate2};
                }
            } else {
                certificateArr = null;
            }
            if (certificateArr == null && (keyStore = this.truststore) != null && (certificateArr = keyStore.getCertificateChain(str)) == null && (certificate = this.truststore.getCertificate(str)) != null) {
                certificateArr = new Certificate[]{certificate};
            }
            if (certificateArr == null) {
                return null;
            }
            return (X509Certificate[]) Arrays.copyOf(certificateArr, certificateArr.length, X509Certificate[].class);
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    private X509Certificate[] getX509Certificates(String str, BigInteger bigInteger) throws WSSecurityException {
        Object createBCX509Name;
        KeyStore keyStore;
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException unused) {
            createBCX509Name = createBCX509Name(str);
        }
        KeyStore keyStore2 = this.keystore;
        Certificate[] certificates = keyStore2 != null ? getCertificates(createBCX509Name, bigInteger, keyStore2) : null;
        if ((certificates == null || certificates.length == 0) && (keyStore = this.truststore) != null) {
            certificates = getCertificates(createBCX509Name, bigInteger, keyStore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
    }

    private X509Certificate[] getX509Certificates(byte[] bArr) throws WSSecurityException {
        KeyStore keyStore;
        try {
            MessageDigest messageDigest = MessageDigest.getInstance(SecurityConstants.SHA1);
            KeyStore keyStore2 = this.keystore;
            Certificate[] certificates = keyStore2 != null ? getCertificates(bArr, keyStore2, messageDigest) : null;
            if ((certificates == null || certificates.length == 0) && (keyStore = this.truststore) != null) {
                certificates = getCertificates(bArr, keyStore, messageDigest);
            }
            if (certificates == null || certificates.length == 0) {
                return null;
            }
            return (X509Certificate[]) Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
        } catch (NoSuchAlgorithmException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "decoding.general");
        }
    }

    private X509Certificate[] getX509CertificatesSKI(byte[] bArr) throws WSSecurityException {
        KeyStore keyStore;
        KeyStore keyStore2 = this.keystore;
        Certificate[] certificates = keyStore2 != null ? getCertificates(bArr, keyStore2) : null;
        if ((certificates == null || certificates.length == 0) && (keyStore = this.truststore) != null) {
            certificates = getCertificates(bArr, keyStore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
    }

    private X509Certificate[] getX509CertificatesSubjectDN(String str) throws WSSecurityException {
        Object createBCX509Name;
        KeyStore keyStore;
        try {
            createBCX509Name = createBCX509Name(new X500Principal(str).getName());
        } catch (IllegalArgumentException unused) {
            createBCX509Name = createBCX509Name(str);
        }
        KeyStore keyStore2 = this.keystore;
        Certificate[] certificates = keyStore2 != null ? getCertificates(createBCX509Name, keyStore2) : null;
        if ((certificates == null || certificates.length == 0) && (keyStore = this.truststore) != null) {
            certificates = getCertificates(createBCX509Name, keyStore);
        }
        if (certificates == null || certificates.length == 0) {
            return null;
        }
        return (X509Certificate[]) Arrays.copyOf(certificates, certificates.length, X509Certificate[].class);
    }

    public static InputStream loadInputStream(ClassLoader classLoader, String str) throws WSSecurityException, IOException {
        if (str == null) {
            return null;
        }
        URL resource = Loader.getResource(classLoader, str);
        InputStream openStream = resource != null ? resource.openStream() : null;
        if (openStream != null) {
            return openStream;
        }
        try {
            return new FileInputStream(str);
        } catch (Exception e) {
            if (DO_DEBUG) {
                LOG.debug(e.getMessage(), (Throwable) e);
            }
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "proxyNotFound", new Object[]{str});
        }
    }

    private String mapKeystoreProviderToCertProvider(String str) {
        return "SunJSSE".equals(str) ? "SUN" : str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PKIXParameters createPKIXParameters(Set<TrustAnchor> set, boolean z) throws InvalidAlgorithmParameterException {
        CertStore certStore;
        PKIXParameters pKIXParameters = new PKIXParameters(set);
        pKIXParameters.setRevocationEnabled(z);
        if (z && (certStore = this.crlCertStore) != null) {
            pKIXParameters.addCertStore(certStore);
        }
        return pKIXParameters;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String decryptPassword(String str, PasswordEncryptor passwordEncryptor) {
        if (!str.startsWith(ENCRYPTED_PASSWORD_PREFIX) || !str.endsWith(ENCRYPTED_PASSWORD_SUFFIX)) {
            return str;
        }
        if (passwordEncryptor != null) {
            return passwordEncryptor.decrypt(str.substring(4, str.length() - 1));
        }
        LOG.debug("The Crypto properties has an encrypted password, but no PasswordEncryptor is configured!");
        return str;
    }

    public CertStore getCRLCertStore() {
        return this.crlCertStore;
    }

    @Override // org.apache.wss4j.common.crypto.CryptoBase, org.apache.wss4j.common.crypto.Crypto
    public CertificateFactory getCertificateFactory() throws WSSecurityException {
        if (this.certificateFactory != null) {
            return this.certificateFactory;
        }
        String cryptoProvider = getCryptoProvider();
        KeyStore keyStore = this.keystore;
        String name = keyStore != null ? keyStore.getProvider().getName() : null;
        if (cryptoProvider != null) {
            try {
                if (cryptoProvider.length() != 0) {
                    this.certificateFactory = CertificateFactory.getInstance("X.509", cryptoProvider);
                    return this.certificateFactory;
                }
            } catch (NoSuchProviderException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e, "noSecProvider");
            } catch (CertificateException e2) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.SECURITY_TOKEN_UNAVAILABLE, e2, "unsupportedCertType");
            }
        }
        if (name != null && name.length() != 0) {
            try {
                this.certificateFactory = CertificateFactory.getInstance("X.509", mapKeystoreProviderToCertProvider(name));
            } catch (Exception e3) {
                LOG.debug(e3.getMessage(), (Throwable) e3);
            }
        }
        if (this.certificateFactory == null) {
            this.certificateFactory = CertificateFactory.getInstance("X.509");
        }
        return this.certificateFactory;
    }

    @Override // org.apache.wss4j.common.crypto.CryptoBase, org.apache.wss4j.common.crypto.Crypto
    public String getDefaultX509Identifier() throws WSSecurityException {
        if (super.getDefaultX509Identifier() != null) {
            return super.getDefaultX509Identifier();
        }
        KeyStore keyStore = this.keystore;
        if (keyStore == null) {
            return null;
        }
        try {
            Enumeration<String> aliases = keyStore.aliases();
            if (!aliases.hasMoreElements()) {
                return null;
            }
            String nextElement = aliases.nextElement();
            if (aliases.hasMoreElements()) {
                return null;
            }
            setDefaultX509Identifier(nextElement);
            return nextElement;
        } catch (KeyStoreException e) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "keystore");
        }
    }

    public KeyStore getKeyStore() {
        return this.keystore;
    }

    @Override // org.apache.wss4j.common.crypto.Crypto
    public PrivateKey getPrivateKey(String str, String str2) throws WSSecurityException {
        KeyStore keyStore = this.keystore;
        if (keyStore == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"The keystore is null"});
        }
        if (str != null) {
            try {
                if (keyStore.isKeyEntry(str)) {
                    if (str2 == null && this.privatePasswordSet) {
                        str2 = this.properties.getProperty("org.apache.wss4j.crypto.merlin.keystore.private.password");
                        if (str2 == null) {
                            str2 = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.private.password");
                        }
                        if (str2 != null) {
                            str2 = str2.trim();
                        }
                    }
                    Key key = this.keystore.getKey(str, str2 == null ? new char[0] : str2.toCharArray());
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    String str3 = "Key is not a private key, alias: [" + str + "]";
                    String createKeyStoreErrorMessage = createKeyStoreErrorMessage(this.keystore);
                    LOG.error(str3 + createKeyStoreErrorMessage);
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{str3});
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "noPrivateKey", new Object[]{e.getMessage()});
            }
        }
        String str4 = "Cannot find key for alias: [" + str + "]";
        String createKeyStoreErrorMessage2 = createKeyStoreErrorMessage(this.keystore);
        LOG.error(str4 + createKeyStoreErrorMessage2);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{str4});
    }

    @Override // org.apache.wss4j.common.crypto.Crypto
    public PrivateKey getPrivateKey(X509Certificate x509Certificate, CallbackHandler callbackHandler) throws WSSecurityException {
        KeyStore keyStore = this.keystore;
        if (keyStore == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"The keystore is null"});
        }
        if (callbackHandler == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{"The CallbackHandler is null"});
        }
        String identifier = getIdentifier(x509Certificate, keyStore);
        if (identifier != null) {
            try {
                if (this.keystore.isKeyEntry(identifier)) {
                    String password = getPassword(identifier, callbackHandler);
                    if (password == null && this.privatePasswordSet) {
                        password = this.properties.getProperty("org.apache.wss4j.crypto.merlin.keystore.private.password");
                        if (password == null) {
                            password = this.properties.getProperty("org.apache.ws.security.crypto.merlin.keystore.private.password");
                        }
                        if (password != null) {
                            password = decryptPassword(password.trim(), this.passwordEncryptor);
                        }
                    }
                    Key key = this.keystore.getKey(identifier, password == null ? new char[0] : password.toCharArray());
                    if (key instanceof PrivateKey) {
                        return (PrivateKey) key;
                    }
                    String str = "Key is not a private key, alias: [" + identifier + "]";
                    String createKeyStoreErrorMessage = createKeyStoreErrorMessage(this.keystore);
                    LOG.error(str + createKeyStoreErrorMessage);
                    throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{str});
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "noPrivateKey", new Object[]{e.getMessage()});
            }
        }
        String str2 = "Cannot find key for alias: [" + identifier + "]";
        String createKeyStoreErrorMessage2 = createKeyStoreErrorMessage(this.keystore);
        LOG.error(str2 + createKeyStoreErrorMessage2);
        throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty", new Object[]{str2});
    }

    public KeyStore getTrustStore() {
        return this.truststore;
    }

    @Override // org.apache.wss4j.common.crypto.Crypto
    public X509Certificate[] getX509Certificates(CryptoType cryptoType) throws WSSecurityException {
        if (cryptoType == null) {
            return null;
        }
        int i = AnonymousClass1.$SwitchMap$org$apache$wss4j$common$crypto$CryptoType$TYPE[cryptoType.getType().ordinal()];
        if (i == 1) {
            return getX509Certificates(cryptoType.getIssuer(), cryptoType.getSerial());
        }
        if (i == 2) {
            return getX509Certificates(cryptoType.getBytes());
        }
        if (i == 3) {
            return getX509CertificatesSKI(cryptoType.getBytes());
        }
        if (i == 4) {
            return getX509CertificatesSubjectDN(cryptoType.getSubjectDN());
        }
        if (i != 5) {
            return null;
        }
        return getX509Certificates(cryptoType.getAlias());
    }

    @Override // org.apache.wss4j.common.crypto.Crypto
    public String getX509Identifier(X509Certificate x509Certificate) throws WSSecurityException {
        KeyStore keyStore;
        KeyStore keyStore2 = this.keystore;
        String identifier = keyStore2 != null ? getIdentifier(x509Certificate, keyStore2) : null;
        return (identifier != null || (keyStore = this.truststore) == null) ? identifier : getIdentifier(x509Certificate, keyStore);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStore load(InputStream inputStream, String str, String str2, String str3) throws WSSecurityException {
        KeyStore keyStore;
        char[] cArr;
        if (str2 != null) {
            try {
                if (str2.length() != 0) {
                    keyStore = KeyStore.getInstance(str3, str2);
                    if (str != null && str.length() != 0) {
                        cArr = str.toCharArray();
                        keyStore.load(inputStream, cArr);
                        return keyStore;
                    }
                    cArr = new char[0];
                    keyStore.load(inputStream, cArr);
                    return keyStore;
                }
            } catch (IOException | GeneralSecurityException e) {
                if (DO_DEBUG) {
                    LOG.debug(e.getMessage(), (Throwable) e);
                }
                throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, e, "failedCredentialLoad");
            }
        }
        keyStore = KeyStore.getInstance(str3);
        if (str != null) {
            cArr = str.toCharArray();
            keyStore.load(inputStream, cArr);
            return keyStore;
        }
        cArr = new char[0];
        keyStore.load(inputStream, cArr);
        return keyStore;
    }

    /* JADX WARN: Removed duplicated region for block: B:77:0x028c A[Catch: all -> 0x02ab, TRY_LEAVE, TryCatch #9 {all -> 0x02ab, blocks: (B:68:0x0254, B:71:0x0262, B:74:0x0269, B:75:0x0288, B:77:0x028c, B:83:0x0279), top: B:67:0x0254, outer: #5 }] */
    /* JADX WARN: Removed duplicated region for block: B:80:0x02a7 A[Catch: Exception -> 0x02b9, TRY_ENTER, TRY_LEAVE, TryCatch #5 {Exception -> 0x02b9, blocks: (B:66:0x0250, B:80:0x02a7, B:90:0x02b8, B:95:0x02b5, B:92:0x02b0, B:68:0x0254, B:71:0x0262, B:74:0x0269, B:75:0x0288, B:77:0x028c, B:83:0x0279, B:86:0x02ac), top: B:65:0x0250, inners: #3, #9, #10 }] */
    /* JADX WARN: Removed duplicated region for block: B:82:? A[RETURN, SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void loadProperties(java.util.Properties r12, java.lang.ClassLoader r13, org.apache.wss4j.common.crypto.PasswordEncryptor r14) throws org.apache.wss4j.common.ext.WSSecurityException, java.io.IOException {
        /*
            Method dump skipped, instructions count: 722
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wss4j.common.crypto.Merlin.loadProperties(java.util.Properties, java.lang.ClassLoader, org.apache.wss4j.common.crypto.PasswordEncryptor):void");
    }

    public void setCRLCertStore(CertStore certStore) {
        this.crlCertStore = certStore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public void setPasswordEncryptor(PasswordEncryptor passwordEncryptor) {
        this.passwordEncryptor = passwordEncryptor;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.truststore = keyStore;
    }

    @Override // org.apache.wss4j.common.crypto.Crypto
    public void verifyTrust(PublicKey publicKey) throws WSSecurityException {
        if (publicKey == null) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
        if (!findPublicKeyInKeyStore(publicKey, this.keystore) && !findPublicKeyInKeyStore(publicKey, this.truststore)) {
            throw new WSSecurityException(WSSecurityException.ErrorCode.FAILED_AUTHENTICATION);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:74:0x0184 A[RETURN] */
    /* JADX WARN: Removed duplicated region for block: B:75:0x0185  */
    @Override // org.apache.wss4j.common.crypto.Crypto
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public void verifyTrust(java.security.cert.X509Certificate[] r10, boolean r11, java.util.Collection<java.util.regex.Pattern> r12) throws org.apache.wss4j.common.ext.WSSecurityException {
        /*
            Method dump skipped, instructions count: 416
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.apache.wss4j.common.crypto.Merlin.verifyTrust(java.security.cert.X509Certificate[], boolean, java.util.Collection):void");
    }
}
