package com.sun.enterprise.webservice;

import com.sun.enterprise.security.SSLUtils;
import com.sun.enterprise.security.SecurityUtil;
import com.sun.enterprise.security.jauth.callback.PrivateKeyCallback;
import com.sun.logging.LogDomains;
import com.sun.org.apache.xml.security.keys.content.x509.XMLX509SKI;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.security.auth.callback.Callback;
import javax.security.auth.x500.X500Principal;
import sun.security.util.DerValue;

/* loaded from: input_file:119167-14/SUNWascmn/reloc/appserver/lib/appserv-rt.jar:com/sun/enterprise/webservice/PrivateKeyProcessor.class */
public class PrivateKeyProcessor implements Processor {
    private static Logger _logger = LogDomains.getLogger(LogDomains.SECURITY_LOGGER);
    private static String SUBJECT_KEY_IDENTIFIER_OID = XMLX509SKI.SKI_OID;
    PrivateKeyCallback pkc;
    KeyStore[] kstores = SecurityUtil.getSecuritySupport().getKeyStores();

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivateKeyProcessor(Callback callback) {
        this.pkc = (PrivateKeyCallback) callback;
    }

    @Override // com.sun.enterprise.webservice.Processor
    public void process() {
        if (_logger.isLoggable(Level.FINE)) {
            _logger.log(Level.FINE, "container-auth: wss : In PrivateKeyCallback Processor");
        }
        if (this.kstores == null || this.kstores.length == 0) {
            this.pkc.setKey(null, null);
            return;
        }
        String[] keyStorePasswords = SecurityUtil.getSecuritySupport().getKeyStorePasswords();
        PrivateKeyCallback.Request request = this.pkc.getRequest();
        if (request == null) {
            setDefaultKey(this.pkc, keyStorePasswords);
            return;
        }
        PrivateKey privateKey = null;
        Certificate[] certificateArr = null;
        try {
            try {
                if (request instanceof PrivateKeyCallback.AliasRequest) {
                    String alias = ((PrivateKeyCallback.AliasRequest) request).getAlias();
                    if (alias == null) {
                        setDefaultKey(this.pkc, keyStorePasswords);
                        this.pkc.setKey(null, null);
                        return;
                    } else {
                        SSLUtils.PrivateKeyEntry privateKeyEntryFromTokenAlias = SSLUtils.getPrivateKeyEntryFromTokenAlias(alias);
                        if (privateKeyEntryFromTokenAlias != null) {
                            privateKey = privateKeyEntryFromTokenAlias.getPrivateKey();
                            certificateArr = privateKeyEntryFromTokenAlias.getCertificateChain();
                        }
                    }
                } else if (request instanceof PrivateKeyCallback.IssuerSerialNumRequest) {
                    PrivateKeyCallback.IssuerSerialNumRequest issuerSerialNumRequest = (PrivateKeyCallback.IssuerSerialNumRequest) request;
                    X500Principal issuer = issuerSerialNumRequest.getIssuer();
                    BigInteger serialNum = issuerSerialNumRequest.getSerialNum();
                    if (issuer != null && serialNum != null) {
                        boolean z = false;
                        for (int i = 0; i < this.kstores.length && !z; i++) {
                            Enumeration<String> aliases = this.kstores[i].aliases();
                            while (aliases.hasMoreElements() && !z) {
                                String nextElement = aliases.nextElement();
                                Key key = this.kstores[i].getKey(nextElement, keyStorePasswords[i].toCharArray());
                                if (key != null && (key instanceof PrivateKey)) {
                                    Certificate[] certificateChain = this.kstores[i].getCertificateChain(nextElement);
                                    X509Certificate x509Certificate = (X509Certificate) certificateChain[0];
                                    if (x509Certificate.getIssuerX500Principal().equals(issuer) && x509Certificate.getSerialNumber().equals(serialNum)) {
                                        privateKey = (PrivateKey) key;
                                        certificateArr = certificateChain;
                                        z = true;
                                    }
                                }
                            }
                        }
                    }
                } else if (request instanceof PrivateKeyCallback.SubjectKeyIDRequest) {
                    byte[] subjectKeyID = ((PrivateKeyCallback.SubjectKeyIDRequest) request).getSubjectKeyID();
                    if (subjectKeyID != null) {
                        boolean z2 = false;
                        byte[] byteArray = new DerValue((byte) 4, new DerValue((byte) 4, subjectKeyID).toByteArray()).toByteArray();
                        for (int i2 = 0; i2 < this.kstores.length && !z2; i2++) {
                            Enumeration<String> aliases2 = this.kstores[i2].aliases();
                            while (aliases2.hasMoreElements() && !z2) {
                                String nextElement2 = aliases2.nextElement();
                                Key key2 = this.kstores[i2].getKey(nextElement2, keyStorePasswords[i2].toCharArray());
                                if (key2 != null && (key2 instanceof PrivateKey)) {
                                    Certificate[] certificateChain2 = this.kstores[i2].getCertificateChain(nextElement2);
                                    byte[] extensionValue = ((X509Certificate) certificateChain2[0]).getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
                                    if (extensionValue != null && Arrays.equals(extensionValue, byteArray)) {
                                        privateKey = (PrivateKey) key2;
                                        certificateArr = certificateChain2;
                                        z2 = true;
                                    }
                                }
                            }
                        }
                    }
                } else if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, new StringBuffer().append("invalid request type: ").append(request.getClass().getName()).toString());
                }
                this.pkc.setKey(privateKey, certificateArr);
            } catch (Exception e) {
                if (_logger.isLoggable(Level.FINE)) {
                    _logger.log(Level.FINE, "container-auth: wss : In PrivateKeyCallback Processor:  Error reading key !", (Throwable) e);
                }
                this.pkc.setKey(null, null);
            }
        } catch (Throwable th) {
            this.pkc.setKey(null, null);
            throw th;
        }
    }

    private void setDefaultKey(PrivateKeyCallback privateKeyCallback, String[] strArr) {
        PrivateKey privateKey = null;
        Certificate[] certificateArr = null;
        for (int i = 0; i < this.kstores.length && privateKey == null; i++) {
            try {
                Enumeration<String> aliases = this.kstores[i].aliases();
                while (aliases.hasMoreElements() && privateKey == null) {
                    String nextElement = aliases.nextElement();
                    privateKey = null;
                    certificateArr = null;
                    Key key = this.kstores[i].getKey(nextElement, strArr[i].toCharArray());
                    if (key != null && (key instanceof PrivateKey)) {
                        privateKey = (PrivateKey) key;
                        certificateArr = this.kstores[i].getCertificateChain(nextElement);
                    }
                }
            } catch (Exception e) {
            }
        }
        privateKeyCallback.setKey(privateKey, certificateArr);
    }
}
