package com.sun.identity.wsfederation.key;

import com.sun.identity.common.SystemConfigurationUtil;
import com.sun.identity.saml.common.SAMLConstants;
import com.sun.identity.saml.xmlsig.KeyProvider;
import com.sun.identity.wsfederation.common.WSFederationUtils;
import com.sun.identity.wsfederation.jaxb.entityconfig.BaseConfigType;
import com.sun.identity.wsfederation.jaxb.wsfederation.FederationElement;
import com.sun.identity.wsfederation.meta.WSFederationMetaUtils;
import java.io.ByteArrayInputStream;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Hashtable;
import java.util.List;

/* loaded from: input_file:com/sun/identity/wsfederation/key/KeyUtil.class */
public class KeyUtil {
    private static KeyProvider kp;
    protected static Hashtable encHash = new Hashtable();
    protected static Hashtable sigHash = new Hashtable();

    private KeyUtil() {
    }

    public static KeyProvider getKeyProviderInstance() {
        return kp;
    }

    public static String getSigningCertAlias(BaseConfigType baseConfigType) {
        String str;
        List<String> list = WSFederationMetaUtils.getAttributes(baseConfigType).get("signingCertAlias");
        if (list == null || list.isEmpty() || (str = list.get(0)) == null || str.length() == 0 || kp == null) {
            return null;
        }
        return str;
    }

    public static PrivateKey getDecryptionKey(BaseConfigType baseConfigType) {
        String str;
        List<String> list = WSFederationMetaUtils.getAttributes(baseConfigType).get("encryptionCertAlias");
        PrivateKey privateKey = null;
        if (list != null && !list.isEmpty() && (str = list.get(0)) != null && str.length() != 0 && kp != null) {
            privateKey = kp.getPrivateKey(str);
        }
        return privateKey;
    }

    public static X509Certificate getVerificationCert(FederationElement federationElement, String str, boolean z) {
        String str2 = z ? "idp" : "sp";
        if (WSFederationUtils.debug.messageEnabled()) {
            WSFederationUtils.debug.message("KeyUtil.getVerificationCert: Entering... \nEntityID=" + str + "\nRole=" + str2);
        }
        String str3 = str.trim() + "|" + str2;
        X509Certificate x509Certificate = (X509Certificate) sigHash.get(str3);
        if (x509Certificate != null) {
            return x509Certificate;
        }
        if (federationElement == null) {
            WSFederationUtils.debug.error("KeyUtil.getVerificationCert: Null SSODescriptorType input for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        X509Certificate cert = getCert(federationElement);
        if (cert == null) {
            WSFederationUtils.debug.error("KeyUtil.getVerificationCert: No signing cert for entityID=" + str + " in " + str2 + " role.");
            return null;
        }
        sigHash.put(str3, cert);
        return cert;
    }

    public static X509Certificate getCert(FederationElement federationElement) {
        byte[] tokenSigningCertificate = WSFederationUtils.getMetaManager().getTokenSigningCertificate(federationElement);
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(tokenSigningCertificate);
            X509Certificate x509Certificate = null;
            while (byteArrayInputStream.available() > 0) {
                try {
                    x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                } catch (CertificateException e) {
                    WSFederationUtils.debug.error("KeyUtil.getCert: Unable to generate certificate from byte array input stream.", e);
                    return null;
                }
            }
            return x509Certificate;
        } catch (CertificateException e2) {
            WSFederationUtils.debug.error("KeyUtil.getCert: Unable to get CertificateFactory for X.509 type", e2);
            return null;
        }
    }

    static {
        kp = null;
        try {
            kp = (KeyProvider) Class.forName(SystemConfigurationUtil.getProperty(SAMLConstants.KEY_PROVIDER_IMPL_CLASS)).newInstance();
        } catch (ClassNotFoundException e) {
            WSFederationUtils.debug.error("KeyUtil static block: Couldn't find the class.", e);
            kp = null;
        } catch (IllegalAccessException e2) {
            WSFederationUtils.debug.error("KeyUtil static block: Couldn't access the default constructor.", e2);
            kp = null;
        } catch (InstantiationException e3) {
            WSFederationUtils.debug.error("KeyUtil static block: Couldn't instantiate the key provider instance.", e3);
            kp = null;
        }
    }
}
