package org.apache.cxf.configuration.jsse;

import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.PasswordCallback;
import org.apache.cxf.BusFactory;
import org.apache.cxf.common.classloader.ClassLoaderUtils;
import org.apache.cxf.common.logging.LogUtils;
import org.apache.cxf.configuration.security.CertStoreType;
import org.apache.cxf.configuration.security.KeyManagersType;
import org.apache.cxf.configuration.security.KeyStoreType;
import org.apache.cxf.configuration.security.SecureRandomParameters;
import org.apache.cxf.configuration.security.TrustManagersType;
import org.apache.cxf.resource.ResourceManager;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/cxf-core-3.1.8.jar:org/apache/cxf/configuration/jsse/TLSParameterJaxBUtils.class */
public final class TLSParameterJaxBUtils {
    private static final Logger LOG = LogUtils.getL7dLogger(TLSParameterJaxBUtils.class);

    private TLSParameterJaxBUtils() {
    }

    public static SecureRandom getSecureRandom(SecureRandomParameters secureRandomParameters) throws GeneralSecurityException {
        SecureRandom secureRandom = null;
        if (secureRandomParameters != null) {
            String algorithm = secureRandomParameters.getAlgorithm();
            String provider = secureRandomParameters.getProvider();
            if (provider != null) {
                secureRandom = algorithm != null ? SecureRandom.getInstance(algorithm, provider) : null;
            } else {
                secureRandom = algorithm != null ? SecureRandom.getInstance(algorithm) : null;
            }
        }
        return secureRandom;
    }

    public static KeyStore getKeyStore(KeyStoreType keyStoreType) throws GeneralSecurityException, IOException {
        String keystorePassword;
        if (keyStoreType == null) {
            return null;
        }
        String keystoreType = SSLUtils.getKeystoreType(keyStoreType.isSetType() ? keyStoreType.getType() : null, LOG, KeyStore.getDefaultType());
        char[] deobfuscate = keyStoreType.isSetPassword() ? deobfuscate(keyStoreType.getPassword()) : null;
        if (deobfuscate == null && (keystorePassword = SSLUtils.getKeystorePassword(null, LOG)) != null) {
            deobfuscate = keystorePassword.toCharArray();
        }
        String keystoreProvider = SSLUtils.getKeystoreProvider(keyStoreType.isSetProvider() ? keyStoreType.getProvider() : null, LOG);
        KeyStore keyStore = keystoreProvider == null ? KeyStore.getInstance(keystoreType) : KeyStore.getInstance(keystoreType, keystoreProvider);
        if (keyStoreType.isSetFile()) {
            FileInputStream fileInputStream = new FileInputStream(keyStoreType.getFile());
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, deobfuscate);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else if (keyStoreType.isSetResource()) {
            InputStream resourceAsStream = getResourceAsStream(keyStoreType.getResource());
            if (resourceAsStream == null) {
                String str = "Could not load keystore resource " + keyStoreType.getResource();
                LOG.severe(str);
                throw new IOException(str);
            }
            keyStore.load(resourceAsStream, deobfuscate);
        } else if (keyStoreType.isSetUrl()) {
            keyStore.load(new URL(keyStoreType.getUrl()).openStream(), deobfuscate);
        } else {
            String keystore = SSLUtils.getKeystore(null, LOG);
            if (keystore != null) {
                FileInputStream fileInputStream2 = new FileInputStream(keystore);
                Throwable th5 = null;
                try {
                    try {
                        keyStore.load(fileInputStream2, deobfuscate);
                        if (fileInputStream2 != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                } catch (Throwable th6) {
                                    th5.addSuppressed(th6);
                                }
                            } else {
                                fileInputStream2.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th7) {
                    if (fileInputStream2 != null) {
                        if (th5 != null) {
                            try {
                                fileInputStream2.close();
                            } catch (Throwable th8) {
                                th5.addSuppressed(th8);
                            }
                        } else {
                            fileInputStream2.close();
                        }
                    }
                    throw th7;
                }
            }
        }
        return keyStore;
    }

    public static KeyStore getKeyStore(CertStoreType certStoreType) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        if (certStoreType == null) {
            return null;
        }
        String type = certStoreType.isSetType() ? certStoreType.getType() : KeyStore.getDefaultType();
        if (certStoreType.isSetFile()) {
            return createTrustStore(new FileInputStream(certStoreType.getFile()), type);
        }
        if (!certStoreType.isSetResource()) {
            if (certStoreType.isSetUrl()) {
                return createTrustStore(new URL(certStoreType.getUrl()).openStream(), type);
            }
            return null;
        }
        InputStream resourceAsStream = getResourceAsStream(certStoreType.getResource());
        if (resourceAsStream != null) {
            return createTrustStore(resourceAsStream, type);
        }
        String str = "Could not load truststore resource " + certStoreType.getResource();
        LOG.severe(str);
        throw new IOException(str);
    }

    private static InputStream getResourceAsStream(String str) {
        ResourceManager resourceManager;
        InputStream resourceAsStream = ClassLoaderUtils.getResourceAsStream(str, TLSParameterJaxBUtils.class);
        if (resourceAsStream == null && (resourceManager = (ResourceManager) BusFactory.getThreadDefaultBus(true).getExtension(ResourceManager.class)) != null) {
            resourceAsStream = resourceManager.getResourceAsStream(str);
        }
        return resourceAsStream;
    }

    private static KeyStore createTrustStore(InputStream inputStream, String str) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        Collection<? extends Certificate> loadCertificates = loadCertificates(inputStream);
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        for (Certificate certificate : loadCertificates) {
            keyStore.setCertificateEntry(((X509Certificate) certificate).getSubjectX500Principal().getName(), certificate);
        }
        return keyStore;
    }

    private static Collection<? extends Certificate> loadCertificates(InputStream inputStream) throws IOException, CertificateException {
        return CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificates(inputStream);
    }

    private static char[] deobfuscate(String str) {
        if (!str.startsWith("OBF:")) {
            return str.toCharArray();
        }
        String substring = str.substring(4);
        char[] cArr = new char[substring.length() / 2];
        int i = 0;
        for (int i2 = 0; i2 < substring.length(); i2 += 4) {
            int parseInt = Integer.parseInt(substring.substring(i2, i2 + 4), 36);
            int i3 = i;
            i++;
            cArr[i3] = (char) ((((parseInt / 256) + (parseInt % 256)) - 254) / 2);
        }
        return new String(cArr, 0, i).toCharArray();
    }

    public static KeyManager[] getKeyManagers(KeyManagersType keyManagersType) throws GeneralSecurityException, IOException {
        KeyStore keyStore = getKeyStore(keyManagersType.getKeyStore());
        String factoryAlgorithm = keyManagersType.isSetFactoryAlgorithm() ? keyManagersType.getFactoryAlgorithm() : KeyManagerFactory.getDefaultAlgorithm();
        char[] keyPassword = getKeyPassword(keyManagersType);
        KeyManagerFactory keyManagerFactory = keyManagersType.isSetProvider() ? KeyManagerFactory.getInstance(factoryAlgorithm, keyManagersType.getProvider()) : KeyManagerFactory.getInstance(factoryAlgorithm);
        keyManagerFactory.init(keyStore, keyPassword);
        return keyManagerFactory.getKeyManagers();
    }

    private static char[] getKeyPassword(KeyManagersType keyManagersType) {
        char[] deobfuscate = keyManagersType.isSetKeyPassword() ? deobfuscate(keyManagersType.getKeyPassword()) : null;
        if (deobfuscate != null) {
            return deobfuscate;
        }
        String keyPasswordCallbackHandler = keyManagersType.getKeyPasswordCallbackHandler();
        if (keyPasswordCallbackHandler == null) {
            return null;
        }
        try {
            CallbackHandler callbackHandler = (CallbackHandler) ClassLoaderUtils.loadClass(keyPasswordCallbackHandler, TLSParameterJaxBUtils.class).newInstance();
            String file = keyManagersType.getKeyStore().getFile();
            if (file == null) {
                file = keyManagersType.getKeyStore().getResource();
            }
            PasswordCallback[] passwordCallbackArr = {new PasswordCallback(file, false)};
            callbackHandler.handle(passwordCallbackArr);
            deobfuscate = passwordCallbackArr[0].getPassword();
        } catch (Exception e) {
            LOG.log(Level.WARNING, "Cannot load key password from callback handler: " + e.getMessage(), (Throwable) e);
        }
        return deobfuscate;
    }

    public static TrustManager[] getTrustManagers(TrustManagersType trustManagersType) throws GeneralSecurityException, IOException {
        KeyStore keyStore = trustManagersType.isSetKeyStore() ? getKeyStore(trustManagersType.getKeyStore()) : trustManagersType.isSetCertStore() ? getKeyStore(trustManagersType.getCertStore()) : (KeyStore) null;
        String factoryAlgorithm = trustManagersType.isSetFactoryAlgorithm() ? trustManagersType.getFactoryAlgorithm() : TrustManagerFactory.getDefaultAlgorithm();
        TrustManagerFactory trustManagerFactory = trustManagersType.isSetProvider() ? TrustManagerFactory.getInstance(factoryAlgorithm, trustManagersType.getProvider()) : TrustManagerFactory.getInstance(factoryAlgorithm);
        trustManagerFactory.init(keyStore);
        return trustManagerFactory.getTrustManagers();
    }
}
