package com.cybersource.ws.client;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.WSS4JConstants;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.util.KeyUtils;
import org.apache.wss4j.dom.WSDocInfo;
import org.apache.wss4j.dom.message.WSSecEncrypt;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
import org.apache.xml.security.Init;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.w3c.dom.Document;

/* loaded from: input_file:com/cybersource/ws/client/SecurityUtil.class */
public class SecurityUtil {
    private static final String KEY_FILE_TYPE = "PKCS12";
    private static final String FAILED_TO_LOAD_KEY_STORE = "Exception while loading KeyStore";
    private static final String FAILED_TO_OBTAIN_PRIVATE_KEY = "Exception while obtaining private key from KeyStore with alias";
    private static MessageHandlerKeyStore localKeyStoreHandler;
    private static final String SIGNATURE_ALGORITHM = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
    private static final String DIGEST_ALGORITHM = "http://www.w3.org/2001/04/xmlenc#sha256";
    private static ConcurrentHashMap<String, Identity> identities = new ConcurrentHashMap<>();
    private static BouncyCastleProvider bcProvider = new BouncyCastleProvider();

    private static void initKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null, null);
        localKeyStoreHandler = new MessageHandlerKeyStore();
        localKeyStoreHandler.setKeyStore(keyStore);
    }

    public static void loadMerchantP12File(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException, ConfigException {
        Identity identity = identities.get(merchantConfig.getKeyAlias());
        if (merchantConfig.isCertificateCacheEnabled() && identity != null && identity.isValid(merchantConfig.getKeyFile(), logger)) {
            return;
        }
        try {
            if (localKeyStoreHandler == null) {
                initKeystore();
            }
            if (merchantConfig.isJdkCertEnabled()) {
                logger.log(Logger.LT_INFO, " Loading the certificate from JDK Cert");
                readJdkCert(merchantConfig, logger);
            } else if (merchantConfig.isCacertEnabled()) {
                logger.log(Logger.LT_INFO, " Loading the certificate from JRE security cacert file");
                loadJavaKeystore(merchantConfig, logger);
            } else {
                logger.log(Logger.LT_INFO, "Loading the certificate from p12 file ");
                readAndStoreCertificateAndPrivateKey(merchantConfig, logger);
            }
        } catch (Exception e) {
            logger.log(Logger.LT_EXCEPTION, "SecurityUtil, cannot instantiate class with keystore error. " + e.getMessage());
            throw new SignException(e.getMessage(), e);
        }
    }

    private static void readAndStoreCertificateAndPrivateKey(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEY_FILE_TYPE, bcProvider);
            try {
                keyStore.load(new FileInputStream(merchantConfig.getKeyFile()), merchantConfig.getKeyPassword().toCharArray());
                try {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (nextElement.contains(merchantConfig.getKeyAlias())) {
                            try {
                                try {
                                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
                                    Identity identity = new Identity(merchantConfig, (X509Certificate) privateKeyEntry.getCertificate(), privateKeyEntry.getPrivateKey(), logger);
                                    localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                                    identities.put(identity.getKeyAlias(), identity);
                                } catch (KeyStoreException e) {
                                    logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                    throw new SignException(FAILED_TO_OBTAIN_PRIVATE_KEY, e);
                                }
                            } catch (NoSuchAlgorithmException e2) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(FAILED_TO_OBTAIN_PRIVATE_KEY, e2);
                            } catch (UnrecoverableEntryException e3) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(FAILED_TO_OBTAIN_PRIVATE_KEY, e3);
                            }
                        } else {
                            Identity identity2 = new Identity(merchantConfig, (X509Certificate) keyStore.getCertificate(nextElement));
                            localKeyStoreHandler.addIdentityToKeyStore(identity2, logger);
                            identities.put(identity2.getName(), identity2);
                        }
                    }
                } catch (KeyStoreException e4) {
                    logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                    throw new SignException(FAILED_TO_OBTAIN_PRIVATE_KEY, e4);
                }
            } catch (ConfigException e5) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(FAILED_TO_LOAD_KEY_STORE, e5);
            } catch (IOException e6) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(FAILED_TO_LOAD_KEY_STORE, e6);
            } catch (NoSuchAlgorithmException e7) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(FAILED_TO_LOAD_KEY_STORE, e7);
            } catch (CertificateException e8) {
                logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
                throw new SignException(FAILED_TO_LOAD_KEY_STORE, e8);
            }
        } catch (KeyStoreException e9) {
            logger.log(Logger.LT_EXCEPTION, "Exception while instantiating KeyStore");
            throw new SignException("Exception while instantiating KeyStore", e9);
        }
    }

    public static Document handleMessageCreation(Document document, String str, Logger logger) throws SignEncryptException, SignException {
        logger.log(Logger.LT_INFO, "Encrypting Signed doc ...");
        WSSecHeader wSSecHeader = new WSSecHeader(document);
        try {
            wSSecHeader.insertSecurityHeader();
            WSSecEncrypt wSSecEncrypt = new WSSecEncrypt(wSSecHeader);
            String serverAlias = getServerAlias(identities);
            wSSecEncrypt.setUserInfo(identities.get(serverAlias).getKeyAlias());
            wSSecEncrypt.setKeyIdentifierType(3);
            wSSecEncrypt.setSymmetricEncAlgorithm("http://www.w3.org/2001/04/xmlenc#aes256-cbc");
            try {
                Document build = wSSecEncrypt.build(localKeyStoreHandler, KeyUtils.getKeyGenerator("http://www.w3.org/2001/04/xmlenc#aes256-cbc").generateKey());
                wSSecEncrypt.prependToHeader();
                return build;
            } catch (WSSecurityException e) {
                logger.log(Logger.LT_EXCEPTION, "Failed while encrypting signed request for , '" + str + "' with " + serverAlias);
                throw new SignEncryptException("Failed while encrypting signed request for , '" + str + "' with " + serverAlias, e);
            }
        } catch (WSSecurityException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while adding document in soap securiy header for MLE");
            throw new SignException(e2);
        }
    }

    public static Document createSignedDoc(Document document, String str, String str2, Logger logger) throws SignException {
        logger.log(Logger.LT_INFO, "Signing request...");
        WSSecHeader wSSecHeader = new WSSecHeader(document);
        try {
            wSSecHeader.insertSecurityHeader();
            WSSecSignature wSSecSignature = new WSSecSignature(wSSecHeader);
            wSSecSignature.setUserInfo(str, str2);
            wSSecSignature.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
            wSSecSignature.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
            wSSecSignature.setKeyIdentifierType(1);
            wSSecSignature.setUseSingleCertificate(true);
            wSSecSignature.setWsDocInfo(new WSDocInfo(document));
            try {
                wSSecSignature.addReferencesToSign(Collections.singletonList(new WSEncryptionPart(WSS4JConstants.ELEM_BODY, "http://schemas.xmlsoap.org/soap/envelope/", "")));
                return wSSecSignature.build(localKeyStoreHandler);
            } catch (WSSecurityException e) {
                logger.log(Logger.LT_EXCEPTION, "Failed while signing request for , '" + str + "'");
                throw new SignException(e.getMessage(), e);
            }
        } catch (WSSecurityException e2) {
            logger.log(Logger.LT_EXCEPTION, "Exception while signing XML document");
            throw new SignException(e2);
        }
    }

    public static void readJdkCert(MerchantConfig merchantConfig, Logger logger) throws SignEncryptException, SignException {
        try {
            FileInputStream fileInputStream = new FileInputStream(merchantConfig.getKeyFile());
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(fileInputStream, merchantConfig.getKeyPassword().toCharArray());
            try {
                Enumeration<String> aliases = keyStore.aliases();
                if (!aliases.hasMoreElements()) {
                    throw new SignException("Empty Keystore or Missing Certificate ");
                }
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (nextElement.contains(merchantConfig.getKeyAlias())) {
                        try {
                            try {
                                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(merchantConfig.getKeyPassword().toCharArray()));
                                Identity identity = new Identity(merchantConfig, (X509Certificate) privateKeyEntry.getCertificate(), privateKeyEntry.getPrivateKey(), logger);
                                localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                                identities.put(identity.getKeyAlias(), identity);
                            } catch (UnrecoverableEntryException e) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                                throw new SignException(e);
                            }
                        } catch (KeyStoreException e2) {
                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                            throw new SignException(e2);
                        } catch (NoSuchAlgorithmException e3) {
                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                            throw new SignException(e3);
                        }
                    } else {
                        Identity identity2 = new Identity(merchantConfig, (X509Certificate) keyStore.getCertificate(nextElement));
                        localKeyStoreHandler.addIdentityToKeyStore(identity2, logger);
                        identities.put(identity2.getName(), identity2);
                    }
                }
            } catch (KeyStoreException e4) {
                logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                throw new SignException(e4);
            }
        } catch (Exception e5) {
            logger.log(Logger.LT_EXCEPTION, "Failed to load the key , '" + merchantConfig.getKeyAlias() + "'");
            throw new SignException(e5);
        }
    }

    private static void loadJavaKeystore(MerchantConfig merchantConfig, Logger logger) throws SignException, SignEncryptException, ConfigException {
        FileInputStream fileInputStream = null;
        try {
            try {
                try {
                    try {
                        FileInputStream fileInputStream2 = new FileInputStream(merchantConfig.getKeyFile());
                        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(fileInputStream2, merchantConfig.getCacertPassword().toCharArray());
                        Certificate[] certificateChain = keyStore.getCertificateChain(merchantConfig.getKeyAlias());
                        if (certificateChain == null) {
                            throw new SignException("Empty Keystore or Missing Certificate ");
                        }
                        try {
                            PrivateKey privateKey = (PrivateKey) keyStore.getKey(merchantConfig.getKeyAlias(), merchantConfig.getKeyAlias().toCharArray());
                            for (Certificate certificate : certificateChain) {
                                if (merchantConfig.getKeyAlias().equals(keyStore.getCertificateAlias(certificate))) {
                                    Identity identity = new Identity(merchantConfig, (X509Certificate) certificate, privateKey, logger);
                                    localKeyStoreHandler.addIdentityToKeyStore(identity, logger);
                                    identities.put(identity.getKeyAlias(), identity);
                                } else {
                                    Identity identity2 = new Identity(merchantConfig, (X509Certificate) certificate);
                                    localKeyStoreHandler.addIdentityToKeyStore(identity2, logger);
                                    identities.put(identity2.getName(), identity2);
                                }
                            }
                            Certificate certificate2 = keyStore.getCertificate(getServerAlias(identities));
                            if (certificate2 == null) {
                                throw new SignException("Missing Server Certificate ");
                            }
                            Identity identity3 = new Identity(merchantConfig, (X509Certificate) certificate2);
                            localKeyStoreHandler.addIdentityToKeyStore(identity3, logger);
                            identities.put(identity3.getName(), identity3);
                            if (null != fileInputStream2) {
                                try {
                                    fileInputStream2.close();
                                } catch (IOException e) {
                                    logger.log(Logger.LT_EXCEPTION, "Exception while closing FileStream, '" + merchantConfig.getKeyFilename() + "'");
                                }
                            }
                        } catch (UnrecoverableKeyException e2) {
                            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore with alias, '" + merchantConfig.getKeyAlias() + "'");
                            throw new SignException(e2);
                        }
                    } catch (Throwable th) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e3) {
                                logger.log(Logger.LT_EXCEPTION, "Exception while closing FileStream, '" + merchantConfig.getKeyFilename() + "'");
                            }
                        }
                        throw th;
                    }
                } catch (FileNotFoundException e4) {
                    logger.log(Logger.LT_EXCEPTION, "File Not found ");
                    throw new SignException(e4);
                }
            } catch (NoSuchAlgorithmException e5) {
                logger.log(Logger.LT_EXCEPTION, "Unable to find the certificate with the specified algorithm");
                throw new SignException(e5);
            } catch (CertificateException e6) {
                logger.log(Logger.LT_EXCEPTION, "Unable to load the certificate," + merchantConfig.getKeyFilename() + "'");
                throw new SignException(e6);
            }
        } catch (IOException e7) {
            logger.log(Logger.LT_EXCEPTION, "Exception while loading KeyStore, '" + merchantConfig.getKeyFilename() + "'");
            throw new SignException(e7);
        } catch (KeyStoreException e8) {
            logger.log(Logger.LT_EXCEPTION, "Exception while obtaining private key from KeyStore" + merchantConfig.getKeyFilename() + "'");
            throw new SignException(e8);
        }
    }

    protected static String getServerAlias(Map<String, Identity> map) {
        String str = Utility.SERVER_ALIAS;
        if (!map.containsKey(str)) {
            if (!map.containsKey(str.toLowerCase())) {
                if (!map.containsKey(str.toUpperCase())) {
                    Iterator<String> it = map.keySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        String next = it.next();
                        if (next.equalsIgnoreCase(str)) {
                            str = next;
                            break;
                        }
                    }
                } else {
                    str = str.toUpperCase();
                }
            } else {
                str = str.toLowerCase();
            }
        }
        return str;
    }

    static {
        localKeyStoreHandler = null;
        Security.addProvider(bcProvider);
        try {
            initKeystore();
            Init.init();
        } catch (Exception e) {
            localKeyStoreHandler = null;
        }
    }
}
