package com.sun.jini.discovery.internal;

import com.sun.jini.discovery.DatagramBufferFactory;
import com.sun.jini.logging.Levels;
import com.tinkerpop.rexster.Tokens;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UTFDataFormatException;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.BufferOverflowException;
import java.nio.ByteBuffer;
import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.CertStore;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.LDAPCertStoreParameters;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.PKIXCertPathBuilderResult;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.security.auth.AuthPermission;
import javax.security.auth.Subject;
import javax.security.auth.x500.X500Principal;
import javax.security.auth.x500.X500PrivateCredential;
import net.jini.io.UnsupportedConstraintException;
import net.jini.security.AuthenticationPermission;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sun/jini/discovery/internal/X500Provider.class */
public class X500Provider extends BaseProvider {
    private static final String JSSE = "javax.net.ssl";
    private static final int INT_LEN = 4;
    protected final String signatureAlgorithm;
    protected final int maxSignatureLength;
    protected final String keyAlgorithm;
    protected final String keyAlgorithmOID;
    private KeyStore trustStore;
    private CertStore[] certStores;
    private final Object storeLock;
    static Class class$javax$security$auth$x500$X500Principal;
    static Class class$javax$security$auth$x500$X500PrivateCredential;
    private static final Pattern hostPortPattern = Pattern.compile("^(.+):(\\d+?)$");
    private static final AuthPermission authPermission = new AuthPermission("getSubject");
    private static final String NAME = "com.sun.jini.discovery.x500";
    static final Logger logger = Logger.getLogger(NAME);

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sun/jini/discovery/internal/X500Provider$SigningBufferFactory.class */
    public class SigningBufferFactory implements DatagramBufferFactory {
        private final List buffers = new ArrayList();
        private final DatagramBufferFactory factory;
        private final byte[] principalName;
        private final Signature signature;
        private final X500Provider this$0;

        /* loaded from: input_file:com/sun/jini/discovery/internal/X500Provider$SigningBufferFactory$BufferInfo.class */
        private class BufferInfo {
            private final ByteBuffer buf;
            private final ByteBuffer data;
            private final boolean overflow;
            private final SigningBufferFactory this$1;

            BufferInfo(SigningBufferFactory signingBufferFactory, ByteBuffer byteBuffer) {
                this.this$1 = signingBufferFactory;
                this.buf = byteBuffer;
                this.data = byteBuffer.duplicate();
                int length = signingBufferFactory.principalName.length + signingBufferFactory.this$0.maxSignatureLength;
                if (this.data.remaining() < 4 + length) {
                    this.data.limit(this.data.position());
                    this.overflow = true;
                } else {
                    this.data.position(this.data.position() + 4);
                    this.data.limit(this.data.limit() - length);
                    this.overflow = false;
                }
            }

            ByteBuffer getDataBuffer() {
                return this.data;
            }

            void sign() throws SignatureException {
                if (this.overflow) {
                    throw new BufferOverflowException();
                }
                this.buf.putInt(this.data.position() - (this.buf.position() + 4));
                this.buf.position(this.data.position());
                this.buf.put(this.this$1.principalName);
                ByteBuffer ensureArrayBacking = X500Provider.ensureArrayBacking((ByteBuffer) this.data.duplicate().flip());
                this.this$1.signature.update(ensureArrayBacking.array(), ensureArrayBacking.arrayOffset() + ensureArrayBacking.position(), ensureArrayBacking.remaining());
                this.buf.put(this.this$1.signature.sign());
            }
        }

        /* JADX INFO: Access modifiers changed from: package-private */
        public SigningBufferFactory(X500Provider x500Provider, DatagramBufferFactory datagramBufferFactory, X500PrivateCredential x500PrivateCredential) throws InvalidKeyException, UTFDataFormatException, NoSuchAlgorithmException {
            this.this$0 = x500Provider;
            this.factory = datagramBufferFactory;
            this.principalName = Plaintext.toUtf(x500PrivateCredential.getCertificate().getSubjectX500Principal().getName());
            this.signature = x500Provider.getSignature();
            this.signature.initSign(x500PrivateCredential.getPrivateKey());
        }

        @Override // com.sun.jini.discovery.DatagramBufferFactory
        public ByteBuffer newBuffer() {
            BufferInfo bufferInfo = new BufferInfo(this, this.factory.newBuffer());
            this.buffers.add(bufferInfo);
            return bufferInfo.getDataBuffer();
        }

        public void sign() throws SignatureException {
            Iterator it2 = this.buffers.iterator();
            while (it2.hasNext()) {
                ((BufferInfo) it2.next()).sign();
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X500Provider(String str, String str2, int i, String str3, String str4) {
        super(str);
        this.trustStore = null;
        this.certStores = null;
        this.storeLock = new Object();
        if (i < 0) {
            throw new IllegalArgumentException();
        }
        if (str3 == null || str4 == null) {
            throw new NullPointerException();
        }
        this.signatureAlgorithm = str2;
        this.maxSignatureLength = i;
        this.keyAlgorithm = str3;
        this.keyAlgorithmOID = str4;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Certificate getCertificate(X500Principal x500Principal) throws IOException, GeneralSecurityException {
        try {
            return (Certificate) AccessController.doPrivileged(new PrivilegedExceptionAction(this, x500Principal) { // from class: com.sun.jini.discovery.internal.X500Provider.1
                private final X500Principal val$principal;
                private final X500Provider this$0;

                {
                    this.this$0 = this;
                    this.val$principal = x500Principal;
                }

                @Override // java.security.PrivilegedExceptionAction
                public Object run() throws IOException, GeneralSecurityException {
                    return this.this$0.getCertificate0(this.val$principal);
                }
            });
        } catch (PrivilegedActionException e) {
            Throwable cause = e.getCause();
            if (cause instanceof IOException) {
                throw ((IOException) cause);
            }
            throw ((GeneralSecurityException) cause);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X500PrivateCredential[] getPrivateCredentials() {
        Collection[] collectionArr = (Collection[]) AccessController.doPrivileged(new PrivilegedAction(this, AccessController.getContext()) { // from class: com.sun.jini.discovery.internal.X500Provider.2
            private final AccessControlContext val$acc;
            private final X500Provider this$0;

            {
                this.this$0 = this;
                this.val$acc = r5;
            }

            @Override // java.security.PrivilegedAction
            public Object run() {
                Class cls;
                Class cls2;
                Subject subject = Subject.getSubject(this.val$acc);
                if (subject == null) {
                    return new Collection[]{Collections.EMPTY_SET, Collections.EMPTY_SET};
                }
                Collection[] collectionArr2 = new Collection[2];
                Set<Principal> principals = subject.getPrincipals();
                if (X500Provider.class$javax$security$auth$x500$X500Principal == null) {
                    cls = X500Provider.class$("javax.security.auth.x500.X500Principal");
                    X500Provider.class$javax$security$auth$x500$X500Principal = cls;
                } else {
                    cls = X500Provider.class$javax$security$auth$x500$X500Principal;
                }
                collectionArr2[0] = X500Provider.syncGetInstances(principals, cls);
                Set<Object> privateCredentials = subject.getPrivateCredentials();
                if (X500Provider.class$javax$security$auth$x500$X500PrivateCredential == null) {
                    cls2 = X500Provider.class$("javax.security.auth.x500.X500PrivateCredential");
                    X500Provider.class$javax$security$auth$x500$X500PrivateCredential = cls2;
                } else {
                    cls2 = X500Provider.class$javax$security$auth$x500$X500PrivateCredential;
                }
                collectionArr2[1] = X500Provider.syncGetInstances(privateCredentials, cls2);
                return collectionArr2;
            }
        });
        Collection collection = collectionArr[0];
        Collection<X500PrivateCredential> collection2 = collectionArr[1];
        ArrayList arrayList = new ArrayList();
        for (X500PrivateCredential x500PrivateCredential : collection2) {
            X509Certificate certificate = x500PrivateCredential.getCertificate();
            try {
                checkCertificate(certificate);
                if (this.keyAlgorithm.equals(x500PrivateCredential.getPrivateKey().getAlgorithm()) && collection.contains(certificate.getSubjectX500Principal())) {
                    arrayList.add(x500PrivateCredential);
                }
            } catch (CertificateException e) {
                logger.log(Levels.HANDLED, "invalid certificate", (Throwable) e);
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "obtained private credentials {0}", new Object[]{arrayList});
        }
        return (X500PrivateCredential[]) arrayList.toArray(new X500PrivateCredential[arrayList.size()]);
    }

    private static boolean canGetSubject() {
        try {
            SecurityManager securityManager = System.getSecurityManager();
            if (securityManager == null) {
                return true;
            }
            securityManager.checkPermission(authPermission);
            return true;
        } catch (SecurityException e) {
            return false;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void secureThrow(SecurityException securityException, UnsupportedConstraintException unsupportedConstraintException) throws UnsupportedConstraintException {
        if (!canGetSubject()) {
            throw unsupportedConstraintException;
        }
        throw securityException;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void checkAuthenticationPermission(X500Principal x500Principal, String str) {
        SecurityManager securityManager = System.getSecurityManager();
        if (securityManager != null) {
            securityManager.checkPermission(new AuthenticationPermission(Collections.singleton(x500Principal), null, str));
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean verify(ByteBuffer byteBuffer, ByteBuffer byteBuffer2, PublicKey publicKey) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException {
        ByteBuffer ensureArrayBacking = ensureArrayBacking(byteBuffer);
        ByteBuffer ensureArrayBacking2 = ensureArrayBacking(byteBuffer2);
        Signature signature = getSignature();
        signature.initVerify(publicKey);
        signature.update(ensureArrayBacking.array(), ensureArrayBacking.arrayOffset() + ensureArrayBacking.position(), ensureArrayBacking.remaining());
        return signature.verify(ensureArrayBacking2.array(), ensureArrayBacking2.arrayOffset() + ensureArrayBacking2.position(), ensureArrayBacking2.remaining());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Certificate getCertificate0(X500Principal x500Principal) throws IOException, GeneralSecurityException {
        synchronized (this.storeLock) {
            if (this.trustStore == null) {
                initStores();
            }
        }
        X509CertSelector x509CertSelector = new X509CertSelector();
        x509CertSelector.setSubject(x500Principal.getName());
        x509CertSelector.setSubjectPublicKeyAlgID(this.keyAlgorithmOID);
        x509CertSelector.setCertificateValid(new Date());
        x509CertSelector.setKeyUsage(new boolean[]{true});
        PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.trustStore, x509CertSelector);
        for (int i = 0; i < this.certStores.length; i++) {
            pKIXBuilderParameters.addCertStore(this.certStores[i]);
        }
        try {
            PKIXCertPathBuilderResult pKIXCertPathBuilderResult = (PKIXCertPathBuilderResult) CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
            List<? extends Certificate> certificates = pKIXCertPathBuilderResult.getCertPath().getCertificates();
            return certificates.isEmpty() ? pKIXCertPathBuilderResult.getTrustAnchor().getTrustedCert() : certificates.get(0);
        } catch (CertPathBuilderException e) {
            logger.log(Levels.HANDLED, "exception building certificate path", (Throwable) e);
            return null;
        }
    }

    private void initStores() throws IOException, GeneralSecurityException {
        String defaultType;
        String str;
        char[] charArray;
        String property = System.getProperty("com.sun.jini.discovery.x500.trustStore");
        String str2 = property;
        if (property != null) {
            defaultType = System.getProperty("com.sun.jini.discovery.x500.trustStoreType", KeyStore.getDefaultType());
            str = System.getProperty("com.sun.jini.discovery.x500.trustStorePassword");
        } else {
            String property2 = System.getProperty("javax.net.ssl.trustStore");
            str2 = property2;
            if (property2 != null) {
                defaultType = System.getProperty("javax.net.ssl.trustStoreType", KeyStore.getDefaultType());
                str = System.getProperty("javax.net.ssl.trustStorePassword");
            } else {
                str2 = new StringBuffer().append(System.getProperty("java.home")).append("/lib/security/cacerts").toString();
                defaultType = KeyStore.getDefaultType();
                str = null;
            }
        }
        KeyStore keyStore = KeyStore.getInstance(defaultType);
        URL url = null;
        try {
            url = new URL(str2);
        } catch (MalformedURLException e) {
        }
        InputStream openStream = url != null ? url.openStream() : new FileInputStream(str2);
        InputStream inputStream = openStream;
        if (str != null) {
            try {
                charArray = str.toCharArray();
            } catch (Throwable th) {
                openStream.close();
                throw th;
            }
        } else {
            charArray = null;
        }
        keyStore.load(inputStream, charArray);
        openStream.close();
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "loaded trust store from {0} ({1})", new Object[]{str2, defaultType});
        }
        String property3 = System.getProperty("com.sun.jini.discovery.x500.ldapCertStores");
        ArrayList arrayList = new ArrayList();
        if (property3 != null) {
            StringTokenizer stringTokenizer = new StringTokenizer(property3, Tokens.COMMA);
            while (stringTokenizer.hasMoreTokens()) {
                String trim = stringTokenizer.nextToken().trim();
                Matcher matcher = hostPortPattern.matcher(trim);
                try {
                    arrayList.add(CertStore.getInstance("LDAP", matcher.matches() ? new LDAPCertStoreParameters(matcher.group(1), Integer.parseInt(matcher.group(2))) : new LDAPCertStoreParameters(trim)));
                } catch (Exception e2) {
                    logger.log(Level.WARNING, "exception initializing cert store", (Throwable) e2);
                }
            }
        }
        if (logger.isLoggable(Level.FINEST)) {
            logger.log(Level.FINEST, "using cert stores {0}", new Object[]{arrayList});
        }
        this.certStores = (CertStore[]) arrayList.toArray(new CertStore[arrayList.size()]);
        this.trustStore = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public Signature getSignature() throws NoSuchAlgorithmException {
        return Signature.getInstance(this.signatureAlgorithm);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Collection syncGetInstances(Collection collection, Class cls) {
        ArrayList arrayList;
        synchronized (collection) {
            arrayList = new ArrayList(collection.size());
            for (Object obj : collection) {
                if (cls.isInstance(obj)) {
                    arrayList.add(obj);
                }
            }
        }
        return arrayList;
    }

    private static void checkCertificate(X509Certificate x509Certificate) throws CertificateException {
        x509Certificate.checkValidity();
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null && keyUsage.length > 0 && !keyUsage[0]) {
            throw new CertificateException(new StringBuffer().append("certificate not permitted for digital signatures: ").append(x509Certificate).toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ByteBuffer ensureArrayBacking(ByteBuffer byteBuffer) {
        return byteBuffer.hasArray() ? byteBuffer : (ByteBuffer) ByteBuffer.allocate(byteBuffer.remaining()).put(byteBuffer).flip();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }
}
