package weblogic.webservice.util;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.security.AccessController;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import weblogic.security.acl.internal.AuthenticatedSubject;
import weblogic.security.internal.SerializedSystemIni;
import weblogic.security.internal.encryption.ClearOrEncryptedService;
import weblogic.security.internal.encryption.EncryptionService;
import weblogic.security.internal.encryption.EncryptionServiceException;
import weblogic.security.service.PrivilegedActions;
import weblogic.security.service.SecurityServiceManager;
import weblogic.security.utils.KeyStoreInfo;
import weblogic.webservice.server.ConfigException;

/* loaded from: input_file:weblogic/webservice/util/ServerKeyStore.class */
public class ServerKeyStore {
    private final KeyStoreInfo ksInfo = SecurityServiceManager.getServerIdentityKeyStore((AuthenticatedSubject) AccessController.doPrivileged(PrivilegedActions.getKernelIdentityAction()));
    private final KeyStore keystore;
    private static ServerKeyStore singleton;
    private static final EncryptionService es = SerializedSystemIni.getEncryptionService();
    private static final ClearOrEncryptedService encrypter = new ClearOrEncryptedService(es);

    private ServerKeyStore() throws ConfigException {
        try {
            this.keystore = KeyStore.getInstance(this.ksInfo.getType());
            this.keystore.load(new FileInputStream(this.ksInfo.getFileName()), this.ksInfo.getPassPhrase());
        } catch (FileNotFoundException e) {
            throw new ConfigException(new StringBuffer().append("Could not find server keystore file ").append(this.ksInfo.getFileName()).toString(), e);
        } catch (KeyStoreException e2) {
            throw new ConfigException(new StringBuffer().append("Unsupported keystore type: ").append(this.ksInfo.getType()).toString(), e2);
        } catch (Exception e3) {
            throw new ConfigException(new StringBuffer().append("Failed to load keystore from ").append(this.ksInfo.getFileName()).toString(), e3);
        }
    }

    public static final void init() throws ConfigException {
        singleton = new ServerKeyStore();
    }

    private static final PrivateKey getPrivateKeyInternal(String str, char[] cArr) throws ConfigException {
        try {
            if (singleton == null) {
                init();
            }
            PrivateKey privateKey = (PrivateKey) singleton.keystore.getKey(str, cArr);
            if (privateKey == null) {
                throw new ConfigException(new StringBuffer().append("Key for alias '").append(str).append("' does not exist in ").append("server key store (").append(singleton.ksInfo.getFileName()).append(")").toString());
            }
            return privateKey;
        } catch (Exception e) {
            throw new ConfigException(new StringBuffer().append("Failed to load key for alias ").append(str).toString(), e);
        }
    }

    public static final PrivateKey getPrivateKey(String str, char[] cArr) throws ConfigException {
        String obj = cArr.toString();
        return encrypter.isEncrypted(obj) ? getPrivateKey(str, obj) : getPrivateKeyInternal(str, cArr);
    }

    public static final PrivateKey getPrivateKey(String str, String str2) throws ConfigException {
        return getPrivateKeyInternal(str, decryptPassword(str2).toCharArray());
    }

    public static final X509Certificate getCertificate(String str) throws ConfigException {
        try {
            if (singleton == null) {
                init();
            }
            return (X509Certificate) singleton.keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new ConfigException(new StringBuffer().append("Failed to load certificate with alias ").append(str).toString(), e);
        }
    }

    public static final String decryptPassword(String str) throws ConfigException {
        try {
            return encrypter.decrypt(str);
        } catch (EncryptionServiceException e) {
            throw new ConfigException("WSSE Passwords in DD not encrypted for this server.  Please reset the passwords in the DD for this ear and re-encrypt", e);
        }
    }

    public static final boolean isEncryptedPassword(String str) {
        return encrypter.isEncrypted(str);
    }

    public static final String encryptPassword(String str) {
        return encrypter.encrypt(str);
    }
}
