package com.ibm.ws.security.auth;

import com.ibm.ISecurityL13SupportImpl.SecurityUIDGenerator;
import com.ibm.ISecurityLocalObjectBaseL13Impl.VaultImpl;
import com.ibm.ISecurityUtilityImpl.ConfigURLProperties;
import com.ibm.ISecurityUtilityImpl.SecurityConfiguration;
import com.ibm.ejs.ras.Tr;
import com.ibm.ejs.ras.TraceComponent;
import com.ibm.websphere.security.WSSecurityException;
import com.ibm.websphere.security.cred.WSCredential;
import com.ibm.ws.ffdc.FFDCFilter;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Security;
import java.security.Signature;
import java.util.Arrays;
import java.util.Date;

/* loaded from: input_file:eclipse/plugins/com.ibm.websphere.v61_6.1.1/ws_runtime.jar:com/ibm/ws/security/auth/ServerCredSigner.class */
public class ServerCredSigner {
    private KeyStore ks = null;
    private KeyPairGenerator rsaKeyPairGen = null;
    private KeyPair rsaKeyPair = null;
    private Signature sig = null;
    private PublicKey rsaPub = null;
    private PrivateKey rsaPriv = null;
    private MessageDigest md = null;
    private SecurityConfiguration secConfig = null;
    private static final String MESSAGE_DIGEST_ALGORITHM = "SHA";
    private static final TraceComponent tc;
    static Class class$com$ibm$ws$security$auth$ServerCredSigner;
    private static String CRYPTO_ALGORITHM = "RSA";
    private static ServerCredSigner scs = null;
    private static final String _uniqueServerID = SecurityUIDGenerator.createUID();
    private static final byte[] _uniqueServerIDBytes = _uniqueServerID.getBytes();
    private static byte[] _uniqueServerCipher = null;
    private static final String _uniqueWSCredID = SecurityUIDGenerator.createUID();
    private static final byte[] _uniqueWSCredIDBytes = _uniqueWSCredID.getBytes();
    private static byte[] _uniqueWSCredCipher = null;
    private static byte[] nullByteArray = new byte[0];

    public static ServerCredSigner getInstance() {
        if (scs == null) {
            scs = new ServerCredSigner();
        }
        return scs;
    }

    private ServerCredSigner() {
        try {
            initialize();
        } catch (Exception e) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
            }
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.constructor", "96", this);
        }
    }

    private void initialize() throws WSSecurityException {
        if (!ConfigURLProperties.isSecurityEnabled()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Security disabed, not initializing server cred signer.");
                return;
            }
            return;
        }
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, new StringBuffer().append("Initializing server cred signer at ").append(new Date(System.currentTimeMillis())).toString());
        }
        this.secConfig = VaultImpl.getSecurityConfiguration();
        if (this.secConfig == null || !this.secConfig.processIsServer()) {
            return;
        }
        try {
            String property = Security.getProperty("DEFAULT_JCE_PROVIDER");
            this.rsaKeyPairGen = KeyPairGenerator.getInstance(CRYPTO_ALGORITHM, property);
            this.rsaKeyPairGen.initialize(512);
            this.rsaKeyPair = this.rsaKeyPairGen.generateKeyPair();
            if (this.rsaKeyPair != null) {
                this.rsaPub = this.rsaKeyPair.getPublic();
                this.rsaPriv = this.rsaKeyPair.getPrivate();
            } else if (tc.isDebugEnabled()) {
                Tr.debug(tc, "WARNING: Did not successfully load the server cred signer key pair.");
            }
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("PrivateKey format: ").append(this.rsaPriv.getFormat()).toString());
                Tr.debug(tc, new StringBuffer().append("PrivateKey algorithm: ").append(this.rsaPriv.getAlgorithm()).toString());
                Tr.debug(tc, new StringBuffer().append("PublicKey format: ").append(this.rsaPub.getFormat()).toString());
                Tr.debug(tc, new StringBuffer().append("PublicKey algorithm: ").append(this.rsaPub.getAlgorithm()).toString());
                Tr.debug(tc, new StringBuffer().append("Loading ").append(CRYPTO_ALGORITHM).append(" signature instance from ").append(property).toString());
            }
            this.sig = Signature.getInstance(CRYPTO_ALGORITHM, property);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Loading SHA message digest instance from ").append(property).toString());
            }
            this.md = MessageDigest.getInstance(MESSAGE_DIGEST_ALGORITHM, property);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, new StringBuffer().append("Initialization of server cred signer complete at ").append(new Date(System.currentTimeMillis())).toString());
            }
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.initialize", "219", this);
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Exception initializing server cred signer.", new Object[]{e});
            }
            throw new WSSecurityException(e);
        }
    }

    public synchronized byte[] encryptString(String str) {
        if (this.sig == null && ConfigURLProperties.isSecurityEnabled()) {
            try {
                initialize();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.encryptString", "238", this);
            }
        }
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning from encryptString because of security disabled or not initialized.");
            }
            return nullByteArray;
        }
        if (str == null || str.length() == 0) {
            return nullByteArray;
        }
        try {
            this.sig.initSign(this.rsaPriv);
            this.sig.update(str.getBytes());
            return this.sig.sign();
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error encrypting: ", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "267", this);
            return null;
        }
    }

    public synchronized String decryptString(byte[] bArr) {
        if (this.sig == null && ConfigURLProperties.isSecurityEnabled()) {
            try {
                initialize();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.decryptString", "285", this);
            }
        }
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            if (!tc.isDebugEnabled()) {
                return null;
            }
            Tr.debug(tc, "Returning from decryptString because of security disabled or not initialized.");
            return null;
        }
        if (bArr == null) {
            return null;
        }
        try {
            this.sig.initVerify(this.rsaPub);
            this.sig.update(bArr);
            return bArr.toString();
        } catch (Exception e2) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Error decrypting: ", new Object[]{e2});
            }
            FFDCFilter.processException(e2, "com.ibm.ws.security.auth.ServerCredSigner.verify", "313", this);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized byte[] getEncryptedServerSigner() {
        if (this.sig == null && ConfigURLProperties.isSecurityEnabled()) {
            try {
                initialize();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedServerSigner", "333", this);
            }
        }
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning from getEncryptedServerSigner because of security disabled or not initialized.");
            }
            return nullByteArray;
        }
        if (_uniqueServerCipher == null) {
            try {
                this.sig.initSign(this.rsaPriv);
                this.sig.update(_uniqueServerIDBytes);
                _uniqueServerCipher = this.sig.sign();
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error encrypting: ", new Object[]{e2});
                }
                FFDCFilter.processException(e2, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "360", this);
                return null;
            }
        }
        return _uniqueServerCipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized byte[] getEncryptedWSCredSigner() {
        if (this.sig == null && ConfigURLProperties.isSecurityEnabled()) {
            try {
                initialize();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedWSCredSigner", "379", this);
            }
        }
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            if (tc.isDebugEnabled()) {
                Tr.debug(tc, "Returning from getEncryptedWSCredSigner because of security disabled or not initialized.");
            }
            return nullByteArray;
        }
        if (_uniqueWSCredCipher == null) {
            try {
                this.sig.initSign(this.rsaPriv);
                this.sig.update(_uniqueWSCredIDBytes);
                _uniqueWSCredCipher = this.sig.sign();
            } catch (Exception e2) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error encrypting: ", new Object[]{e2});
                }
                FFDCFilter.processException(e2, "com.ibm.ws.security.auth.ServerCredSigner.getEncryptedSigner", "407", this);
                return null;
            }
        }
        return _uniqueWSCredCipher;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized boolean isServerCred(WSCredential wSCredential) {
        if (ConfigURLProperties.isSecurityEnabled() && this.secConfig != null && this.secConfig.processIsServer()) {
            if (((WSCredentialImpl) wSCredential).getServerCredCipher() == null || _uniqueServerCipher == null) {
                return false;
            }
            return Arrays.equals(_uniqueServerCipher, ((WSCredentialImpl) wSCredential).getServerCredCipher());
        }
        if (!tc.isDebugEnabled()) {
            return false;
        }
        Tr.debug(tc, "Returning from isServerCred because of security disabled or not initialized.");
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public synchronized boolean isWSCred(WSCredential wSCredential) {
        if (!ConfigURLProperties.isSecurityEnabled() || this.secConfig == null || !this.secConfig.processIsServer()) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "Returning from isWSCred because of security disabled or not initialized.");
            return false;
        }
        if (wSCredential == null) {
            if (!tc.isDebugEnabled()) {
                return false;
            }
            Tr.debug(tc, "null cred passed into isWSCred()");
            return false;
        }
        if (((WSCredentialImpl) wSCredential).getWSCredCipher() == null || _uniqueWSCredCipher == null) {
            return false;
        }
        return Arrays.equals(_uniqueWSCredCipher, ((WSCredentialImpl) wSCredential).getWSCredCipher());
    }

    public synchronized byte[] getOneWayHash(String str) {
        if (this.md == null && ConfigURLProperties.isSecurityEnabled()) {
            try {
                initialize();
            } catch (Exception e) {
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception initializing ServerCredSigner.", new Object[]{e});
                }
                FFDCFilter.processException(e, "com.ibm.ws.security.auth.ServerCredSigner.getOneWayHash", "465", this);
            }
        }
        if (ConfigURLProperties.isSecurityEnabled() && this.secConfig != null && this.secConfig.processIsServer()) {
            this.md.reset();
            this.md.update(str.getBytes());
            return this.md.digest();
        }
        if (!tc.isDebugEnabled()) {
            return null;
        }
        Tr.debug(tc, "Returning from getOneWayHash because of security disabled or not initialized.");
        return null;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$com$ibm$ws$security$auth$ServerCredSigner == null) {
            cls = class$("com.ibm.ws.security.auth.ServerCredSigner");
            class$com$ibm$ws$security$auth$ServerCredSigner = cls;
        } else {
            cls = class$com$ibm$ws$security$auth$ServerCredSigner;
        }
        tc = Tr.register(cls, (String) null, "com.ibm.ISecurityL13SupportImpl.sec");
    }
}
