package de.bos_bremen.gov.autent.safe.client;

import com.sun.xml.wss.XWSSecurityException;
import com.sun.xml.wss.core.reference.X509SubjectKeyIdentifier;
import de.bos_bremen.gov.autent.safe.CommonHelper;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.regex.Pattern;
import javax.naming.InvalidNameException;
import javax.naming.ldap.LdapName;
import javax.security.auth.x500.X500Principal;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:de/bos_bremen/gov/autent/safe/client/ClientConfiguration.class */
public class ClientConfiguration {
    private String aUsername;
    private String aPassword;
    private Element aAssertionElement;
    private X509Certificate aTransportSignatureCertificate;
    private PrivateKey aTransportSignatureKey;
    private X509Certificate aTransportDecryptionCertificate;
    private PrivateKey aTransportDecryptionKey;
    private Collection<X509Certificate> aSignatureVerificationCertificates = new HashSet();
    private X509Certificate aEncryptionCertificate;
    private static final Logger log = LoggerFactory.getLogger(ClientConfiguration.class);
    private static Pattern emailReplacePattern = Pattern.compile("(,|, |^)E=");

    public PrivateKey getTransportSignatureKey() {
        return this.aTransportSignatureKey;
    }

    public X509Certificate getTransportSignatureCertificate() {
        return this.aTransportSignatureCertificate;
    }

    public void setTransportSignatureKeyAndCertificate(PrivateKey privateKey, X509Certificate x509Certificate) {
        this.aTransportSignatureKey = privateKey;
        this.aTransportSignatureCertificate = x509Certificate;
    }

    public PrivateKey getTransportDecryptionKey() {
        return this.aTransportDecryptionKey;
    }

    public X509Certificate getTransportDecryptionCertificate() {
        return this.aTransportDecryptionCertificate;
    }

    public void setTransportDecryptionKeyAndCertificate(PrivateKey privateKey, X509Certificate x509Certificate) {
        this.aTransportDecryptionKey = privateKey;
        this.aTransportDecryptionCertificate = x509Certificate;
    }

    public String getUsername() {
        return this.aUsername;
    }

    public void setUsername(String str) {
        this.aUsername = str;
    }

    public String getPassword() {
        return this.aPassword;
    }

    public void setPassword(String str) {
        this.aPassword = str;
    }

    public void setAssertion(Element element) {
        this.aAssertionElement = element;
    }

    public Element getAssertionElement() {
        return this.aAssertionElement;
    }

    public X509Certificate getSignatureVerificationCertificateByThumbprint(byte[] bArr) {
        for (X509Certificate x509Certificate : this.aSignatureVerificationCertificates) {
            try {
                byte[] createCertHashAsBinary = CommonHelper.createCertHashAsBinary(x509Certificate);
                if (createCertHashAsBinary != null && Arrays.equals(createCertHashAsBinary, bArr)) {
                    return x509Certificate;
                }
            } catch (CertificateEncodingException e) {
                log.error("can not create thumbprint", e);
            }
        }
        return null;
    }

    public X509Certificate getSignatureVerificationCertificate(PublicKey publicKey) {
        for (X509Certificate x509Certificate : this.aSignatureVerificationCertificates) {
            if (x509Certificate.getPublicKey().equals(publicKey)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public X509Certificate getSignatureVerificationCertificate(String str, BigInteger bigInteger) {
        X500Principal x500Principal = new X500Principal(emailReplacePattern.matcher(str).replaceAll("$1EMAILADDRESS="));
        for (X509Certificate x509Certificate : this.aSignatureVerificationCertificates) {
            try {
            } catch (InvalidNameException e) {
                log.error("getSignatureVerificationCertificate() ", e);
            }
            if ((x509Certificate.getSerialNumber().equals(bigInteger) && (x500Principal.equals(x509Certificate.getIssuerX500Principal()) || str.equals(x509Certificate.getIssuerDN().getName()))) || equalsIssuerDN(str, x509Certificate)) {
                return x509Certificate;
            }
        }
        return null;
    }

    public X509Certificate getSignatureVerificationCertificate(byte[] bArr) {
        for (X509Certificate x509Certificate : this.aSignatureVerificationCertificates) {
            try {
                if (Arrays.equals(X509SubjectKeyIdentifier.getSubjectKeyIdentifier(x509Certificate), bArr)) {
                    return x509Certificate;
                }
            } catch (XWSSecurityException e) {
                return null;
            }
        }
        return null;
    }

    public X509Certificate getEncryptionCertificate() {
        return this.aEncryptionCertificate;
    }

    public void setEncryptionCertificate(X509Certificate x509Certificate) {
        this.aEncryptionCertificate = x509Certificate;
    }

    public Collection<X509Certificate> getSignatureVerificationCertificates() {
        return this.aSignatureVerificationCertificates;
    }

    public void setSignatureVerificationCertificates(Collection<X509Certificate> collection) {
        this.aSignatureVerificationCertificates = collection;
    }

    public boolean equalsDN(String str, String str2) throws InvalidNameException {
        List rdns = new LdapName(str).getRdns();
        List rdns2 = new LdapName(str2).getRdns();
        if (rdns.size() != rdns2.size()) {
            return false;
        }
        return rdns.containsAll(rdns2);
    }

    public boolean equalsIssuerDN(String str, X509Certificate x509Certificate) throws InvalidNameException {
        return equalsDN(str, x509Certificate.getIssuerX500Principal().toString());
    }

    public boolean equalsSubjectDN(String str, X509Certificate x509Certificate) throws InvalidNameException {
        return equalsDN(str, x509Certificate.getSubjectX500Principal().toString());
    }
}
