package net.jxta.impl.membership.pse;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.SequenceInputStream;
import java.net.MalformedURLException;
import java.net.UnknownServiceException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import net.jxta.credential.Credential;
import net.jxta.document.Attributable;
import net.jxta.document.Attribute;
import net.jxta.document.Element;
import net.jxta.document.MimeMediaType;
import net.jxta.document.StructuredDocument;
import net.jxta.document.StructuredDocumentFactory;
import net.jxta.document.XMLElement;
import net.jxta.exception.PeerGroupException;
import net.jxta.id.ID;
import net.jxta.id.IDFactory;
import net.jxta.impl.endpoint.EndpointServiceImpl;
import net.jxta.impl.endpoint.cbjx.CbJxDefs;
import net.jxta.impl.protocol.ResolverSrdiMsgImpl;
import net.jxta.peer.PeerID;
import net.jxta.peergroup.PeerGroupID;
import net.jxta.service.Service;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.xml.DefaultXmlBeanDefinitionParser;
import org.springframework.web.servlet.view.RedirectView;

/* loaded from: input_file:activemq-ra-2.1.rar:jxta-2.0.jar:net/jxta/impl/membership/pse/PSECredential.class */
public final class PSECredential implements Credential {
    private static final Logger LOG;
    PSEMembershipService source;
    X509Certificate cert;
    ID peerid;
    PrivateKey privateKey;
    static Class class$net$jxta$impl$membership$pse$PSECredential;
    static Class class$net$jxta$document$XMLElement;

    /* JADX INFO: Access modifiers changed from: protected */
    public PSECredential(PSEMembershipService pSEMembershipService, X509Certificate x509Certificate, PrivateKey privateKey) throws IOException {
        this.source = pSEMembershipService;
        this.peerid = pSEMembershipService.getPeerGroup().getPeerID();
        setCertificate(x509Certificate);
        setPrivateKey(privateKey);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PSECredential(PSEMembershipService pSEMembershipService, Element element) throws PeerGroupException {
        this.source = pSEMembershipService;
        initialize(element);
    }

    @Override // net.jxta.credential.Credential
    public ID getPeerGroupID() {
        return this.source.getPeerGroup().getPeerGroupID();
    }

    @Override // net.jxta.credential.Credential
    public ID getPeerID() {
        return this.peerid;
    }

    private void setPeerID(PeerID peerID) {
        this.peerid = peerID;
    }

    @Override // net.jxta.credential.Credential
    public boolean isExpired() {
        return false;
    }

    @Override // net.jxta.credential.Credential
    public boolean isValid() {
        return true;
    }

    @Override // net.jxta.credential.Credential
    public Object getSubject() {
        return this.cert.getSubjectDN();
    }

    @Override // net.jxta.credential.Credential
    public Service getSourceService() {
        return this.source;
    }

    @Override // net.jxta.credential.Credential
    public StructuredDocument getDocument(MimeMediaType mimeMediaType) throws Exception {
        StructuredDocument newStructuredDocument = StructuredDocumentFactory.newStructuredDocument(mimeMediaType, ResolverSrdiMsgImpl.credentialTag);
        if (null == this.privateKey) {
            throw new IllegalStateException("This credential is not a local credential and document cannot be created.");
        }
        if (newStructuredDocument instanceof Attributable) {
            ((Attributable) newStructuredDocument).addAttribute("xmlns:jxta", "http://jxta.org");
            ((Attributable) newStructuredDocument).addAttribute("xml:space", "preserve");
            ((Attributable) newStructuredDocument).addAttribute(DefaultXmlBeanDefinitionParser.TYPE_ATTRIBUTE, "jxta:PSECred");
        }
        newStructuredDocument.appendChild(newStructuredDocument.createElement("PeerGroupID", getPeerGroupID().toString()));
        newStructuredDocument.appendChild(newStructuredDocument.createElement("PeerID", getPeerID().toString()));
        newStructuredDocument.appendChild(newStructuredDocument.createElement("Certificate", PSEUtils.base64Encode(getCertificate().getEncoded())));
        ArrayList arrayList = new ArrayList(3);
        arrayList.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes(RedirectView.DEFAULT_ENCODING_SCHEME)));
        arrayList.add(new ByteArrayInputStream(getPeerID().toString().getBytes(RedirectView.DEFAULT_ENCODING_SCHEME)));
        arrayList.add(new ByteArrayInputStream(getCertificate().getEncoded()));
        newStructuredDocument.appendChild(newStructuredDocument.createElement("Signature", PSEUtils.base64Encode(PSEUtils.computeSignature(CbJxDefs.signAlgoName, this.privateKey, new SequenceInputStream(Collections.enumeration(arrayList))))));
        return newStructuredDocument;
    }

    protected boolean handleElement(XMLElement xMLElement) {
        if (xMLElement.getName().equals("PeerGroupID")) {
            try {
                PeerGroupID peerGroupID = (PeerGroupID) IDFactory.fromURL(IDFactory.jxtaURL(xMLElement.getTextValue()));
                if (peerGroupID.equals(getPeerGroupID())) {
                    return true;
                }
                throw new IllegalArgumentException(new StringBuffer().append("Credential is from a different group. ").append(peerGroupID).append(" != ").append(getPeerGroupID()).toString());
            } catch (ClassCastException e) {
                throw new IllegalArgumentException(new StringBuffer().append("Id is not a group id: ").append(xMLElement.getTextValue()).toString());
            } catch (MalformedURLException e2) {
                throw new IllegalArgumentException(new StringBuffer().append("Bad PeerGroupID in advertisement: ").append(xMLElement.getTextValue()).toString());
            } catch (UnknownServiceException e3) {
                throw new IllegalArgumentException(new StringBuffer().append("Unusable ID in advertisement: ").append(xMLElement.getTextValue()).toString());
            }
        }
        if (xMLElement.getName().equals("PeerID")) {
            try {
                setPeerID((PeerID) IDFactory.fromURL(IDFactory.jxtaURL(xMLElement.getTextValue())));
                return true;
            } catch (ClassCastException e4) {
                throw new IllegalArgumentException(new StringBuffer().append("Id is not a peer id: ").append(xMLElement.getTextValue()).toString());
            } catch (MalformedURLException e5) {
                throw new IllegalArgumentException(new StringBuffer().append("Bad Peer ID in advertisement: ").append(xMLElement.getTextValue()).toString());
            } catch (UnknownServiceException e6) {
                throw new IllegalArgumentException(new StringBuffer().append("Unusable ID in advertisement: ").append(xMLElement.getTextValue()).toString());
            }
        }
        if (xMLElement.getName().equals("Certificate")) {
            try {
                setCertificate((X509Certificate) CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(PSEUtils.base64Decode(xMLElement.getTextValue()))));
                return true;
            } catch (Throwable th) {
                if (LOG.isEnabledFor(Level.WARN)) {
                    LOG.warn("Failed to process root cert ", th);
                }
                throw new IllegalArgumentException(new StringBuffer().append("Failed to process root cert ").append(th.getMessage()).toString());
            }
        }
        if (!xMLElement.getName().equals("Signature")) {
            return false;
        }
        ArrayList arrayList = new ArrayList(3);
        try {
            byte[] base64Decode = PSEUtils.base64Decode(xMLElement.getTextValue());
            arrayList.add(new ByteArrayInputStream(getPeerGroupID().toString().getBytes(RedirectView.DEFAULT_ENCODING_SCHEME)));
            arrayList.add(new ByteArrayInputStream(getPeerID().toString().getBytes(RedirectView.DEFAULT_ENCODING_SCHEME)));
            arrayList.add(new ByteArrayInputStream(getCertificate().getEncoded()));
            if (PSEUtils.verifySignature(CbJxDefs.signAlgoName, getCertificate(), base64Decode, new SequenceInputStream(Collections.enumeration(arrayList)))) {
                return true;
            }
            throw new IllegalArgumentException("Certificated did not match");
        } catch (Throwable th2) {
            if (LOG.isEnabledFor(Level.WARN)) {
                LOG.warn("Failed to validate signature ", th2);
            }
            throw new IllegalArgumentException(new StringBuffer().append("Failed to validate signature ").append(th2.getMessage()).toString());
        }
    }

    protected void initialize(Element element) {
        Class cls;
        if (class$net$jxta$document$XMLElement == null) {
            cls = class$("net.jxta.document.XMLElement");
            class$net$jxta$document$XMLElement = cls;
        } else {
            cls = class$net$jxta$document$XMLElement;
        }
        if (!cls.isInstance(element)) {
            throw new IllegalArgumentException(new StringBuffer().append(getClass().getName()).append(" only supports XMLElement").toString());
        }
        XMLElement xMLElement = (XMLElement) element;
        String str = EndpointServiceImpl.MESSAGE_EMPTY_NS;
        Attribute attribute = xMLElement.getAttribute(DefaultXmlBeanDefinitionParser.TYPE_ATTRIBUTE);
        if (null != attribute) {
            str = attribute.getValue();
        }
        String name = xMLElement.getName();
        if (!name.equals("jxta:PSECred") && !str.equals("jxta:PSECred")) {
            throw new IllegalArgumentException(new StringBuffer().append("Could not construct : ").append(getClass().getName()).append("from doc containing a ").append(name).toString());
        }
        Enumeration children = xMLElement.getChildren();
        while (children.hasMoreElements()) {
            XMLElement xMLElement2 = (XMLElement) children.nextElement();
            if (!handleElement(xMLElement2) && LOG.isEnabledFor(Level.WARN)) {
                LOG.warn(new StringBuffer().append("Unhandleded element '").append(xMLElement2.getName()).append("' in ").append(xMLElement.getName()).toString());
            }
        }
        if (null == getSubject()) {
            throw new IllegalArgumentException("subject was never initialized.");
        }
        if (null == getPeerID()) {
            throw new IllegalArgumentException("peer id was never initialized.");
        }
    }

    public Certificate getCertificate() {
        return this.cert;
    }

    private void setCertificate(X509Certificate x509Certificate) {
        this.cert = x509Certificate;
    }

    public PrivateKey getPrivateKey() {
        if (null == this.privateKey) {
            throw new IllegalStateException("This credential is not a local credential and cannot be used for signing.");
        }
        return this.privateKey;
    }

    private void setPrivateKey(PrivateKey privateKey) {
        this.privateKey = privateKey;
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$jxta$impl$membership$pse$PSECredential == null) {
            cls = class$("net.jxta.impl.membership.pse.PSECredential");
            class$net$jxta$impl$membership$pse$PSECredential = cls;
        } else {
            cls = class$net$jxta$impl$membership$pse$PSECredential;
        }
        LOG = Logger.getLogger(cls.getName());
    }
}
