package org.wso2.xkms2.service;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPath;
import java.security.cert.CertPathValidator;
import java.security.cert.CertPathValidatorException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.PKIXParameters;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import java.util.Vector;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.AxisFault;
import org.apache.axis2.deployment.DeploymentConstants;
import org.apache.commons.discovery.ResourceIterator;
import org.apache.commons.discovery.jdk.JDKHooks;
import org.apache.commons.discovery.resource.DiscoverResources;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.ws.security.components.crypto.X509NameTokenizer;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.keys.content.KeyValue;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.w3c.dom.Document;
import org.wso2.xkms2.Authentication;
import org.wso2.xkms2.InvalidReason;
import org.wso2.xkms2.KRSSRequest;
import org.wso2.xkms2.KRSSResult;
import org.wso2.xkms2.KeyBinding;
import org.wso2.xkms2.KeyBindingAbstractType;
import org.wso2.xkms2.KeyUsage;
import org.wso2.xkms2.LocateRequest;
import org.wso2.xkms2.LocateResult;
import org.wso2.xkms2.MessageAbstractType;
import org.wso2.xkms2.PrototypeKeyBinding;
import org.wso2.xkms2.QueryKeyBinding;
import org.wso2.xkms2.RecoverRequest;
import org.wso2.xkms2.RecoverResult;
import org.wso2.xkms2.RegisterRequest;
import org.wso2.xkms2.RegisterResult;
import org.wso2.xkms2.ReissueKeyBinding;
import org.wso2.xkms2.ReissueRequest;
import org.wso2.xkms2.ReissueResult;
import org.wso2.xkms2.RequestAbstractType;
import org.wso2.xkms2.RespondWith;
import org.wso2.xkms2.ResultMajor;
import org.wso2.xkms2.ResultMinor;
import org.wso2.xkms2.ResultType;
import org.wso2.xkms2.Status;
import org.wso2.xkms2.StatusValue;
import org.wso2.xkms2.UnverifiedKeyBinding;
import org.wso2.xkms2.UseKeyWith;
import org.wso2.xkms2.ValidReason;
import org.wso2.xkms2.ValidateRequest;
import org.wso2.xkms2.ValidateResult;
import org.wso2.xkms2.ValidityInterval;
import org.wso2.xkms2.XKMSException;
import org.wso2.xkms2.core.XKMSRequestData;
import org.wso2.xkms2.util.XKMSKeyUtil;
import org.wso2.xkms2.util.XKMSUtil;

/* loaded from: input_file:WEB-INF/lib/xkms-2.4.0.wso2v1.jar:org/wso2/xkms2/service/XKMSServerCrypto.class */
public class XKMSServerCrypto {
    private static final Log LOG;
    public static final String XKMS_SERVER_AUTHENTICATION_CODE = "org.wso2.xkms2.service.crypto.authen.code";
    public static final String XKMS_KEY_STORE_LOCATION = "org.wso2.xkms2.service.crypto.keystore.location";
    public static final String XKMS_KEY_STORE_PASSWORD = "org.wso2.xkms2.service.crypto.keystore.password";
    public static final String XKMS_SERVER_CERT_ALIACE = "org.wso2.xkms2.service.crypto.server.cert.aliase";
    public static final String XKMS_SERVER_KEY_PASSWORD = "org.wso2.xkms2.service.crypto.server.key.password";
    public static final String XKMS_ISSUER_CERT_ALIACE = "org.wso2.xkms2.service.crypto.issuer.cert.aliase";
    public static final String XKMS_ISSUER_KEY_PASSWORD = "org.wso2.xkms2.service.crypto.issuer.key.password";
    public static final String XKMS_DEFAULT_EXPIRY_INTERVAL = "org.wso2.xkms2.service.crypto.default.expriy.interval";
    public static final String XKMS_DEFAULT_PRIVATE_KEY_PASSWORD = "org.wso2.xkms2.service.crypto.default.private.key.password";
    public static final String XKMS_ENABLE_PERSISTENCE = "org.wso2.xkms2.service.crypto.persistence.enabled";
    public static final String PROP_ID_CERT_PROVIDER = "org.wso2.xkms2.service.crypto.cert.provider";
    static String SKI_OID;
    private static CertificateFactory certFact;
    private KeyStore keystore;
    protected KeyStore cacerts;
    private X509Certificate cacert;
    private PrivateKey cakey;
    private PrivateKey sekey;
    private Key authkey;
    private Key enkey;
    private Date caexpiry;
    private int validityPeriod;
    private Properties properties;
    private ClassLoader classLoader;
    private boolean canSupportPersistence;
    private boolean saveKeystore;
    private Document doc;
    static Class class$org$wso2$xkms2$service$XKMSServerCrypto;

    /* JADX WARN: Illegal instructions before constructor call */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public XKMSServerCrypto(java.util.Properties r6) throws org.wso2.xkms2.XKMSException {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            java.lang.Class r2 = org.wso2.xkms2.service.XKMSServerCrypto.class$org$wso2$xkms2$service$XKMSServerCrypto
            if (r2 != 0) goto L14
            java.lang.String r2 = "org.wso2.xkms2.service.XKMSServerCrypto"
            java.lang.Class r2 = class$(r2)
            r3 = r2
            org.wso2.xkms2.service.XKMSServerCrypto.class$org$wso2$xkms2$service$XKMSServerCrypto = r3
            goto L17
        L14:
            java.lang.Class r2 = org.wso2.xkms2.service.XKMSServerCrypto.class$org$wso2$xkms2$service$XKMSServerCrypto
        L17:
            java.lang.ClassLoader r2 = r2.getClassLoader()
            r0.<init>(r1, r2)
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wso2.xkms2.service.XKMSServerCrypto.<init>(java.util.Properties):void");
    }

    public XKMSServerCrypto(Properties properties, ClassLoader classLoader) throws XKMSException {
        this.keystore = null;
        this.cacerts = null;
        this.cacert = null;
        this.cakey = null;
        this.sekey = null;
        this.authkey = null;
        this.enkey = null;
        this.caexpiry = null;
        this.canSupportPersistence = false;
        this.saveKeystore = false;
        this.properties = properties;
        this.classLoader = classLoader;
        Init();
    }

    private void Init() throws XKMSException {
        String property = this.properties.getProperty(XKMS_SERVER_AUTHENTICATION_CODE);
        if (property != null && property.length() > 0) {
            this.authkey = XKMSKeyUtil.getAuthenticationKey(property);
        }
        String property2 = this.properties.getProperty(XKMS_SERVER_AUTHENTICATION_CODE);
        if (property2 != null && property2.length() > 0) {
            this.enkey = XKMSKeyUtil.getPrivateKey(property2, "DESede");
        }
        loadKeyStore();
        this.cacert = getCertificate(this.properties.getProperty(XKMS_ISSUER_CERT_ALIACE));
        this.caexpiry = this.cacert.getNotAfter();
        this.cakey = getPrivateKey(this.properties.getProperty(XKMS_ISSUER_CERT_ALIACE), this.properties.getProperty(XKMS_ISSUER_KEY_PASSWORD));
        this.sekey = getPrivateKey(this.properties.getProperty(XKMS_SERVER_CERT_ALIACE), this.properties.getProperty(XKMS_SERVER_KEY_PASSWORD));
        String property3 = this.properties.getProperty(XKMS_DEFAULT_EXPIRY_INTERVAL);
        if (property3 != null) {
            this.validityPeriod = Integer.parseInt(property3);
        } else {
            this.validityPeriod = 365;
        }
        String property4 = this.properties.getProperty(XKMS_ENABLE_PERSISTENCE);
        if (property4 != null) {
            this.saveKeystore = Boolean.getBoolean(property4);
        } else {
            this.saveKeystore = false;
        }
    }

    public ResultType process(XKMSRequestData xKMSRequestData) throws AxisFault {
        RequestAbstractType request = xKMSRequestData.getRequest();
        this.doc = xKMSRequestData.getDocument();
        if (request instanceof RegisterRequest) {
            return handleRegisterRequest((RegisterRequest) request);
        }
        if (request instanceof ValidateRequest) {
            return handleValidateRequest((ValidateRequest) request);
        }
        if (request instanceof ReissueRequest) {
            return handleReissueRequest((ReissueRequest) request);
        }
        if (request instanceof LocateRequest) {
            return handleLocateRequest((LocateRequest) request);
        }
        if (request instanceof RecoverRequest) {
            return handleRecoverRequest((RecoverRequest) request);
        }
        return null;
    }

    public RegisterResult handleRegisterRequest(RegisterRequest registerRequest) {
        try {
            prepare(registerRequest, registerRequest.getPrototypeKeyBinding());
            validate(registerRequest);
            PrototypeKeyBinding prototypeKeyBinding = registerRequest.getPrototypeKeyBinding();
            String subjectDN = getSubjectDN(prototypeKeyBinding);
            if (subjectDN == null) {
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No SubjectDN is specified");
                }
                throw new XKMSException(4, "NoSubjectDN");
            }
            PublicKey keyValue = prototypeKeyBinding.getKeyValue();
            PrivateKey privateKey = null;
            if (keyValue == null) {
                KeyPair generateRSAKeyPair = XKMSKeyUtil.generateRSAKeyPair();
                keyValue = generateRSAKeyPair.getPublic();
                privateKey = generateRSAKeyPair.getPrivate();
            }
            ValidityInterval validityInterval = prototypeKeyBinding.getValidityInterval();
            Date[] adjustedValidityInterval = validityInterval != null ? getAdjustedValidityInterval(validityInterval.getNotBefore(), validityInterval.getOnOrAfter()) : getAdjustedValidityInterval((Date) null, (Date) null);
            long nextSerialNumber = nextSerialNumber();
            String createAlias = createAlias(nextSerialNumber);
            BigInteger valueOf = BigInteger.valueOf(nextSerialNumber);
            List keyUsage = prototypeKeyBinding.getKeyUsage();
            X509Certificate x509Certificate = (keyUsage == null || keyUsage.isEmpty() || (keyUsage.size() == 1 && keyUsage.contains(KeyUsage.EXCHANGE))) ? XKMSKeyUtil.getX509Certificate(subjectDN, valueOf, adjustedValidityInterval[0], adjustedValidityInterval[1], keyValue, this.cacert, this.cakey) : XKMSKeyUtil.getX509Certificate(subjectDN, valueOf, adjustedValidityInterval[0], adjustedValidityInterval[1], keyUsage.contains(KeyUsage.SIGNATURE), keyUsage.contains(KeyUsage.ENCRYPTION), keyValue, this.cacert, this.cakey);
            try {
                this.keystore.setCertificateEntry(createAlias, x509Certificate);
                if (LOG.isDebugEnabled()) {
                    LOG.debug(new StringBuffer().append("Adding the newly constructed X509Certificate to the keystore - \n ").append(x509Certificate).toString());
                }
                if (privateKey != null) {
                    this.keystore.setKeyEntry(createAlias, privateKey, getPrivateKeyPassword(), new Certificate[]{x509Certificate});
                    if (LOG.isDebugEnabled()) {
                        LOG.debug(new StringBuffer().append("Added the newly construct Private Key to the keystore - \n").append(privateKey).toString());
                    }
                }
                if (this.saveKeystore) {
                    saveKeystore();
                }
                RegisterResult createRegisterResult = XKMSUtil.createRegisterResult();
                buildResultType(registerRequest, createRegisterResult, createAlias, this.keystore);
                return createRegisterResult;
            } catch (KeyStoreException e) {
                LOG.error("Adding the certificate to keystore failed", e);
                throw new XKMSException(e);
            }
        } catch (XKMSException e2) {
            RegisterResult createRegisterResult2 = XKMSUtil.createRegisterResult();
            buildFault(registerRequest, createRegisterResult2, e2);
            return createRegisterResult2;
        }
    }

    public ReissueResult handleReissueRequest(ReissueRequest reissueRequest) {
        try {
            prepare(reissueRequest, reissueRequest.getReissueKeyBinding());
            validate(reissueRequest);
            X509Certificate certValue = reissueRequest.getReissueKeyBinding().getCertValue();
            if (certValue == null) {
                throw new XKMSException(4, "CertNotPresent");
            }
            String aliasForX509Cert = getAliasForX509Cert(certValue.getIssuerDN().getName(), certValue.getSerialNumber());
            if (aliasForX509Cert == null) {
                throw new XKMSException(4, "CertNotFound");
            }
            ReissueResult creatReissueResult = XKMSUtil.creatReissueResult();
            buildResultType(reissueRequest, creatReissueResult, aliasForX509Cert, this.keystore);
            return creatReissueResult;
        } catch (XKMSException e) {
            ReissueResult creatReissueResult2 = XKMSUtil.creatReissueResult();
            buildFault(reissueRequest, creatReissueResult2, e);
            return creatReissueResult2;
        }
    }

    public RecoverResult handleRecoverRequest(RecoverRequest recoverRequest) {
        String keyName;
        try {
            prepare(recoverRequest, recoverRequest.getRecoverKeyBinding());
            KeyBindingAbstractType recoverKeyBinding = recoverRequest.getRecoverKeyBinding();
            String[] strArr = null;
            X509Certificate certValue = recoverKeyBinding.getCertValue();
            if (certValue != null) {
                String aliasForX509Cert = getAliasForX509Cert(certValue.getIssuerDN().getName(), certValue.getSerialNumber());
                if (aliasForX509Cert != null) {
                    strArr = new String[]{aliasForX509Cert};
                }
            } else {
                String subjectDN = getSubjectDN(recoverKeyBinding);
                if (subjectDN != null) {
                    strArr = getAliasesForDN(subjectDN);
                }
            }
            if (strArr == null && (keyName = recoverKeyBinding.getKeyName()) != null) {
                strArr = new String[]{keyName};
            }
            if (strArr == null || strArr.length < 1) {
                throw new XKMSException(1, "keyNotFound");
            }
            RecoverResult createRecoverResult = XKMSUtil.createRecoverResult();
            buildResultType(recoverRequest, createRecoverResult, strArr[0], this.keystore);
            return createRecoverResult;
        } catch (XKMSException e) {
            RecoverResult createRecoverResult2 = XKMSUtil.createRecoverResult();
            buildFault(recoverRequest, createRecoverResult2, e);
            return createRecoverResult2;
        }
    }

    public LocateResult handleLocateRequest(LocateRequest locateRequest) {
        String aliasForX509Cert;
        try {
            KeyBindingAbstractType queryKeyBinding = locateRequest.getQueryKeyBinding();
            String subjectDN = getSubjectDN(queryKeyBinding);
            if (subjectDN == null) {
                KeyInfo keyInfo = queryKeyBinding.getKeyInfo();
                if (keyInfo != null) {
                    try {
                        KeyName itemKeyName = keyInfo.itemKeyName(0);
                        r10 = itemKeyName != null ? new String[]{itemKeyName.getKeyName()} : null;
                    } catch (XMLSecurityException e) {
                        throw new XKMSException((Throwable) e);
                    }
                }
                if (LOG.isDebugEnabled()) {
                    LOG.debug("No SubjectDN is specified");
                }
            } else {
                r10 = getAliasesForDN(subjectDN);
            }
            byte[] sKIValue = getSKIValue(queryKeyBinding);
            if (sKIValue != null && (aliasForX509Cert = getAliasForX509Cert(sKIValue)) != null) {
                r10 = new String[]{aliasForX509Cert};
            }
            if (r10 == null || r10.length == 0) {
                throw new XKMSException("KeyNotFound");
            }
            List keyUsage = queryKeyBinding.getKeyUsage();
            boolean contains = keyUsage.contains(KeyUsage.SIGNATURE);
            boolean contains2 = keyUsage.contains(KeyUsage.ENCRYPTION);
            ArrayList<String> arrayList = new ArrayList();
            for (String str : r10) {
                X509Certificate certificate = getCertificate(str);
                if (certificate != null) {
                    boolean[] keyUsage2 = certificate.getKeyUsage();
                    if ((!contains || keyUsage2[0]) && (!contains2 || keyUsage2[3])) {
                        arrayList.add(str);
                    }
                }
            }
            if (arrayList.isEmpty()) {
                throw new XKMSException(1, "KeyNotFound");
            }
            LocateResult createLocateResult = XKMSUtil.createLocateResult();
            buildResultType(locateRequest, createLocateResult);
            for (String str2 : arrayList) {
                X509Certificate[] certificates = getCertificates(str2);
                UnverifiedKeyBinding unverifiedKeyBinding = new UnverifiedKeyBinding();
                addKeyInfo(locateRequest.getRespondWith(), str2, certificates, unverifiedKeyBinding);
                addKeyUsage(certificates[0], unverifiedKeyBinding);
                createLocateResult.addUnverifiedKeyBinding(unverifiedKeyBinding);
            }
            return createLocateResult;
        } catch (XKMSException e2) {
            LocateResult createLocateResult2 = XKMSUtil.createLocateResult();
            buildFault(locateRequest, createLocateResult2, e2);
            return createLocateResult2;
        }
    }

    public ValidateResult handleValidateRequest(ValidateRequest validateRequest) {
        try {
            QueryKeyBinding queryKeyBinding = validateRequest.getQueryKeyBinding();
            List respondWith = validateRequest.getRespondWith();
            KeyInfo keyInfo = queryKeyBinding.getKeyInfo();
            X509Certificate x509Certificate = null;
            if (keyInfo != null) {
                try {
                    x509Certificate = keyInfo.getX509Certificate();
                } catch (KeyResolverException e) {
                    throw new XKMSException(4, "keystore", e);
                }
            }
            if (x509Certificate == null) {
                throw new XKMSException(4, "CertNotPresent");
            }
            if (!verifyTrust(x509Certificate)) {
                ValidateResult createValidateResult = XKMSUtil.createValidateResult();
                buildResultType(validateRequest, createValidateResult);
                KeyBinding createKeyBinding = XKMSUtil.createKeyBinding();
                X509Certificate[] x509CertificateArr = {x509Certificate};
                addKeyInfo(validateRequest.getRespondWith(), null, x509CertificateArr, createKeyBinding);
                addKeyUsage(x509CertificateArr[0], createKeyBinding);
                addStatus(false, createKeyBinding);
                createValidateResult.addKeyBinding(createKeyBinding);
                return createValidateResult;
            }
            ValidateResult createValidateResult2 = XKMSUtil.createValidateResult();
            buildResultType(validateRequest, createValidateResult2);
            String aliasForX509Cert = getAliasForX509Cert(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber());
            X509Certificate[] certificates = getCertificates(aliasForX509Cert);
            KeyBinding createKeyBinding2 = XKMSUtil.createKeyBinding();
            createValidateResult2.addKeyBinding(createKeyBinding2);
            addKeyInfo(respondWith, aliasForX509Cert, certificates, createKeyBinding2);
            addKeyUsage(certificates[0], createKeyBinding2);
            addStatus(true, createKeyBinding2);
            return createValidateResult2;
        } catch (XKMSException e2) {
            ValidateResult createValidateResult3 = XKMSUtil.createValidateResult();
            buildFault(validateRequest, createValidateResult3, e2);
            return createValidateResult3;
        }
    }

    private void prepare(KRSSRequest kRSSRequest, KeyBindingAbstractType keyBindingAbstractType) throws XKMSException {
        kRSSRequest.getAuthentication().setKeyBindingAuthenticationKey(this.authkey);
        KeyInfo keyInfo = keyBindingAbstractType.getKeyInfo();
        if (keyInfo != null) {
            try {
                KeyName itemKeyName = keyInfo.itemKeyName(0);
                if (itemKeyName != null) {
                    keyBindingAbstractType.setKeyName(itemKeyName.getKeyName());
                }
                PublicKey publicKey = keyInfo.getPublicKey();
                if (publicKey != null) {
                    keyBindingAbstractType.setKeyValue(publicKey);
                }
                X509Certificate x509Certificate = keyInfo.getX509Certificate();
                if (x509Certificate != null) {
                    keyBindingAbstractType.setCertValue(x509Certificate);
                    keyBindingAbstractType.setKeyValue(x509Certificate.getPublicKey());
                }
            } catch (XMLSecurityException e) {
                LOG.error("", e);
                throw new XKMSException(4, "noKey", e);
            } catch (KeyResolverException e2) {
                LOG.error("", e2);
                throw new XKMSException(4, "noKey", e2);
            }
        }
    }

    private void validate(ReissueRequest reissueRequest) throws XKMSException {
        X509Certificate certValue;
        validate((KRSSRequest) reissueRequest);
        ReissueKeyBinding reissueKeyBinding = reissueRequest.getReissueKeyBinding();
        XMLSignature proofOfPocession = reissueRequest.getProofOfPocession();
        PublicKey keyValue = reissueKeyBinding.getKeyValue();
        if (keyValue == null && (certValue = reissueKeyBinding.getCertValue()) != null) {
            keyValue = certValue.getPublicKey();
        }
        if (proofOfPocession == null || keyValue == null) {
            return;
        }
        try {
            proofOfPocession.checkSignatureValue(keyValue);
        } catch (XMLSignatureException e) {
            throw new XKMSException("Proof-Of-Pocession varification failed", (Throwable) e);
        }
    }

    private void validate(RegisterRequest registerRequest) throws XKMSException {
        validate((KRSSRequest) registerRequest);
        PrototypeKeyBinding prototypeKeyBinding = registerRequest.getPrototypeKeyBinding();
        XMLSignature proofOfPossession = registerRequest.getProofOfPossession();
        PublicKey keyValue = prototypeKeyBinding.getKeyValue();
        if (keyValue != null) {
            try {
                proofOfPossession.checkSignatureValue(keyValue);
            } catch (XMLSignatureException e) {
                LOG.error("", e);
                throw new XKMSException(12, "popRequired", e);
            }
        }
    }

    private void validate(KRSSRequest kRSSRequest) throws XKMSException {
        validate((MessageAbstractType) kRSSRequest);
        Authentication authentication = kRSSRequest.getAuthentication();
        try {
            if (!authentication.getKeyBindingAuthentication().checkSignatureValue(authentication.getKeyBindingAuthenticationKey())) {
                throw new XKMSException(6, "invalidXMLSign");
            }
            System.out.println("success");
        } catch (XMLSignatureException e) {
            LOG.error("", e);
            throw new XKMSException(6, "invalidXMLSign", e);
        }
    }

    private void validate(MessageAbstractType messageAbstractType) throws XKMSException {
        XMLSignature signature = messageAbstractType.getSignature();
        if (signature != null) {
            try {
                signature.checkSignatureValue(messageAbstractType.getSignCert());
            } catch (XMLSignatureException e) {
                LOG.error("", e);
                throw new XKMSException(6, "failedXMLSign", e);
            }
        }
    }

    private void buildResultType(RegisterRequest registerRequest, RegisterResult registerResult, String str, KeyStore keyStore) throws XKMSException {
        buildResultType((RequestAbstractType) registerRequest, (KRSSResult) registerResult, str, keyStore);
        org.wso2.xkms2.PrivateKey privateKey = getPrivateKey(str, keyStore);
        if (privateKey != null) {
            registerResult.setPrivateKey(privateKey);
        }
    }

    private void buildResultType(ReissueRequest reissueRequest, ReissueResult reissueResult, String str, KeyStore keyStore) throws XKMSException {
        buildResultType((RequestAbstractType) reissueRequest, (KRSSResult) reissueResult, str, keyStore);
    }

    private void buildResultType(RecoverRequest recoverRequest, RecoverResult recoverResult, String str, KeyStore keyStore) throws XKMSException {
        buildResultType((RequestAbstractType) recoverRequest, (KRSSResult) recoverResult, str, keyStore);
        org.wso2.xkms2.PrivateKey privateKey = getPrivateKey(str, keyStore);
        if (privateKey != null) {
            recoverResult.setPrivateKey(privateKey);
        }
    }

    private void buildResultType(RequestAbstractType requestAbstractType, KRSSResult kRSSResult, String str, KeyStore keyStore) throws XKMSException {
        buildResultType(requestAbstractType, kRSSResult);
        KeyBinding createKeyBinding = XKMSUtil.createKeyBinding();
        kRSSResult.addKeyBinding(createKeyBinding);
        X509Certificate[] certificates = getCertificates(str);
        addKeyInfo(requestAbstractType.getRespondWith(), str, certificates, createKeyBinding);
        addValidationInterval(certificates[0], createKeyBinding);
        addKeyUsage(certificates[0], createKeyBinding);
        addStatus(true, createKeyBinding);
    }

    private void buildResultType(RequestAbstractType requestAbstractType, ResultType resultType) throws XKMSException {
        resultType.setServiceURI(requestAbstractType.getServiceURI());
        resultType.setResultMajor(ResultMajor.SUCCESS);
        resultType.setSignKey(this.sekey);
    }

    private org.wso2.xkms2.PrivateKey getPrivateKey(String str, KeyStore keyStore) throws XKMSException {
        PrivateKey privateKey = getPrivateKey(str, this.properties.getProperty(XKMS_DEFAULT_PRIVATE_KEY_PASSWORD));
        if (privateKey == null) {
            return null;
        }
        KeyPair keyPair = new KeyPair(getCertificate(str).getPublicKey(), privateKey);
        org.wso2.xkms2.PrivateKey privateKey2 = new org.wso2.xkms2.PrivateKey();
        privateKey2.setRSAKeyPair(keyPair);
        privateKey2.setKey(this.enkey);
        return privateKey2;
    }

    private String getSubjectDN(KeyBindingAbstractType keyBindingAbstractType) {
        List<UseKeyWith> useKeyWith = keyBindingAbstractType.getUseKeyWith();
        if (useKeyWith == null || useKeyWith.isEmpty()) {
            return null;
        }
        for (UseKeyWith useKeyWith2 : useKeyWith) {
            if (UseKeyWith.PKIX.equals(useKeyWith2.getApplication())) {
                return useKeyWith2.getIdentifier();
            }
        }
        return null;
    }

    private byte[] getSKIValue(KeyBindingAbstractType keyBindingAbstractType) {
        List<UseKeyWith> useKeyWith = keyBindingAbstractType.getUseKeyWith();
        if (useKeyWith == null || useKeyWith.isEmpty()) {
            return null;
        }
        for (UseKeyWith useKeyWith2 : useKeyWith) {
            if (UseKeyWith.SKI.equals(useKeyWith2.getApplication())) {
                return Base64.decode(useKeyWith2.getIdentifier());
            }
        }
        return null;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v41, types: [java.io.InputStream] */
    /* JADX WARN: Type inference failed for: r0v45, types: [java.io.InputStream] */
    private void loadKeyStore() {
        String property;
        FileInputStream fileInputStream = null;
        try {
            String property2 = this.properties.getProperty(XKMS_KEY_STORE_LOCATION);
            String property3 = this.properties.getProperty(XKMS_KEY_STORE_PASSWORD);
            File file = new File(property2);
            if (!file.exists() && (property = System.getProperty("wso2wsas.home")) != null) {
                file = new File(new StringBuffer().append(property).append(File.separator).append(DeploymentConstants.DIRECTORY_CONF).append(File.separator).append(property2).toString());
            }
            if (file.exists()) {
                try {
                    fileInputStream = new FileInputStream(property2);
                    this.properties.put(XKMS_KEY_STORE_LOCATION, file.getAbsolutePath());
                    this.canSupportPersistence = true;
                } catch (FileNotFoundException e) {
                    throw new Exception(e);
                }
            }
            if (fileInputStream == null) {
                DiscoverResources discoverResources = new DiscoverResources();
                discoverResources.addClassLoader(JDKHooks.getJDKHooks().getThreadContextClassLoader());
                discoverResources.addClassLoader(this.classLoader);
                ResourceIterator findResources = discoverResources.findResources(property2);
                if (findResources.hasNext()) {
                    fileInputStream = findResources.nextResource().getResourceAsStream();
                }
                if (fileInputStream == null) {
                    ResourceIterator findResources2 = discoverResources.findResources(new StringBuffer().append("META-INF/").append(property2).toString());
                    if (findResources2.hasNext()) {
                        fileInputStream = findResources2.nextResource().getResourceAsStream();
                    }
                }
            }
            if (fileInputStream == null) {
                throw new Exception("specified keystore doesn't exist");
            }
            this.keystore = KeyStore.getInstance(KeyStore.getDefaultType());
            this.keystore.load(fileInputStream, property3.toCharArray());
        } catch (Exception e2) {
            throw new RuntimeException("Can't load keystore", e2);
        }
    }

    private void saveKeystore() throws XKMSException {
        if (this.canSupportPersistence) {
            try {
                this.keystore.store(new FileOutputStream(this.properties.getProperty(XKMS_KEY_STORE_LOCATION)), this.properties.getProperty(XKMS_KEY_STORE_PASSWORD).toCharArray());
            } catch (FileNotFoundException e) {
                throw new XKMSException(e);
            } catch (IOException e2) {
                throw new XKMSException(e2);
            } catch (KeyStoreException e3) {
                throw new XKMSException(e3);
            } catch (NoSuchAlgorithmException e4) {
                throw new XKMSException(e4);
            } catch (CertificateException e5) {
                throw new XKMSException(e5);
            }
        }
    }

    public PrivateKey getPrivateKey(String str, String str2) throws IllegalArgumentException {
        if (str == null) {
            throw new IllegalArgumentException("alias is null");
        }
        try {
            if (this.keystore.isKeyEntry(str)) {
                Key key = this.keystore.getKey(str, str2.toCharArray());
                if (key instanceof PrivateKey) {
                    return (PrivateKey) key;
                }
                throw new IllegalArgumentException(new StringBuffer().append("Key is not a private key, alias: ").append(str).toString());
            }
            if (!LOG.isDebugEnabled()) {
                return null;
            }
            LOG.error(new StringBuffer().append("Cannot find key for alias: ").append(str).toString());
            return null;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void addKeyInfo(List list, String str, X509Certificate[] x509CertificateArr, KeyBindingAbstractType keyBindingAbstractType) {
        KeyInfo keyInfo = new KeyInfo(this.doc);
        Iterator it = list.iterator();
        while (it.hasNext()) {
            RespondWith respondWith = (RespondWith) it.next();
            if (respondWith.equals(RespondWith.KEY_NAME)) {
                keyInfo.add(new KeyName(this.doc, str));
            } else if (respondWith.equals(RespondWith.KEY_VALUE)) {
                keyInfo.add(new KeyValue(this.doc, x509CertificateArr[0].getPublicKey()));
            } else if (respondWith.equals(RespondWith.X_509_CERT)) {
                addX509Certificate(x509CertificateArr[0], keyInfo);
            } else if (respondWith.equals(RespondWith.X_509_CHAIN)) {
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    addX509Certificate(x509Certificate, keyInfo);
                }
            }
        }
        keyBindingAbstractType.setKeyInfo(keyInfo);
    }

    private void addX509Certificate(X509Certificate x509Certificate, KeyInfo keyInfo) {
        X509Data x509Data = new X509Data(this.doc);
        try {
            x509Data.addCertificate(x509Certificate);
            keyInfo.add(x509Data);
        } catch (XMLSecurityException e) {
            throw new RuntimeException("Adding the X509Certificate to X509Data object failed", e);
        }
    }

    private void addKeyUsage(X509Certificate x509Certificate, KeyBindingAbstractType keyBindingAbstractType) {
        boolean[] keyUsage = x509Certificate.getKeyUsage();
        if (keyUsage != null) {
            if (keyUsage[0]) {
                keyBindingAbstractType.addKeyUsage(KeyUsage.SIGNATURE);
            }
            if (keyUsage[3]) {
                keyBindingAbstractType.addKeyUsage(KeyUsage.ENCRYPTION);
            }
        }
    }

    private void addValidationInterval(X509Certificate x509Certificate, KeyBinding keyBinding) {
        Date notBefore = x509Certificate.getNotBefore();
        Date notAfter = x509Certificate.getNotAfter();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(notBefore);
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTime(notAfter);
        keyBinding.setValidityInterval(calendar, calendar2);
    }

    private void addStatus(boolean z, KeyBinding keyBinding) {
        Status status = new Status();
        status.setStatusValue(z ? StatusValue.VALID : StatusValue.INVALID);
        if (z) {
            status.addValidReason(ValidReason.ISSUER_TRUST);
            status.addValidReason(ValidReason.REVOCATION_STATUS);
            status.addValidReason(ValidReason.SIGNATURE);
            status.addValidReason(ValidReason.VALIDITY_INTERVAL);
        } else {
            status.addInvalidReason(InvalidReason.ISSUER_TRUST);
            status.addInvalidReason(InvalidReason.REVOCATION_STATUS);
            status.addInvalidReason(InvalidReason.SIGNATURE);
            status.addInvalidReason(InvalidReason.VALIDITY_INTERVAL);
        }
        keyBinding.setStatus(status);
    }

    private Date[] getAdjustedValidityInterval(Calendar calendar, Calendar calendar2) {
        return getAdjustedValidityInterval(calendar == null ? null : calendar.getTime(), calendar2 == null ? null : calendar2.getTime());
    }

    private Date[] getAdjustedValidityInterval(Date date, Date date2) {
        Calendar calendar = Calendar.getInstance();
        Date time = calendar.getTime();
        Date date3 = date != null ? date.before(time) ? time : date : time;
        if (date2 == null) {
            calendar.add(6, this.validityPeriod);
            date2 = calendar.getTime();
        }
        return new Date[]{date3, date2.after(this.caexpiry) ? this.caexpiry : date2};
    }

    private void buildFault(RequestAbstractType requestAbstractType, ResultType resultType, XKMSException xKMSException) {
        resultType.setServiceURI(requestAbstractType.getServiceURI());
        Throwable cause = xKMSException.getCause();
        if (cause != null) {
            LOG.fatal("Exception is thrown when processing", cause);
        }
        switch (xKMSException.getErrorCode()) {
            case 1:
                resultType.setResultMajor(ResultMajor.SUCCESS);
                resultType.setResultMinor(ResultMinor.NO_MATCH);
                return;
            case 6:
                resultType.setResultMajor(ResultMajor.SENDER);
                resultType.setResultMinor(ResultMinor.NO_AUTHENTICATION);
                return;
            default:
                resultType.setResultMajor(ResultMajor.RECEIVER);
                resultType.setResultMinor(ResultMinor.FAILURE);
                return;
        }
    }

    private char[] getPrivateKeyPassword() {
        return this.properties.getProperty(XKMS_DEFAULT_PRIVATE_KEY_PASSWORD).toCharArray();
    }

    private String createAlias(long j) {
        return String.valueOf(j);
    }

    private long nextSerialNumber() {
        return System.currentTimeMillis();
    }

    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws XKMSException {
        return getAliasForX509Cert(str, bigInteger, true);
    }

    private String getAliasForX509Cert(String str, BigInteger bigInteger, boolean z) throws XKMSException {
        Certificate certificate;
        Vector splitAndTrim = splitAndTrim(str);
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if ((!z || (z && x509Certificate.getSerialNumber().compareTo(bigInteger) == 0)) && splitAndTrim(x509Certificate.getIssuerDN().getName()).equals(splitAndTrim)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new XKMSException("keystore");
        }
    }

    private Vector splitAndTrim(String str) {
        X509NameTokenizer x509NameTokenizer = new X509NameTokenizer(str);
        Vector vector = new Vector();
        while (x509NameTokenizer.hasMoreTokens()) {
            vector.add(x509NameTokenizer.nextToken());
        }
        Collections.sort(vector);
        return vector;
    }

    public String[] getAliasesForDN(String str) throws XKMSException {
        Vector splitAndTrim = splitAndTrim(str);
        Vector alias = getAlias(splitAndTrim, this.keystore);
        if (alias.size() == 0 && this.cacerts != null) {
            alias = getAlias(splitAndTrim, this.cacerts);
        }
        String[] strArr = new String[alias.size()];
        for (int i = 0; i < alias.size(); i++) {
            strArr[i] = (String) alias.elementAt(i);
        }
        return strArr;
    }

    private Vector getAlias(Vector vector, KeyStore keyStore) throws XKMSException {
        Certificate certificate;
        Vector vector2 = new Vector();
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = keyStore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = keyStore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                    new Certificate[1][0] = certificate;
                } else {
                    certificate = certificateChain[0];
                }
                if ((certificate instanceof X509Certificate) && vector.equals(splitAndTrim(((X509Certificate) certificate).getSubjectDN().getName()))) {
                    vector2.add(nextElement);
                }
            }
            return vector2;
        } catch (KeyStoreException e) {
            throw new XKMSException(e);
        }
    }

    public CertificateFactory getCertificateFactory() throws XKMSException {
        if (certFact == null) {
            try {
                String property = this.properties.getProperty(PROP_ID_CERT_PROVIDER);
                if (property == null || property.length() == 0) {
                    certFact = CertificateFactory.getInstance("X.509");
                } else {
                    certFact = CertificateFactory.getInstance("X.509", property);
                }
            } catch (NoSuchProviderException e) {
                throw new XKMSException("noSecProvider");
            } catch (CertificateException e2) {
                throw new XKMSException("unsupportedCertType");
            }
        }
        return certFact;
    }

    public boolean validateCertPath(X509Certificate[] x509CertificateArr) throws XKMSException {
        try {
            CertPath generateCertPath = getCertificateFactory().generateCertPath(Arrays.asList(x509CertificateArr));
            PKIXParameters pKIXParameters = new PKIXParameters(this.keystore);
            pKIXParameters.setRevocationEnabled(false);
            String property = this.properties.getProperty("org.apache.ws.security.crypto.merlin.cert.provider");
            ((property == null || property.length() == 0) ? CertPathValidator.getInstance("PKIX") : CertPathValidator.getInstance("PKIX", property)).validate(generateCertPath, pKIXParameters);
            return true;
        } catch (InvalidAlgorithmParameterException e) {
            throw new XKMSException("certpath");
        } catch (KeyStoreException e2) {
            throw new XKMSException("certpath");
        } catch (NoSuchAlgorithmException e3) {
            throw new XKMSException("certpath");
        } catch (NoSuchProviderException e4) {
            throw new XKMSException("certpath");
        } catch (CertPathValidatorException e5) {
            throw new XKMSException("certpath");
        } catch (CertificateException e6) {
            throw new XKMSException("certpath");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v19, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v26, types: [java.security.cert.Certificate[]] */
    public X509Certificate getCertificate(String str) throws XKMSException {
        X509Certificate[] x509CertificateArr = null;
        Object obj = null;
        try {
            if (this.keystore != null) {
                x509CertificateArr = this.keystore.getCertificateChain(str);
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    obj = this.keystore.getCertificate(str);
                }
            }
            if (x509CertificateArr == null && obj == null && this.cacerts != null) {
                x509CertificateArr = this.cacerts.getCertificateChain(str);
                if (x509CertificateArr == null) {
                    obj = this.cacerts.getCertificate(str);
                }
            }
            if (obj != null) {
                return (X509Certificate) obj;
            }
            if (x509CertificateArr == null) {
                return null;
            }
            return x509CertificateArr[0];
        } catch (KeyStoreException e) {
            throw new XKMSException("keystore");
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v17, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v23, types: [java.security.cert.Certificate[]] */
    /* JADX WARN: Type inference failed for: r0v30, types: [java.security.cert.Certificate[]] */
    public X509Certificate[] getCertificates(String str) throws XKMSException {
        X509Certificate[] x509CertificateArr = null;
        Certificate certificate = null;
        try {
            if (this.keystore != null) {
                x509CertificateArr = this.keystore.getCertificateChain(str);
                if (x509CertificateArr == null || x509CertificateArr.length == 0) {
                    certificate = this.keystore.getCertificate(str);
                }
            }
            if (x509CertificateArr == null && certificate == null && this.cacerts != null) {
                x509CertificateArr = this.cacerts.getCertificateChain(str);
                if (x509CertificateArr == null) {
                    certificate = this.cacerts.getCertificate(str);
                }
            }
            if (certificate != null) {
                x509CertificateArr = new Certificate[]{certificate};
            } else if (x509CertificateArr == null) {
                return null;
            }
            X509Certificate[] x509CertificateArr2 = new X509Certificate[x509CertificateArr.length];
            for (int i = 0; i < x509CertificateArr.length; i++) {
                x509CertificateArr2[i] = x509CertificateArr[i];
            }
            return x509CertificateArr2;
        } catch (KeyStoreException e) {
            throw new XKMSException("keystore");
        }
    }

    protected boolean verifyTrust(X509Certificate x509Certificate) throws XKMSException {
        if (x509Certificate == null) {
            return false;
        }
        String name = x509Certificate.getSubjectDN().getName();
        String name2 = x509Certificate.getIssuerDN().getName();
        BigInteger serialNumber = x509Certificate.getSerialNumber();
        if (LOG.isDebugEnabled()) {
            LOG.debug(new StringBuffer().append("WSHandler: Transmitted certificate has subject ").append(name).toString());
            LOG.debug(new StringBuffer().append("WSHandler: Transmitted certificate has issuer ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
        }
        String aliasForX509Cert = getAliasForX509Cert(name2, serialNumber);
        if (aliasForX509Cert != null) {
            X509Certificate[] certificates = getCertificates(aliasForX509Cert);
            if (certificates != null && certificates.length > 0 && x509Certificate.equals(certificates[0])) {
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug(new StringBuffer().append("Direct trust for certificate with ").append(name).toString());
                return true;
            }
        } else if (LOG.isDebugEnabled()) {
            LOG.debug(new StringBuffer().append("No alias found for subject from issuer with ").append(name2).append(" (serial ").append(serialNumber).append(")").toString());
        }
        String[] aliasesForDN = getAliasesForDN(name2);
        if (aliasesForDN == null || aliasesForDN.length < 1) {
            if (!LOG.isDebugEnabled()) {
                return false;
            }
            LOG.debug(new StringBuffer().append("No aliases found in keystore for issuer ").append(name2).append(" of certificate for ").append(name).toString());
            return false;
        }
        for (int i = 0; i < aliasesForDN.length; i++) {
            String str = aliasesForDN[i];
            if (LOG.isDebugEnabled()) {
                LOG.debug(new StringBuffer().append("Preparing to validate certificate path with alias ").append(str).append(" for issuer ").append(name2).toString());
            }
            X509Certificate[] certificates2 = getCertificates(str);
            if ((certificates2 == null) || (certificates2.length < 1)) {
                throw new XKMSException("noCertForAlias");
            }
            X509Certificate[] x509CertificateArr = new X509Certificate[certificates2.length + 1];
            x509CertificateArr[0] = x509Certificate;
            for (int i2 = 0; i2 < certificates2.length; i2++) {
                x509Certificate = certificates2[i];
                x509CertificateArr[certificates2.length + i2] = x509Certificate;
            }
            if (validateCertPath(x509CertificateArr)) {
                if (!LOG.isDebugEnabled()) {
                    return true;
                }
                LOG.debug(new StringBuffer().append("WSHandler: Certificate path has been verified for certificate with subject ").append(name).toString());
                return true;
            }
        }
        LOG.debug(new StringBuffer().append("WSHandler: Certificate path could not be verified for certificate with subject ").append(name).toString());
        return false;
    }

    public String getAliasForX509Cert(byte[] bArr) throws XKMSException {
        Object certificate;
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Object[] certificateChain = this.keystore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this.keystore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    byte[] sKIBytesFromCert = getSKIBytesFromCert((X509Certificate) certificate);
                    if (sKIBytesFromCert.length == bArr.length && Arrays.equals(sKIBytesFromCert, bArr)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            throw new XKMSException(e);
        }
    }

    public byte[] getSKIBytesFromCert(X509Certificate x509Certificate) throws XKMSException {
        byte[] extensionValue = x509Certificate.getExtensionValue(SKI_OID);
        if (x509Certificate.getVersion() >= 3 && extensionValue != null) {
            byte[] bArr = new byte[extensionValue.length - 4];
            System.arraycopy(extensionValue, 4, bArr, 0, bArr.length);
            return bArr;
        }
        PublicKey publicKey = x509Certificate.getPublicKey();
        if (!(publicKey instanceof RSAPublicKey)) {
            throw new XKMSException("noSKIHandling");
        }
        byte[] encoded = publicKey.getEncoded();
        byte[] bArr2 = new byte[encoded.length - 22];
        System.arraycopy(encoded, 22, bArr2, 0, bArr2.length);
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-1");
            messageDigest.reset();
            messageDigest.update(bArr2);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new XKMSException("noSKIHandling");
        }
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError().initCause(e);
        }
    }

    static {
        Class cls;
        if (class$org$wso2$xkms2$service$XKMSServerCrypto == null) {
            cls = class$("org.wso2.xkms2.service.XKMSServerCrypto");
            class$org$wso2$xkms2$service$XKMSServerCrypto = cls;
        } else {
            cls = class$org$wso2$xkms2$service$XKMSServerCrypto;
        }
        LOG = LogFactory.getLog(cls.getName());
        SKI_OID = "2.5.29.14";
    }
}
