package org.springframework.ws.soap.security.xwss.callback;

import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertPathBuilder;
import java.security.cert.CertPathBuilderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import javax.crypto.SecretKey;
import org.apache.xml.security.utils.RFC2253Parser;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.core.io.FileSystemResource;
import org.springframework.core.io.Resource;
import org.springframework.util.StringUtils;
import org.springframework.ws.soap.security.support.KeyStoreFactoryBean;

/* loaded from: input_file:org/springframework/ws/soap/security/xwss/callback/KeyStoreCallbackHandler.class */
public class KeyStoreCallbackHandler extends CryptographyCallbackHandler implements InitializingBean {
    private static final String X_509_CERTIFICATE_TYPE = "X.509";
    private static final String SUBJECT_KEY_IDENTIFIER_OID = "2.5.29.14";
    private KeyStore keyStore;
    private KeyStore symmetricStore;
    private KeyStore trustStore;
    private String defaultAlias;
    private char[] privateKeyPassword;
    private char[] symmetricKeyPassword;

    /* renamed from: org.springframework.ws.soap.security.xwss.callback.KeyStoreCallbackHandler$1, reason: invalid class name */
    /* loaded from: input_file:org/springframework/ws/soap/security/xwss/callback/KeyStoreCallbackHandler$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:org/springframework/ws/soap/security/xwss/callback/KeyStoreCallbackHandler$KeyStoreCertificateValidator.class */
    private class KeyStoreCertificateValidator implements CertificateValidationCallback.CertificateValidator {
        private final KeyStoreCallbackHandler this$0;

        private KeyStoreCertificateValidator(KeyStoreCallbackHandler keyStoreCallbackHandler) {
            this.this$0 = keyStoreCallbackHandler;
        }

        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            if (isOwnedCert(x509Certificate)) {
                if (!this.this$0.logger.isDebugEnabled()) {
                    return true;
                }
                this.this$0.logger.debug(new StringBuffer().append("Certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] is in private keystore").toString());
                return true;
            }
            if (this.this$0.trustStore == null) {
                return false;
            }
            try {
                x509Certificate.checkValidity();
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509Certificate);
                try {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.this$0.trustStore, x509CertSelector);
                    pKIXBuilderParameters.setRevocationEnabled(false);
                    try {
                        CertPathBuilder.getInstance("PKIX").build(pKIXBuilderParameters);
                        if (!this.this$0.logger.isDebugEnabled()) {
                            return true;
                        }
                        this.this$0.logger.debug(new StringBuffer().append("Certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] validated").toString());
                        return true;
                    } catch (InvalidAlgorithmParameterException e) {
                        if (!this.this$0.logger.isDebugEnabled()) {
                            return false;
                        }
                        this.this$0.logger.debug(new StringBuffer().append("Algorithm of certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] could not be validated").toString());
                        return false;
                    } catch (CertPathBuilderException e2) {
                        if (!this.this$0.logger.isDebugEnabled()) {
                            return false;
                        }
                        this.this$0.logger.debug(new StringBuffer().append("Certification path of certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] could not be validated").toString());
                        return false;
                    }
                } catch (GeneralSecurityException e3) {
                    throw new CertificateValidationCallback.CertificateValidationException("Could not create PKIX CertPathBuilder", e3);
                }
            } catch (CertificateExpiredException e4) {
                if (!this.this$0.logger.isDebugEnabled()) {
                    return false;
                }
                this.this$0.logger.debug(new StringBuffer().append("Certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] has expired").toString());
                return false;
            } catch (CertificateNotYetValidException e5) {
                if (!this.this$0.logger.isDebugEnabled()) {
                    return false;
                }
                this.this$0.logger.debug(new StringBuffer().append("Certificate with DN [").append(x509Certificate.getSubjectX500Principal().getName()).append("] is not yet valid").toString());
                return false;
            }
        }

        private boolean isOwnedCert(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            X509Certificate x509Certificate2;
            if (this.this$0.keyStore == null) {
                return false;
            }
            try {
                Enumeration<String> aliases = this.this$0.keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (this.this$0.keyStore.isKeyEntry(nextElement) && (x509Certificate2 = (X509Certificate) this.this$0.keyStore.getCertificate(nextElement)) != null && x509Certificate2.equals(x509Certificate)) {
                        return true;
                    }
                }
                return false;
            } catch (GeneralSecurityException e) {
                throw new CertificateValidationCallback.CertificateValidationException("Could not determine whether certificate is contained in main key store", e);
            }
        }

        KeyStoreCertificateValidator(KeyStoreCallbackHandler keyStoreCallbackHandler, AnonymousClass1 anonymousClass1) {
            this(keyStoreCallbackHandler);
        }
    }

    private static X509Certificate getCertificate(String str, KeyStore keyStore) throws IOException {
        try {
            return (X509Certificate) keyStore.getCertificate(str);
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    private static X509Certificate getCertificate(PublicKey publicKey, KeyStore keyStore) throws IOException {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null && X_509_CERTIFICATE_TYPE.equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if (x509Certificate.getPublicKey().equals(publicKey)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    public void setDefaultAlias(String str) {
        this.defaultAlias = str;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    public void setPrivateKeyPassword(String str) {
        if (str != null) {
            this.privateKeyPassword = str.toCharArray();
        }
    }

    public void setSymmetricKeyPassword(String str) {
        if (str != null) {
            this.symmetricKeyPassword = str.toCharArray();
        }
    }

    public void setSymmetricStore(KeyStore keyStore) {
        this.symmetricStore = keyStore;
    }

    public void setTrustStore(KeyStore keyStore) {
        this.trustStore = keyStore;
    }

    public void afterPropertiesSet() throws Exception {
        if (this.keyStore == null) {
            loadDefaultKeyStore();
        }
        if (this.trustStore == null) {
            loadDefaultTrustStore();
        }
        if (this.symmetricStore == null) {
            this.symmetricStore = this.keyStore;
        }
        if (this.symmetricKeyPassword == null) {
            this.symmetricKeyPassword = this.privateKeyPassword;
        }
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleAliasPrivKeyCertRequest(SignatureKeyCallback signatureKeyCallback, SignatureKeyCallback.AliasPrivKeyCertRequest aliasPrivKeyCertRequest) throws IOException {
        PrivateKey privateKey = getPrivateKey(aliasPrivKeyCertRequest.getAlias());
        X509Certificate certificate = getCertificate(aliasPrivKeyCertRequest.getAlias());
        aliasPrivKeyCertRequest.setPrivateKey(privateKey);
        aliasPrivKeyCertRequest.setX509Certificate(certificate);
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleAliasSymmetricKeyRequest(DecryptionKeyCallback decryptionKeyCallback, DecryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest) throws IOException {
        aliasSymmetricKeyRequest.setSymmetricKey(getSymmetricKey(aliasSymmetricKeyRequest.getAlias()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleAliasSymmetricKeyRequest(EncryptionKeyCallback encryptionKeyCallback, EncryptionKeyCallback.AliasSymmetricKeyRequest aliasSymmetricKeyRequest) throws IOException {
        aliasSymmetricKeyRequest.setSymmetricKey(getSymmetricKey(aliasSymmetricKeyRequest.getAlias()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleAliasX509CertificateRequest(EncryptionKeyCallback encryptionKeyCallback, EncryptionKeyCallback.AliasX509CertificateRequest aliasX509CertificateRequest) throws IOException {
        aliasX509CertificateRequest.setX509Certificate(getCertificateFromTrustStore(aliasX509CertificateRequest.getAlias()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleCertificateValidationCallback(CertificateValidationCallback certificateValidationCallback) {
        certificateValidationCallback.setValidator(new KeyStoreCertificateValidator(this, null));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleDefaultPrivKeyCertRequest(SignatureKeyCallback signatureKeyCallback, SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest) throws IOException {
        PrivateKey privateKey = getPrivateKey(this.defaultAlias);
        X509Certificate certificate = getCertificate(this.defaultAlias);
        defaultPrivKeyCertRequest.setPrivateKey(privateKey);
        defaultPrivKeyCertRequest.setX509Certificate(certificate);
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleDefaultX509CertificateRequest(EncryptionKeyCallback encryptionKeyCallback, EncryptionKeyCallback.DefaultX509CertificateRequest defaultX509CertificateRequest) throws IOException {
        defaultX509CertificateRequest.setX509Certificate(getCertificateFromTrustStore(this.defaultAlias));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handlePublicKeyBasedPrivKeyCertRequest(SignatureKeyCallback signatureKeyCallback, SignatureKeyCallback.PublicKeyBasedPrivKeyCertRequest publicKeyBasedPrivKeyCertRequest) throws IOException {
        PrivateKey privateKey = getPrivateKey(publicKeyBasedPrivKeyCertRequest.getPublicKey());
        X509Certificate certificate = getCertificate(publicKeyBasedPrivKeyCertRequest.getPublicKey());
        publicKeyBasedPrivKeyCertRequest.setPrivateKey(privateKey);
        publicKeyBasedPrivKeyCertRequest.setX509Certificate(certificate);
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handlePublicKeyBasedPrivKeyRequest(DecryptionKeyCallback decryptionKeyCallback, DecryptionKeyCallback.PublicKeyBasedPrivKeyRequest publicKeyBasedPrivKeyRequest) throws IOException {
        publicKeyBasedPrivKeyRequest.setPrivateKey(getPrivateKey(publicKeyBasedPrivKeyRequest.getPublicKey()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handlePublicKeyBasedRequest(EncryptionKeyCallback encryptionKeyCallback, EncryptionKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest) throws IOException {
        publicKeyBasedRequest.setX509Certificate(getCertificateFromTrustStore(publicKeyBasedRequest.getPublicKey()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handlePublicKeyBasedRequest(SignatureVerificationKeyCallback signatureVerificationKeyCallback, SignatureVerificationKeyCallback.PublicKeyBasedRequest publicKeyBasedRequest) throws IOException {
        publicKeyBasedRequest.setX509Certificate(getCertificateFromTrustStore(publicKeyBasedRequest.getPublicKey()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleX509CertificateBasedRequest(DecryptionKeyCallback decryptionKeyCallback, DecryptionKeyCallback.X509CertificateBasedRequest x509CertificateBasedRequest) throws IOException {
        x509CertificateBasedRequest.setPrivateKey(getPrivateKey(x509CertificateBasedRequest.getX509Certificate()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleX509IssuerSerialBasedRequest(DecryptionKeyCallback decryptionKeyCallback, DecryptionKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest) throws IOException {
        x509IssuerSerialBasedRequest.setPrivateKey(getPrivateKey(x509IssuerSerialBasedRequest.getIssuerName(), x509IssuerSerialBasedRequest.getSerialNumber()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleX509IssuerSerialBasedRequest(SignatureVerificationKeyCallback signatureVerificationKeyCallback, SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest x509IssuerSerialBasedRequest) throws IOException {
        x509IssuerSerialBasedRequest.setX509Certificate(getCertificateFromTrustStore(x509IssuerSerialBasedRequest.getIssuerName(), x509IssuerSerialBasedRequest.getSerialNumber()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleX509SubjectKeyIdentifierBasedRequest(DecryptionKeyCallback decryptionKeyCallback, DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest) throws IOException {
        x509SubjectKeyIdentifierBasedRequest.setPrivateKey(getPrivateKey(x509SubjectKeyIdentifierBasedRequest.getSubjectKeyIdentifier()));
    }

    @Override // org.springframework.ws.soap.security.xwss.callback.CryptographyCallbackHandler
    protected final void handleX509SubjectKeyIdentifierBasedRequest(SignatureVerificationKeyCallback signatureVerificationKeyCallback, SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest x509SubjectKeyIdentifierBasedRequest) throws IOException {
        x509SubjectKeyIdentifierBasedRequest.setX509Certificate(getCertificateFromTrustStore(x509SubjectKeyIdentifierBasedRequest.getSubjectKeyIdentifier()));
    }

    protected X509Certificate getCertificate(String str) throws IOException {
        return getCertificate(str, this.keyStore);
    }

    protected X509Certificate getCertificate(PublicKey publicKey) throws IOException {
        return getCertificate(publicKey, this.keyStore);
    }

    protected X509Certificate getCertificateFromTrustStore(String str) throws IOException {
        return getCertificate(str, this.trustStore);
    }

    protected X509Certificate getCertificateFromTrustStore(byte[] bArr) throws IOException {
        X509Certificate x509Certificate;
        byte[] subjectKeyIdentifier;
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if (certificate != null && X_509_CERTIFICATE_TYPE.equals(certificate.getType()) && (subjectKeyIdentifier = getSubjectKeyIdentifier((x509Certificate = (X509Certificate) certificate))) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return x509Certificate;
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected X509Certificate getCertificateFromTrustStore(PublicKey publicKey) throws IOException {
        return getCertificate(publicKey, this.trustStore);
    }

    protected X509Certificate getCertificateFromTrustStore(String str, BigInteger bigInteger) throws IOException {
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if (certificate != null && X_509_CERTIFICATE_TYPE.equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                    BigInteger serialNumber = x509Certificate.getSerialNumber();
                    if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected PrivateKey getPrivateKey(String str) throws IOException {
        try {
            return (PrivateKey) this.keyStore.getKey(str, this.privateKeyPassword);
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected PrivateKey getPrivateKey(PublicKey publicKey) throws IOException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement)) {
                    return (PrivateKey) this.keyStore.getKey(nextElement, this.privateKeyPassword);
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected PrivateKey getPrivateKey(X509Certificate x509Certificate) throws IOException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    if (certificate != null && certificate.equals(x509Certificate)) {
                        return (PrivateKey) this.keyStore.getKey(nextElement, this.privateKeyPassword);
                    }
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected PrivateKey getPrivateKey(byte[] bArr) throws IOException {
        Certificate certificate;
        byte[] subjectKeyIdentifier;
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && X_509_CERTIFICATE_TYPE.equals(certificate.getType()) && (subjectKeyIdentifier = getSubjectKeyIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return (PrivateKey) this.keyStore.getKey(nextElement, this.privateKeyPassword);
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected PrivateKey getPrivateKey(String str, BigInteger bigInteger) throws IOException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && X_509_CERTIFICATE_TYPE.equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                    BigInteger serialNumber = x509Certificate.getSerialNumber();
                    if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                        return (PrivateKey) this.keyStore.getKey(nextElement, this.privateKeyPassword);
                    }
                }
            }
            return null;
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected final byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue(SUBJECT_KEY_IDENTIFIER_OID);
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = new byte[extensionValue.length - 4];
        System.arraycopy(extensionValue, 4, bArr, 0, extensionValue.length - 4);
        return bArr;
    }

    protected SecretKey getSymmetricKey(String str) throws IOException {
        try {
            return (SecretKey) this.symmetricStore.getKey(str, this.symmetricKeyPassword);
        } catch (GeneralSecurityException e) {
            throw new IOException(e.getMessage());
        }
    }

    protected void loadDefaultKeyStore() {
        FileSystemResource fileSystemResource = null;
        String str = null;
        String str2 = null;
        String property = System.getProperty("javax.net.ssl.keyStore");
        if (StringUtils.hasLength(property)) {
            File file = new File(property);
            if (file.exists() && file.isFile() && file.canRead()) {
                fileSystemResource = new FileSystemResource(file);
            }
            String property2 = System.getProperty("javax.net.ssl.keyStorePassword");
            if (StringUtils.hasLength(property2)) {
                str2 = property2;
            }
            str = System.getProperty("javax.net.ssl.trustStore");
        }
        KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
        keyStoreFactoryBean.setLocation(fileSystemResource);
        keyStoreFactoryBean.setPassword(str2);
        keyStoreFactoryBean.setType(str);
        try {
            keyStoreFactoryBean.afterPropertiesSet();
            this.keyStore = (KeyStore) keyStoreFactoryBean.getObject();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Loaded default key store");
            }
        } catch (Exception e) {
            this.logger.warn("Could not open default key store", e);
        }
    }

    protected void loadDefaultTrustStore() {
        Resource resource = null;
        String str = null;
        String str2 = null;
        String property = System.getProperty("javax.net.ssl.trustStore");
        if (StringUtils.hasLength(property)) {
            File file = new File(property);
            if (file.exists() && file.isFile() && file.canRead()) {
                resource = new FileSystemResource(file);
            }
            String property2 = System.getProperty("javax.net.ssl.trustStorePassword");
            if (StringUtils.hasLength(property2)) {
                str2 = property2;
            }
            str = System.getProperty("javax.net.ssl.trustStoreType");
        } else {
            String property3 = System.getProperty("java.home");
            resource = new FileSystemResource(new StringBuffer().append(property3).append("/lib/security/jssecacerts").toString());
            if (!resource.exists()) {
                resource = new FileSystemResource(new StringBuffer().append(property3).append("/lib/security/cacerts").toString());
            }
        }
        KeyStoreFactoryBean keyStoreFactoryBean = new KeyStoreFactoryBean();
        keyStoreFactoryBean.setLocation(resource);
        keyStoreFactoryBean.setPassword(str2);
        keyStoreFactoryBean.setType(str);
        try {
            keyStoreFactoryBean.afterPropertiesSet();
            this.trustStore = (KeyStore) keyStoreFactoryBean.getObject();
            if (this.logger.isDebugEnabled()) {
                this.logger.debug("Loaded default trust store");
            }
        } catch (Exception e) {
            this.logger.warn("Could not open default trust store", e);
        }
    }
}
