package org.wso2.carbon.security.keystore;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.text.Format;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.Iterator;
import org.apache.axiom.om.util.Base64;
import org.apache.axis2.context.MessageContext;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.registry.core.Association;
import org.wso2.carbon.registry.core.Registry;
import org.wso2.carbon.registry.core.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.keystore.service.CertData;
import org.wso2.carbon.security.keystore.service.CertDataDetail;
import org.wso2.carbon.security.keystore.service.KeyStoreData;
import org.wso2.carbon.security.util.KeyStoreMgtUtil;
import org.wso2.carbon.utils.CarbonUtils;

/* loaded from: input_file:org/wso2/carbon/security/keystore/KeyStoreAdmin.class */
public class KeyStoreAdmin {
    private Registry registry;
    private int tenantId;
    private static Log log = LogFactory.getLog(KeyStoreAdmin.class);
    private boolean includeCert = false;

    public boolean isIncludeCert() {
        return this.includeCert;
    }

    public void setIncludeCert(boolean z) {
        this.includeCert = z;
    }

    public KeyStoreAdmin(int i, Registry registry) {
        this.registry = null;
        this.registry = registry;
        this.tenantId = i;
    }

    public KeyStoreData[] getKeyStores(boolean z) throws SecurityConfigException {
        Association[] associations;
        CarbonUtils.checkSecurity();
        KeyStoreData[] keyStoreDataArr = new KeyStoreData[0];
        try {
            if (this.registry.resourceExists(SecurityConstants.KEY_STORES)) {
                String[] children = this.registry.get(SecurityConstants.KEY_STORES).getChildren();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < children.length; i++) {
                    String str = children[i];
                    if (!"/repository/security/key-stores/carbon-primary-ks".equals(str)) {
                        Resource resource = this.registry.get(children[i]);
                        String substring = str.substring(str.lastIndexOf("/") + 1);
                        String property = resource.getProperty(SecurityConstants.PROP_TYPE);
                        String property2 = resource.getProperty(SecurityConstants.PROP_PROVIDER);
                        KeyStoreData keyStoreData = new KeyStoreData();
                        keyStoreData.setKeyStoreName(substring);
                        keyStoreData.setKeyStoreType(property);
                        keyStoreData.setProvider(property2);
                        if (resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_ALIAS) != null) {
                            keyStoreData.setPrivateStore(true);
                        } else {
                            keyStoreData.setPrivateStore(false);
                        }
                        if (!z && (associations = this.registry.getAssociations(children[i], SecurityConstants.ASSOCIATION_TENANT_KS_PUB_KEY)) != null && associations.length > 0) {
                            Resource resource2 = this.registry.get(associations[0].getDestinationPath());
                            keyStoreData.setPubKeyFilePath(KeyStoreMgtUtil.dumpCert(MessageContext.getCurrentMessageContext().getConfigurationContext(), (byte[]) resource2.getContent(), generatePubCertFileName(children[i], resource2.getProperty(SecurityConstants.PROP_TENANT_PUB_KEY_FILE_NAME_APPENDER))));
                        }
                        arrayList.add(keyStoreData);
                    }
                }
                keyStoreDataArr = new KeyStoreData[arrayList.size() + 1];
                Iterator it = arrayList.iterator();
                int i2 = 0;
                while (it.hasNext()) {
                    keyStoreDataArr[i2] = (KeyStoreData) it.next();
                    i2++;
                }
                if (z) {
                    KeyStoreData keyStoreData2 = new KeyStoreData();
                    ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
                    String firstProperty = serverConfiguration.getFirstProperty("Security.KeyStore.Location");
                    String firstProperty2 = serverConfiguration.getFirstProperty("Security.KeyStore.Type");
                    keyStoreData2.setKeyStoreName(KeyStoreUtil.getKeyStoreFileName(firstProperty));
                    keyStoreData2.setKeyStoreType(firstProperty2);
                    keyStoreData2.setProvider(" ");
                    keyStoreData2.setPrivateStore(true);
                    keyStoreDataArr[i2] = keyStoreData2;
                }
            }
            return keyStoreDataArr;
        } catch (RegistryException e) {
            log.error(e.getMessage(), e);
            throw new SecurityConfigException(e.getMessage(), e);
        }
    }

    public void addKeyStoreWithFilePath(String str, String str2, String str3, String str4, String str5, String str6) throws SecurityConfigException {
        try {
            addKeyStore(readBytesFromFile(str), str2, str3, str4, str5, str6);
        } catch (IOException e) {
            throw new SecurityConfigException("Error while loading keystore from file " + str);
        }
    }

    public void addKeyStore(String str, String str2, String str3, String str4, String str5, String str6) throws SecurityConfigException {
        addKeyStore(Base64.decode(str), str2, str3, str4, str5, str6);
    }

    public void addKeyStore(byte[] bArr, String str, String str2, String str3, String str4, String str5) throws SecurityConfigException {
        if (str == null) {
            throw new SecurityConfigException("Key Store name can't be null");
        }
        try {
            if (KeyStoreUtil.isPrimaryStore(str)) {
                throw new SecurityConfigException("Key store " + str + " already available");
            }
            String str6 = "/repository/security/key-stores/" + str;
            if (this.registry.resourceExists(str6)) {
                throw new SecurityConfigException("Key store " + str + " already available");
            }
            KeyStore keyStore = KeyStore.getInstance(str4);
            keyStore.load(new ByteArrayInputStream(bArr), str2.toCharArray());
            Enumeration<String> aliases = keyStore.aliases();
            String str7 = null;
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    if (str7 != null) {
                        throw new SecurityConfigException("more than one private key");
                    }
                    str7 = nextElement;
                }
            }
            keyStore.getKey(str7, str5.toCharArray());
            CryptoUtil defaultCryptoUtil = CryptoUtil.getDefaultCryptoUtil();
            Resource newResource = this.registry.newResource();
            newResource.addProperty(SecurityConstants.PROP_PASSWORD, defaultCryptoUtil.encryptAndBase64Encode(str2.getBytes()));
            newResource.addProperty(SecurityConstants.PROP_PROVIDER, str3);
            newResource.addProperty(SecurityConstants.PROP_TYPE, str4);
            if (str7 != null) {
                newResource.addProperty(SecurityConstants.PROP_PRIVATE_KEY_ALIAS, str7);
                newResource.addProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS, defaultCryptoUtil.encryptAndBase64Encode(str5.getBytes()));
            }
            newResource.setContent(bArr);
            this.registry.put(str6, newResource);
        } catch (SecurityConfigException e) {
            throw e;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new SecurityConfigException(e2.getMessage(), e2);
        }
    }

    public void deleteStore(String str) throws SecurityConfigException {
        if (str != null) {
            try {
                String trim = str.trim();
                if (trim.length() != 0) {
                    if (KeyStoreUtil.isPrimaryStore(trim)) {
                        throw new SecurityConfigException("Not allowed to delete the primary key store : " + trim);
                    }
                    String str2 = "/repository/security/key-stores/" + trim;
                    boolean z = false;
                    if (this.registry.getAllAssociations(str2).length > 0) {
                        z = true;
                    }
                    if (z) {
                        throw new SecurityConfigException("Key store : " + trim + " is already in use and can't be deleted");
                    }
                    this.registry.delete(str2);
                    return;
                }
            } catch (RegistryException e) {
                log.error(e.getMessage(), e);
                throw new SecurityConfigException(e.getMessage(), e);
            }
        }
        throw new SecurityConfigException("Key Store name can't be null");
    }

    public void importCertToStore(String str, String str2, String str3) throws SecurityConfigException {
        try {
            if (str3 == null) {
                throw new SecurityConfigException("Key Store name can't be null");
            }
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(this.tenantId);
            KeyStore keyStore = keyStoreManager.getKeyStore(str3);
            byte[] decode = Base64.decode(str2);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode));
                if (keyStore.getCertificateAlias(x509Certificate) != null) {
                    return;
                }
                keyStore.setCertificateEntry(str, x509Certificate);
                keyStoreManager.updateKeyStore(str3, keyStore);
            } catch (CertificateException e) {
                log.error(e.getMessage(), e);
                throw new SecurityConfigException("Invalid format of the provided certificate file");
            }
        } catch (SecurityConfigException e2) {
            throw e2;
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            throw new SecurityConfigException(e3.getMessage(), e3);
        }
    }

    public String importCertToStore(String str, String str2) throws SecurityConfigException {
        try {
            if (str2 == null) {
                throw new SecurityConfigException("Key Store name can't be null");
            }
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(this.tenantId);
            KeyStore keyStore = keyStoreManager.getKeyStore(str2);
            byte[] decode = Base64.decode(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(decode));
                if (keyStore.getCertificateAlias(x509Certificate) != null) {
                    return null;
                }
                String name = x509Certificate.getSubjectDN().getName();
                keyStore.setCertificateEntry(name, x509Certificate);
                keyStoreManager.updateKeyStore(str2, keyStore);
                return name;
            } catch (Exception e) {
                throw new SecurityConfigException("Invalid format of the provided certificate file");
            }
        } catch (SecurityConfigException e2) {
            throw e2;
        } catch (Exception e3) {
            log.error(e3.getMessage(), e3);
            throw new SecurityConfigException(e3.getMessage(), e3);
        }
    }

    public void removeCertFromStore(String str, String str2) throws SecurityConfigException {
        try {
            if (str2 == null) {
                throw new SecurityConfigException("Key Store name can't be null");
            }
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(this.tenantId);
            KeyStore keyStore = keyStoreManager.getKeyStore(str2);
            if (keyStore.getCertificate(str) == null) {
                return;
            }
            keyStore.deleteEntry(str);
            keyStoreManager.updateKeyStore(str2, keyStore);
        } catch (SecurityConfigException e) {
            throw e;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new SecurityConfigException(e2.getMessage(), e2);
        }
    }

    public String[] getStoreEntries(String str) throws SecurityConfigException {
        try {
            if (str == null) {
                throw new Exception("keystore name cannot be null");
            }
            Enumeration<String> aliases = KeyStoreManager.getInstance(this.tenantId).getKeyStore(str).aliases();
            ArrayList arrayList = new ArrayList();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            return (String[]) arrayList.toArray(new String[arrayList.size()]);
        } catch (SecurityConfigException e) {
            throw e;
        } catch (Exception e2) {
            log.error(e2.getMessage(), e2);
            throw new SecurityConfigException(e2.getMessage(), e2);
        }
    }

    private String getAlias(X509Certificate x509Certificate) throws SecurityConfigException {
        String[] split = x509Certificate.getSubjectDN().getName().split(",");
        String str = null;
        int i = 0;
        while (true) {
            if (i >= split.length) {
                break;
            }
            String trim = split[i].trim();
            if (trim.startsWith("CN")) {
                str = trim.substring(3).toLowerCase();
                break;
            }
            i++;
        }
        if (str == null) {
            throw new SecurityConfigException("Null Alias");
        }
        return str;
    }

    public KeyStoreData getKeystoreInfo(String str) throws SecurityConfigException {
        KeyStore keyStore;
        String property;
        String str2;
        try {
            if (str == null) {
                throw new Exception("keystore name cannot be null");
            }
            if (KeyStoreUtil.isPrimaryStore(str)) {
                keyStore = KeyStoreManager.getInstance(this.tenantId).getPrimaryKeyStore();
                ServerConfiguration serverConfiguration = ServerConfiguration.getInstance();
                property = serverConfiguration.getFirstProperty("Security.KeyStore.Type");
                str2 = serverConfiguration.getFirstProperty("Security.KeyStore.KeyPassword");
            } else {
                String str3 = "/repository/security/key-stores/" + str;
                if (!this.registry.resourceExists(str3)) {
                    throw new SecurityConfigException("Key Store not found");
                }
                Resource resource = this.registry.get(str3);
                keyStore = KeyStoreManager.getInstance(this.tenantId).getKeyStore(str);
                property = resource.getProperty(SecurityConstants.PROP_TYPE);
                str2 = new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(resource.getProperty(SecurityConstants.PROP_PRIVATE_KEY_PASS)));
            }
            Enumeration<String> aliases = keyStore.aliases();
            ArrayList arrayList = new ArrayList();
            SimpleDateFormat simpleDateFormat = new SimpleDateFormat("dd/MM/yyyy");
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (keyStore.isCertificateEntry(nextElement)) {
                    arrayList.add(fillCertData((X509Certificate) keyStore.getCertificate(nextElement), nextElement, simpleDateFormat));
                }
            }
            CertData[] certDataArr = (CertData[]) arrayList.toArray(new CertData[arrayList.size()]);
            KeyStoreData keyStoreData = new KeyStoreData();
            keyStoreData.setKeyStoreName(str);
            keyStoreData.setCerts(certDataArr);
            keyStoreData.setKeyStoreType(property);
            Enumeration<String> aliases2 = keyStore.aliases();
            while (true) {
                if (!aliases2.hasMoreElements()) {
                    break;
                }
                String nextElement2 = aliases2.nextElement();
                if (keyStore.isKeyEntry(nextElement2)) {
                    keyStoreData.setKey(fillCertData((X509Certificate) keyStore.getCertificate(nextElement2), nextElement2, simpleDateFormat));
                    keyStoreData.setKeyValue(("-----BEGIN PRIVATE KEY-----\n" + Base64.encode(((PrivateKey) keyStore.getKey(nextElement2, str2.toCharArray())).getEncoded())) + "\n-----END PRIVATE KEY-----");
                    break;
                }
            }
            return keyStoreData;
        } catch (Exception e) {
            String str4 = "Error has encounted while loading the keystore to the given keystore name " + str;
            log.error(str4, e);
            throw new SecurityConfigException(str4);
        }
    }

    public Key getPrivateKey(String str, boolean z) throws SecurityConfigException {
        for (KeyStoreData keyStoreData : getKeyStores(z)) {
            try {
                if (KeyStoreUtil.isPrimaryStore(keyStoreData.getKeyStoreName())) {
                    return KeyStoreManager.getInstance(this.tenantId).getPrimaryKeyStore().getKey(str, ServerConfiguration.getInstance().getFirstProperty("Security.KeyStore.KeyPassword").toCharArray());
                }
            } catch (Exception e) {
                String str2 = "Error has encounted while loading the key for the given alias " + str;
                log.error(str2, e);
                throw new SecurityConfigException(str2);
            }
        }
        return null;
    }

    private CertData fillCertData(X509Certificate x509Certificate, String str, Format format) throws CertificateEncodingException {
        CertData certDataDetail = this.includeCert ? new CertDataDetail() : new CertData();
        certDataDetail.setAlias(str);
        certDataDetail.setSubjectDN(x509Certificate.getSubjectDN().getName());
        certDataDetail.setIssuerDN(x509Certificate.getIssuerDN().getName());
        certDataDetail.setSerialNumber(x509Certificate.getSerialNumber());
        certDataDetail.setVersion(x509Certificate.getVersion());
        certDataDetail.setNotAfter(format.format(x509Certificate.getNotAfter()));
        certDataDetail.setNotBefore(format.format(x509Certificate.getNotBefore()));
        certDataDetail.setPublicKey(Base64.encode(x509Certificate.getPublicKey().getEncoded()));
        if (this.includeCert) {
            ((CertDataDetail) certDataDetail).setCertificate(x509Certificate);
        }
        return certDataDetail;
    }

    private byte[] readBytesFromFile(String str) throws IOException {
        int read;
        FileInputStream fileInputStream = null;
        File file = new File(str);
        int i = 0;
        try {
            fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[(int) file.length()];
            while (i < bArr.length && (read = fileInputStream.read(bArr, i, bArr.length - i)) >= 0) {
                i += read;
            }
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            return bArr;
        } catch (Throwable th) {
            if (fileInputStream != null) {
                fileInputStream.close();
            }
            throw th;
        }
    }

    private String generatePubCertFileName(String str, String str2) {
        String substring = str.substring(str.lastIndexOf("/"));
        if (substring.endsWith(".jks")) {
            substring = substring.replace(".jks", "");
        }
        return substring + "-" + str2 + ".cert";
    }
}
