package org.wso2.carbon.core.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.util.Date;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.base.MultitenantConstants;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.internal.CarbonCoreDataHolder;
import org.wso2.carbon.registry.api.Registry;
import org.wso2.carbon.registry.api.Resource;
import org.wso2.carbon.registry.core.exceptions.RegistryException;
import org.wso2.carbon.registry.core.service.RegistryService;
import org.wso2.carbon.utils.CarbonUtils;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/org.wso2.carbon.core_4.2.0.jar:org/wso2/carbon/core/util/KeyStoreManager.class
 */
/* loaded from: input_file:lib/org.wso2.carbon.core_4.0.1.jar:org/wso2/carbon/core/util/KeyStoreManager.class */
public class KeyStoreManager {
    private KeyStore primaryKeyStore = null;
    private static ConcurrentHashMap<String, KeyStoreManager> mtKeyStoreManagers = new ConcurrentHashMap<>();
    private static Log log = LogFactory.getLog(KeyStoreManager.class);
    private Registry registry;
    private ConcurrentHashMap<String, KeyStoreBean> loadedKeyStores;
    private int tenantId;
    private ServerConfigurationService serverConfigService;
    private RegistryService registryService;

    private KeyStoreManager(int i, ServerConfigurationService serverConfigurationService, RegistryService registryService) {
        this.registry = null;
        this.loadedKeyStores = null;
        this.tenantId = MultitenantConstants.SUPER_TENANT_ID;
        this.serverConfigService = serverConfigurationService;
        this.registryService = registryService;
        this.loadedKeyStores = new ConcurrentHashMap<>();
        this.tenantId = i;
        try {
            this.registry = registryService.getGovernanceSystemRegistry(i);
        } catch (RegistryException e) {
            log.error("Error when retrieving the system governance registry", e);
            throw new SecurityException("Error when retrieving the system governance registry", e);
        }
    }

    public ServerConfigurationService getServerConfigService() {
        return this.serverConfigService;
    }

    public RegistryService getRegistryService() {
        return this.registryService;
    }

    public static KeyStoreManager getInstance(int i) {
        return getInstance(i, CarbonCoreDataHolder.getInstance().getServerConfigurationService(), CryptoUtil.lookupRegistryService());
    }

    public static KeyStoreManager getInstance(int i, ServerConfigurationService serverConfigurationService, RegistryService registryService) {
        CarbonUtils.checkSecurity();
        String num = Integer.toString(i);
        if (!mtKeyStoreManagers.containsKey(num)) {
            mtKeyStoreManagers.put(num, new KeyStoreManager(i, serverConfigurationService, registryService));
        }
        return mtKeyStoreManagers.get(num);
    }

    public KeyStore getKeyStore(String str) throws Exception {
        if (KeyStoreUtil.isPrimaryStore(str)) {
            return getPrimaryKeyStore();
        }
        if (isCachedKeyStoreValid(str)) {
            return this.loadedKeyStores.get(str).getKeyStore();
        }
        String str2 = "/repository/security/key-stores/" + str;
        if (!this.registry.resourceExists(str2)) {
            throw new SecurityException("Key Store with a name : " + str + " does not exist.");
        }
        Resource resource = this.registry.get(str2);
        byte[] bArr = (byte[]) resource.getContent();
        KeyStore keyStore = KeyStore.getInstance(resource.getProperty("type"));
        keyStore.load(new ByteArrayInputStream(bArr), new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(resource.getProperty("password"))).toCharArray());
        KeyStoreBean keyStoreBean = new KeyStoreBean(keyStore, resource.getLastModified());
        resource.discard();
        if (this.loadedKeyStores.containsKey(str)) {
            this.loadedKeyStores.replace(str, keyStoreBean);
        } else {
            this.loadedKeyStores.put(str, keyStoreBean);
        }
        return keyStore;
    }

    public Key getPrivateKey(String str, String str2) {
        try {
            if (KeyStoreUtil.isPrimaryStore(str)) {
                return getDefaultPrivateKey();
            }
            String str3 = "/repository/security/key-stores/" + str;
            if (!this.registry.resourceExists(str3)) {
                throw new SecurityException("Given Key store is not available in registry : " + str);
            }
            Resource resource = this.registry.get(str3);
            CryptoUtil defaultCryptoUtil = CryptoUtil.getDefaultCryptoUtil();
            String str4 = new String(defaultCryptoUtil.base64DecodeAndDecrypt(resource.getProperty("privatekeyPass")));
            if (isCachedKeyStoreValid(str)) {
                return this.loadedKeyStores.get(str).getKeyStore().getKey(str2, str4.toCharArray());
            }
            byte[] bArr = (byte[]) resource.getContent();
            String str5 = new String(defaultCryptoUtil.base64DecodeAndDecrypt(resource.getProperty("password")));
            KeyStore keyStore = KeyStore.getInstance(resource.getProperty("type"));
            keyStore.load(new ByteArrayInputStream(bArr), str5.toCharArray());
            updateKeyStoreCache(str, new KeyStoreBean(keyStore, resource.getLastModified()));
            return keyStore.getKey(str2, str4.toCharArray());
        } catch (Exception e) {
            log.error("Error loading the private key from the key store : " + str);
            throw new SecurityException("Error loading the private key from the key store : " + str, e);
        }
    }

    public String getPassword(org.wso2.carbon.registry.core.Resource resource) throws Exception {
        return new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(resource.getProperty("privatekeyPass")));
    }

    public void updateKeyStore(String str, KeyStore keyStore) throws Exception {
        ServerConfigurationService serverConfigService = getServerConfigService();
        if (KeyStoreUtil.isPrimaryStore(str)) {
            FileOutputStream fileOutputStream = null;
            try {
                fileOutputStream = new FileOutputStream(new File(serverConfigService.getFirstProperty("Security.KeyStore.Location")).getAbsolutePath());
                keyStore.store(fileOutputStream, serverConfigService.getFirstProperty("Security.KeyStore.Password").toCharArray());
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                    return;
                }
                return;
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th;
            }
        }
        String str2 = "/repository/security/key-stores/" + str;
        Resource resource = this.registry.get(str2);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        keyStore.store(byteArrayOutputStream, new String(CryptoUtil.getDefaultCryptoUtil().base64DecodeAndDecrypt(resource.getProperty("password"))).toCharArray());
        byteArrayOutputStream.flush();
        byteArrayOutputStream.close();
        resource.setContent(byteArrayOutputStream.toByteArray());
        this.registry.put(str2, resource);
        resource.discard();
        updateKeyStoreCache(str, new KeyStoreBean(keyStore, new Date()));
    }

    public KeyStore getPrimaryKeyStore() throws Exception {
        if (this.tenantId != -1234) {
            throw new CarbonException("Permission denied for accessing primary key store");
        }
        if (this.primaryKeyStore == null) {
            ServerConfigurationService serverConfigService = getServerConfigService();
            String absolutePath = new File(serverConfigService.getFirstProperty("Security.KeyStore.Location")).getAbsolutePath();
            KeyStore keyStore = KeyStore.getInstance(serverConfigService.getFirstProperty("Security.KeyStore.Type"));
            String firstProperty = serverConfigService.getFirstProperty("Security.KeyStore.Password");
            FileInputStream fileInputStream = null;
            try {
                fileInputStream = new FileInputStream(absolutePath);
                keyStore.load(fileInputStream, firstProperty.toCharArray());
                this.primaryKeyStore = keyStore;
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    fileInputStream.close();
                }
                throw th;
            }
        }
        return this.primaryKeyStore;
    }

    public PrivateKey getDefaultPrivateKey() throws Exception {
        if (this.tenantId != -1234) {
            throw new CarbonException("Permission denied for accessing primary key store");
        }
        ServerConfigurationService serverConfigService = getServerConfigService();
        String firstProperty = serverConfigService.getFirstProperty("Security.KeyStore.Password");
        return (PrivateKey) this.primaryKeyStore.getKey(serverConfigService.getFirstProperty("Security.KeyStore.KeyAlias"), firstProperty.toCharArray());
    }

    public PublicKey getDefaultPublicKey() throws Exception {
        if (this.tenantId != -1234) {
            throw new CarbonException("Permission denied for accessing primary key store");
        }
        return this.primaryKeyStore.getCertificate(getServerConfigService().getFirstProperty("Security.KeyStore.KeyAlias")).getPublicKey();
    }

    public String getPrimaryPrivateKeyPasssword() throws CarbonException {
        if (this.tenantId == -1234) {
            return getServerConfigService().getFirstProperty("Security.KeyStore.Password");
        }
        throw new CarbonException("Permission denied for accessing primary key store");
    }

    public X509Certificate getDefaultPrimaryCertificate() throws Exception {
        if (this.tenantId != -1234) {
            throw new CarbonException("Permission denied for accessing primary key store");
        }
        return (X509Certificate) getPrimaryKeyStore().getCertificate(getServerConfigService().getFirstProperty("Security.KeyStore.KeyAlias"));
    }

    private boolean isCachedKeyStoreValid(String str) {
        String str2 = "/repository/security/key-stores/" + str;
        boolean z = false;
        try {
            if (this.loadedKeyStores.containsKey(str)) {
                if (this.loadedKeyStores.get(str).getLastModifiedDate().equals(this.registry.get(str2).getLastModified())) {
                    z = true;
                }
            }
            return z;
        } catch (org.wso2.carbon.registry.api.RegistryException e) {
            log.error("Error reading key store meta data from registry.", e);
            throw new SecurityException("Error reading key store meta data from registry.", e);
        }
    }

    private void updateKeyStoreCache(String str, KeyStoreBean keyStoreBean) {
        if (this.loadedKeyStores.containsKey(str)) {
            this.loadedKeyStores.replace(str, keyStoreBean);
        } else {
            this.loadedKeyStores.put(str, keyStoreBean);
        }
    }

    public KeyStore loadKeyStoreFromFileSystem(String str, String str2, String str3) {
        CarbonUtils.checkSecurity();
        String absolutePath = new File(str).getAbsolutePath();
        FileInputStream fileInputStream = null;
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance(str3);
                fileInputStream = new FileInputStream(absolutePath);
                keyStore.load(fileInputStream, str2.toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        log.warn("Error when closing the input stream.", e);
                    }
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                        log.warn("Error when closing the input stream.", e2);
                        throw th;
                    }
                }
                throw th;
            }
        } catch (Exception e3) {
            log.error("Error loading the key store from the given location.");
            throw new SecurityException("Error loading the key store from the given location.", e3);
        }
    }
}
