package it.geosolutions.geostore.core.security.password;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Enumeration;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.log4j.Logger;
import org.springframework.beans.factory.BeanNameAware;

/* loaded from: input_file:it/geosolutions/geostore/core/security/password/KeyStoreProviderImpl.class */
public class KeyStoreProviderImpl implements BeanNameAware, KeyStoreProvider {
    private static final Logger LOGGER = Logger.getLogger(KeyStoreProviderImpl.class);
    public static final String DEFAULT_BEAN_NAME = "DefaultKeyStoreProvider";
    public static final String DEFAULT_FILE_NAME = "geostore.jceks";
    public static final String PREPARED_FILE_NAME = "geostore.jceks.new";
    public static final String CONFIGPASSWORDKEY = "ug:geostore:key";
    public static final String USERGROUP_PREFIX = "ug:";
    public static final String USERGROUP_POSTFIX = ":key";
    private String keyStoreFilePath = null;
    protected String name;
    protected File keyStoreFile;
    protected KeyStore ks;
    private char[] masterPassword;
    private String keyName;
    private MasterPasswordProvider masterPasswordProvider;
    public static final String KEYSTORETYPE = "JCEKS";

    public MasterPasswordProvider getMasterPasswordProvider() {
        return this.masterPasswordProvider;
    }

    public void setMasterPasswordProvider(MasterPasswordProvider masterPasswordProvider) {
        this.masterPasswordProvider = masterPasswordProvider;
    }

    public String getKeyName() {
        return this.keyName;
    }

    public void setKeyName(String str) {
        this.keyName = str;
    }

    public void setMasterPassword(char[] cArr) {
        this.masterPassword = cArr;
    }

    public void setBeanName(String str) {
        this.name = str;
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public File getFile() {
        if (this.keyStoreFile == null) {
            if (getKeyStoreFilePath() != null) {
                this.keyStoreFile = new File(getKeyStoreFilePath());
                if (this.keyStoreFile != null && !this.keyStoreFile.exists()) {
                    if (this.keyStoreFile.isDirectory()) {
                        this.keyStoreFile = new File(getKeyStoreFilePath() + DEFAULT_FILE_NAME);
                    }
                    LOGGER.warn("the keyStore file doesn't exist. confiure a new one");
                }
            } else {
                URL resource = KeyStoreProviderImpl.class.getClassLoader().getResource(DEFAULT_FILE_NAME);
                if (resource != null) {
                    try {
                        this.keyStoreFile = new File(resource.toURI());
                    } catch (URISyntaxException e) {
                        LOGGER.error("UNABLE TO GET THE DEFAULT KEY STORE");
                    }
                }
            }
        }
        return this.keyStoreFile;
    }

    public String getKeyStoreFilePath() {
        return this.keyStoreFilePath;
    }

    public void setKeyStoreFilePath(String str) {
        this.keyStoreFilePath = str;
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void reloadKeyStore() throws IOException {
        this.ks = null;
        assertActivatedKeyStore();
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public Key getKey(String str) throws IOException {
        assertActivatedKeyStore();
        try {
            char[] masterPassword = getMasterPassword();
            try {
                Key key = this.ks.getKey(str, masterPassword);
                disposePassword(masterPassword);
                return key;
            } catch (Throwable th) {
                disposePassword(masterPassword);
                throw th;
            }
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    private char[] getMasterPassword() {
        if (this.masterPassword != null) {
            return this.masterPassword;
        }
        if (this.masterPasswordProvider != null) {
            try {
                this.masterPassword = this.masterPasswordProvider.doGetMasterPassword();
            } catch (Exception e) {
                LOGGER.error("unable to read the master password\n:" + e.getStackTrace());
            }
        }
        return this.masterPassword;
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public Enumeration<String> aliases() {
        if (this.ks == null) {
            return null;
        }
        try {
            return this.ks.aliases();
        } catch (KeyStoreException e) {
            e.printStackTrace();
            return null;
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public byte[] getConfigPasswordKey() throws IOException {
        SecretKey secretKey = getSecretKey(CONFIGPASSWORDKEY);
        if (secretKey == null) {
            return null;
        }
        return secretKey.getEncoded();
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public boolean hasConfigPasswordKey() throws IOException {
        return containsAlias(CONFIGPASSWORDKEY);
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public boolean containsAlias(String str) throws IOException {
        assertActivatedKeyStore();
        try {
            return this.ks.containsAlias(str);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public byte[] getUserGroupKey(String str) throws IOException {
        SecretKey secretKey = getSecretKey(aliasForGroupService(str));
        if (secretKey == null) {
            return null;
        }
        return secretKey.getEncoded();
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public boolean hasUserGroupKey(String str) throws IOException {
        return containsAlias(aliasForGroupService(str));
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public SecretKey getSecretKey(String str) throws IOException {
        Key key = getKey(str);
        if (key == null) {
            return null;
        }
        if (key instanceof SecretKey) {
            return (SecretKey) key;
        }
        throw new IOException("Invalid key type for: " + str);
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public PublicKey getPublicKey(String str) throws IOException {
        Key key = getKey(str);
        if (key == null) {
            return null;
        }
        if (key instanceof PublicKey) {
            return (PublicKey) key;
        }
        throw new IOException("Invalid key type for: " + str);
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public PrivateKey getPrivateKey(String str) throws IOException {
        Key key = getKey(str);
        if (key == null) {
            return null;
        }
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        throw new IOException("Invalid key type for: " + str);
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public String aliasForGroupService(String str) {
        StringBuffer stringBuffer = new StringBuffer(USERGROUP_PREFIX);
        stringBuffer.append(str);
        stringBuffer.append(USERGROUP_POSTFIX);
        return stringBuffer.toString();
    }

    protected void assertActivatedKeyStore() throws IOException {
        if (this.ks != null) {
            return;
        }
        char[] masterPassword = getMasterPassword();
        try {
            try {
                this.ks = KeyStore.getInstance(KEYSTORETYPE);
                if (getFile().exists()) {
                    FileInputStream fileInputStream = new FileInputStream(getFile());
                    this.ks.load(fileInputStream, masterPassword);
                    fileInputStream.close();
                } else {
                    this.ks.load(null, masterPassword);
                    addInitialKeys();
                    FileOutputStream fileOutputStream = new FileOutputStream(getFile());
                    this.ks.store(fileOutputStream, masterPassword);
                    fileOutputStream.close();
                }
            } catch (Exception e) {
                if (!(e instanceof IOException)) {
                    throw new IOException(e);
                }
                throw ((IOException) e);
            }
        } finally {
            disposePassword(masterPassword);
        }
    }

    private void disposePassword(char[] cArr) {
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public boolean isKeyStorePassword(char[] cArr) throws IOException {
        if (cArr == null) {
            return false;
        }
        assertActivatedKeyStore();
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORETYPE);
            FileInputStream fileInputStream = new FileInputStream(getFile());
            try {
                keyStore.load(fileInputStream, cArr);
                fileInputStream.close();
                return true;
            } catch (IOException e) {
                return false;
            } catch (Exception e2) {
                throw new RuntimeException(e2);
            }
        } catch (KeyStoreException e3) {
            throw new RuntimeException(e3);
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void setSecretKey(String str, char[] cArr) throws IOException {
        assertActivatedKeyStore();
        KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(SecurityUtils.toBytes(cArr), "PBE"));
        char[] masterPassword = getMasterPassword();
        try {
            try {
                this.ks.setEntry(str, secretKeyEntry, new KeyStore.PasswordProtection(masterPassword));
                disposePassword(masterPassword);
            } catch (KeyStoreException e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            disposePassword(masterPassword);
            throw th;
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void setUserGroupKey(String str, char[] cArr) throws IOException {
        setSecretKey(aliasForGroupService(str), cArr);
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void removeKey(String str) throws IOException {
        assertActivatedKeyStore();
        try {
            this.ks.deleteEntry(str);
        } catch (KeyStoreException e) {
            throw new IOException(e);
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void storeKeyStore() throws IOException {
        assertActivatedKeyStore();
        FileOutputStream fileOutputStream = new FileOutputStream(getFile());
        char[] masterPassword = getMasterPassword();
        try {
            try {
                this.ks.store(fileOutputStream, masterPassword);
                disposePassword(masterPassword);
                fileOutputStream.close();
            } catch (Exception e) {
                throw new IOException(e);
            }
        } catch (Throwable th) {
            disposePassword(masterPassword);
            throw th;
        }
    }

    protected void addInitialKeys() throws IOException {
        setSecretKey(CONFIGPASSWORDKEY, getRandomPassworddProvider().getRandomPasswordWithDefaultLength());
    }

    private RandomPasswordProvider getRandomPassworddProvider() {
        return new RandomPasswordProvider();
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void prepareForMasterPasswordChange(char[] cArr, char[] cArr2) throws IOException {
        File file = new File(getFile().getParentFile(), PREPARED_FILE_NAME);
        if (file.exists()) {
            file.delete();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORETYPE);
            FileInputStream fileInputStream = new FileInputStream(getFile());
            keyStore.load(fileInputStream, cArr);
            fileInputStream.close();
            KeyStore keyStore2 = KeyStore.getInstance(KEYSTORETYPE);
            keyStore2.load(null, cArr2);
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr2);
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Key key = keyStore.getKey(nextElement, cArr);
                KeyStore.Entry entry = null;
                if (key instanceof SecretKey) {
                    entry = new KeyStore.SecretKeyEntry((SecretKey) key);
                }
                if (key instanceof PrivateKey) {
                    entry = new KeyStore.PrivateKeyEntry((PrivateKey) key, keyStore.getCertificateChain(nextElement));
                }
                if (key instanceof PublicKey) {
                    entry = new KeyStore.TrustedCertificateEntry(keyStore.getCertificate(nextElement));
                }
                if (entry == null) {
                    LOGGER.warn("Unknown key in store, alias: " + nextElement + " class: " + key.getClass().getName());
                } else {
                    keyStore2.setEntry(nextElement, entry, passwordProtection);
                }
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore2.store(fileOutputStream, cArr2);
            fileOutputStream.close();
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void abortMasterPasswordChange() {
        if (new File(getFile().getParentFile(), PREPARED_FILE_NAME).exists()) {
        }
    }

    @Override // it.geosolutions.geostore.core.security.password.KeyStoreProvider
    public void commitMasterPasswordChange() throws IOException {
        File parentFile = getFile().getParentFile();
        File file = new File(parentFile, PREPARED_FILE_NAME);
        File file2 = new File(parentFile, DEFAULT_FILE_NAME);
        if (file.exists() && file2.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            char[] masterPassword = getMasterPassword();
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(KEYSTORETYPE);
                        keyStore.load(fileInputStream, masterPassword);
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            keyStore.getKey(aliases.nextElement(), masterPassword);
                        }
                        fileInputStream.close();
                        FileInputStream fileInputStream2 = null;
                        if (!file2.delete()) {
                            LOGGER.error("cannot delete " + getFile().getCanonicalPath());
                            disposePassword(masterPassword);
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                    return;
                                } catch (IOException e) {
                                    return;
                                }
                            }
                            return;
                        }
                        if (file.renameTo(file2)) {
                            reloadKeyStore();
                            LOGGER.info("Successfully changed master password");
                            disposePassword(masterPassword);
                            if (0 != 0) {
                                try {
                                    fileInputStream2.close();
                                    return;
                                } catch (IOException e2) {
                                    return;
                                }
                            }
                            return;
                        }
                        LOGGER.error((("cannot rename " + file.getCanonicalPath()) + "to " + file2.getCanonicalPath()) + "Try to rename manually and restart");
                        disposePassword(masterPassword);
                        if (0 != 0) {
                            try {
                                fileInputStream2.close();
                            } catch (IOException e3) {
                            }
                        }
                    } catch (Throwable th) {
                        disposePassword(masterPassword);
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e4) {
                            }
                        }
                        throw th;
                    }
                } catch (Exception e5) {
                    throw new RuntimeException(e5);
                }
            } catch (IOException e6) {
                LOGGER.warn("Error creating new keystore: " + file.getCanonicalPath(), e6);
                throw e6;
            }
        }
    }
}
