package org.picketlink.identity.federation.core.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.crypto.SecretKey;
import org.apache.log4j.Logger;
import org.openxri.xri3.impl.XRI3Constants;
import org.picketlink.identity.federation.core.config.AuthPropertyType;
import org.picketlink.identity.federation.core.config.KeyValueType;
import org.picketlink.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.picketlink.identity.federation.core.interfaces.TrustKeyManager;
import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.picketlink.identity.federation.core.util.EncryptionKeyUtil;
import org.picketlink.identity.federation.core.util.KeyStoreUtil;

/* loaded from: input_file:WEB-INF/lib/picketlink-fed-core-1.0.3.CR1.jar:org/picketlink/identity/federation/core/impl/KeyStoreKeyManager.class */
public class KeyStoreKeyManager implements TrustKeyManager {
    private static Logger log = Logger.getLogger(KeyStoreKeyManager.class);
    private String keyStoreURL;
    private char[] signingKeyPass;
    private String signingAlias;
    private String keyStorePass;
    public static final String KEYSTORE_URL = "KeyStoreURL";
    public static final String KEYSTORE_PASS = "KeyStorePass";
    public static final String SIGNING_KEY_PASS = "SigningKeyPass";
    public static final String SIGNING_KEY_ALIAS = "SigningKeyAlias";
    private final Map<String, SecretKey> keys = new HashMap();
    private boolean trace = log.isTraceEnabled();
    private final HashMap<String, String> domainAliasMap = new HashMap<>();
    private final HashMap<String, String> authPropsMap = new HashMap<>();
    private KeyStore ks = null;

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public PrivateKey getSigningKey() throws TrustKeyConfigurationException, TrustKeyProcessingException {
        try {
            if (this.ks == null) {
                setUpKeyStore();
            }
            if (this.ks == null) {
                throw new IllegalStateException("KeyStore is null");
            }
            return (PrivateKey) this.ks.getKey(this.signingAlias, this.signingKeyPass);
        } catch (IOException e) {
            throw new TrustKeyProcessingException(e);
        } catch (KeyStoreException e2) {
            throw new TrustKeyConfigurationException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new TrustKeyProcessingException(e3);
        } catch (UnrecoverableKeyException e4) {
            throw new TrustKeyProcessingException(e4);
        } catch (GeneralSecurityException e5) {
            throw new TrustKeyProcessingException(e5);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public KeyPair getSigningKeyPair() throws TrustKeyConfigurationException, TrustKeyProcessingException {
        try {
            if (this.ks == null) {
                setUpKeyStore();
            }
            return new KeyPair(KeyStoreUtil.getPublicKey(this.ks, this.signingAlias, this.signingKeyPass), getSigningKey());
        } catch (IOException e) {
            throw new TrustKeyProcessingException(e);
        } catch (KeyStoreException e2) {
            throw new TrustKeyConfigurationException(e2);
        } catch (GeneralSecurityException e3) {
            throw new TrustKeyProcessingException(e3);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public Certificate getCertificate(String str) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        try {
            if (this.ks == null) {
                setUpKeyStore();
            }
            if (this.ks == null) {
                throw new IllegalStateException("KeyStore is null");
            }
            if (str == null || str.length() == 0) {
                throw new IllegalArgumentException("Alias is null");
            }
            return this.ks.getCertificate(str);
        } catch (IOException e) {
            throw new TrustKeyProcessingException(e);
        } catch (KeyStoreException e2) {
            throw new TrustKeyConfigurationException(e2);
        } catch (GeneralSecurityException e3) {
            throw new TrustKeyProcessingException(e3);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public PublicKey getPublicKey(String str) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        PublicKey publicKey = null;
        try {
            if (this.ks == null) {
                if (this.trace) {
                    log.trace("getPublicKey::Keystore is null. so setting it up");
                }
                setUpKeyStore();
            }
            if (this.ks == null) {
                throw new IllegalStateException("KeyStore is null");
            }
            Certificate certificate = this.ks.getCertificate(str);
            if (certificate != null) {
                publicKey = certificate.getPublicKey();
            } else if (this.trace) {
                log.trace("No public key found for alias=" + str);
            }
            return publicKey;
        } catch (IOException e) {
            throw new TrustKeyProcessingException(e);
        } catch (KeyStoreException e2) {
            throw new TrustKeyConfigurationException(e2);
        } catch (GeneralSecurityException e3) {
            throw new TrustKeyProcessingException(e3);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public PublicKey getValidatingKey(String str) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        PublicKey publicKey;
        try {
            if (this.ks == null) {
                setUpKeyStore();
            }
            if (this.ks == null) {
                throw new IllegalStateException("KeyStore is null");
            }
            String str2 = this.domainAliasMap.get(str);
            if (str2 == null) {
                throw new IllegalStateException("Domain Alias missing for " + str);
            }
            try {
                publicKey = KeyStoreUtil.getPublicKey(this.ks, str2, this.keyStorePass.toCharArray());
            } catch (UnrecoverableKeyException e) {
                publicKey = KeyStoreUtil.getPublicKey(this.ks, str2, this.signingKeyPass);
            }
            return publicKey;
        } catch (IOException e2) {
            throw new TrustKeyProcessingException(e2);
        } catch (KeyStoreException e3) {
            throw new TrustKeyConfigurationException(e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new TrustKeyProcessingException(e4);
        } catch (GeneralSecurityException e5) {
            throw new TrustKeyProcessingException(e5);
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public void setAuthProperties(List<AuthPropertyType> list) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        for (AuthPropertyType authPropertyType : list) {
            this.authPropsMap.put(authPropertyType.getKey(), authPropertyType.getValue());
        }
        this.keyStoreURL = this.authPropsMap.get(KEYSTORE_URL);
        this.keyStorePass = this.authPropsMap.get(KEYSTORE_PASS);
        this.signingAlias = this.authPropsMap.get(SIGNING_KEY_ALIAS);
        String str = this.authPropsMap.get(SIGNING_KEY_PASS);
        if (str == null || str.length() == 0) {
            throw new RuntimeException("Signing Key Pass is null");
        }
        this.signingKeyPass = str.toCharArray();
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public void setValidatingAlias(List<KeyValueType> list) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        for (KeyValueType keyValueType : list) {
            this.domainAliasMap.put(keyValueType.getKey(), keyValueType.getValue());
        }
    }

    @Override // org.picketlink.identity.federation.core.interfaces.TrustKeyManager
    public SecretKey getEncryptionKey(String str, String str2, int i) throws TrustKeyConfigurationException, TrustKeyProcessingException {
        SecretKey secretKey = this.keys.get(str);
        if (secretKey == null) {
            try {
                secretKey = EncryptionKeyUtil.getSecretKey(str2, i);
                this.keys.put(str, secretKey);
            } catch (GeneralSecurityException e) {
                throw new TrustKeyProcessingException(e);
            }
        }
        return secretKey;
    }

    private void setUpKeyStore() throws GeneralSecurityException, IOException {
        if (this.keyStoreURL == null) {
            this.keyStoreURL = SecurityActions.getProperty("javax.net.ssl.keyStore", null);
        }
        if (this.keyStorePass == null) {
            this.keyStorePass = SecurityActions.getProperty("javax.net.ssl.keyStorePassword", null);
        }
        this.ks = KeyStoreUtil.getKeyStore(getKeyStoreInputStream(this.keyStoreURL), this.keyStorePass.toCharArray());
    }

    private InputStream getKeyStoreInputStream(String str) {
        InputStream resourceAsStream;
        try {
            resourceAsStream = new FileInputStream(new File(str));
        } catch (Exception e) {
            try {
                resourceAsStream = new URL(str).openStream();
            } catch (Exception e2) {
                resourceAsStream = SecurityActions.getContextClassLoader().getResourceAsStream(str);
            }
        }
        if (resourceAsStream == null) {
            String str2 = SecurityActions.getSystemProperty("user.home", XRI3Constants.AUTHORITY_PREFIX) + "/jbid-keystore";
            if (new File(str2).exists()) {
                try {
                    resourceAsStream = new FileInputStream(new File(str2 + "/" + str));
                } catch (FileNotFoundException e3) {
                    resourceAsStream = null;
                }
            }
        }
        if (resourceAsStream == null) {
            throw new RuntimeException("Keystore not located:" + str);
        }
        return resourceAsStream;
    }
}
