package org.apache.servicemix.jbi.security.keystore.impl;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.servicemix.jbi.security.keystore.KeystoreInstance;
import org.apache.servicemix.jbi.security.keystore.KeystoreIsLocked;
import org.springframework.core.io.Resource;

/* loaded from: input_file:WEB-INF/lib/servicemix-core-3.5.0-fuse-00-00.jar:org/apache/servicemix/jbi/security/keystore/impl/FileKeystoreInstance.class */
public class FileKeystoreInstance implements KeystoreInstance {
    private static final Log LOG = LogFactory.getLog(FileKeystoreInstance.class);
    private static final String JKS = "JKS";
    private Resource path;
    private String name;
    private String keystorePassword;
    private File keystoreFile;
    private KeyStore keystore;
    private Map keyPasswords = new HashMap();
    private List privateKeys = new ArrayList();
    private List trustCerts = new ArrayList();
    private long keystoreReadDate = Long.MIN_VALUE;

    public void setKeyPasswords(String str) {
        if (str != null) {
            for (String str2 : str.split("\\]\\!\\[")) {
                int indexOf = str2.indexOf(61);
                this.keyPasswords.put(str2.substring(0, indexOf), str2.substring(indexOf + 1).toCharArray());
            }
        }
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public String getName() {
        return this.name;
    }

    public void setName(String str) {
        this.name = str;
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str;
    }

    public Resource getPath() {
        return this.path;
    }

    public void setPath(Resource resource) throws IOException {
        this.path = resource;
        this.keystoreFile = resource.getFile();
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public Certificate getCertificate(String str) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return this.keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read certificate from keystore", e);
            return null;
        }
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public String getCertificateAlias(Certificate certificate) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return this.keystore.getCertificateAlias(certificate);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read retrieve alias for given certificate from keystore", e);
            return null;
        }
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public Certificate[] getCertificateChain(String str) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            return this.keystore.getCertificateChain(str);
        } catch (KeyStoreException e) {
            LOG.error("Unable to read certificate chain from keystore", e);
            return null;
        }
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public KeyManager[] getKeyManager(String str, String str2) throws KeystoreIsLocked, NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        if (isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + this.name + "' is locked; please unlock it in the console.");
        }
        if (this.keystore == null || this.keystoreReadDate < this.keystoreFile.lastModified()) {
            loadKeystoreData();
        }
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
        keyManagerFactory.init(this.keystore, (char[]) this.keyPasswords.get(str2));
        return keyManagerFactory.getKeyManagers();
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public PrivateKey getPrivateKey(String str) {
        if (!loadKeystoreData()) {
            return null;
        }
        try {
            if (isKeyLocked(str)) {
                return null;
            }
            Key key = this.keystore.getKey(str, (char[]) this.keyPasswords.get(str));
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            return null;
        } catch (KeyStoreException e) {
            LOG.error("Unable to read private key from keystore", e);
            return null;
        } catch (NoSuchAlgorithmException e2) {
            LOG.error("Unable to read private key from keystore", e2);
            return null;
        } catch (UnrecoverableKeyException e3) {
            LOG.error("Unable to read private key from keystore", e3);
            return null;
        }
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public TrustManager[] getTrustManager(String str) throws KeyStoreException, NoSuchAlgorithmException, KeystoreIsLocked {
        if (isKeystoreLocked()) {
            throw new KeystoreIsLocked("Keystore '" + this.name + "' is locked; please unlock it in the console.");
        }
        if (!loadKeystoreData()) {
            return null;
        }
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
        trustManagerFactory.init(this.keystore);
        return trustManagerFactory.getTrustManagers();
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public boolean isKeyLocked(String str) {
        return this.keyPasswords.get(str) == null;
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public boolean isKeystoreLocked() {
        return this.keystorePassword == null;
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public String[] listPrivateKeys() {
        if (loadKeystoreData()) {
            return (String[]) this.privateKeys.toArray(new String[this.privateKeys.size()]);
        }
        return null;
    }

    @Override // org.apache.servicemix.jbi.security.keystore.KeystoreInstance
    public String[] listTrustCertificates() {
        if (loadKeystoreData()) {
            return (String[]) this.trustCerts.toArray(new String[this.trustCerts.size()]);
        }
        return null;
    }

    private boolean loadKeystoreData() {
        if (this.keystoreFile == null) {
            throw new IllegalArgumentException("keystorePath not set");
        }
        if (this.keystoreReadDate >= this.keystoreFile.lastModified()) {
            return true;
        }
        if (!this.keystoreFile.exists() || !this.keystoreFile.canRead()) {
            throw new IllegalArgumentException("Invalid keystore file (" + this.path + " = " + this.keystoreFile.getAbsolutePath() + ")");
        }
        try {
            this.keystoreReadDate = System.currentTimeMillis();
            this.privateKeys.clear();
            this.trustCerts.clear();
            if (this.keystore == null) {
                this.keystore = KeyStore.getInstance(JKS);
            }
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(this.keystoreFile));
            this.keystore.load(bufferedInputStream, this.keystorePassword == null ? new char[0] : this.keystorePassword.toCharArray());
            bufferedInputStream.close();
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keystore.isKeyEntry(nextElement)) {
                    this.privateKeys.add(nextElement);
                } else if (this.keystore.isCertificateEntry(nextElement)) {
                    this.trustCerts.add(nextElement);
                }
            }
            return true;
        } catch (IOException e) {
            LOG.error("Unable to open keystore with provided password", e);
            return false;
        } catch (KeyStoreException e2) {
            LOG.error("Unable to open keystore with provided password", e2);
            return false;
        } catch (NoSuchAlgorithmException e3) {
            LOG.error("Unable to open keystore with provided password", e3);
            return false;
        } catch (CertificateException e4) {
            LOG.error("Unable to open keystore with provided password", e4);
            return false;
        }
    }
}
