package org.apache.geronimo.security.keystore;

import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Vector;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.crypto.CaUtils;
import org.apache.geronimo.crypto.asn1.ASN1InputStream;
import org.apache.geronimo.crypto.asn1.ASN1Sequence;
import org.apache.geronimo.crypto.asn1.ASN1Set;
import org.apache.geronimo.crypto.asn1.DEROutputStream;
import org.apache.geronimo.crypto.asn1.x509.X509CertificateStructure;
import org.apache.geronimo.crypto.asn1.x509.X509Name;
import org.apache.geronimo.crypto.encoders.Base64;
import org.apache.geronimo.crypto.jce.PKCS10CertificationRequest;
import org.apache.geronimo.crypto.jce.X509Principal;
import org.apache.geronimo.crypto.jce.X509V1CertificateGenerator;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.j2ee.j2eeobjectnames.NameFactory;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.management.geronimo.KeyNotFoundException;
import org.apache.geronimo.management.geronimo.KeystoreException;
import org.apache.geronimo.management.geronimo.KeystoreInstance;
import org.apache.geronimo.management.geronimo.KeystoreIsLocked;
import org.apache.geronimo.system.serverinfo.ServerInfo;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;

/* loaded from: input_file:WEB-INF/lib/geronimo-security-2.1.4.jar:org/apache/geronimo/security/keystore/FileKeystoreInstance.class */
public class FileKeystoreInstance implements KeystoreInstance, GBeanLifecycle {
    private static final Log log = LogFactory.getLog(FileKeystoreInstance.class);
    static final String JKS = "JKS";
    private URI keystorePath;
    private ServerInfo serverInfo;
    private File keystoreFile;
    private String keystoreName;
    private String keystoreType;
    private char[] keystorePassword;
    private Kernel kernel;
    private AbstractName abstractName;
    private char[] openPassword;
    private KeyStore keystore;
    public static final GBeanInfo GBEAN_INFO;
    private Map<String, char[]> keyPasswords = new HashMap();
    private List privateKeys = new ArrayList();
    private List trustCerts = new ArrayList();
    private long keystoreReadDate = Long.MIN_VALUE;

    public FileKeystoreInstance(ServerInfo serverInfo, URI uri, String str, String str2, String str3, String str4, Kernel kernel, AbstractName abstractName) {
        this.serverInfo = serverInfo;
        this.keystorePath = uri;
        this.keystoreName = str;
        this.keystoreType = str3;
        this.kernel = kernel;
        this.abstractName = abstractName;
        this.keystorePassword = str2 == null ? null : str2.toCharArray();
        if (str4 != null) {
            for (String str5 : str4.split("\\]\\!\\[")) {
                int indexOf = str5.indexOf(61);
                this.keyPasswords.put(str5.substring(0, indexOf), str5.substring(indexOf + 1).toCharArray());
            }
        }
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doStart() throws Exception {
        this.keystoreFile = new File(this.serverInfo.resolveServer(this.keystorePath));
        if (!this.keystoreFile.exists() || !this.keystoreFile.canRead()) {
            throw new IllegalArgumentException("Invalid keystore file (" + this.keystorePath + " = " + this.keystoreFile.getAbsolutePath() + ")");
        }
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doStop() throws Exception {
    }

    @Override // org.apache.geronimo.gbean.GBeanLifecycle
    public void doFail() {
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String getKeystoreName() {
        return this.keystoreName;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String getKeystoreType() {
        return this.keystoreType;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void unlockKeystore(char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("password is null");
        }
        ensureLoaded(cArr);
        try {
            this.kernel.setAttribute(this.abstractName, "keystorePassword", new String(cArr));
        } catch (Exception e) {
            throw new KeystoreException("Unable to set attribute keystorePassword on myself!", e);
        }
    }

    public void setKeystorePassword(String str) {
        this.keystorePassword = str == null ? null : str.toCharArray();
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void lockKeystore(char[] cArr) throws KeystoreException {
        try {
            this.kernel.setAttribute(this.abstractName, "keystorePassword", (Object) null);
            this.keyPasswords.clear();
            storePasswords();
        } catch (Exception e) {
            throw new KeystoreException("Unable to set attribute keystorePassword on myself!", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public boolean isKeystoreLocked() {
        return this.keystorePassword == null;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String[] listPrivateKeys(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return (String[]) this.privateKeys.toArray(new String[this.privateKeys.size()]);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void unlockPrivateKey(String str, char[] cArr, char[] cArr2) throws KeystoreException {
        if (cArr == null && this.keystorePassword == null) {
            throw new KeystoreException("storePassword is null and keystore is locked for availability.");
        }
        if (cArr != null) {
            getPrivateKey(str, cArr, cArr2);
        } else {
            getPrivateKey(str, this.keystorePassword, cArr2);
        }
        this.keyPasswords.put(str, cArr2);
        storePasswords();
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String[] getUnlockedKeys(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return (String[]) this.keyPasswords.keySet().toArray(new String[this.keyPasswords.size()]);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public boolean isTrustStore(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return this.trustCerts.size() > 0;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void lockPrivateKey(String str, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        this.keyPasswords.remove(str);
        storePasswords();
    }

    private void storePasswords() throws KeystoreException {
        StringBuffer stringBuffer = new StringBuffer();
        for (Map.Entry<String, char[]> entry : this.keyPasswords.entrySet()) {
            if (stringBuffer.length() > 0) {
                stringBuffer.append("]![");
            }
            stringBuffer.append((Object) entry.getKey()).append("=").append(entry.getValue());
        }
        try {
            this.kernel.setAttribute(this.abstractName, "keyPasswords", stringBuffer.length() == 0 ? null : stringBuffer.toString());
        } catch (Exception e) {
            throw new KeystoreException("Unable to save key passwords in keystore '" + this.keystoreName + "'", e);
        }
    }

    public void setKeyPasswords(String str) {
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public boolean isKeyLocked(String str) {
        return this.keyPasswords.get(str) == null;
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String[] listTrustCertificates(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return (String[]) this.trustCerts.toArray(new String[this.trustCerts.size()]);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void importTrustCertificate(Certificate certificate, String str, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            this.keystore.setCertificateEntry(str, certificate);
            this.trustCerts.add(str);
            saveKeystore(cArr);
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to set certificate entry in keystore '" + this.keystoreName + "' for alias '" + str + "'", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void generateKeyPair(String str, char[] cArr, char[] cArr2, String str2, int i, String str3, int i2, String str4, String str5, String str6, String str7, String str8, String str9) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str2);
            keyPairGenerator.initialize(i);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            this.keystore.setKeyEntry(str, generateKeyPair.getPrivate(), cArr2, new Certificate[]{generateCertificate(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), str3, i2, str4, str5, str6, str7, str8, str9)});
            this.privateKeys.add(str);
            saveKeystore(cArr);
        } catch (InvalidKeyException e) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e);
        } catch (KeyStoreException e2) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e3);
        } catch (SignatureException e4) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e4);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String generateCSR(String str, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            return generateCSR((X509Certificate) this.keystore.getCertificate(str), (PrivateKey) this.keystore.getKey(str, this.keyPasswords.get(str)));
        } catch (IOException e) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e);
        } catch (InvalidKeyException e2) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e2);
        } catch (KeyStoreException e3) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e4);
        } catch (NoSuchProviderException e5) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e5);
        } catch (SignatureException e6) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e6);
        } catch (UnrecoverableKeyException e7) {
            throw new KeystoreException("Unable to generate CSR in keystore '" + this.keystoreName + "' for alias '" + str + "'", e7);
        }
    }

    private String generateCSR(X509Certificate x509Certificate, PrivateKey privateKey) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, SignatureException, KeyStoreException, IOException {
        X509Name x509Name;
        String sigAlgName = x509Certificate.getSigAlgName();
        try {
            ASN1InputStream aSN1InputStream = new ASN1InputStream(x509Certificate.getEncoded());
            X509CertificateStructure x509CertificateStructure = new X509CertificateStructure((ASN1Sequence) aSN1InputStream.readObject());
            aSN1InputStream.close();
            x509Name = x509CertificateStructure.getSubject();
        } catch (CertificateEncodingException e) {
            log.warn(e.toString() + " while retrieving subject from certificate to create CSR.  Using subjectDN instead.");
            x509Name = new X509Name(x509Certificate.getSubjectDN().toString());
        }
        PKCS10CertificationRequest pKCS10CertificationRequest = new PKCS10CertificationRequest(sigAlgName, x509Name, x509Certificate.getPublicKey(), (ASN1Set) null, privateKey);
        if (!pKCS10CertificationRequest.verify()) {
            throw new KeyStoreException("CSR verification failed");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        new DEROutputStream(byteArrayOutputStream).writeObject(pKCS10CertificationRequest.getDERObject());
        String str = new String(Base64.encode(byteArrayOutputStream.toByteArray()));
        StringBuffer append = new StringBuffer(CaUtils.CERT_REQ_HEADER).append('\n');
        int i = 0;
        while (true) {
            int i2 = i;
            if (i2 >= str.length()) {
                append.append(CaUtils.CERT_REQ_FOOTER);
                return append.toString();
            }
            int length = i2 + 70 > str.length() ? str.length() - i2 : 70;
            append.append(str.substring(i2, i2 + length)).append('\n');
            i = i2 + length;
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void importPKCS7Certificate(String str, String str2, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        InputStream inputStream = null;
        try {
            try {
                try {
                    try {
                        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str2.getBytes());
                        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID).generateCertificates(byteArrayInputStream);
                        Certificate[] certificateArr = new Certificate[generateCertificates.size()];
                        Iterator<? extends Certificate> it = generateCertificates.iterator();
                        int i = 0;
                        while (it.hasNext()) {
                            certificateArr[i] = it.next();
                            i++;
                        }
                        if (this.keystore.getCertificate(str).getPublicKey().equals(certificateArr[0].getPublicKey())) {
                            char[] cArr2 = this.keyPasswords.get(str);
                            this.keystore.setKeyEntry(str, this.keystore.getKey(str, cArr2), cArr2, certificateArr);
                            saveKeystore(this.keystorePassword);
                        } else {
                            log.error("Error in importPKCS7Certificate.  PublicKey in the certificate received is not related to the PrivateKey in the keystore. keystore = " + this.keystoreName + ", alias = " + str);
                        }
                        if (byteArrayInputStream != null) {
                            try {
                                byteArrayInputStream.close();
                            } catch (Exception e) {
                            }
                        }
                    } catch (NoSuchAlgorithmException e2) {
                        throw new KeystoreException("Unable to import PKCS7 certificat in keystore '" + this.keystoreName + "' for alias '" + str + "'", e2);
                    }
                } catch (KeyStoreException e3) {
                    throw new KeystoreException("Unable to import PKCS7 certificat in keystore '" + this.keystoreName + "' for alias '" + str + "'", e3);
                }
            } catch (UnrecoverableKeyException e4) {
                throw new KeystoreException("Unable to import PKCS7 certificat in keystore '" + this.keystoreName + "' for alias '" + str + "'", e4);
            } catch (CertificateException e5) {
                throw new KeystoreException("Unable to import PKCS7 certificat in keystore '" + this.keystoreName + "' for alias '" + str + "'", e5);
            }
        } catch (Throwable th) {
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (Exception e6) {
                }
            }
            throw th;
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void deleteEntry(String str, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            this.keystore.deleteEntry(str);
            this.privateKeys.remove(str);
            this.trustCerts.remove(str);
            if (this.keyPasswords.containsKey(str)) {
                this.keyPasswords.remove(str);
                storePasswords();
            }
            saveKeystore(cArr);
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to delete key in keystore '" + this.keystoreName + "' for alias '" + str + "'", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public KeyManager[] getKeyManager(String str, String str2, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            if (this.privateKeys.size() == 1) {
                keyManagerFactory.init(this.keystore, this.keyPasswords.get(str2));
            } else {
                KeyStore keyStore = KeyStore.getInstance(this.keystore.getType(), this.keystore.getProvider());
                try {
                    keyStore.load(null, null);
                } catch (IOException e) {
                } catch (NoSuchAlgorithmException e2) {
                } catch (CertificateException e3) {
                }
                keyStore.setKeyEntry(str2, this.keystore.getKey(str2, this.keyPasswords.get(str2)), this.keyPasswords.get(str2), this.keystore.getCertificateChain(str2));
                keyManagerFactory.init(keyStore, this.keyPasswords.get(str2));
            }
            return keyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e4) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e5);
        } catch (UnrecoverableKeyException e6) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e6);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public TrustManager[] getTrustManager(String str, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(str);
            trustManagerFactory.init(this.keystore);
            return trustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve trust manager in keystore '" + this.keystoreName + "'", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeystoreException("Unable to retrieve trust manager in keystore '" + this.keystoreName + "'", e2);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public PrivateKey getPrivateKey(String str, char[] cArr, char[] cArr2) throws KeyNotFoundException, KeystoreException, KeystoreIsLocked {
        ensureLoaded(cArr);
        try {
            PrivateKey privateKey = (PrivateKey) this.keystore.getKey(str, cArr2);
            if (privateKey == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain a private key with alias'" + str + "'.");
            }
            return privateKey;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e3);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public Certificate getCertificate(String str, char[] cArr) throws KeystoreIsLocked, KeyNotFoundException, KeystoreException {
        ensureLoaded(cArr);
        try {
            Certificate certificate = this.keystore.getCertificate(str);
            if (certificate == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain a certificate with alias'" + str + "'.");
            }
            return certificate;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve certificate from keystore", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public String getCertificateAlias(Certificate certificate, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            String certificateAlias = this.keystore.getCertificateAlias(certificate);
            if (certificateAlias == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain an alias corresponding to the given certificate.");
            }
            return certificateAlias;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to read certificate alias from keystore", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public Certificate[] getCertificateChain(String str, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            Certificate[] certificateChain = this.keystore.getCertificateChain(str);
            if (certificateChain == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain a certificate chain with alias'" + str + "'.");
            }
            return certificateChain;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to read certificate chain from keystore", e);
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public Certificate getCertificate(String str) {
        if (isKeystoreLocked()) {
            return null;
        }
        try {
            return this.keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            log.error("Unable to read certificate from keystore", e);
            return null;
        }
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void changeKeystorePassword(char[] cArr, char[] cArr2) throws KeystoreException {
        ensureLoaded(cArr);
        saveKeystore(cArr2);
        log.info("Password changed for keystore " + this.keystoreName);
        this.openPassword = cArr2;
        if (isKeystoreLocked()) {
            return;
        }
        unlockKeystore(cArr2);
    }

    @Override // org.apache.geronimo.management.geronimo.KeystoreInstance
    public void changeKeyPassword(String str, char[] cArr, char[] cArr2, char[] cArr3) throws KeystoreException {
        ensureLoaded(cArr);
        if (!this.privateKeys.contains(str)) {
            throw new KeystoreException("No private key entry " + str + " exists in the keystore " + this.keystoreName);
        }
        if (this.keyPasswords.containsKey(str)) {
            if (!Arrays.equals(this.keyPasswords.get(str), cArr2)) {
                throw new KeystoreException("Incorrect password provided for private key entry " + str);
            }
            this.keyPasswords.put(str, cArr3);
        }
        try {
            this.keystore.setKeyEntry(str, getPrivateKey(str, cArr, cArr2), cArr3, getCertificateChain(str, cArr));
            saveKeystore(cArr);
            log.info("Password changed for private key entry " + str + " in keystore " + this.keystoreName + ".");
            if (this.keyPasswords.containsKey(str)) {
                storePasswords();
            }
        } catch (KeyStoreException e) {
            throw new KeystoreException("Could not change password for private key entry " + str, e);
        }
    }

    private void loadKeystoreData(char[] cArr) throws KeystoreException {
        BufferedInputStream bufferedInputStream = null;
        try {
            try {
                try {
                    try {
                        try {
                            KeyStore keyStore = KeyStore.getInstance(this.keystoreType);
                            bufferedInputStream = new BufferedInputStream(new FileInputStream(this.keystoreFile));
                            long currentTimeMillis = System.currentTimeMillis();
                            keyStore.load(bufferedInputStream, cArr);
                            this.keystore = keyStore;
                            this.keystoreReadDate = currentTimeMillis;
                            this.privateKeys.clear();
                            this.trustCerts.clear();
                            this.openPassword = cArr;
                            Enumeration<String> aliases = this.keystore.aliases();
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                if (this.keystore.isKeyEntry(nextElement)) {
                                    this.privateKeys.add(nextElement);
                                } else if (this.keystore.isCertificateEntry(nextElement)) {
                                    this.trustCerts.add(nextElement);
                                }
                            }
                            if (bufferedInputStream != null) {
                                try {
                                    bufferedInputStream.close();
                                } catch (IOException e) {
                                    log.error("Error while closing keystore file " + this.keystoreFile.getAbsolutePath(), e);
                                }
                            }
                        } catch (Throwable th) {
                            if (bufferedInputStream != null) {
                                try {
                                    bufferedInputStream.close();
                                } catch (IOException e2) {
                                    log.error("Error while closing keystore file " + this.keystoreFile.getAbsolutePath(), e2);
                                }
                            }
                            throw th;
                        }
                    } catch (NoSuchAlgorithmException e3) {
                        throw new KeystoreException("Unable to open keystore with provided password", e3);
                    }
                } catch (KeyStoreException e4) {
                    throw new KeystoreException("Unable to open keystore with provided password", e4);
                }
            } catch (CertificateException e5) {
                throw new KeystoreException("Unable to open keystore with provided password", e5);
            }
        } catch (IOException e6) {
            throw new KeystoreException("Unable to open keystore with provided password", e6);
        }
    }

    private boolean isLoaded(char[] cArr) {
        if (this.openPassword == null || this.openPassword.length != cArr.length || this.keystoreReadDate < this.keystoreFile.lastModified()) {
            return false;
        }
        for (int i = 0; i < cArr.length; i++) {
            if (cArr[i] != this.openPassword[i]) {
                return false;
            }
        }
        return true;
    }

    private void ensureLoaded(char[] cArr) throws KeystoreException {
        char[] cArr2;
        if (cArr != null) {
            cArr2 = cArr;
        } else {
            if (isKeystoreLocked()) {
                throw new KeystoreIsLocked("Keystore '" + this.keystoreName + "' is locked; please unlock it in the console.");
            }
            cArr2 = this.keystorePassword;
        }
        if (isLoaded(cArr2)) {
            return;
        }
        loadKeystoreData(cArr2);
    }

    private X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, String str, int i, String str2, String str3, String str4, String str5, String str6, String str7) throws SignatureException, InvalidKeyException {
        X509V1CertificateGenerator x509V1CertificateGenerator = new X509V1CertificateGenerator();
        Vector vector = new Vector();
        Hashtable hashtable = new Hashtable();
        if (str2 != null) {
            hashtable.put(X509Principal.CN, str2);
            vector.add(X509Principal.CN);
        }
        if (str3 != null) {
            hashtable.put(X509Principal.OU, str3);
            vector.add(X509Principal.OU);
        }
        if (str4 != null) {
            hashtable.put(X509Principal.O, str4);
            vector.add(X509Principal.O);
        }
        if (str5 != null) {
            hashtable.put(X509Principal.L, str5);
            vector.add(X509Principal.L);
        }
        if (str6 != null) {
            hashtable.put(X509Principal.ST, str6);
            vector.add(X509Principal.ST);
        }
        if (str7 != null) {
            hashtable.put(X509Principal.C, str7);
            vector.add(X509Principal.C);
        }
        X509Principal x509Principal = new X509Principal(vector, hashtable);
        long currentTimeMillis = System.currentTimeMillis();
        x509V1CertificateGenerator.setNotBefore(new Date(currentTimeMillis));
        x509V1CertificateGenerator.setNotAfter(new Date(currentTimeMillis + (i * 24 * 60 * 60 * 1000)));
        x509V1CertificateGenerator.setIssuerDN(x509Principal);
        x509V1CertificateGenerator.setSubjectDN(x509Principal);
        x509V1CertificateGenerator.setPublicKey(publicKey);
        x509V1CertificateGenerator.setSignatureAlgorithm(str);
        x509V1CertificateGenerator.setSerialNumber(new BigInteger(String.valueOf(currentTimeMillis)));
        return x509V1CertificateGenerator.generateX509Certificate(privateKey);
    }

    private void saveKeystore(char[] cArr) throws KeystoreException {
        try {
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(this.keystoreFile));
            this.keystore.store(bufferedOutputStream, cArr);
            bufferedOutputStream.flush();
            bufferedOutputStream.close();
            this.keystoreReadDate = System.currentTimeMillis();
        } catch (FileNotFoundException e) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e);
        } catch (IOException e2) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e2);
        } catch (KeyStoreException e3) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e3);
        } catch (NoSuchAlgorithmException e4) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e4);
        } catch (CertificateException e5) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e5);
        }
    }

    static {
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic(FileKeystoreInstance.class, NameFactory.KEYSTORE_INSTANCE);
        createStatic.addAttribute("keystorePath", URI.class, true, false);
        createStatic.addAttribute("keystoreName", String.class, true, false);
        createStatic.addAttribute("keystorePassword", String.class, true, true);
        createStatic.addAttribute("keystoreType", String.class, true, false);
        createStatic.addAttribute("keyPasswords", String.class, true, true);
        createStatic.addAttribute("kernel", Kernel.class, false);
        createStatic.addAttribute("abstractName", AbstractName.class, false);
        createStatic.addReference("ServerInfo", ServerInfo.class, "GBean");
        createStatic.addInterface(KeystoreInstance.class);
        createStatic.setConstructor(new String[]{"ServerInfo", "keystorePath", "keystoreName", "keystorePassword", "keystoreType", "keyPasswords", "kernel", "abstractName"});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
