package org.jboss.security.plugins.vault;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.Enumeration;
import java.util.Map;
import java.util.Set;
import java.util.StringTokenizer;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.jboss.logging.Logger;
import org.jboss.security.Util;
import org.jboss.security.plugins.PBEUtils;
import org.jboss.security.util.EncryptionUtil;
import org.jboss.security.util.KeyStoreUtil;
import org.jboss.security.util.StringUtil;
import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;

/* loaded from: input_file:org/jboss/security/plugins/vault/PicketBoxSecurityVault.class */
public class PicketBoxSecurityVault implements SecurityVault {
    private SecretKey adminKey;
    private String decodedEncFileDir;
    public static final String ENC_FILE_DIR = "ENC_FILE_DIR";
    public static final String KEYSTORE_URL = "KEYSTORE_URL";
    public static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
    public static final String KEYSTORE_ALIAS = "KEYSTORE_ALIAS";
    public static final String SALT = "SALT";
    public static final String ITERATION_COUNT = "ITERATION_COUNT";
    public static final String PASS_MASK_PREFIX = "MASK-";
    public static final String PUBLIC_CERT = "PUBLIC_CERT";
    public static final String KEY_SIZE = "KEY_SIZE";
    public static final String CREATE_KEYSTORE = "CREATE_KEYSTORE";
    public static final String KEYSTORE_TYPE = "KEYSTORE_TYPE";
    private static final String ENCODED_FILE = "ENC.dat";
    private static final String SHARED_KEY_FILE = "Shared.dat";
    private static final String ADMIN_KEY = "ADMIN_KEY";
    protected static final String VAULT_CONTENT_FILE = "VAULT.dat";
    protected static final String defaultKeyStoreType = "JCEKS";
    private static final Logger log = Logger.getLogger(PicketBoxSecurityVault.class);
    protected boolean finishedInit = false;
    protected KeyStore keystore = null;
    protected String encryptionAlgorithm = "AES";
    protected int keySize = 128;
    private char[] keyStorePWD = null;
    private String alias = null;
    private SecurityVaultData vaultContent = null;
    private boolean createKeyStore = false;
    private String keyStoreType = defaultKeyStoreType;

    public void init(Map<String, Object> map) throws SecurityVaultException {
        if (map == null || map.isEmpty()) {
            throw new IllegalArgumentException("Options map options is null or empty");
        }
        String str = (String) map.get(KEYSTORE_URL);
        if (str == null) {
            throw new SecurityVaultException("Option KEYSTORE_URLis null or empty");
        }
        if (str.contains("${")) {
            str = str.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR);
        }
        String systemPropertyAsString = StringUtil.getSystemPropertyAsString(str);
        String str2 = (String) map.get(KEYSTORE_PASSWORD);
        if (str2 == null) {
            throw new SecurityVaultException("Option KEYSTORE_PASSWORDis null or empty");
        }
        if (!str2.startsWith(PASS_MASK_PREFIX) && !Util.isPasswordCommand(str2)) {
            throw new SecurityVaultException("Keystore password should be either masked or prefixed with one of {EXT}, {EXTC}, {CMD}, {CMDC}, {CLASS}");
        }
        String str3 = (String) map.get(SALT);
        if (str3 == null) {
            throw new SecurityVaultException("Option SALTis null or empty");
        }
        String str4 = (String) map.get(ITERATION_COUNT);
        if (str4 == null) {
            throw new SecurityVaultException("Option ITERATION_COUNTis null or empty");
        }
        int parseInt = Integer.parseInt(str4);
        this.alias = (String) map.get(KEYSTORE_ALIAS);
        if (this.alias == null) {
            throw new SecurityVaultException("Option KEYSTORE_ALIASis null or empty");
        }
        String str5 = (String) map.get(KEY_SIZE);
        if (str5 != null) {
            this.keySize = Integer.parseInt(str5);
        }
        String str6 = (String) map.get(ENC_FILE_DIR);
        if (str6 == null) {
            throw new SecurityVaultException("Option ENC_FILE_DIRis null or empty");
        }
        this.createKeyStore = map.get(CREATE_KEYSTORE) != null ? Boolean.parseBoolean((String) map.get(CREATE_KEYSTORE)) : this.createKeyStore;
        this.keyStoreType = map.get(KEYSTORE_TYPE) != null ? (String) map.get(KEYSTORE_TYPE) : defaultKeyStoreType;
        try {
            this.keyStorePWD = loadKeystorePassword(str2, str3, parseInt);
            this.keystore = getKeyStore(systemPropertyAsString);
            checkAndConvertKeyStoreToJCEKS(systemPropertyAsString);
            readVaultContent(systemPropertyAsString, str6);
            log.debug("Default Security Vault Implementation Initialized and Ready");
            this.finishedInit = true;
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    public boolean isInitialized() {
        return this.finishedInit;
    }

    public byte[] handshake(Map<String, Object> map) throws SecurityVaultException {
        return new byte[this.keySize];
    }

    public Set<String> keyList() throws SecurityVaultException {
        return this.vaultContent.getVaultDataKeys();
    }

    public void store(String str, String str2, char[] cArr, byte[] bArr) throws SecurityVaultException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Argument vaultBlock cannot be null");
        }
        if (StringUtil.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Argument attributeName cannot be null");
        }
        String str3 = new String(cArr);
        EncryptionUtil encryptionUtil = new EncryptionUtil(this.encryptionAlgorithm, this.keySize);
        try {
            this.vaultContent.addVaultData(this.alias, str, str2, encryptionUtil.encrypt(str3.getBytes(), new SecretKeySpec(this.adminKey.getEncoded(), this.encryptionAlgorithm)));
            try {
                writeVaultData();
            } catch (IOException e) {
                throw new SecurityVaultException("Unable to write vault data file VAULT_CONTENT_FILE", e);
            }
        } catch (Exception e2) {
            throw new SecurityVaultException("Unable to encrypt data", e2);
        }
    }

    public char[] retrieve(String str, String str2, byte[] bArr) throws SecurityVaultException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw new IllegalArgumentException("Argument vaultBlock cannot be null");
        }
        if (StringUtil.isNullOrEmpty(str2)) {
            throw new IllegalArgumentException("Argument attributeName cannot be null");
        }
        try {
            return new String(new EncryptionUtil(this.encryptionAlgorithm, this.keySize).decrypt(this.vaultContent.getVaultData(this.alias, str, str2), new SecretKeySpec(this.adminKey.getEncoded(), this.encryptionAlgorithm))).toCharArray();
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    public boolean exists(String str, String str2) throws SecurityVaultException {
        return this.vaultContent.getVaultData(this.alias, str, str2) != null;
    }

    public boolean remove(String str, String str2, byte[] bArr) throws SecurityVaultException {
        try {
            this.vaultContent.deleteVaultData(this.alias, str, str2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private char[] loadKeystorePassword(String str, String str2, int i) throws Exception {
        return str.startsWith(PASS_MASK_PREFIX) ? decode(str, str2, i).toCharArray() : Util.loadPassword(str);
    }

    private String decode(String str, String str2, int i) throws Exception {
        if (str.startsWith(PASS_MASK_PREFIX)) {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
            char[] charArray = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(str2.getBytes(), i);
            str = PBEUtils.decode64(str.substring(PASS_MASK_PREFIX.length()), "PBEwithMD5andDES", secretKeyFactory.generateSecret(new PBEKeySpec(charArray)), pBEParameterSpec);
        }
        return str;
    }

    private void setUpVault(String str, String str2) throws NoSuchAlgorithmException, IOException {
        this.vaultContent = new SecurityVaultData();
        writeVaultData();
        SecretKey adminKey = getAdminKey();
        if (adminKey != null) {
            this.adminKey = adminKey;
            return;
        }
        SecretKey generateKey = new EncryptionUtil(this.encryptionAlgorithm, this.keySize).generateKey();
        try {
            this.keystore.setEntry(this.alias, new KeyStore.SecretKeyEntry(generateKey), new KeyStore.PasswordProtection(this.keyStorePWD));
            this.adminKey = generateKey;
            saveKeyStoreToFile(str);
        } catch (KeyStoreException e) {
            throw new RuntimeException("There is no SecretKey under the alias " + this.alias + " and the alias is already used to denote diffrent crypto object in the keystore.");
        } catch (Exception e2) {
            throw new RuntimeException("Unable to store keystore to file " + str, e2);
        }
    }

    private void writeVaultData() throws IOException {
        OutputStream outputStream = null;
        ObjectOutputStream objectOutputStream = null;
        try {
            outputStream = new FileOutputStream(this.decodedEncFileDir + VAULT_CONTENT_FILE);
            objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeObject(this.vaultContent);
            safeClose(objectOutputStream);
            safeClose(outputStream);
        } catch (Throwable th) {
            safeClose(objectOutputStream);
            safeClose(outputStream);
            throw th;
        }
    }

    private boolean vaultFileExists(String str) {
        File file = new File(this.decodedEncFileDir + str);
        return file != null && file.exists();
    }

    private boolean directoryExists(String str) {
        File file = new File(str);
        return file != null && file.exists();
    }

    private void safeClose(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (Exception e) {
            }
        }
    }

    private void safeClose(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (Exception e) {
            }
        }
    }

    private void readVaultContent(String str, String str2) throws SecurityVaultException {
        try {
            if (str2.contains("${)")) {
                str2 = str2.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR);
            }
            this.decodedEncFileDir = StringUtil.getSystemPropertyAsString(str2);
            if (!directoryExists(this.decodedEncFileDir)) {
                throw new SecurityVaultException("File or directory " + this.decodedEncFileDir + " does not exist");
            }
            if (!this.decodedEncFileDir.endsWith("/") && !this.decodedEncFileDir.endsWith("\\")) {
                this.decodedEncFileDir += File.separator;
            }
            if (vaultFileExists(ENCODED_FILE)) {
                if (vaultFileExists(VAULT_CONTENT_FILE)) {
                    log.error("Security Vault contains both covnerted VAULT.dat and pre-conversion data ENC.dat. Try to delete " + this.decodedEncFileDir + ENCODED_FILE + " file and start over again.");
                    throw new RuntimeException("Security Vault contains both covnerted VAULT.dat and pre-conversion data ENC.dat, failed to load vault");
                }
                convertVaultContent(str, this.alias);
            } else if (vaultFileExists(VAULT_CONTENT_FILE)) {
                readVersionedVaultContent();
            } else {
                setUpVault(str, this.decodedEncFileDir);
            }
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    private void convertVaultContent(String str, String str2) throws Exception {
        InputStream inputStream = null;
        ObjectInputStream objectInputStream = null;
        try {
            inputStream = new FileInputStream(this.decodedEncFileDir + ENCODED_FILE);
            objectInputStream = new ObjectInputStream(inputStream);
            Map map = (Map) objectInputStream.readObject();
            safeClose(inputStream);
            safeClose(objectInputStream);
            this.vaultContent = new SecurityVaultData();
            this.adminKey = null;
            for (String str3 : map.keySet()) {
                if (str3.equals(ADMIN_KEY)) {
                    this.adminKey = new SecretKeySpec((byte[]) map.get(str3), this.encryptionAlgorithm);
                } else if (str3.contains("_")) {
                    StringTokenizer stringTokenizer = new StringTokenizer(str3, "_");
                    String nextToken = stringTokenizer.nextToken();
                    String nextToken2 = stringTokenizer.nextToken();
                    if (stringTokenizer.hasMoreTokens()) {
                        nextToken2 = str3.substring(nextToken.length() + 1);
                        log.info("Ambiguos vault block and attribute name stored in original security vault. Delimiter _ is part of vault block or attribute name. Took the first delimiter. Result vault block " + nextToken + " attribute name " + nextToken2 + ". Modify security vault manually.");
                    }
                    this.vaultContent.addVaultData(str2, nextToken, nextToken2, (byte[]) map.get(str3));
                }
            }
            if (this.adminKey == null) {
                throw new RuntimeException("Security Vault conversion unsuccessful missing admin key in original vault data");
            }
            KeyStore.SecretKeyEntry secretKeyEntry = new KeyStore.SecretKeyEntry(this.adminKey);
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.keyStorePWD);
            KeyStore.Entry entry = this.keystore.getEntry(str2, passwordProtection);
            if (entry != null) {
                this.keystore.setEntry(str2 + "-original", entry, passwordProtection);
                this.keystore.deleteEntry(str2);
            }
            this.keystore.setEntry(str2, secretKeyEntry, new KeyStore.PasswordProtection(this.keyStorePWD));
            saveKeyStoreToFile(str);
            copyFile(new File(this.decodedEncFileDir + ENCODED_FILE), new File(this.decodedEncFileDir + ENCODED_FILE + ".original"));
            writeVaultData();
            File file = new File(this.decodedEncFileDir + ENCODED_FILE);
            if (!file.delete()) {
                log.warn("Cannot delete original security vault file " + file.getCanonicalPath() + ". Delete the file manually before next start, please.");
            }
            File file2 = new File(this.decodedEncFileDir + SHARED_KEY_FILE);
            if (file2.delete()) {
                return;
            }
            log.warn("Cannot delete original security vault file " + file2.getCanonicalPath() + ". Delete the file manually before next start, please.");
        } catch (Throwable th) {
            safeClose(inputStream);
            safeClose(objectInputStream);
            throw th;
        }
    }

    private void saveKeyStoreToFile(String str) throws Exception {
        this.keystore.store(new FileOutputStream(new File(str)), this.keyStorePWD);
    }

    private void checkAndConvertKeyStoreToJCEKS(String str) throws Exception {
        if (this.keystore.getType().equalsIgnoreCase("JKS")) {
            copyFile(new File(str), new File(str + ".original"));
            KeyStore createKeyStore = KeyStoreUtil.createKeyStore(defaultKeyStoreType, this.keyStorePWD);
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.keyStorePWD);
                createKeyStore.setEntry(nextElement, this.keystore.getEntry(nextElement, passwordProtection), passwordProtection);
            }
            this.keystore = createKeyStore;
            this.keyStoreType = defaultKeyStoreType;
            saveKeyStoreToFile(str);
            log.info("Security Vault key store successfuly converted to JCEKS type KEYSTORE_URL. From now on use JCEKS as KEYSTORE_TYPE in Security Vault configuration.");
        }
    }

    private void readVersionedVaultContent() throws Exception {
        InputStream inputStream = null;
        ObjectInputStream objectInputStream = null;
        try {
            inputStream = new FileInputStream(this.decodedEncFileDir + VAULT_CONTENT_FILE);
            objectInputStream = new ObjectInputStream(inputStream);
            this.vaultContent = (SecurityVaultData) objectInputStream.readObject();
            safeClose(inputStream);
            safeClose(objectInputStream);
            this.adminKey = getAdminKey();
            if (this.adminKey == null) {
                throw new RuntimeException("Security Vault does not contain SecretKey entry under alias " + this.alias);
            }
        } catch (Throwable th) {
            safeClose(inputStream);
            safeClose(objectInputStream);
            throw th;
        }
    }

    private SecretKey getAdminKey() {
        try {
            KeyStore.Entry entry = this.keystore.getEntry(this.alias, new KeyStore.PasswordProtection(this.keyStorePWD));
            if (entry instanceof KeyStore.SecretKeyEntry) {
                return ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            return null;
        } catch (Exception e) {
            log.info("Security Vault does not contain SecretKey entry under alias " + this.alias);
            return null;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:30:0x0075, code lost:
    
        if (r13 == null) goto L19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:31:0x0078, code lost:
    
        r13.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:33:0x008a, code lost:
    
        if (r14 == null) goto L25;
     */
    /* JADX WARN: Code restructure failed: missing block: B:34:0x008d, code lost:
    
        r14.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:36:0x0070, code lost:
    
        throw r19;
     */
    /* JADX WARN: Code restructure failed: missing block: B:38:0x0096, code lost:
    
        if (r12 == null) goto L28;
     */
    /* JADX WARN: Code restructure failed: missing block: B:39:0x0099, code lost:
    
        r12.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:41:0x0081, code lost:
    
        if (r11 == null) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:42:0x0084, code lost:
    
        r11.close();
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public static void copyFile(java.io.File r9, java.io.File r10) throws java.io.IOException {
        /*
            r0 = r10
            boolean r0 = r0.exists()
            if (r0 != 0) goto Lc
            r0 = r10
            boolean r0 = r0.createNewFile()
        Lc:
            r0 = 0
            r11 = r0
            r0 = 0
            r12 = r0
            r0 = 0
            r13 = r0
            r0 = 0
            r14 = r0
            java.io.FileInputStream r0 = new java.io.FileInputStream     // Catch: java.lang.Throwable -> L69
            r1 = r0
            r2 = r9
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L69
            r11 = r0
            r0 = r11
            java.nio.channels.FileChannel r0 = r0.getChannel()     // Catch: java.lang.Throwable -> L69
            r13 = r0
            java.io.FileOutputStream r0 = new java.io.FileOutputStream     // Catch: java.lang.Throwable -> L69
            r1 = r0
            r2 = r10
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L69
            r12 = r0
            r0 = r12
            java.nio.channels.FileChannel r0 = r0.getChannel()     // Catch: java.lang.Throwable -> L69
            r14 = r0
            r0 = 0
            r15 = r0
            r0 = r13
            long r0 = r0.size()     // Catch: java.lang.Throwable -> L69
            r17 = r0
        L3e:
            r0 = r15
            r1 = r17
            int r0 = (r0 > r1 ? 1 : (r0 == r1 ? 0 : -1))
            if (r0 >= 0) goto L63
            r0 = r15
            r1 = r14
            r2 = r13
            r3 = 0
            r4 = r13
            long r4 = r4.size()     // Catch: java.lang.Throwable -> L69
            long r1 = r1.transferFrom(r2, r3, r4)     // Catch: java.lang.Throwable -> L69
            long r0 = r0 + r1
            r15 = r0
            r0 = r14
            r1 = r15
            java.nio.channels.FileChannel r0 = r0.position(r1)     // Catch: java.lang.Throwable -> L69
            goto L3e
        L63:
            r0 = jsr -> L71
        L66:
            goto L9f
        L69:
            r19 = move-exception
            r0 = jsr -> L71
        L6e:
            r1 = r19
            throw r1
        L71:
            r20 = r0
            r0 = r13
            if (r0 == 0) goto L80
            r0 = r13
            r0.close()
            goto L88
        L80:
            r0 = r11
            if (r0 == 0) goto L88
            r0 = r11
            r0.close()
        L88:
            r0 = r14
            if (r0 == 0) goto L95
            r0 = r14
            r0.close()
            goto L9d
        L95:
            r0 = r12
            if (r0 == 0) goto L9d
            r0 = r12
            r0.close()
        L9d:
            ret r20
        L9f:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: org.jboss.security.plugins.vault.PicketBoxSecurityVault.copyFile(java.io.File, java.io.File):void");
    }

    private KeyStore getKeyStore(String str) {
        String sb;
        try {
            return KeyStoreUtil.getKeyStore(this.keyStoreType, str, this.keyStorePWD);
        } catch (IOException e) {
            try {
                if (this.createKeyStore) {
                    return KeyStoreUtil.createKeyStore(this.keyStoreType, this.keyStorePWD);
                }
                return null;
            } finally {
                RuntimeException runtimeException = new RuntimeException("Unable to get keystore " + str, th);
            }
        } catch (GeneralSecurityException th) {
            throw new RuntimeException(sb, th);
        }
    }
}
