package org.picketbox.plugins.vault;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.jboss.security.PicketBoxLogger;
import org.jboss.security.PicketBoxMessages;
import org.jboss.security.plugins.PBEUtils;
import org.jboss.security.vault.SecurityVault;
import org.jboss.security.vault.SecurityVaultException;
import org.picketbox.commons.cipher.Base64;
import org.picketbox.util.EncryptionUtil;
import org.picketbox.util.KeyStoreUtil;
import org.picketbox.util.StringUtil;

/* loaded from: input_file:org/picketbox/plugins/vault/PicketBoxSecurityVault.class */
public class PicketBoxSecurityVault implements SecurityVault {
    public static final String ENC_FILE_DIR = "ENC_FILE_DIR";
    public static final String KEYSTORE_URL = "KEYSTORE_URL";
    public static final String KEYSTORE_PASSWORD = "KEYSTORE_PASSWORD";
    public static final String KEYSTORE_ALIAS = "KEYSTORE_ALIAS";
    public static final String SALT = "SALT";
    public static final String ITERATION_COUNT = "ITERATION_COUNT";
    public static final String PASS_MASK_PREFIX = "MASK-";
    public static final String PUBLIC_CERT = "PUBLIC_CERT";
    public static final String KEY_SIZE = "KEY_SIZE";
    protected static final String ENCODED_FILE = "ENC.dat";
    protected static final String SHARED_KEY_FILE = "Shared.dat";
    protected static final String ADMIN_KEY = "ADMIN_KEY";
    protected String decodedEncFileDir;
    protected boolean finishedInit = false;
    protected KeyStore keystore = null;
    private KeyPair keypair = null;
    protected String encryptionAlgorithm = "AES";
    protected int keySize = 128;
    private char[] keyStorePWD = null;
    protected Map<String, byte[]> theContent = new ConcurrentHashMap();
    protected Map<String, byte[]> sharedKeyMap = new ConcurrentHashMap();
    protected String LINE_BREAK = "LINE_BREAK";

    public void init(Map<String, Object> map) throws SecurityVaultException {
        if (map == null || map.isEmpty()) {
            throw PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMap("options");
        }
        String str = (String) map.get(KEYSTORE_URL);
        if (str == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(KEYSTORE_URL));
        }
        String systemPropertyAsString = StringUtil.getSystemPropertyAsString(str.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR));
        String str2 = (String) map.get(KEYSTORE_PASSWORD);
        if (str2 == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(KEYSTORE_PASSWORD));
        }
        if (!str2.startsWith(PASS_MASK_PREFIX)) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidUnmaskedKeystorePasswordMessage());
        }
        String str3 = (String) map.get(SALT);
        if (str3 == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(SALT));
        }
        String str4 = (String) map.get(ITERATION_COUNT);
        if (str4 == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(ITERATION_COUNT));
        }
        int parseInt = Integer.parseInt(str4);
        String str5 = (String) map.get(KEYSTORE_ALIAS);
        if (str5 == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(KEYSTORE_ALIAS));
        }
        String str6 = (String) map.get(KEY_SIZE);
        if (str6 != null) {
            this.keySize = Integer.parseInt(str6);
        }
        String str7 = (String) map.get(ENC_FILE_DIR);
        if (str7 == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(ENC_FILE_DIR));
        }
        try {
            try {
                this.decodedEncFileDir = StringUtil.getSystemPropertyAsString(str7.replaceAll(":", StringUtil.PROPERTY_DEFAULT_SEPARATOR));
                if (!directoryExists(this.decodedEncFileDir)) {
                    throw new SecurityVaultException(PicketBoxMessages.MESSAGES.fileOrDirectoryDoesNotExistMessage(this.decodedEncFileDir));
                }
                if (!this.decodedEncFileDir.endsWith("/") && !this.decodedEncFileDir.endsWith("\\")) {
                    throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidDirectoryFormatMessage(this.decodedEncFileDir));
                }
                if (!encodedFileExists(this.decodedEncFileDir)) {
                    setUpVault(this.decodedEncFileDir);
                }
                InputStream fileInputStream = new FileInputStream(this.decodedEncFileDir + ENCODED_FILE);
                ObjectInputStream objectInputStream = new ObjectInputStream(fileInputStream);
                this.theContent = (Map) objectInputStream.readObject();
                InputStream fileInputStream2 = new FileInputStream(this.decodedEncFileDir + SHARED_KEY_FILE);
                ObjectInputStream objectInputStream2 = new ObjectInputStream(fileInputStream2);
                this.sharedKeyMap = (Map) objectInputStream2.readObject();
                safeClose(fileInputStream);
                safeClose(fileInputStream2);
                safeClose(objectInputStream);
                safeClose(objectInputStream2);
                try {
                    String decode = decode(str2, str3, parseInt);
                    this.keyStorePWD = decode.toCharArray();
                    this.keystore = KeyStoreUtil.getKeyStore(systemPropertyAsString, decode.toCharArray());
                    this.keypair = KeyStoreUtil.getPrivateKey(this.keystore, str5, decode.toCharArray());
                    PicketBoxLogger.LOGGER.infoVaultInitialized();
                    this.finishedInit = true;
                } catch (Exception e) {
                    throw new SecurityVaultException(e);
                }
            } catch (Exception e2) {
                throw new SecurityVaultException(e2);
            }
        } catch (Throwable th) {
            safeClose((InputStream) null);
            safeClose((InputStream) null);
            safeClose((InputStream) null);
            safeClose((InputStream) null);
            throw th;
        }
    }

    public boolean isInitialized() {
        return this.finishedInit;
    }

    public byte[] handshake(Map<String, Object> map) throws SecurityVaultException {
        if (map == null || map.isEmpty()) {
            throw PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMap("handshakeOptions");
        }
        String str = (String) map.get(PUBLIC_CERT);
        if (str == null) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidNullOrEmptyOptionMessage(PUBLIC_CERT));
        }
        try {
            if (KeyStoreUtil.getPublicKey(this.keystore, str, this.keyStorePWD) == null) {
                throw new SecurityVaultException(PicketBoxMessages.MESSAGES.failedToRetrievePublicKeyMessage(str));
            }
            return Base64.encodeBytes((UUID.randomUUID().toString() + "LINE_BREAK" + str).getBytes()).getBytes();
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    public Set<String> keyList() throws SecurityVaultException {
        Set<String> keySet = this.theContent.keySet();
        keySet.remove(ADMIN_KEY);
        return keySet;
    }

    public void store(String str, String str2, char[] cArr, byte[] bArr) throws SecurityVaultException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("vaultBlock");
        }
        if (StringUtil.isNullOrEmpty(str2)) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("attributeName");
        }
        String str3 = str + "_" + str2;
        this.sharedKeyMap.put(str3, bArr);
        String str4 = new String(cArr);
        String str5 = new String(Base64.decode(new String(bArr)));
        int indexOf = str5.indexOf(this.LINE_BREAK);
        if (indexOf < 0) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.invalidSharedKeyMessage());
        }
        String substring = str5.substring(indexOf + this.LINE_BREAK.length());
        try {
            Certificate certificate = this.keystore.getCertificate(substring);
            try {
                this.theContent.put(str3, new EncryptionUtil(this.encryptionAlgorithm, this.keySize).encrypt(str4.getBytes(), certificate.getPublicKey(), new SecretKeySpec(this.theContent.get(ADMIN_KEY), this.encryptionAlgorithm)));
                try {
                    writeSharedKeyFile(this.decodedEncFileDir);
                    try {
                        writeEncodedFile(this.decodedEncFileDir);
                    } catch (IOException e) {
                        throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToWriteEncodedFileMessage(), e);
                    }
                } catch (IOException e2) {
                    throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToWriteShareKeyFileMessage(), e2);
                }
            } catch (Exception e3) {
                throw new SecurityVaultException(PicketBoxMessages.MESSAGES.unableToEncryptDataMessage(), e3);
            }
        } catch (KeyStoreException e4) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.failedToRetrieveCertificateMessage(substring), e4);
        }
    }

    public char[] retrieve(String str, String str2, byte[] bArr) throws SecurityVaultException {
        if (StringUtil.isNullOrEmpty(str)) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("vaultBlock");
        }
        if (StringUtil.isNullOrEmpty(str2)) {
            throw PicketBoxMessages.MESSAGES.invalidNullArgument("attributeName");
        }
        String str3 = str + "_" + str2;
        byte[] bArr2 = this.theContent.get(str3);
        if (!Arrays.equals(bArr, this.sharedKeyMap.get(str3))) {
            throw new SecurityVaultException(PicketBoxMessages.MESSAGES.sharedKeyMismatchMessage(str, str2));
        }
        try {
            return new String(new EncryptionUtil(this.encryptionAlgorithm, this.keySize).decrypt(bArr2, this.keypair, new SecretKeySpec(this.theContent.get(ADMIN_KEY), this.encryptionAlgorithm))).toCharArray();
        } catch (Exception e) {
            throw new SecurityVaultException(e);
        }
    }

    public boolean exists(String str, String str2) throws SecurityVaultException {
        return this.theContent.get(new StringBuilder().append(str).append("_").append(str2).toString()) != null;
    }

    public boolean remove(String str, String str2, byte[] bArr) throws SecurityVaultException {
        try {
            this.theContent.remove(str + "_" + str2);
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    private String decode(String str, String str2, int i) throws Exception {
        if (str.startsWith(PASS_MASK_PREFIX)) {
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBEwithMD5andDES");
            char[] charArray = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
            PBEParameterSpec pBEParameterSpec = new PBEParameterSpec(str2.getBytes(), i);
            str = PBEUtils.decode64(str.substring(PASS_MASK_PREFIX.length()), "PBEwithMD5andDES", secretKeyFactory.generateSecret(new PBEKeySpec(charArray)), pBEParameterSpec);
        }
        return str;
    }

    private void setUpVault(String str) throws NoSuchAlgorithmException, IOException {
        this.theContent = new ConcurrentHashMap();
        this.theContent.put(ADMIN_KEY, new EncryptionUtil(this.encryptionAlgorithm, this.keySize).generateKey().getEncoded());
        writeEncodedFile(str);
        writeSharedKeyFile(str);
    }

    private void writeEncodedFile(String str) throws IOException {
        OutputStream outputStream = null;
        ObjectOutputStream objectOutputStream = null;
        try {
            outputStream = new FileOutputStream(str + ENCODED_FILE);
            objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeObject(this.theContent);
            safeClose(objectOutputStream);
            safeClose(outputStream);
        } catch (Throwable th) {
            safeClose(objectOutputStream);
            safeClose(outputStream);
            throw th;
        }
    }

    private void writeSharedKeyFile(String str) throws IOException {
        OutputStream outputStream = null;
        ObjectOutputStream objectOutputStream = null;
        try {
            outputStream = new FileOutputStream(str + SHARED_KEY_FILE);
            objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeObject(this.sharedKeyMap);
            safeClose(objectOutputStream);
            safeClose(outputStream);
        } catch (Throwable th) {
            safeClose(objectOutputStream);
            safeClose(outputStream);
            throw th;
        }
    }

    private boolean encodedFileExists(String str) {
        File file = new File(str + ENCODED_FILE);
        return file != null && file.exists();
    }

    private boolean directoryExists(String str) {
        File file = new File(str);
        return file != null && file.exists();
    }

    private void safeClose(InputStream inputStream) {
        if (inputStream != null) {
            try {
                inputStream.close();
            } catch (Exception e) {
            }
        }
    }

    private void safeClose(OutputStream outputStream) {
        if (outputStream != null) {
            try {
                outputStream.close();
            } catch (Exception e) {
            }
        }
    }
}
