package org.eclipse.kura.core.keystore;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.ScheduledFuture;
import java.util.concurrent.TimeUnit;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.KuraRuntimeException;
import org.eclipse.kura.configuration.ConfigurationService;
import org.eclipse.kura.configuration.Password;
import org.eclipse.kura.crypto.CryptoService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/core/keystore/FilesystemKeystoreServiceImpl.class */
public class FilesystemKeystoreServiceImpl extends BaseKeystoreService {
    private static final Logger logger = LoggerFactory.getLogger(FilesystemKeystoreServiceImpl.class);
    private CryptoService cryptoService;
    private ConfigurationService configurationService;
    private FilesystemKeystoreServiceOptions keystoreServiceOptions;
    private ScheduledExecutorService selfUpdaterExecutor;
    private ScheduledFuture<?> selfUpdaterFuture;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/kura/core/keystore/FilesystemKeystoreServiceImpl$KeystoreInstanceImpl.class */
    public static class KeystoreInstanceImpl implements KeystoreInstance {
        private final KeyStore keystore;
        private final char[] password;
        private final String path;

        public KeystoreInstanceImpl(KeyStore keyStore, char[] cArr, String str) {
            this.keystore = keyStore;
            this.password = cArr;
            this.path = str;
        }

        @Override // org.eclipse.kura.core.keystore.KeystoreInstance
        public KeyStore getKeystore() {
            return this.keystore;
        }

        @Override // org.eclipse.kura.core.keystore.KeystoreInstance
        public char[] getPassword() {
            return this.password;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/eclipse/kura/core/keystore/FilesystemKeystoreServiceImpl$KeystoreLoader.class */
    public static class KeystoreLoader {
        private final String path;
        private final List<char[]> passwords;

        KeystoreLoader(String str, List<char[]> list) {
            this.path = str;
            this.passwords = list;
        }

        private KeyStore loadKeystore(String str, char[] cArr) throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
            Throwable th = null;
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return keyStore;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        }

        KeystoreInstance loadKeystore() throws KuraException {
            for (char[] cArr : this.passwords) {
                try {
                    return new KeystoreInstanceImpl(loadKeystore(this.path, cArr), cArr, this.path);
                } catch (Exception e) {
                    FilesystemKeystoreServiceImpl.logger.debug("failed to load keystore", e);
                }
            }
            throw new KuraException(KuraErrorCode.BAD_REQUEST, new Object[]{"Failed to get the KeyStore"});
        }
    }

    public void setCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    public void setConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void activate(ComponentContext componentContext, Map<String, Object> map) {
        logger.info("Bundle {} is starting!", map.get("kura.service.pid"));
        this.componentContext = componentContext;
        this.keystoreServiceOptions = new FilesystemKeystoreServiceOptions(map, this.cryptoService);
        this.selfUpdaterExecutor = Executors.newSingleThreadScheduledExecutor();
        if (!keystoreExists(this.keystoreServiceOptions.getKeystorePath())) {
            try {
                createKeystore(this.keystoreServiceOptions);
            } catch (Exception e) {
                logger.error("Keystore file creation failed", e);
            }
        }
        if (this.keystoreServiceOptions.needsRandomPassword()) {
            setRandomPassword();
        }
        super.activate(componentContext, map);
        logger.info("Bundle {} has started!", map.get("kura.service.pid"));
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void updated(Map<String, Object> map) {
        logger.info("Bundle {} is updating!", map.get("kura.service.pid"));
        FilesystemKeystoreServiceOptions filesystemKeystoreServiceOptions = new FilesystemKeystoreServiceOptions(map, this.cryptoService);
        if (!this.keystoreServiceOptions.equals(filesystemKeystoreServiceOptions)) {
            logger.info("Perform update...");
            if (this.keystoreServiceOptions.getKeystorePath().equals(filesystemKeystoreServiceOptions.getKeystorePath())) {
                checkAndUpdateKeystorePassword(filesystemKeystoreServiceOptions);
            } else {
                updateKeystorePath(filesystemKeystoreServiceOptions);
            }
            this.keystoreServiceOptions = new FilesystemKeystoreServiceOptions(map, this.cryptoService);
        }
        super.updated(map);
        logger.info("Bundle {} has updated!", map.get("kura.service.pid"));
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void deactivate() {
        logger.info("Bundle {} is deactivating!", this.keystoreServiceOptions.getProperties().get("kura.service.pid"));
        if (this.selfUpdaterFuture != null && !this.selfUpdaterFuture.isDone()) {
            logger.info("Self updater task running. Stopping it");
            this.selfUpdaterFuture.cancel(true);
        }
        super.deactivate();
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected void saveKeystore(KeystoreInstance keystoreInstance) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreServiceOptions.getKeystorePath());
            try {
                keystoreInstance.getKeystore().store(fileOutputStream, keystoreInstance.getPassword());
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected KeystoreInstance loadKeystore() throws KuraException {
        return loadKeystore(this.keystoreServiceOptions);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected String getCrlStorePath() {
        return String.valueOf(this.keystoreServiceOptions.getKeystorePath()) + ".crl";
    }

    private void checkAndUpdateKeystorePassword(FilesystemKeystoreServiceOptions filesystemKeystoreServiceOptions) {
        try {
            KeystoreInstance loadKeystore = loadKeystore(this.keystoreServiceOptions);
            char[] keystorePassword = filesystemKeystoreServiceOptions.getKeystorePassword(this.cryptoService);
            if (Arrays.equals(loadKeystore.getPassword(), keystorePassword)) {
                return;
            }
            setKeystorePassword(loadKeystore, keystorePassword);
        } catch (Exception e) {
            logger.warn("failed to load or update keystore password", e);
        }
    }

    private boolean keystoreExists(String str) {
        return str != null && new File(str).isFile();
    }

    private void createKeystore(FilesystemKeystoreServiceOptions filesystemKeystoreServiceOptions) throws Exception {
        String keystorePath = filesystemKeystoreServiceOptions.getKeystorePath();
        char[] keystorePassword = filesystemKeystoreServiceOptions.getKeystorePassword(this.cryptoService);
        if (keystorePath == null) {
            return;
        }
        File file = new File(keystorePath);
        if (!file.createNewFile()) {
            logger.error("Keystore file already exists at location {}", keystorePath);
            throw new KuraException(KuraErrorCode.CONFIGURATION_ATTRIBUTE_INVALID, new Object[]{"keystore.path", keystorePath, "file already exists"});
        }
        Throwable th = null;
        try {
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(file);
                try {
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(null, keystorePassword);
                    keyStore.store(fileOutputStream, keystorePassword);
                    fileOutputStream.flush();
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    setKeystorePassword(loadKeystore(filesystemKeystoreServiceOptions), keystorePassword);
                } catch (Throwable th2) {
                    if (fileOutputStream != null) {
                        fileOutputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            logger.error("Unable to load and store the keystore", e);
            throw e;
        }
    }

    private void updateKeystorePath(FilesystemKeystoreServiceOptions filesystemKeystoreServiceOptions) {
        if (!keystoreExists(filesystemKeystoreServiceOptions.getKeystorePath())) {
            try {
                createKeystore(filesystemKeystoreServiceOptions);
            } catch (Exception e) {
                logger.error("Keystore file creation failed", e);
            }
        }
        try {
            loadKeystore(filesystemKeystoreServiceOptions);
        } catch (Exception unused) {
            logger.warn("Keystore {} not accessible!", filesystemKeystoreServiceOptions.getKeystorePath());
        }
    }

    private void setRandomPassword() {
        try {
            KeystoreInstance loadKeystore = loadKeystore(this.keystoreServiceOptions);
            char[] charArray = new BigInteger(160, new SecureRandom()).toString(32).toCharArray();
            setKeystorePassword(loadKeystore, charArray);
            HashMap hashMap = new HashMap(this.keystoreServiceOptions.getProperties());
            hashMap.put("keystore.password", new String(this.cryptoService.encryptAes(charArray)));
            this.keystoreServiceOptions = new FilesystemKeystoreServiceOptions(hashMap, this.cryptoService);
            updatePasswordInConfigService(charArray);
        } catch (Exception e) {
            logger.warn("Keystore password change failed", e);
        }
    }

    private synchronized void saveKeystore(KeystoreInstance keystoreInstance, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        Throwable th = null;
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(((KeystoreInstanceImpl) keystoreInstance).path);
            try {
                keystoreInstance.getKeystore().store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
            } catch (Throwable th2) {
                if (fileOutputStream != null) {
                    fileOutputStream.close();
                }
                throw th2;
            }
        } catch (Throwable th3) {
            if (0 == 0) {
                th = th3;
            } else if (null != th3) {
                th.addSuppressed(th3);
            }
            throw th;
        }
    }

    private void updatePasswordInConfigService(char[] cArr) {
        String pid = this.keystoreServiceOptions.getPid();
        HashMap hashMap = new HashMap();
        hashMap.putAll(this.keystoreServiceOptions.getProperties());
        hashMap.put("keystore.path", this.keystoreServiceOptions.getKeystorePath());
        hashMap.put("keystore.password", new Password(cArr));
        hashMap.put("randomize.password", false);
        this.selfUpdaterFuture = this.selfUpdaterExecutor.scheduleAtFixedRate(() -> {
            try {
                if (this.componentContext.getServiceReference() == null || this.configurationService.getComponentConfiguration(pid) == null || this.configurationService.getComponentConfiguration(pid).getDefinition() == null) {
                    logger.info("No service or configuration available yet.");
                } else {
                    this.configurationService.updateConfiguration(pid, hashMap);
                    throw new KuraRuntimeException(KuraErrorCode.CONFIGURATION_SNAPSHOT_TAKING, new Object[]{"Updated. The task will be terminated."});
                }
            } catch (KuraException e) {
                logger.warn("Cannot get/update configuration for pid: {}", pid, e);
            }
        }, 1000L, 1000L, TimeUnit.MILLISECONDS);
    }

    private synchronized void setKeystorePassword(KeystoreInstance keystoreInstance, char[] cArr) {
        try {
            updateKeyEntriesPasswords(keystoreInstance, cArr);
            saveKeystore(keystoreInstance, cArr);
            this.cryptoService.setKeyStorePassword(((KeystoreInstanceImpl) keystoreInstance).path, cArr);
        } catch (KuraException unused) {
            logger.warn("Failed to persist keystore password");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException unused2) {
            logger.warn("Failed to change keystore password");
        }
    }

    private static void updateKeyEntriesPasswords(KeystoreInstance keystoreInstance, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        Enumeration<String> aliases = keystoreInstance.getKeystore().aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keystoreInstance.getKeystore().isKeyEntry(nextElement)) {
                keystoreInstance.getKeystore().setEntry(nextElement, keystoreInstance.getKeystore().getEntry(nextElement, new KeyStore.PasswordProtection(keystoreInstance.getPassword())), new KeyStore.PasswordProtection(cArr));
            }
        }
    }

    private synchronized KeystoreInstance loadKeystore(FilesystemKeystoreServiceOptions filesystemKeystoreServiceOptions) throws KuraException {
        ArrayList arrayList = new ArrayList(2);
        arrayList.add(filesystemKeystoreServiceOptions.getKeystorePassword(this.cryptoService));
        char[] cArr = null;
        try {
            cArr = this.cryptoService.getKeyStorePassword(filesystemKeystoreServiceOptions.getKeystorePath());
            if (cArr != null) {
                arrayList.add(cArr);
            }
        } catch (Exception e) {
            logger.debug("failed to retrieve password", e);
        }
        KeystoreInstance loadKeystore = new KeystoreLoader(filesystemKeystoreServiceOptions.getKeystorePath(), arrayList).loadKeystore();
        if (!Arrays.equals(cArr, loadKeystore.getPassword())) {
            this.cryptoService.setKeyStorePassword(((KeystoreInstanceImpl) loadKeystore).path, loadKeystore.getPassword());
        }
        return loadKeystore;
    }
}
