package org.eclipse.kura.core.keystore;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Method;
import java.nio.file.Files;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.spec.AlgorithmParameterSpec;
import java.util.Map;
import java.util.Optional;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.crypto.CryptoService;
import org.eclipse.kura.system.SystemService;
import org.osgi.service.component.ComponentContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/core/keystore/PKCS11KeystoreServiceImpl.class */
public class PKCS11KeystoreServiceImpl extends BaseKeystoreService {
    private static final Logger logger = LoggerFactory.getLogger(PKCS11KeystoreServiceImpl.class);
    Optional<Provider> provider = Optional.empty();
    private PKCS11KeystoreServiceOptions options;
    private CryptoService cryptoService;
    private SystemService systemService;

    /* loaded from: input_file:org/eclipse/kura/core/keystore/PKCS11KeystoreServiceImpl$KeystoreInstanceImpl.class */
    private class KeystoreInstanceImpl implements KeystoreInstance {
        private final KeyStore keystore;
        private final char[] password;

        KeystoreInstanceImpl(KeyStore keyStore, char[] cArr) {
            this.keystore = keyStore;
            this.password = cArr;
        }

        @Override // org.eclipse.kura.core.keystore.KeystoreInstance
        public KeyStore getKeystore() {
            return this.keystore;
        }

        @Override // org.eclipse.kura.core.keystore.KeystoreInstance
        public char[] getPassword() {
            return this.password;
        }
    }

    public void setCryptoService(CryptoService cryptoService) {
        this.cryptoService = cryptoService;
    }

    public void setSystemService(SystemService systemService) {
        this.systemService = systemService;
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void activate(ComponentContext componentContext, Map<String, Object> map) {
        super.activate(componentContext, map);
        this.options = new PKCS11KeystoreServiceOptions(map, this.ownPid);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void updated(Map<String, Object> map) {
        super.updated(map);
        PKCS11KeystoreServiceOptions pKCS11KeystoreServiceOptions = new PKCS11KeystoreServiceOptions(map, this.ownPid);
        if (pKCS11KeystoreServiceOptions.equals(this.options)) {
            return;
        }
        logger.info("Options changed...");
        removeProvider();
        this.options = pKCS11KeystoreServiceOptions;
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void deactivate() {
        removeProvider();
        super.deactivate();
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected KeystoreInstance loadKeystore() throws KuraException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS11", getOrRegisterProvider());
            char[] orElse = this.options.getPin(this.cryptoService).orElse(null);
            keyStore.load(null, orElse);
            return new KeystoreInstanceImpl(keyStore, orElse);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            removeProvider();
            logger.warn("Keystore exception", e);
            throw new KuraException(KuraErrorCode.SECURITY_EXCEPTION);
        }
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected void saveKeystore(KeystoreInstance keystoreInstance) {
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void setEntry(String str, KeyStore.Entry entry) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void deleteEntry(String str) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void createKeyPair(String str, String str2, AlgorithmParameterSpec algorithmParameterSpec, String str3, String str4) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void createKeyPair(String str, String str2, AlgorithmParameterSpec algorithmParameterSpec, String str3, String str4, SecureRandom secureRandom) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void createKeyPair(String str, String str2, int i, String str3, String str4) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    public void createKeyPair(String str, String str2, int i, String str3, String str4, SecureRandom secureRandom) throws KuraException {
        throw new KuraException(KuraErrorCode.OPERATION_NOT_SUPPORTED);
    }

    @Override // org.eclipse.kura.core.keystore.BaseKeystoreService
    protected String getCrlStorePath() {
        return this.options.getCrlStorePath().orElseGet(() -> {
            return String.valueOf(this.systemService.getKuraUserConfigDirectory()) + "/security/pkcs11." + this.ownPid + ".crl";
        });
    }

    private synchronized Provider getOrRegisterProvider() throws KuraException {
        if (this.provider.isPresent()) {
            return this.provider.get();
        }
        logger.info("Registering provider...");
        String orElseThrow = this.options.buildSunPKCS11ProviderConfig().orElseThrow(() -> {
            return new KuraException(KuraErrorCode.CONFIGURATION_ATTRIBUTE_UNDEFINED, new Object[]{"library.path"});
        });
        logger.debug("PKCS11 config: {}", orElseThrow);
        Provider registerProviderJava8 = System.getProperty("java.version").startsWith("1.") ? registerProviderJava8(orElseThrow) : registerProviderJava9(orElseThrow);
        this.provider = Optional.of(registerProviderJava8);
        logger.info("Registering provider...done");
        return registerProviderJava8;
    }

    private Provider registerProviderJava8(String str) throws KuraException {
        try {
            Provider provider = (Provider) Class.forName("sun.security.pkcs11.SunPKCS11").getConstructor(InputStream.class).newInstance(new ByteArrayInputStream(str.getBytes()));
            Security.addProvider(provider);
            return provider;
        } catch (Exception e) {
            logger.warn("failed to load PKCS11 provider", e);
            throw new KuraException(KuraErrorCode.SERVICE_UNAVAILABLE);
        }
    }

    private Provider registerProviderJava9(String str) throws KuraException {
        try {
            Provider provider = Security.getProvider("SunPKCS11");
            Method method = provider.getClass().getMethod("configure", String.class);
            File file = Files.createTempFile(null, null, new FileAttribute[0]).toFile();
            Throwable th = null;
            try {
                try {
                    FileOutputStream fileOutputStream = new FileOutputStream(file);
                    try {
                        fileOutputStream.write(str.getBytes());
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                        return (Provider) method.invoke(provider, file.getAbsolutePath());
                    } catch (Throwable th2) {
                        if (fileOutputStream != null) {
                            fileOutputStream.close();
                        }
                        throw th2;
                    }
                } catch (Throwable th3) {
                    if (0 == 0) {
                        th = th3;
                    } else if (null != th3) {
                        th.addSuppressed(th3);
                    }
                    throw th;
                }
            } finally {
                Files.deleteIfExists(file.toPath());
            }
        } catch (Exception e) {
            logger.warn("failed to load PKCS11 provider", e);
            throw new KuraException(KuraErrorCode.SERVICE_UNAVAILABLE);
        }
    }

    private synchronized void removeProvider() {
        if (this.provider.isPresent()) {
            logger.info("Removing provider...");
            Security.removeProvider(this.provider.get().getName());
            this.provider = Optional.empty();
            logger.info("Removing provider...done");
        }
    }
}
