package org.eclipse.kura.core.ssl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Map;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.eclipse.kura.configuration.ConfigurableComponent;
import org.eclipse.kura.ssl.SslManagerService;
import org.eclipse.kura.ssl.SslServiceListener;
import org.eclipse.kura.system.SystemService;
import org.osgi.service.component.ComponentContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/core/ssl/SslManagerServiceImpl.class */
public class SslManagerServiceImpl implements SslManagerService, ConfigurableComponent {
    private static final Logger s_logger = LoggerFactory.getLogger(SslManagerServiceImpl.class);
    private SystemService m_systemService;
    private SslServiceListeners m_sslServiceListeners;
    private ComponentContext m_ctx;
    private SslManagerServiceOptions m_options;

    public void setSystemService(SystemService systemService) {
        this.m_systemService = systemService;
    }

    public void unsetSystemService(SystemService systemService) {
        this.m_systemService = null;
    }

    protected void activate(ComponentContext componentContext, Map<String, Object> map) {
        s_logger.info("activate...");
        this.m_ctx = componentContext;
        this.m_options = new SslManagerServiceOptions(map);
        this.m_sslServiceListeners = new SslServiceListeners(new ServiceTracker(componentContext.getBundleContext(), SslServiceListener.class, (ServiceTrackerCustomizer) null));
    }

    public void updated(Map<String, Object> map) {
        s_logger.info("updated...: " + map);
        this.m_options = new SslManagerServiceOptions(map);
        this.m_sslServiceListeners.onConfigurationUpdated();
    }

    protected void deactivate(ComponentContext componentContext) {
        s_logger.info("deactivate...");
        this.m_sslServiceListeners.close();
    }

    public SSLSocketFactory getSSLSocketFactory() throws GeneralSecurityException, IOException {
        String sslCiphers = this.m_options.getSslCiphers();
        return getSSLSocketFactory(this.m_options.getSslProtocol(), sslCiphers, getKeyManagers(this.m_options.getSslKeyStore(), getKeyStorePassword(), null), getTrustManagers(this.m_options.getSslTrustStore()));
    }

    public SSLSocketFactory getSSLSocketFactory(String str) throws GeneralSecurityException, IOException {
        return getSSLSocketFactory(this.m_options.getSslProtocol(), this.m_options.getSslCiphers(), getKeyManagers(this.m_options.getSslKeyStore(), getKeyStorePassword(), str), getTrustManagers(this.m_options.getSslTrustStore()));
    }

    public SSLSocketFactory getSSLSocketFactory(String str, String str2, String str3, String str4, char[] cArr, String str5) throws GeneralSecurityException, IOException {
        return getSSLSocketFactory(str, str2, getKeyManagers(str4, cArr, str5), getTrustManagers(str3));
    }

    public X509Certificate[] getTrustCertificates() throws GeneralSecurityException, IOException {
        X509Certificate[] x509CertificateArr = null;
        TrustManager[] trustManagers = getTrustManagers(this.m_options.getSslTrustStore());
        int length = trustManagers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            TrustManager trustManager = trustManagers[i];
            if (trustManager instanceof X509TrustManager) {
                x509CertificateArr = ((X509TrustManager) trustManager).getAcceptedIssuers();
                break;
            }
            i++;
        }
        return x509CertificateArr;
    }

    public void installTrustCertificate(String str, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        String sslTrustStore = this.m_options.getSslTrustStore();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        if (new File(sslTrustStore).exists()) {
            keyStore.load(new FileInputStream(sslTrustStore), null);
        } else {
            keyStore.load(null, null);
        }
        keyStore.setCertificateEntry(str, x509Certificate);
        char[] trustStorePassword = getTrustStorePassword();
        FileOutputStream fileOutputStream = new FileOutputStream(sslTrustStore);
        keyStore.store(fileOutputStream, trustStorePassword);
        try {
            fileOutputStream.close();
        } catch (IOException unused) {
        }
    }

    public void deleteTrustCertificate(String str) throws GeneralSecurityException, IOException {
        String sslTrustStore = this.m_options.getSslTrustStore();
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(new FileInputStream(sslTrustStore), null);
        keyStore.deleteEntry(str);
        keyStore.store(new KeyStore.LoadStoreParameter() { // from class: org.eclipse.kura.core.ssl.SslManagerServiceImpl.1
            @Override // java.security.KeyStore.LoadStoreParameter
            public KeyStore.ProtectionParameter getProtectionParameter() {
                try {
                    return new KeyStore.PasswordProtection(SslManagerServiceImpl.this.getTrustStorePassword());
                } catch (Exception e) {
                    SslManagerServiceImpl.s_logger.error("Error loading TrustStore password", e);
                    return null;
                }
            }
        });
    }

    private SSLSocketFactory getSSLSocketFactory(String str, String str2, KeyManager[] keyManagerArr, TrustManager[] trustManagerArr) throws NoSuchAlgorithmException, KeyManagementException {
        SSLContext sSLContext;
        if (str == null) {
            sSLContext = SSLContext.getDefault();
        } else {
            sSLContext = SSLContext.getInstance(str);
            sSLContext.init(keyManagerArr, trustManagerArr, null);
        }
        return new SSLSocketFactoryWrapper(sSLContext.getSocketFactory(), str2, this.m_options.isSslHostnameVerification());
    }

    private TrustManager[] getTrustManagers(String str) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        TrustManagerFactory trustManagerFactory = null;
        if (str != null) {
            if (new File(str).exists()) {
                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream(str), null);
                trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(keyStore);
            } else {
                s_logger.info("Could not find trust store at {}. Using Java default.", str);
            }
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init((KeyStore) null);
        }
        return trustManagerFactory.getTrustManagers();
    }

    private KeyManager[] getKeyManagers(String str, char[] cArr, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableEntryException {
        KeyStore keyStore = getKeyStore(str, cArr, str2);
        KeyManager[] keyManagerArr = null;
        if (keyStore != null) {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
            keyManagerFactory.init(keyStore, cArr);
            keyManagerArr = keyManagerFactory.getKeyManagers();
        }
        return keyManagerArr;
    }

    private KeyStore getKeyStore(String str, char[] cArr, String str2) throws KeyStoreException, FileNotFoundException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableEntryException {
        KeyStore keyStore = null;
        if (str != null) {
            if (new File(str).exists()) {
                keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                keyStore.load(new FileInputStream(str), null);
                if (str2 != null) {
                    if (!keyStore.containsAlias(str2) || !keyStore.isKeyEntry(str2)) {
                        s_logger.info("Could not find alias {} in key store at {}. Using Java default.", str2, str);
                        keyStore = null;
                    } else if (keyStore.size() > 1) {
                        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
                        KeyStore.Entry entry = keyStore.getEntry(str2, passwordProtection);
                        keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                        keyStore.load(null, null);
                        keyStore.setEntry(str2, entry, passwordProtection);
                    }
                }
            } else {
                s_logger.info("Could not find key store at {}. Using Java default.", str);
            }
        }
        return keyStore;
    }

    private char[] getKeyStorePassword() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, IOException {
        return this.m_systemService.getJavaKeyStorePassword();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public char[] getTrustStorePassword() throws InvalidKeyException, NoSuchAlgorithmException, NoSuchPaddingException, IllegalBlockSizeException, BadPaddingException, IOException {
        return this.m_systemService.getJavaTrustStorePassword();
    }
}
