package org.intermine.web.security;

import ch.qos.logback.core.net.ssl.SSL;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import javassist.compiler.TokenId;
import org.apache.log4j.Logger;
import org.intermine.util.PropertiesUtil;
import org.intermine.web.logic.ResourceOpener;
import org.intermine.web.security.KeySigner;

/* loaded from: input_file:WEB-INF/classes/org/intermine/web/security/KeyStoreBuilder.class */
public class KeyStoreBuilder {
    private static final String CANT_GEN_CERT = "Could not generate certificate for ";
    private static final Logger LOG = Logger.getLogger(KeyStoreBuilder.class);
    private static final String DEFAULT_TITLE = "InterMine";
    private static final String PROJECT_TITLE = "project.title";
    private static final String SECURITY_PRIVATEKEY_ALIAS = "security.privatekey.alias";
    private static final String SECURITY_PRIVATEKEY_PASSWORD = "security.privatekey.password";
    private static final String KS_PASSWORD = "security.keystore.password";
    private static final String PREFIX = "security.publickey";
    private static final String STRICT_DECODING = "keystore.strictpublickeydecoding";
    private Properties options;
    private ResourceOpener opener;

    public KeyStoreBuilder(Properties properties, ResourceOpener resourceOpener) {
        this.options = properties;
        this.opener = resourceOpener;
        if (properties == null) {
            throw new NullPointerException("options must not be null");
        }
        if (resourceOpener == null) {
            throw new NullPointerException("opener must not be null");
        }
    }

    private char[] getKeyStorePassword() {
        String property = this.options.getProperty(KS_PASSWORD);
        if (property != null) {
            return property.toCharArray();
        }
        return null;
    }

    /* JADX WARN: Finally extract failed */
    public KeyStore buildKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
        InputStream inputStream = null;
        try {
            inputStream = this.opener.openResource("keystore.jks");
            if (inputStream == null) {
                LOG.debug("NO KEYSTORE FOUND - initialising empty keystore");
            } else {
                LOG.debug("FOUND KEYSTORE");
            }
            keyStore.load(inputStream, getKeyStorePassword());
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e) {
                    LOG.error("Error closing keystore resource", e);
                }
            }
            Map<String, PublicKey> configuredPublicKeys = getConfiguredPublicKeys();
            if (!configuredPublicKeys.isEmpty()) {
                LOG.info("Found " + configuredPublicKeys.size() + " encoded keys");
                KeySigner keySigner = new KeySigner(getOrGeneratePrivateKey(keyStore, this.options.getProperty(SECURITY_PRIVATEKEY_ALIAS)), ("CN=" + this.options.getProperty(PROJECT_TITLE, DEFAULT_TITLE)).replaceAll("\\s", ""), TokenId.LSHIFT_E, KeySigner.DEFAULT_ALGORITHM);
                for (Map.Entry<String, PublicKey> entry : configuredPublicKeys.entrySet()) {
                    try {
                        keyStore.setCertificateEntry(entry.getKey(), keySigner.generateCertificate(entry.getKey(), entry.getValue()));
                    } catch (KeySigner.SigningException e2) {
                        throw new CertificateException(CANT_GEN_CERT + entry.getKey());
                    }
                }
            }
            int i = 0;
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                i++;
                aliases.nextElement();
            }
            LOG.debug("Finished configuring KEYSTORE - it contains " + i + " certificates");
            return keyStore;
        } catch (Throwable th) {
            if (inputStream != null) {
                try {
                    inputStream.close();
                } catch (IOException e3) {
                    LOG.error("Error closing keystore resource", e3);
                }
            }
            throw th;
        }
    }

    private PrivateKey getOrGeneratePrivateKey(KeyStore keyStore, String str) throws KeyStoreException, NoSuchAlgorithmException {
        char[] charArray;
        PrivateKey privateKey = null;
        if (str != null && keyStore.containsAlias(str)) {
            String property = this.options.getProperty(SECURITY_PRIVATEKEY_PASSWORD);
            if (property != null) {
                try {
                    charArray = property.toCharArray();
                } catch (UnrecoverableKeyException e) {
                }
            } else {
                charArray = null;
            }
            privateKey = (PrivateKey) keyStore.getKey(str, charArray);
        }
        if (privateKey == null) {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(2048);
            privateKey = keyPairGenerator.genKeyPair().getPrivate();
        }
        return privateKey;
    }

    private Map<String, PublicKey> getConfiguredPublicKeys() {
        Properties stripStart = PropertiesUtil.stripStart(PREFIX, this.options);
        Base64PublicKeyDecoder base64PublicKeyDecoder = new Base64PublicKeyDecoder();
        boolean z = !"true".equalsIgnoreCase(this.options.getProperty(STRICT_DECODING));
        HashMap hashMap = new HashMap();
        Enumeration<?> propertyNames = stripStart.propertyNames();
        while (propertyNames.hasMoreElements()) {
            String str = (String) propertyNames.nextElement();
            LOG.info("found encoded key called " + str);
            try {
                hashMap.put(str, base64PublicKeyDecoder.decode(stripStart.getProperty(str)));
            } catch (DecodingException e) {
                String str2 = "Could not decode key for " + str;
                if (!z) {
                    throw new RuntimeException(str2, e);
                }
                LOG.error(str2);
            }
        }
        return hashMap;
    }
}
