package org.opendaylight.netconf.keystore.plaintext.localfile;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.StandardCopyOption;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.Map;
import java.util.NoSuchElementException;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.Random;
import java.util.Set;
import java.util.concurrent.atomic.AtomicReference;
import org.opendaylight.netconf.keystore.plaintext.api.MutablePlaintextStorage;
import org.opendaylight.netconf.keystore.plaintext.api.PlaintextStorage;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.metatype.annotations.AttributeDefinition;
import org.osgi.service.metatype.annotations.Designate;
import org.osgi.service.metatype.annotations.ObjectClassDefinition;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SuppressFBWarnings({"PZLA_PREFER_ZERO_LENGTH_ARRAYS"})
@Designate(ocd = Configuration.class)
@Component(service = {PlaintextStorage.class, MutablePlaintextStorage.class}, immediate = true, configurationPid = {"org.opendaylight.netconf.keystore.plaintext.localfile"})
/* loaded from: input_file:org/opendaylight/netconf/keystore/plaintext/localfile/PlaintextLocalFileStorage.class */
public class PlaintextLocalFileStorage implements MutablePlaintextStorage {
    private static final Logger LOG = LoggerFactory.getLogger(PlaintextLocalFileStorage.class);
    private final File file;
    private final byte[] secret;
    private final AtomicReference<Set<StorageEntry>> entriesRef;

    @ObjectClassDefinition
    /* loaded from: input_file:org/opendaylight/netconf/keystore/plaintext/localfile/PlaintextLocalFileStorage$Configuration.class */
    public @interface Configuration {
        @AttributeDefinition
        String key$_$file() default "etc/plaintext.keystore.key";

        @AttributeDefinition
        String data$_$file() default "etc/plaintext.keystore.data";

        @AttributeDefinition
        String import$_$from$_$file() default "etc/plaintext.keystore.data.unencrypted";
    }

    @Activate
    public PlaintextLocalFileStorage(Configuration configuration) throws IOException {
        this(secretFrom(new File(configuration.key$_$file())), new File(configuration.data$_$file()), new File(configuration.import$_$from$_$file()));
        LOG.info("Service activated");
    }

    public PlaintextLocalFileStorage(byte[] bArr, File file) throws IOException {
        this(bArr, file, null);
    }

    public PlaintextLocalFileStorage(byte[] bArr, File file, File file2) throws IOException {
        this.entriesRef = new AtomicReference<>();
        this.file = validateFile(file);
        this.secret = validateSecret(bArr);
        this.entriesRef.set(Set.copyOf(readData(bArr, file, file2)));
    }

    public final Iterator<Map.Entry<byte[], byte[]>> iterator() {
        final StorageEntry[] storageEntryArr = (StorageEntry[]) entries().toArray(i -> {
            return new StorageEntry[i];
        });
        return new Iterator<Map.Entry<byte[], byte[]>>() { // from class: org.opendaylight.netconf.keystore.plaintext.localfile.PlaintextLocalFileStorage.1
            private final int maxIndex;
            private int index = -1;

            {
                this.maxIndex = storageEntryArr.length - 1;
            }

            @Override // java.util.Iterator
            public boolean hasNext() {
                return this.index < this.maxIndex;
            }

            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.util.Iterator
            public Map.Entry<byte[], byte[]> next() {
                if (this.index >= this.maxIndex) {
                    throw new NoSuchElementException();
                }
                StorageEntry[] storageEntryArr2 = storageEntryArr;
                int i2 = this.index + 1;
                this.index = i2;
                return storageEntryArr2[i2];
            }
        };
    }

    public byte[] lookup(byte[] bArr) {
        return (byte[]) findByKey(bArr).map((v0) -> {
            return v0.getValue();
        }).orElse(null);
    }

    public byte[] removeKey(byte[] bArr) throws IOException {
        StorageEntry orElse = findByKey(bArr).orElse(null);
        if (orElse == null) {
            return null;
        }
        HashSet hashSet = new HashSet(entries());
        hashSet.remove(orElse);
        updateWith(Set.copyOf(hashSet));
        return orElse.value();
    }

    public boolean removeEntry(byte[] bArr, byte[] bArr2) throws IOException {
        HashSet hashSet = new HashSet(entries());
        boolean remove = hashSet.remove(new StorageEntry(bArr, bArr2));
        if (remove) {
            updateWith(Set.copyOf(hashSet));
        }
        return remove;
    }

    public byte[] insertEntry(byte[] bArr, byte[] bArr2) throws IOException {
        StorageEntry orElse = findByKey(bArr).orElse(null);
        if (orElse != null) {
            return orElse.getValue();
        }
        HashSet hashSet = new HashSet(entries());
        hashSet.add(new StorageEntry(bArr, bArr2));
        updateWith(Set.copyOf(hashSet));
        return null;
    }

    public byte[] putEntry(byte[] bArr, byte[] bArr2) throws IOException {
        StorageEntry orElse = findByKey(bArr).orElse(null);
        HashSet hashSet = new HashSet(entries());
        if (orElse != null) {
            if (Arrays.equals(orElse.value(), bArr2)) {
                return bArr2;
            }
            hashSet.remove(orElse);
        }
        hashSet.add(new StorageEntry(bArr, bArr2));
        updateWith(Set.copyOf(hashSet));
        if (orElse == null) {
            return null;
        }
        return orElse.getValue();
    }

    private Set<StorageEntry> entries() {
        Set<StorageEntry> set = this.entriesRef.get();
        return set == null ? Set.of() : set;
    }

    private Optional<StorageEntry> findByKey(byte[] bArr) {
        return entries().stream().filter(storageEntry -> {
            return Arrays.equals(bArr, storageEntry.key());
        }).findFirst();
    }

    private void updateWith(Set<StorageEntry> set) throws IOException {
        Set<StorageEntry> copyOf = Set.copyOf(set);
        writeToFile(copyOf);
        this.entriesRef.set(copyOf);
    }

    private void writeToFile(Collection<StorageEntry> collection) throws IOException {
        ArrayList arrayList = new ArrayList(collection);
        Collections.shuffle(arrayList, new Random());
        File createTempFile = File.createTempFile("localfile-", ".temp");
        FileOutputStream fileOutputStream = new FileOutputStream(createTempFile);
        try {
            CipherUtils.toBase64Stream(arrayList, this.secret, fileOutputStream);
            fileOutputStream.close();
            Files.move(createTempFile.toPath(), this.file.toPath(), StandardCopyOption.ATOMIC_MOVE, StandardCopyOption.REPLACE_EXISTING);
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static byte[] secretFrom(File file) throws IOException {
        validateFile(file);
        if (file.exists()) {
            InputStream wrap = Base64.getDecoder().wrap(new FileInputStream(file));
            try {
                byte[] readAllBytes = wrap.readAllBytes();
                if (wrap != null) {
                    wrap.close();
                }
                return readAllBytes;
            } catch (Throwable th) {
                if (wrap != null) {
                    try {
                        wrap.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        LOG.warn("Key file {} does not exist. Using generated key.", file);
        byte[] generateSecret = CipherUtils.generateSecret();
        OutputStream wrap2 = Base64.getEncoder().wrap(new FileOutputStream(file));
        try {
            wrap2.write(generateSecret);
            if (wrap2 != null) {
                wrap2.close();
            }
            return generateSecret;
        } catch (Throwable th3) {
            if (wrap2 != null) {
                try {
                    wrap2.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    private static byte[] validateSecret(byte[] bArr) {
        Objects.requireNonNull(bArr);
        if (bArr.length == 16 || bArr.length == 32) {
            return bArr;
        }
        throw new IllegalArgumentException("Invalid secret length " + bArr.length + ". Expected 16 or 32.");
    }

    private static File validateFile(File file) {
        Objects.requireNonNull(file);
        if (file.exists() && Files.isSymbolicLink(file.toPath())) {
            throw new IllegalArgumentException("Symbolic link detected in file path " + file.getPath());
        }
        return file;
    }

    private static Collection<StorageEntry> readData(byte[] bArr, File file, File file2) throws IOException {
        FileInputStream fileInputStream;
        if (file.exists()) {
            fileInputStream = new FileInputStream(file);
            try {
                Collection<StorageEntry> fromBase64Stream = CipherUtils.fromBase64Stream(bArr, fileInputStream);
                fileInputStream.close();
                return fromBase64Stream;
            } finally {
            }
        }
        LOG.warn("Data file {} does not exist.", file);
        Properties properties = new Properties();
        if (file2 == null || !file2.exists()) {
            LOG.info("Importing initial data from default properties");
            InputStream resourceAsStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("default.properties");
            try {
                properties.load(resourceAsStream);
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } else {
            LOG.info("Importing initial data from unencrypted properties file {}", file2);
            fileInputStream = new FileInputStream(file2);
            try {
                properties.load(fileInputStream);
                fileInputStream.close();
            } finally {
            }
        }
        LinkedList linkedList = new LinkedList();
        for (String str : properties.stringPropertyNames()) {
            String property = properties.getProperty(str, "");
            if (!property.isEmpty()) {
                linkedList.add(new StorageEntry(str.getBytes(StandardCharsets.UTF_8), property.getBytes(StandardCharsets.UTF_8)));
            }
        }
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            CipherUtils.toBase64Stream(linkedList, bArr, fileOutputStream);
            fileOutputStream.close();
            if (file2 != null && file2.delete()) {
                LOG.info("Data moved to encrypted storage, import data file {} removed as insecure.", file2);
            }
            return linkedList;
        } catch (Throwable th3) {
            try {
                fileOutputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }
}
