package org.phoebus.security.store;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.phoebus.framework.workbench.Locations;
import org.phoebus.security.tokens.ScopedAuthenticationToken;

/* loaded from: input_file:org/phoebus/security/store/SecureStore.class */
public class SecureStore {
    private final SecretKeyFactory kf;
    private final KeyStore store;
    private final File secure_file;
    private final char[] store_pass;
    private final KeyStore.ProtectionParameter pp;
    public static final String USERNAME_TAG = "username";
    public static final String PASSWORD_TAG = "password";
    private static final Logger LOGGER = Logger.getLogger(SecureStore.class.getName());

    public SecureStore() throws Exception {
        this(new File(Locations.user(), "secure_store.dat"));
    }

    public SecureStore(File file) throws Exception {
        this(file, Integer.toString(file.getAbsolutePath().hashCode()).toCharArray());
    }

    public SecureStore(File file, char[] cArr) throws Exception {
        this.kf = SecretKeyFactory.getInstance("PBE");
        this.secure_file = file;
        this.store_pass = cArr;
        this.store = KeyStore.getInstance(KeyStore.getDefaultType());
        this.pp = new KeyStore.PasswordProtection(cArr);
        if (file.canRead()) {
            this.store.load(new FileInputStream(file), cArr);
        } else {
            this.store.load(null, cArr);
        }
    }

    public String get(String str) throws Exception {
        KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) this.store.getEntry(str, this.pp);
        if (secretKeyEntry == null) {
            return null;
        }
        return new String(((PBEKeySpec) this.kf.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class)).getPassword());
    }

    public void set(String str, String str2) throws Exception {
        this.store.setEntry(str, new KeyStore.SecretKeyEntry(this.kf.generateSecret(new PBEKeySpec(str2.toCharArray()))), this.pp);
        this.store.store(new FileOutputStream(this.secure_file), this.store_pass);
    }

    public void delete(String str) throws Exception {
        this.store.deleteEntry(str);
        LOGGER.log(Level.INFO, "Deleting entry " + str + " from secure store");
        this.store.store(new FileOutputStream(this.secure_file), this.store_pass);
    }

    public ScopedAuthenticationToken getScopedAuthenticationToken(String str) throws Exception {
        String str2;
        String str3;
        if (str == null || str.trim().isEmpty()) {
            str2 = get(USERNAME_TAG);
            str3 = get(PASSWORD_TAG);
        } else {
            str2 = get(str + ".username");
            str3 = get(str + ".password");
        }
        if (str2 == null || str3 == null) {
            return null;
        }
        return new ScopedAuthenticationToken(str, str2, str3);
    }

    public void deleteScopedAuthenticationToken(String str) throws Exception {
        LOGGER.log(Level.INFO, "Deleting authentication token for scope: " + str);
        if (str == null || str.trim().isEmpty()) {
            delete(USERNAME_TAG);
            delete(PASSWORD_TAG);
        } else {
            delete(str + ".username");
            delete(str + ".password");
        }
    }

    public void deleteAllScopedAuthenticationTokens() throws Exception {
        getAuthenticationTokens().stream().forEach(scopedAuthenticationToken -> {
            try {
                deleteScopedAuthenticationToken(scopedAuthenticationToken.getScope());
            } catch (Exception e) {
                LOGGER.log(Level.WARNING, "Failed to delete scoped authentication token " + scopedAuthenticationToken.toString(), (Throwable) e);
            }
        });
    }

    public void setScopedAuthentication(ScopedAuthenticationToken scopedAuthenticationToken) throws Exception {
        String username = scopedAuthenticationToken.getUsername();
        String password = scopedAuthenticationToken.getPassword();
        if (username == null || username.trim().isEmpty() || password == null || password.trim().isEmpty()) {
            throw new RuntimeException("Username and password must both be non-null and non-empty");
        }
        String scope = scopedAuthenticationToken.getScope();
        if (scope == null || scope.trim().isEmpty()) {
            set(USERNAME_TAG, username);
            set(PASSWORD_TAG, password);
        } else {
            set(scope + ".username", username);
            set(scope + ".password", password);
        }
        LOGGER.log(Level.INFO, "Storing scoped authentication token " + scopedAuthenticationToken.toString());
        this.store.store(new FileOutputStream(this.secure_file), this.store_pass);
    }

    public List<ScopedAuthenticationToken> getAuthenticationTokens() throws Exception {
        return matchEntries(Collections.list(this.store.aliases()));
    }

    private List<ScopedAuthenticationToken> matchEntries(List<String> list) throws Exception {
        String str;
        String str2;
        ArrayList arrayList = new ArrayList();
        for (String str3 : list) {
            if (!str3.endsWith(PASSWORD_TAG)) {
                String[] split = str3.split("\\.");
                String str4 = null;
                if (split.length == 1 && USERNAME_TAG.equals(split[0])) {
                    str = get(split[0]);
                    str2 = get(PASSWORD_TAG);
                } else {
                    str4 = split[0];
                    str = get(str4 + ".username");
                    str2 = get(str4 + ".password");
                }
                if (str2 != null) {
                    arrayList.add(new ScopedAuthenticationToken(str4, str, str2));
                }
            }
        }
        return arrayList;
    }
}
