package org.xipki.tomcat;

import java.io.FileReader;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.LinkedList;
import java.util.Properties;
import java.util.StringTokenizer;
import org.apache.tomcat.util.net.SSLHostConfig;
import org.apache.tomcat.util.net.SSLHostConfigCertificate;
import org.xipki.password.PasswordResolver;
import org.xipki.password.Passwords;

/* loaded from: input_file:org/xipki/tomcat/TomcatPasswordResolver.class */
public class TomcatPasswordResolver {
    public static TomcatPasswordResolver INSTANCE = new TomcatPasswordResolver();
    private boolean passwordResolverInitialized = false;
    private boolean passwordResolverInitFailed = false;
    private PasswordResolver passwordResolver;

    public void resolvePasswords(SSLHostConfig sSLHostConfig) {
        String truststorePassword = sSLHostConfig.getTruststorePassword();
        if (truststorePassword != null) {
            sSLHostConfig.setTruststorePassword(resolvePassword(truststorePassword));
        }
        String certificateKeystorePassword = sSLHostConfig.getCertificateKeystorePassword();
        if (certificateKeystorePassword != null) {
            sSLHostConfig.setCertificateKeystorePassword(resolvePassword(certificateKeystorePassword));
        }
        String certificateKeyPassword = sSLHostConfig.getCertificateKeyPassword();
        if (certificateKeyPassword != null) {
            sSLHostConfig.setCertificateKeyPassword(resolvePassword(certificateKeyPassword));
        }
        for (SSLHostConfigCertificate sSLHostConfigCertificate : sSLHostConfig.getCertificates()) {
            String certificateKeyPassword2 = sSLHostConfigCertificate.getCertificateKeyPassword();
            if (certificateKeyPassword2 != null) {
                sSLHostConfigCertificate.setCertificateKeyPassword(resolvePassword(certificateKeyPassword2));
            }
            String certificateKeystorePassword2 = sSLHostConfigCertificate.getCertificateKeystorePassword();
            if (certificateKeystorePassword2 != null) {
                sSLHostConfigCertificate.setCertificateKeystorePassword(resolvePassword(certificateKeystorePassword2));
            }
        }
    }

    private synchronized void initPasswordResolver() {
        String property;
        try {
            if (this.passwordResolverInitialized) {
                return;
            }
            try {
                Properties properties = System.getProperties();
                String property2 = properties.getProperty("XIPKI_PASSWORD_CFG");
                if (property2 == null && (property = properties.getProperty("XIPKI_BASE")) != null) {
                    Path path = Paths.get(property, "security", "password.cfg");
                    if (Files.exists(path, new LinkOption[0])) {
                        property2 = path.toString();
                    }
                }
                Passwords.PasswordConf passwordConf = new Passwords.PasswordConf();
                if (property2 != null) {
                    String solveVariables = solveVariables(property2, 0, properties);
                    Properties properties2 = new Properties();
                    FileReader fileReader = new FileReader(solveVariables);
                    try {
                        properties2.load(fileReader);
                        String property3 = properties2.getProperty("masterPasswordCallback");
                        if (property3 != null && !property3.isEmpty()) {
                            passwordConf.setMasterPasswordCallback(solveVariables(property3, 0, properties));
                        }
                        String property4 = properties2.getProperty("singlePasswordResolvers");
                        if (property4 != null && !property4.trim().isEmpty()) {
                            StringTokenizer stringTokenizer = new StringTokenizer(property4.trim(), " ,;:");
                            LinkedList linkedList = new LinkedList();
                            while (stringTokenizer.hasMoreTokens()) {
                                linkedList.add(stringTokenizer.nextToken());
                            }
                            passwordConf.setSinglePasswordResolvers(linkedList);
                        }
                        fileReader.close();
                    } catch (Throwable th) {
                        try {
                            fileReader.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                        throw th;
                    }
                }
                Passwords passwords = new Passwords();
                passwords.init(passwordConf);
                this.passwordResolver = passwords.getPasswordResolver();
                this.passwordResolverInitFailed = false;
                this.passwordResolverInitialized = true;
            } catch (Exception e) {
                this.passwordResolverInitFailed = true;
                this.passwordResolverInitialized = true;
            }
        } catch (Throwable th3) {
            this.passwordResolverInitialized = true;
            throw th3;
        }
    }

    private static String solveVariables(String str, int i, Properties properties) {
        int indexOf;
        int indexOf2;
        int i2;
        if (i + 4 < str.length() && (indexOf = str.indexOf("${", i)) != -1 && (indexOf2 = str.indexOf("}", indexOf + 2)) != -1) {
            String substring = str.substring(indexOf, indexOf2 + 1);
            String property = properties.getProperty(substring.substring(2, substring.length() - 1));
            if (property != null) {
                str = str.substring(0, indexOf) + property + str.substring(indexOf2 + 1);
                i2 = indexOf + property.length() + 1;
            } else {
                i2 = indexOf2 + 1;
            }
            return solveVariables(str, i2, properties);
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String resolvePassword(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        if (str.indexOf(58) == -1) {
            return str;
        }
        initPasswordResolver();
        if (this.passwordResolverInitFailed) {
            return str;
        }
        try {
            return new String(this.passwordResolver.resolvePassword(str));
        } catch (Exception e) {
            System.err.println("ERROR: could not resolve password");
            return str;
        }
    }
}
