package org.apache.geronimo.security.ca;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.net.URI;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Properties;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.geronimo.crypto.CaUtils;
import org.apache.geronimo.gbean.AbstractName;
import org.apache.geronimo.gbean.GBeanInfo;
import org.apache.geronimo.gbean.GBeanInfoBuilder;
import org.apache.geronimo.gbean.GBeanLifecycle;
import org.apache.geronimo.kernel.Kernel;
import org.apache.geronimo.management.geronimo.CertificateStore;
import org.apache.geronimo.management.geronimo.CertificateStoreException;
import org.apache.geronimo.security.realm.providers.FileAuditLoginModule;
import org.apache.geronimo.system.serverinfo.ServerInfo;

/* loaded from: input_file:org/apache/geronimo/security/ca/FileCertificateStore.class */
public class FileCertificateStore implements CertificateStore, GBeanLifecycle {
    private static final Log log = LogFactory.getLog(FileCertificateStore.class);
    private ServerInfo serverInfo;
    private Kernel kernel;
    private AbstractName abstractName;
    private URI directoryPath;
    private static final String SERIAL_NUMBER_FILE = "highest-serial-number.txt";
    private static final String CERT_FILE_SUFFIX = ".txt";
    private static final String CA_CERT_FILE = "ca-cert.txt";
    private static final String CHALLENGE_FILENAME = "challenge.properties";
    private static final String CHALLENGE_FILE_HEADER = "Challenge File";
    private File storeDir = null;
    private File highestSerialFile = null;
    private BigInteger highestSerialNumber = null;
    private Properties challenges = null;
    public static final GBeanInfo GBEAN_INFO;

    public FileCertificateStore(ServerInfo serverInfo, URI uri, Kernel kernel, AbstractName abstractName) {
        this.serverInfo = serverInfo;
        this.kernel = kernel;
        this.abstractName = abstractName;
        this.directoryPath = uri;
    }

    public void storeCertificate(Certificate certificate) throws CertificateStoreException {
        BigInteger serialNumber = ((X509Certificate) certificate).getSerialNumber();
        File file = new File(this.storeDir, serialNumber + CERT_FILE_SUFFIX);
        try {
            if (serialNumber.compareTo(getHighestSerialNumber()) == 1) {
                setHighestSerialNumber(serialNumber);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            CaUtils.storeInBase64(fileOutputStream, certificate.getEncoded(), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----", 76);
            fileOutputStream.close();
        } catch (Exception e) {
            throw new CertificateStoreException("Error while storing certificate.", e);
        }
    }

    public Certificate getCertificate(BigInteger bigInteger) throws CertificateStoreException {
        File file = new File(this.storeDir, bigInteger + CERT_FILE_SUFFIX);
        if (!file.exists()) {
            throw new CertificateStoreException("No certificate with serial number " + bigInteger + " found.");
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return generateCertificate;
        } catch (Exception e) {
            throw new CertificateStoreException("Error while retrieving certificate.", e);
        }
    }

    public String getCertificateBase64Text(BigInteger bigInteger) throws CertificateStoreException {
        File file = new File(this.storeDir, bigInteger + CERT_FILE_SUFFIX);
        if (!file.exists()) {
            throw new CertificateStoreException("No certificate with serial number " + bigInteger + " found.");
        }
        try {
            FileInputStream fileInputStream = new FileInputStream(file);
            byte[] bArr = new byte[fileInputStream.available()];
            fileInputStream.read(bArr);
            fileInputStream.close();
            return new String(bArr);
        } catch (Exception e) {
            throw new CertificateStoreException("Error while retrieving certificate.", e);
        }
    }

    public BigInteger getHighestSerialNumber() throws CertificateStoreException {
        if (this.highestSerialNumber == null) {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.highestSerialFile);
                byte[] bArr = new byte[fileInputStream.available()];
                fileInputStream.read(bArr);
                fileInputStream.close();
                this.highestSerialNumber = new BigInteger(new String(bArr).trim());
            } catch (Exception e) {
                throw new CertificateStoreException("Error while getting serial number.", e);
            }
        }
        return this.highestSerialNumber;
    }

    public BigInteger getNextSerialNumber() throws CertificateStoreException {
        setHighestSerialNumber(getHighestSerialNumber().add(BigInteger.ONE));
        return this.highestSerialNumber;
    }

    public boolean containsCertificate(BigInteger bigInteger) {
        return new File(this.storeDir, bigInteger + CERT_FILE_SUFFIX).exists();
    }

    private void setHighestSerialNumber(BigInteger bigInteger) throws CertificateStoreException {
        try {
            this.highestSerialNumber = bigInteger;
            FileOutputStream fileOutputStream = new FileOutputStream(this.highestSerialFile);
            fileOutputStream.write(this.highestSerialNumber.toString().getBytes());
            fileOutputStream.close();
        } catch (Exception e) {
            throw new CertificateStoreException("Error while setting highest serial number.", e);
        }
    }

    public boolean storeCACertificate(Certificate certificate) throws CertificateStoreException {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(new File(this.storeDir, CA_CERT_FILE));
            CaUtils.storeInBase64(fileOutputStream, certificate.getEncoded(), "-----BEGIN CERTIFICATE-----", "-----END CERTIFICATE-----", 76);
            fileOutputStream.close();
            return true;
        } catch (Exception e) {
            throw new CertificateStoreException("Exception in storing CA certificate", e);
        }
    }

    public Certificate getCACertificate() throws CertificateStoreException {
        try {
            FileInputStream fileInputStream = new FileInputStream(new File(this.storeDir, CA_CERT_FILE));
            Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
            fileInputStream.close();
            return generateCertificate;
        } catch (Exception e) {
            throw new CertificateStoreException("Exception in getting CA certificate", e);
        }
    }

    public boolean setCertificateChallenge(BigInteger bigInteger, String str) {
        if (this.challenges == null) {
            loadChallenges();
        }
        if (this.challenges.containsKey(bigInteger.toString())) {
            return false;
        }
        this.challenges.setProperty(bigInteger.toString(), str);
        storeChallenges();
        return true;
    }

    private void storeChallenges() {
        if (this.challenges == null) {
            loadChallenges();
        }
        File file = new File(this.storeDir, CHALLENGE_FILENAME);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            this.challenges.store(fileOutputStream, CHALLENGE_FILE_HEADER);
            fileOutputStream.close();
        } catch (Exception e) {
            log.error("Exceptions while storing challenges file. File = " + file.getAbsolutePath(), e);
        }
    }

    private void loadChallenges() {
        File file = new File(this.storeDir, CHALLENGE_FILENAME);
        try {
            if (!file.exists()) {
                file.createNewFile();
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            this.challenges = new Properties();
            this.challenges.load(fileInputStream);
            fileInputStream.close();
        } catch (IOException e) {
            log.error("Exceptions while loading challenges file. File = " + file.getAbsolutePath(), e);
        }
    }

    public void doFail() {
    }

    public void doStart() throws Exception {
        this.serverInfo.resolveServer(this.directoryPath);
        URI resolve = this.serverInfo != null ? this.serverInfo.resolve(this.directoryPath) : this.directoryPath;
        if (!resolve.getScheme().equals(FileAuditLoginModule.LOG_FILE_OPTION)) {
            throw new IllegalStateException("FileCertificateStore must have a root that's a local directory (not " + resolve + ")");
        }
        this.storeDir = new File(resolve);
        if (!this.storeDir.exists()) {
            this.storeDir.mkdirs();
            log.debug("Created directory " + this.storeDir.getAbsolutePath());
        } else if (!this.storeDir.isDirectory() || !this.storeDir.canRead()) {
            throw new IllegalStateException("FileCertificateStore must have a root that's a valid readable directory (not " + this.storeDir.getAbsolutePath() + ")");
        }
        log.debug("CertificateStore directory is " + this.storeDir.getAbsolutePath());
        this.highestSerialFile = new File(this.storeDir, SERIAL_NUMBER_FILE);
        if (!this.highestSerialFile.exists()) {
            try {
                setHighestSerialNumber(BigInteger.ZERO);
            } catch (CertificateStoreException e) {
                log.error("Error initializing certificate store. storeDir=" + this.storeDir, e);
            }
        }
        loadChallenges();
    }

    public void doStop() throws Exception {
    }

    public static GBeanInfo getGBeanInfo() {
        return GBEAN_INFO;
    }

    static {
        GBeanInfoBuilder createStatic = GBeanInfoBuilder.createStatic(FileCertificateStore.class, "CertificateStore");
        createStatic.addAttribute("directoryPath", URI.class, true, false);
        createStatic.addAttribute("kernel", Kernel.class, false);
        createStatic.addAttribute("abstractName", AbstractName.class, false);
        createStatic.addReference("ServerInfo", ServerInfo.class, "GBean");
        createStatic.addInterface(CertificateStore.class);
        createStatic.setConstructor(new String[]{"ServerInfo", "directoryPath", "kernel", "abstractName"});
        GBEAN_INFO = createStatic.getBeanInfo();
    }
}
