package org.wso2.carbon.user.core.config;

import com.google.gson.Gson;
import com.google.gson.JsonSyntaxException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.nio.charset.Charset;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamException;
import org.apache.axiom.om.OMAbstractFactory;
import org.apache.axiom.om.OMElement;
import org.apache.axiom.om.OMFactory;
import org.apache.axiom.om.impl.builder.StAXOMBuilder;
import org.apache.axiom.om.util.Base64;
import org.apache.axiom.om.xpath.AXIOMXPath;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.osgi.framework.BundleContext;
import org.wso2.carbon.CarbonException;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.core.RegistryResources;
import org.wso2.carbon.user.core.UserCoreConstants;
import org.wso2.carbon.user.core.UserStoreException;
import org.wso2.carbon.user.core.internal.UserStoreMgtDSComponent;
import org.wso2.carbon.user.core.tracker.UserStoreManagerRegistry;
import org.wso2.carbon.user.core.util.UserCoreUtil;
import org.wso2.carbon.utils.CarbonUtils;
import org.wso2.securevault.SecretResolver;
import org.wso2.securevault.SecretResolverFactory;
import org.wso2.securevault.commons.MiscellaneousUtil;
import org.wso2.securevault.definition.CipherInformation;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.5.3.jar:org/wso2/carbon/user/core/config/UserStoreConfigXMLProcessor.class */
public class UserStoreConfigXMLProcessor {
    private static BundleContext bundleContext;
    private static final String CIPHER_TRANSFORMATION_SYSTEM_PROPERTY = "org.wso2.CipherTransformation";
    private SecretResolver secretResolver;
    private String filePath;
    private Gson gson = new Gson();
    private static final Log log = LogFactory.getLog((Class<?>) UserStoreConfigXMLProcessor.class);
    private static PrivateKey privateKey = getPrivateKey();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.user.core-4.5.3.jar:org/wso2/carbon/user/core/config/UserStoreConfigXMLProcessor$CipherHolder.class */
    public class CipherHolder {
        private String c;
        private String t = CipherInformation.DEFAULT_ALGORITHM;
        private String tp;
        private String tpd;

        private CipherHolder() {
        }

        public String getTransformation() {
            return this.t;
        }

        public void setTransformation(String str) {
            this.t = str;
        }

        public String getCipherText() {
            return this.c;
        }

        public byte[] getCipherBase64Decoded() {
            return Base64.decode(this.c);
        }

        public void setCipherText(String str) {
            this.c = str;
        }

        public String getThumbPrint() {
            return this.tp;
        }

        public void setThumbPrint(String str) {
            this.tp = str;
        }

        public String getThumbprintDigest() {
            return this.tpd;
        }

        public void setThumbprintDigest(String str) {
            this.tpd = str;
        }

        public void setCipherBase64Encoded(byte[] bArr) {
            this.c = Base64.encode(bArr);
        }

        public void setThumbPrint(String str, String str2) {
            this.tp = str;
            this.tpd = str2;
        }

        public String toString() {
            return new Gson().toJson(this);
        }
    }

    public UserStoreConfigXMLProcessor(String str) {
        this.filePath = null;
        this.filePath = str;
    }

    public static void setBundleContext(BundleContext bundleContext2) {
        bundleContext = bundleContext2;
    }

    public static OMElement serialize(org.wso2.carbon.user.api.RealmConfiguration realmConfiguration) {
        OMFactory oMFactory = OMAbstractFactory.getOMFactory();
        OMElement createOMElement = oMFactory.createOMElement(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_USER_STORE_MANAGER));
        addPropertyElements(oMFactory, createOMElement, realmConfiguration.getUserStoreClass(), realmConfiguration.getUserStoreProperties());
        return createOMElement;
    }

    private static void addPropertyElements(OMFactory oMFactory, OMElement oMElement, String str, Map<String, String> map) {
        if (str != null) {
            oMElement.addAttribute("class", str, null);
        }
        for (Map.Entry<String, String> entry : map.entrySet()) {
            String key = entry.getKey();
            String value = entry.getValue();
            OMElement createOMElement = oMFactory.createOMElement(new QName("Property"));
            createOMElement.addAttribute(oMFactory.createOMAttribute("name", null, key));
            createOMElement.setText(value);
            oMElement.addChild(createOMElement);
        }
    }

    public org.wso2.carbon.user.api.RealmConfiguration buildUserStoreConfigurationFromFile() throws UserStoreException {
        try {
            return buildUserStoreConfiguration(getRealmElement());
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("Error while building user store manager from file", e);
            }
            throw new UserStoreException("Error while building user store manager from file", e);
        }
    }

    public org.wso2.carbon.user.api.RealmConfiguration buildUserStoreConfiguration(OMElement oMElement) throws org.wso2.carbon.user.api.UserStoreException {
        boolean z = false;
        XMLProcessorUtils xMLProcessorUtils = new XMLProcessorUtils();
        org.wso2.carbon.user.api.RealmConfiguration realmConfiguration = new org.wso2.carbon.user.api.RealmConfiguration();
        String[] split = this.filePath.split(Pattern.quote(System.getProperty("file.separator")));
        String replace = split[split.length - 1].replace(".xml", "").replace("_", ".");
        org.wso2.carbon.user.api.RealmConfiguration bootstrapRealmConfiguration = UserStoreMgtDSComponent.getRealmService().getBootstrapRealmConfiguration();
        String attributeValue = oMElement.getAttributeValue(new QName("class"));
        Map<String, String> childPropertyElements = getChildPropertyElements(oMElement, this.secretResolver);
        if (!childPropertyElements.get("DomainName").equalsIgnoreCase(replace)) {
            throw new UserStoreException("File name is required to be the user store domain name(eg.: wso2.com-->wso2_com.xml).");
        }
        if (!xMLProcessorUtils.isMandatoryFieldsProvided(childPropertyElements, UserStoreManagerRegistry.getUserStoreProperties(attributeValue).getMandatoryProperties())) {
            throw new UserStoreException("A required mandatory field is missing.");
        }
        String str = childPropertyElements.get(UserCoreConstants.RealmConfig.LOCAL_PASSWORDS_EXTERNALLY_MANAGED);
        if (null != str && !str.trim().equals("")) {
            z = Boolean.parseBoolean(str);
        } else if (log.isDebugEnabled()) {
            log.debug("External password management is disabled.");
        }
        Map<String, String> multipleCredentialsProperties = getMultipleCredentialsProperties(oMElement);
        realmConfiguration.setUserStoreClass(attributeValue);
        realmConfiguration.setAuthorizationManagerClass(bootstrapRealmConfiguration.getAuthorizationManagerClass());
        realmConfiguration.setEveryOneRoleName(UserCoreUtil.addDomainToName(bootstrapRealmConfiguration.getEveryOneRoleName(), "Internal"));
        realmConfiguration.setUserStoreProperties(childPropertyElements);
        realmConfiguration.setPasswordsExternallyManaged(z);
        realmConfiguration.setAuthzProperties(bootstrapRealmConfiguration.getAuthzProperties());
        realmConfiguration.setRealmProperties(bootstrapRealmConfiguration.getRealmProperties());
        realmConfiguration.setPasswordsExternallyManaged(bootstrapRealmConfiguration.isPasswordsExternallyManaged());
        realmConfiguration.addMultipleCredentialProperties(attributeValue, multipleCredentialsProperties);
        if (realmConfiguration.getUserStoreProperty("MaxUserNameListLength") == null) {
            realmConfiguration.getUserStoreProperties().put("MaxUserNameListLength", UserCoreConstants.RealmConfig.PROPERTY_VALUE_DEFAULT_MAX_COUNT);
        }
        if (realmConfiguration.getUserStoreProperty("ReadOnly") == null) {
            realmConfiguration.getUserStoreProperties().put("ReadOnly", "false");
        }
        return realmConfiguration;
    }

    private Map<String, String> getChildPropertyElements(OMElement oMElement, SecretResolver secretResolver) throws org.wso2.carbon.user.api.UserStoreException {
        String str = "";
        try {
            OMElement oMElement2 = (OMElement) new AXIOMXPath(UserCoreConstants.RealmConfig.DOMAIN_NAME_XPATH).selectSingleNode(oMElement);
            if (oMElement2 != null) {
                str = "." + oMElement2.getText();
            }
        } catch (Exception e) {
            log.debug("Error While getting DomainName from Configurations ");
        }
        HashMap hashMap = new HashMap();
        Iterator childrenWithName = oMElement.getChildrenWithName(new QName("Property"));
        boolean z = false;
        while (childrenWithName.hasNext()) {
            OMElement oMElement3 = (OMElement) childrenWithName.next();
            String attributeValue = oMElement3.getAttributeValue(new QName("name"));
            String text = oMElement3.getText();
            if (secretResolver != null && secretResolver.isInitialized()) {
                String protectedToken = MiscellaneousUtil.getProtectedToken(text);
                if (StringUtils.isNotEmpty(protectedToken) && secretResolver.isTokenProtected(protectedToken)) {
                    text = secretResolver.resolve(protectedToken);
                    z = true;
                } else {
                    if (secretResolver.isTokenProtected("UserManager.Configuration.Property." + attributeValue + str)) {
                        text = secretResolver.resolve("UserManager.Configuration.Property." + attributeValue + str);
                        z = true;
                    }
                    if (secretResolver.isTokenProtected("UserStoreManager.Property." + attributeValue + str)) {
                        text = secretResolver.resolve("UserStoreManager.Property." + attributeValue + str);
                        z = true;
                    }
                }
            }
            if (!z && text != null) {
                text = resolveEncryption(oMElement3);
            }
            z = false;
            if (attributeValue != null && text != null) {
                hashMap.put(attributeValue.trim(), text.trim());
            }
        }
        return hashMap;
    }

    private Map<String, String> getMultipleCredentialsProperties(OMElement oMElement) {
        HashMap hashMap = new HashMap();
        OMElement firstChildWithName = oMElement.getFirstChildWithName(new QName(UserCoreConstants.RealmConfig.LOCAL_NAME_MULTIPLE_CREDENTIALS));
        if (firstChildWithName != null) {
            Iterator childrenWithLocalName = firstChildWithName.getChildrenWithLocalName(UserCoreConstants.RealmConfig.LOCAL_NAME_CREDENTIAL);
            while (childrenWithLocalName.hasNext()) {
                Object next = childrenWithLocalName.next();
                if (next instanceof OMElement) {
                    OMElement oMElement2 = (OMElement) next;
                    hashMap.put(oMElement2.getAttributeValue(new QName("type")).trim(), oMElement2.getText().trim());
                }
            }
        }
        return hashMap;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v10, types: [java.io.InputStream] */
    private OMElement getRealmElement() throws XMLStreamException, IOException, UserStoreException {
        FileInputStream fileInputStream = new FileInputStream(this.filePath);
        try {
            try {
                fileInputStream = CarbonUtils.replaceSystemVariablesInXml(fileInputStream);
                OMElement documentElement = new StAXOMBuilder(fileInputStream).getDocumentElement();
                setSecretResolver(documentElement);
                fileInputStream.close();
                return documentElement;
            } catch (CarbonException e) {
                if (log.isDebugEnabled()) {
                    log.debug(e.getMessage(), e);
                }
                throw new UserStoreException(e.getMessage(), e);
            }
        } catch (Throwable th) {
            fileInputStream.close();
            throw th;
        }
    }

    public void setSecretResolver(OMElement oMElement) {
        this.secretResolver = SecretResolverFactory.create(oMElement, true);
    }

    private String resolveEncryption(OMElement oMElement) throws org.wso2.carbon.user.api.UserStoreException {
        String attributeValue;
        String text = oMElement.getText();
        if (text != null && (attributeValue = oMElement.getAttributeValue(new QName("encrypted"))) != null && attributeValue.equalsIgnoreCase("true")) {
            if (log.isDebugEnabled()) {
                log.debug("Eligible to be decrypted=" + oMElement.getAttributeValue(new QName("name")));
            }
            try {
                text = decryptProperty(text);
            } catch (GeneralSecurityException e) {
                log.error("encryption of Property=" + oMElement.getAttributeValue(new QName("name")) + " failed", e);
            }
        }
        return text;
    }

    private static PrivateKey getPrivateKey() {
        ServerConfigurationService serverConfigurationService = UserStoreMgtDSComponent.getServerConfigurationService();
        if (serverConfigurationService == null) {
            log.error("Key store initialization for decrypting secondary store failed due to serverConfigurationService is null while attempting to decrypt secondary store");
            return null;
        }
        FileInputStream fileInputStream = null;
        String str = "Security.KeyStore.Password";
        String str2 = "Security.KeyStore.KeyPassword";
        String str3 = "Security.KeyStore.KeyAlias";
        String str4 = "Security.KeyStore.Location";
        String str5 = "Security.KeyStore.Type";
        if ("InternalKeystore".equalsIgnoreCase(serverConfigurationService.getFirstProperty("Security.UserStorePasswordEncryption"))) {
            str = RegistryResources.SecurityManagement.SERVER_INTERNAL_KEYSTORE_PASSWORD;
            str2 = RegistryResources.SecurityManagement.SERVER_INTERNAL_PRIVATE_KEY_PASSWORD;
            str3 = RegistryResources.SecurityManagement.SERVER_INTERNAL_KEYSTORE_KEY_ALIAS;
            str4 = RegistryResources.SecurityManagement.SERVER_INTERNAL_KEYSTORE_FILE;
            str5 = RegistryResources.SecurityManagement.SERVER_INTERNAL_KEYSTORE_TYPE;
        }
        String firstProperty = serverConfigurationService.getFirstProperty(str);
        String firstProperty2 = serverConfigurationService.getFirstProperty(str2);
        String firstProperty3 = serverConfigurationService.getFirstProperty(str3);
        try {
            try {
                try {
                    try {
                        KeyStore keyStore = KeyStore.getInstance(serverConfigurationService.getFirstProperty(str5));
                        fileInputStream = new FileInputStream(new File(serverConfigurationService.getFirstProperty(str4)).getAbsolutePath());
                        keyStore.load(fileInputStream, firstProperty.toCharArray());
                        PrivateKey privateKey2 = (PrivateKey) keyStore.getKey(firstProperty3, firstProperty2.toCharArray());
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e) {
                                log.error("Error occurred while closing Registry key store file", e);
                            }
                        }
                        return privateKey2;
                    } catch (Throwable th) {
                        if (fileInputStream != null) {
                            try {
                                fileInputStream.close();
                            } catch (IOException e2) {
                                log.error("Error occurred while closing Registry key store file", e2);
                            }
                        }
                        throw th;
                    }
                } catch (GeneralSecurityException e3) {
                    log.error("Some parameters assigned to access the keystore is invalid", e3);
                    if (fileInputStream == null) {
                        return null;
                    }
                    try {
                        fileInputStream.close();
                        return null;
                    } catch (IOException e4) {
                        log.error("Error occurred while closing Registry key store file", e4);
                        return null;
                    }
                }
            } catch (IOException e5) {
                log.error("Keystore File IO operation failed", e5);
                if (fileInputStream == null) {
                    return null;
                }
                try {
                    fileInputStream.close();
                    return null;
                } catch (IOException e6) {
                    log.error("Error occurred while closing Registry key store file", e6);
                    return null;
                }
            }
        } catch (FileNotFoundException e7) {
            log.error("Keystore File Not Found in configured location", e7);
            if (fileInputStream == null) {
                return null;
            }
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e8) {
                log.error("Error occurred while closing Registry key store file", e8);
                return null;
            }
        } catch (KeyStoreException e9) {
            log.error("Faulty keystore", e9);
            if (fileInputStream == null) {
                return null;
            }
            try {
                fileInputStream.close();
                return null;
            } catch (IOException e10) {
                log.error("Error occurred while closing Registry key store file", e10);
                return null;
            }
        }
    }

    private String decryptProperty(String str) throws NoSuchPaddingException, NoSuchAlgorithmException, NoSuchProviderException, org.wso2.carbon.user.api.UserStoreException, InvalidKeyException, BadPaddingException, IllegalBlockSizeException {
        Cipher cipher;
        String property = System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY);
        byte[] decode = Base64.decode(str.trim());
        privateKey = privateKey == null ? getPrivateKey() : privateKey;
        if (privateKey == null) {
            throw new org.wso2.carbon.user.api.UserStoreException("Private key initialization failed. Cannot decrypt the userstore password.");
        }
        if (property != null) {
            CipherHolder cipherTextToCipherHolder = cipherTextToCipherHolder(decode);
            if (cipherTextToCipherHolder != null) {
                if (log.isDebugEnabled()) {
                    log.debug("Cipher transformation for decryption : " + cipherTextToCipherHolder.getTransformation());
                }
                cipher = Cipher.getInstance(cipherTextToCipherHolder.getTransformation(), BouncyCastleProvider.PROVIDER_NAME);
                decode = cipherTextToCipherHolder.getCipherBase64Decoded();
            } else {
                cipher = Cipher.getInstance(property, BouncyCastleProvider.PROVIDER_NAME);
            }
        } else {
            cipher = Cipher.getInstance(CipherInformation.DEFAULT_ALGORITHM, BouncyCastleProvider.PROVIDER_NAME);
        }
        cipher.init(2, privateKey);
        return new String(cipher.doFinal(decode), Charset.defaultCharset());
    }

    private CipherHolder cipherTextToCipherHolder(byte[] bArr) {
        try {
            return (CipherHolder) this.gson.fromJson(new String(bArr, Charset.defaultCharset()), CipherHolder.class);
        } catch (JsonSyntaxException e) {
            if (!log.isDebugEnabled()) {
                return null;
            }
            log.debug("Deserialization failed since cipher string is not representing cipher with metadata");
            return null;
        }
    }
}
