package org.wso2.micro.integrator.crypto.provider.internal;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Dictionary;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferenceCardinality;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.api.InternalCryptoProvider;
import org.wso2.carbon.crypto.api.KeyResolver;
import org.wso2.micro.integrator.core.services.CarbonServerConfigurationService;
import org.wso2.micro.integrator.crypto.provider.ContextIndependentKeyResolver;
import org.wso2.micro.integrator.crypto.provider.KeyStoreBasedInternalCryptoProvider;
import org.wso2.micro.integrator.crypto.provider.SymmetricKeyInternalCryptoProvider;

@Component(name = "org.wso2.micro.integrator.crypto.provider.internal.DefaultCryptoProviderComponent", immediate = true)
/* loaded from: input_file:plugins/org.wso2.micro.integrator.crypto.provider-1.1.0.beta.jar:org/wso2/micro/integrator/crypto/provider/internal/DefaultCryptoProviderComponent.class */
public class DefaultCryptoProviderComponent {
    public static final String CRYPTO_SECRET_PROPERTY_PATH = "CryptoService.Secret";
    private static final Log log = LogFactory.getLog(DefaultCryptoProviderComponent.class);
    private static final String INTERNAL_KEYSTORE_FILE_PROPERTY_PATH = "Security.InternalKeyStore.Location";
    private static final String INTERNAL_KEYSTORE_TYPE_PROPERTY_PATH = "Security.InternalKeyStore.Type";
    private static final String INTERNAL_KEYSTORE_PASSWORD_PROPERTY_PATH = "Security.InternalKeyStore.Password";
    private static final String INTERNAL_KEYSTORE_KEY_ALIAS_PROPERTY_PATH = "Security.InternalKeyStore.KeyAlias";
    private static final String INTERNAL_KEYSTORE_KEY_PASSWORD_PROPERTY_PATH = "Security.InternalKeyStore.KeyPassword";
    private static final String CRYPTO_SERVICE_ENABLING_PROPERTY_PATH = "CryptoService.Enabled";
    private ServiceRegistration<InternalCryptoProvider> defaultInternalCryptoProviderRegistration;
    private ServiceRegistration<InternalCryptoProvider> symmetricKeyInternalCryptoProviderRegistration;
    private ServiceRegistration<KeyResolver> contextIndependentResolverRegistration;
    private CarbonServerConfigurationService serverConfigurationService;

    @Activate
    public void activate(ComponentContext componentContext) {
        try {
            BundleContext bundleContext = componentContext.getBundleContext();
            if (isCryptoServiceEnabled()) {
                registerServiceImplementations(bundleContext);
            } else if (log.isInfoEnabled()) {
                log.debug("Crypto service is NOT enabled. Therefore the key resolver and crypto provider implementations will NOT be registered.");
            }
            if (log.isDebugEnabled()) {
                log.debug("'org.wso2.carbon.crypto.provider' bundle has been activated.");
            }
        } catch (Exception e) {
            log.error("An error occurred while activating 'org.wso2.carbon.crypto.provider' component.", e);
        }
    }

    private void registerServiceImplementations(BundleContext bundleContext) throws CryptoException {
        InternalCryptoProvider keyStoreBasedInternalCryptoProviderFromServerConfiguration = getKeyStoreBasedInternalCryptoProviderFromServerConfiguration();
        SymmetricKeyInternalCryptoProvider symmetricKeyInternalCryptoProvider = getSymmetricKeyInternalCryptoProvider();
        KeyResolver contextIndependentKeyResolver = getContextIndependentKeyResolver();
        this.defaultInternalCryptoProviderRegistration = bundleContext.registerService(InternalCryptoProvider.class, keyStoreBasedInternalCryptoProviderFromServerConfiguration, (Dictionary) null);
        if (log.isDebugEnabled()) {
            log.debug(String.format("'%s' has been registered as an implementation of '%s'", keyStoreBasedInternalCryptoProviderFromServerConfiguration.getClass().getCanonicalName(), InternalCryptoProvider.class.getCanonicalName()));
        }
        if (symmetricKeyInternalCryptoProvider != null) {
            this.symmetricKeyInternalCryptoProviderRegistration = bundleContext.registerService(InternalCryptoProvider.class, symmetricKeyInternalCryptoProvider, (Dictionary) null);
            if (log.isDebugEnabled()) {
                log.debug(String.format("'%s' has been registered as an implementation of '%s'", symmetricKeyInternalCryptoProvider.getClass().getCanonicalName(), InternalCryptoProvider.class.getCanonicalName()));
            }
        }
        this.contextIndependentResolverRegistration = bundleContext.registerService(KeyResolver.class, contextIndependentKeyResolver, (Dictionary) null);
        if (log.isDebugEnabled()) {
            log.debug(String.format("'%s' has been registered as an implementation of '%s'", contextIndependentKeyResolver.getClass().getCanonicalName(), KeyResolver.class.getCanonicalName()));
        }
    }

    private SymmetricKeyInternalCryptoProvider getSymmetricKeyInternalCryptoProvider() throws CryptoException {
        String firstProperty = this.serverConfigurationService.getFirstProperty(CRYPTO_SECRET_PROPERTY_PATH);
        if (!StringUtils.isBlank(firstProperty)) {
            return new SymmetricKeyInternalCryptoProvider(firstProperty);
        }
        String format = String.format("'%s' property has not been set. '%s' won't be registered as an internal crypto provider. Please set the secret if the provider needs to be registered.", CRYPTO_SECRET_PROPERTY_PATH, SymmetricKeyInternalCryptoProvider.class.getCanonicalName());
        if (!log.isInfoEnabled()) {
            return null;
        }
        log.info(format);
        return null;
    }

    private KeyResolver getContextIndependentKeyResolver() {
        ContextIndependentKeyResolver contextIndependentKeyResolver = new ContextIndependentKeyResolver(this.serverConfigurationService);
        contextIndependentKeyResolver.setPriority(99);
        return contextIndependentKeyResolver;
    }

    @Deactivate
    public void deactivate(ComponentContext componentContext) {
        this.defaultInternalCryptoProviderRegistration.unregister();
        if (this.symmetricKeyInternalCryptoProviderRegistration != null) {
            this.symmetricKeyInternalCryptoProviderRegistration.unregister();
        }
        this.contextIndependentResolverRegistration.unregister();
    }

    @Reference(name = "serverConfigurationService", service = CarbonServerConfigurationService.class, cardinality = ReferenceCardinality.MANDATORY, unbind = "unsetServerConfigurationService")
    public void setServerConfigurationService(CarbonServerConfigurationService carbonServerConfigurationService) {
        this.serverConfigurationService = carbonServerConfigurationService;
    }

    public void unsetServerConfigurationService(CarbonServerConfigurationService carbonServerConfigurationService) {
        this.serverConfigurationService = null;
    }

    private InternalCryptoProvider getKeyStoreBasedInternalCryptoProviderFromServerConfiguration() throws CryptoException {
        try {
            return new KeyStoreBasedInternalCryptoProvider(getInternalKeyStore(), getKeyStoreConfigurationPropertyOrFail(INTERNAL_KEYSTORE_KEY_ALIAS_PROPERTY_PATH), getKeyStoreConfigurationPropertyOrFail(INTERNAL_KEYSTORE_KEY_PASSWORD_PROPERTY_PATH));
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new CryptoException("An error occurred while loading the internal keystore using the configurations in 'Security.InternalKeyStore' block.", e);
        }
    }

    private boolean isCryptoServiceEnabled() {
        return StringUtils.isNotBlank(this.serverConfigurationService.getFirstProperty(CRYPTO_SERVICE_ENABLING_PROPERTY_PATH));
    }

    private KeyStore getInternalKeyStore() throws CryptoException, IOException, KeyStoreException, CertificateException, NoSuchAlgorithmException {
        FileInputStream fileInputStream = null;
        try {
            try {
                String keyStoreConfigurationPropertyOrFail = getKeyStoreConfigurationPropertyOrFail(INTERNAL_KEYSTORE_FILE_PROPERTY_PATH);
                if (log.isDebugEnabled()) {
                    log.debug("Internal key store path : " + keyStoreConfigurationPropertyOrFail);
                }
                String absolutePath = new File(keyStoreConfigurationPropertyOrFail).getAbsolutePath();
                String keyStoreConfigurationPropertyOrFail2 = getKeyStoreConfigurationPropertyOrFail(INTERNAL_KEYSTORE_PASSWORD_PROPERTY_PATH);
                fileInputStream = new FileInputStream(absolutePath);
                KeyStore keyStore = KeyStore.getInstance(getKeyStoreConfigurationPropertyOrFail(INTERNAL_KEYSTORE_TYPE_PROPERTY_PATH));
                keyStore.load(fileInputStream, keyStoreConfigurationPropertyOrFail2.toCharArray());
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                    }
                }
                return keyStore;
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        } catch (FileNotFoundException e3) {
            throw new CryptoException(String.format("Internal keystore file does not exist in the path as configured in '%s' property.", INTERNAL_KEYSTORE_FILE_PROPERTY_PATH));
        }
    }

    private String getKeyStoreConfigurationPropertyOrFail(String str) throws CryptoException {
        String firstProperty = this.serverConfigurationService.getFirstProperty(str);
        if (StringUtils.isBlank(firstProperty)) {
            throw new CryptoException(String.format("Could not find a non empty value for the property '%s'", str));
        }
        return firstProperty;
    }
}
