package org.wso2.micro.integrator.mediation.security.vault;

import java.io.BufferedInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Properties;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.micro.integrator.mediation.security.vault.util.SecureVaultUtil;
import org.wso2.securevault.CipherFactory;
import org.wso2.securevault.CipherOperationMode;
import org.wso2.securevault.DecryptionProvider;
import org.wso2.securevault.EncodingType;
import org.wso2.securevault.commons.MiscellaneousUtil;
import org.wso2.securevault.definition.CipherInformation;
import org.wso2.securevault.definition.IdentityKeyStoreInformation;
import org.wso2.securevault.definition.KeyStoreInformationFactory;
import org.wso2.securevault.definition.TrustKeyStoreInformation;
import org.wso2.securevault.keystore.IdentityKeyStoreWrapper;
import org.wso2.securevault.keystore.TrustKeyStoreWrapper;

/* loaded from: input_file:org/wso2/micro/integrator/mediation/security/vault/CipherInitializer.class */
public class CipherInitializer {
    private static final String LOCATION = "location";
    private static final String KEY_STORE = "keyStore";
    private static final String DOT = ".";
    private static final String ALGORITHM = "algorithm";
    private static final String DEFAULT_ALGORITHM = "RSA";
    private static final String TRUSTED = "trusted";
    private static final String CIPHER_TRANSFORMATION_SECRET_CONF_PROPERTY = "keystore.identity.CipherTransformation";
    private static final String CIPHER_TRANSFORMATION_SYSTEM_PROPERTY = "org.wso2.CipherTransformation";
    private IdentityKeyStoreWrapper identityKeyStoreWrapper;
    private TrustKeyStoreWrapper trustKeyStoreWrapper;
    private DecryptionProvider decryptionProvider = null;
    private Cipher encryptionProvider = null;
    private static Log log = LogFactory.getLog(CipherInitializer.class);
    private static CipherInitializer cipherInitializer = new CipherInitializer();

    private CipherInitializer() {
        try {
            if (init()) {
                initCipherDecryptProvider();
                initEncrypt();
            } else {
                log.error("Either Configuration properties can not be loaded or No secret repositories have been configured please check PRODUCT_HOME/repository/conf/security  refer links related to configure WSO2 Secure vault");
            }
        } catch (CipherToolException e) {
            log.error("Cipher initialization failed", e);
        }
    }

    public static CipherInitializer getInstance() {
        return cipherInitializer;
    }

    private boolean init() throws CipherToolException {
        Properties loadProperties = SecureVaultUtil.loadProperties();
        if (loadProperties == null) {
            log.error("KeyStore configuration properties cannot be found");
            return false;
        }
        String property = MiscellaneousUtil.getProperty(loadProperties, SecureVaultConstants.PROP_SECRET_MANAGER_CONF, SecureVaultConstants.PROP_DEFAULT_CONF_LOCATION);
        Properties loadProperties2 = MiscellaneousUtil.loadProperties(property);
        if (loadProperties2.isEmpty()) {
            if (log.isDebugEnabled()) {
                log.debug("Configuration properties can not be loaded form : " + property + " Will use synapse properties");
            }
            loadProperties2 = loadProperties;
        }
        String property2 = MiscellaneousUtil.getProperty(loadProperties2, SecureVaultConstants.PROP_SECRET_PROVIDER, (String) null);
        if ((property2 == null || "".equals(property2)) && log.isDebugEnabled()) {
            log.debug("No global secret provider is configured.");
        }
        String property3 = MiscellaneousUtil.getProperty(loadProperties2, SecureVaultConstants.PROP_SECRET_REPOSITORIES, (String) null);
        if (property3 == null || "".equals(property3)) {
            log.error("No secret repositories have been configured");
            return false;
        }
        String[] split = property3.split(",");
        if (split.length == 0) {
            log.error("No secret repositories have been configured");
            return false;
        }
        IdentityKeyStoreInformation createIdentityKeyStoreInformation = KeyStoreInformationFactory.createIdentityKeyStoreInformation(loadProperties);
        TrustKeyStoreInformation createTrustKeyStoreInformation = KeyStoreInformationFactory.createTrustKeyStoreInformation(loadProperties);
        String str = null;
        String str2 = null;
        if (createIdentityKeyStoreInformation != null) {
            str = createIdentityKeyStoreInformation.getKeyPasswordProvider().getResolvedSecret();
            str2 = createIdentityKeyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret();
        }
        if (!validatePasswords(str2, str, createTrustKeyStoreInformation != null ? createTrustKeyStoreInformation.getKeyStorePasswordProvider().getResolvedSecret() : null)) {
            log.error("Either Identity or Trust keystore password is mandatory in order to initialized secret manager.");
            return false;
        }
        this.identityKeyStoreWrapper = new IdentityKeyStoreWrapper();
        this.identityKeyStoreWrapper.init(createIdentityKeyStoreInformation, str);
        this.trustKeyStoreWrapper = new TrustKeyStoreWrapper();
        if (createTrustKeyStoreInformation != null) {
            this.trustKeyStoreWrapper.init(createTrustKeyStoreInformation);
        }
        for (String str3 : split) {
            String property4 = MiscellaneousUtil.getProperty(loadProperties2, "secretRepositories." + str3 + "." + SecureVaultConstants.PROP_PROVIDER, (String) null);
            if (property4 == null || "".equals(property4)) {
                throw new CipherToolException("Repository provider cannot be null ");
            }
            if (log.isDebugEnabled()) {
                log.debug("Initiating a File Based Secret Repository");
            }
        }
        return true;
    }

    private boolean validatePasswords(String str, String str2, String str3) {
        boolean z = false;
        if (str3 != null && !"".equals(str3)) {
            if (log.isDebugEnabled()) {
                log.debug("Trust Store Password cannot be found.");
            }
            z = true;
        } else if (str != null && !"".equals(str) && str2 != null && !"".equals(str2)) {
            if (log.isDebugEnabled()) {
                log.debug("Identity Store Password and Identity Store private key Password cannot be found.");
            }
            z = true;
        }
        return z;
    }

    private void initCipherDecryptProvider() {
        if (this.decryptionProvider != null) {
            return;
        }
        Properties loadProperties = SecureVaultUtil.loadProperties();
        String cipherTransformation = getCipherTransformation(loadProperties);
        TrustKeyStoreWrapper trustKeyStoreWrapper = TRUSTED.equals(MiscellaneousUtil.getProperty(loadProperties, ".keyStore", (String) null)) ? this.trustKeyStoreWrapper : this.identityKeyStoreWrapper;
        CipherInformation cipherInformation = new CipherInformation();
        cipherInformation.setAlgorithm(cipherTransformation);
        cipherInformation.setCipherOperationMode(CipherOperationMode.DECRYPT);
        cipherInformation.setInType(EncodingType.BASE64);
        this.decryptionProvider = CipherFactory.createCipher(cipherInformation, trustKeyStoreWrapper);
    }

    private void initEncrypt() throws CipherToolException {
        if (this.encryptionProvider != null) {
            return;
        }
        Properties loadProperties = SecureVaultUtil.loadProperties();
        String property = loadProperties.getProperty("keystore.identity.location");
        if (!new File(property).exists()) {
            throw new CipherToolException("Primary Key Store Can not be found at Default location");
        }
        String property2 = loadProperties.getProperty("keystore.identity.type");
        try {
            Certificate certificate = getKeyStore(property, KeyStoreInformationFactory.createIdentityKeyStoreInformation(loadProperties).getKeyStorePasswordProvider().getResolvedSecret(), property2, null).getCertificate(loadProperties.getProperty("keystore.identity.alias"));
            Cipher cipher = Cipher.getInstance(getCipherTransformation(loadProperties));
            cipher.init(1, certificate);
            this.encryptionProvider = cipher;
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | NoSuchPaddingException e) {
            throw new CipherToolException("Error initializing Cipher ", e);
        }
    }

    private String getCipherTransformation(Properties properties) {
        String property = System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY);
        if (property == null) {
            property = DEFAULT_ALGORITHM;
        }
        return MiscellaneousUtil.getProperty(properties, CIPHER_TRANSFORMATION_SECRET_CONF_PROPERTY, property);
    }

    private static KeyStore getKeyStore(String str, String str2, String str3, String str4) throws CipherToolException {
        File file = new File(str);
        if (!file.exists()) {
            throw new CipherToolException("KeyStore can not be found at ' " + file + " '");
        }
        if (str2 == null) {
            throw new CipherToolException("KeyStore password can not be null");
        }
        if (str3 == null) {
            throw new CipherToolException("KeyStore Type can not be null");
        }
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            try {
                KeyStore keyStore = str4 != null ? KeyStore.getInstance(str3, str4) : KeyStore.getInstance(str3);
                keyStore.load(bufferedInputStream, str2.toCharArray());
                KeyStore keyStore2 = keyStore;
                bufferedInputStream.close();
                return keyStore2;
            } catch (Throwable th) {
                try {
                    bufferedInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | CertificateException e) {
            throw new CipherToolException("Error loading keyStore from ' " + str + " ' ", e);
        }
    }

    public DecryptionProvider getDecryptionProvider() {
        return this.decryptionProvider;
    }
}
