package br.com.esec.icpm.signer.security;

import br.com.esec.icpm.signer.ws.rest.PemUtils;
import br.com.esec.icpm.util.FileUtils;
import br.com.esec.icpm.util.ReadableFileUtils;
import br.com.esec.icpm.util.StreamUtils;
import br.com.esec.icpm.util.UrlUtils;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Properties;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

/* loaded from: input_file:br/com/esec/icpm/signer/security/SecurityConfig.class */
public class SecurityConfig {
    private static final String provider = "SUN";
    private static KeyStore keystore;
    private static KeyStore truststore;
    protected static Log log = LogFactory.getLog(SecurityConfig.class);
    private static final String CERTILLION_KEYSTORE = "certillion.keystore";
    private static String keystoreUrlPath = System.getProperty(CERTILLION_KEYSTORE, getenv(CERTILLION_KEYSTORE));
    private static final String CERTILLION_STORETYPE = "certillion.storetype";
    private static final String DEFAULT_KEYSTORE_TYPE = "JKS";
    private static String keystoreType = System.getProperty(CERTILLION_STORETYPE, getenv(CERTILLION_STORETYPE, DEFAULT_KEYSTORE_TYPE));
    private static final String CERTILLION_STOREPASS = "certillion.storepass";
    private static String keystorePassword = System.getProperty(CERTILLION_STOREPASS, getenv(CERTILLION_STOREPASS, ""));
    private static final String CERTILLION_ALIAS = "certillion.alias";
    private static String keyAlias = System.getProperty(CERTILLION_ALIAS, getenv(CERTILLION_ALIAS));
    private static final String CERTILLION_TRUSTSTORE = "certillion.truststore";
    private static String truststorePath = System.getProperty(CERTILLION_TRUSTSTORE, getenv(CERTILLION_TRUSTSTORE));
    private static final String CERTILLION_TRUSTSTORETYPE = "certillion.truststoretype";
    private static final String DEFAULT_TRUSTSTORE_TYPE = "DIR";
    private static String truststoreType = System.getProperty(CERTILLION_TRUSTSTORETYPE, getenv(CERTILLION_TRUSTSTORETYPE, DEFAULT_TRUSTSTORE_TYPE));
    private static final String CERTILLION_TRUSTSTOREPASS = "certillion.truststorepass";
    private static String truststorePassword = System.getProperty(CERTILLION_TRUSTSTOREPASS, getenv(CERTILLION_TRUSTSTOREPASS));
    private static final String CERTILLION_ALLOWALLHOSTS = "certillion.allowallhosts";
    private static final String DEFAUL_ALLOW_HOSTS = "false";
    private static boolean allowAllHosts = Boolean.valueOf(System.getProperty(CERTILLION_ALLOWALLHOSTS, getenv(CERTILLION_ALLOWALLHOSTS, DEFAUL_ALLOW_HOSTS))).booleanValue();
    private static boolean validated = false;

    public static Properties getConfig() {
        if (!validated) {
            validate();
        }
        Properties properties = new Properties();
        String ensure = ReadableFileUtils.ensure(keystoreUrlPath);
        if (!StringUtils.isEmpty(ensure)) {
            properties.put(Constants.CRYPTO_PROVIDER_KEY, CryptoProvider.class.getCanonicalName());
            properties.put(Constants.CRYPTO_KEYSTORE_FILE_KEY, ensure);
            properties.put(Constants.CRYPTO_KEYSTORE_TYPE_KEY, keystoreType);
            properties.put("org.apache.ws.security.crypto.merlin.keystore.password", keystorePassword);
            properties.put(Constants.CRYPTO_KEY_ALIAS_KEY, keyAlias);
            properties.put("org.apache.ws.security.crypto.merlin.cert.provider", provider);
        }
        return properties;
    }

    public static KeyStore getKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (keystore == null) {
            if (!validated) {
                validate();
            }
            keystore = buildKeyStore();
        }
        return keystore;
    }

    public static KeyStore getTruststore() throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        if (truststore == null) {
            if (!validated) {
                validate();
            }
            truststore = buildTruststore();
        }
        return truststore;
    }

    public static void validate() {
        try {
            log.info("Security config is using '" + keystoreUrlPath + "' as key store.");
            KeyStore buildKeyStore = buildKeyStore();
            if (buildKeyStore != null) {
                if (keyAlias == null) {
                    Enumeration<String> aliases = buildKeyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        String nextElement = aliases.nextElement();
                        if (buildKeyStore.isKeyEntry(nextElement)) {
                            keyAlias = nextElement;
                        }
                    }
                }
                if (buildKeyStore.getKey(keyAlias, keystorePassword.toCharArray()) == null) {
                    throw new IllegalStateException("The key store is invalid or password is wrong!");
                }
            }
            buildTruststore();
            validated = true;
        } catch (IOException e) {
            throw new IllegalStateException("The key store is invalid or password is wrong!", e);
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("The key store is invalid or password is wrong!", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalStateException("The key store is invalid or password is wrong!", e3);
        } catch (UnrecoverableKeyException e4) {
            throw new IllegalStateException("The key store is invalid or password is wrong!", e4);
        } catch (CertificateException e5) {
            throw new IllegalStateException("The key store is invalid or password is wrong!", e5);
        }
    }

    private static KeyStore buildKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (StringUtils.isEmpty(keystoreUrlPath)) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance(keystoreType);
        keyStore.load(StreamUtils.load(keystoreUrlPath), keystorePassword.toCharArray());
        return keyStore;
    }

    private static KeyStore buildTruststore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null);
        List<X509Certificate> loadCertificates = loadCertificates();
        if (loadCertificates == null || loadCertificates.isEmpty()) {
            return null;
        }
        for (X509Certificate x509Certificate : loadCertificates) {
            keyStore.setCertificateEntry(x509Certificate.getSubjectX500Principal().getName(), x509Certificate);
        }
        return keyStore;
    }

    private static List<X509Certificate> loadCertificates() throws CertificateException, KeyStoreException {
        if (StringUtils.isEmpty(truststorePath)) {
            return null;
        }
        return DEFAULT_TRUSTSTORE_TYPE.equals(truststoreType) ? loadAsDirectory() : loadAsFile();
    }

    private static List<X509Certificate> loadAsFile() {
        try {
            KeyStore keyStore = KeyStore.getInstance(truststoreType);
            keyStore.load(StreamUtils.load(truststorePath), truststorePassword.toCharArray());
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                if (certificate != null) {
                    arrayList.add((X509Certificate) certificate);
                }
            }
            if (arrayList == null || arrayList.isEmpty()) {
                throw new IllegalArgumentException("Could not load the trusted-certificate. The path '" + truststorePath + "' is not a valid " + truststoreType + " truststore.");
            }
            log.trace("The security-helper found " + arrayList.size() + " trusted certificates in " + truststorePath + "'.");
            return arrayList;
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e);
        } catch (KeyStoreException e2) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e3);
        } catch (CertificateException e4) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e4);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v39, types: [java.io.InputStream] */
    private static List<X509Certificate> loadAsDirectory() {
        try {
            File file = FileUtils.getFile(truststorePath);
            if (!file.isDirectory()) {
                throw new IllegalStateException("The truststore need to be a directory.");
            }
            ArrayList arrayList = new ArrayList();
            for (File file2 : file.listFiles()) {
                if (!file2.isFile()) {
                    throw new IllegalStateException("Inside the truststore directory need to be only certificates.");
                }
                try {
                    FileInputStream convertPemToDer = PemUtils.isPem(file2) ? PemUtils.convertPemToDer(file2) : new FileInputStream(file2);
                    arrayList.add((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(convertPemToDer));
                    IOUtils.closeQuietly(convertPemToDer);
                } catch (Throwable th) {
                    IOUtils.closeQuietly((InputStream) null);
                    throw th;
                }
            }
            if (arrayList == null || arrayList.isEmpty()) {
                throw new IllegalArgumentException("Could not load the trusted-certificate. The path '" + truststorePath + "' is not a valid " + truststoreType + " truststore.");
            }
            log.trace("The security-helper found " + arrayList.size() + " trusted certificates in " + truststorePath + "'.");
            return arrayList;
        } catch (IOException e) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e);
        } catch (CertificateException e2) {
            throw new IllegalArgumentException("Could not load the trusted-certificate", e2);
        }
    }

    public static void load(String str) throws IOException {
        load(str, SecurityConfig.class);
    }

    public static void load(String str, @Deprecated Class<?> cls) throws IOException {
        InputStream load = StreamUtils.load(str);
        Properties properties = new Properties();
        properties.load(load);
        setKeystorePath(properties.getProperty("keystorePath"));
        setKeystoreType(properties.getProperty("keystoreType"));
        setKeystorePassword(properties.getProperty("keystorePassword"));
        setKeyAlias(properties.getProperty("keyAlias"));
        setTruststorePath(properties.getProperty("truststorePath"));
        setTruststoreType(properties.getProperty("truststoreType"));
        setTruststorePassword(properties.getProperty("truststorePassword"));
        setAllowAllHosts(Boolean.valueOf(Boolean.parseBoolean(properties.getProperty("allowAllHosts"))));
    }

    @Deprecated
    public static void set(String str, String str2, String str3, String str4, String str5, String str6, String str7, Boolean bool) {
        setKeystorePath(str);
        setKeystoreType(str2);
        setKeystorePassword(str3);
        setKeyAlias(str4);
        setTruststorePath(str5);
        setTruststoreType(str6);
        setTruststorePassword(str7);
        setAllowAllHosts(bool);
    }

    public static String getKeyAlias() {
        return keyAlias;
    }

    public static String getKeystorePath() {
        return keystoreUrlPath;
    }

    public static String getKeystoreType() {
        return keystoreType;
    }

    public static String getKeystorePassword() {
        return keystorePassword;
    }

    public static String getTruststorePath() {
        return truststorePath;
    }

    public static boolean isAllowAllHosts() {
        return allowAllHosts;
    }

    public static void setAllowAllHosts(Boolean bool) {
        if (bool != null) {
            allowAllHosts = bool.booleanValue();
        }
    }

    public static void setTruststorePassword(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        truststorePassword = str;
    }

    public static void setTruststoreType(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        truststoreType = str;
    }

    public static void setTruststorePath(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        truststorePath = extractAbsolutePath(str);
    }

    public static void setKeyAlias(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        keyAlias = str;
    }

    public static void setKeystorePassword(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        keystorePassword = str;
    }

    public static void setKeystoreType(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        keystoreType = str;
    }

    public static void setKeystorePath(String str) {
        if (StringUtils.isEmpty(str)) {
            return;
        }
        keystoreUrlPath = extractAbsolutePath(str);
    }

    private static String extractAbsolutePath(String str) {
        return UrlUtils.getAbsoluteUrl(str).toString();
    }

    private static String getenv(String str) {
        return getenv(str, null);
    }

    private static String getenv(String str, String str2) {
        String str3 = System.getenv(str);
        return StringUtils.isEmpty(str3) ? str2 : str3;
    }
}
