package org.wso2.carbon.identity.user.store.configuration.utils;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.StringWriter;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.crypto.Cipher;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.axiom.om.util.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import org.wso2.carbon.base.api.ServerConfigurationService;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.core.util.CryptoUtil;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.identity.user.store.configuration.beans.RandomPassword;
import org.wso2.carbon.identity.user.store.configuration.beans.RandomPasswordContainer;
import org.wso2.carbon.identity.user.store.configuration.cache.RandomPasswordContainerCache;
import org.wso2.carbon.identity.user.store.configuration.dao.UserStoreDAO;
import org.wso2.carbon.identity.user.store.configuration.dao.impl.FileBasedUserStoreDAOFactory;
import org.wso2.carbon.identity.user.store.configuration.dto.PropertyDTO;
import org.wso2.carbon.identity.user.store.configuration.dto.UserStoreDTO;
import org.wso2.carbon.identity.user.store.configuration.internal.UserStoreConfigComponent;
import org.wso2.carbon.identity.user.store.configuration.internal.UserStoreConfigListenersHolder;
import org.wso2.carbon.identity.user.store.configuration.listener.UserStoreConfigListener;
import org.wso2.carbon.user.api.Property;
import org.wso2.carbon.user.api.RealmConfiguration;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.core.tracker.UserStoreManagerRegistry;
import org.wso2.carbon.utils.CarbonUtils;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/wso2/carbon/identity/user/store/configuration/utils/SecondaryUserStoreConfigurationUtil.class */
public class SecondaryUserStoreConfigurationUtil {
    private static final String SERVER_KEYSTORE_FILE = "Security.KeyStore.Location";
    private static final String SERVER_KEYSTORE_TYPE = "Security.KeyStore.Type";
    private static final String SERVER_KEYSTORE_PASSWORD = "Security.KeyStore.Password";
    private static final String SERVER_KEYSTORE_KEY_ALIAS = "Security.KeyStore.KeyAlias";
    private static final String CIPHER_TRANSFORMATION_SYSTEM_PROPERTY = "org.wso2.CipherTransformation";
    private static final String SERVER_INTERNAL_KEYSTORE_FILE = "Security.InternalKeyStore.Location";
    private static final String SERVER_INTERNAL_KEYSTORE_TYPE = "Security.InternalKeyStore.Type";
    private static final String SERVER_INTERNAL_KEYSTORE_PASSWORD = "Security.InternalKeyStore.Password";
    private static final String SERVER_INTERNAL_KEYSTORE_KEY_ALIAS = "Security.InternalKeyStore.KeyAlias";
    private static final String ENCRYPTION_KEYSTORE = "Security.UserStorePasswordEncryption";
    private static final String INTERNAL_KEYSTORE = "InternalKeystore";
    public static final Log log = LogFactory.getLog(SecondaryUserStoreConfigurationUtil.class);
    private static Cipher cipher = null;
    private static String cipherTransformation = null;
    private static Certificate certificate = null;

    private SecondaryUserStoreConfigurationUtil() {
    }

    private static void initializeKeyStore() throws IdentityUserStoreMgtException {
        if (cipher == null) {
            ServerConfigurationService serverConfigurationService = UserStoreConfigComponent.getServerConfigurationService();
            if (serverConfigurationService == null) {
                log.error("ServerConfigurationService is null - this situation can't occur");
                return;
            }
            String firstProperty = serverConfigurationService.getFirstProperty(ENCRYPTION_KEYSTORE);
            String firstProperty2 = serverConfigurationService.getFirstProperty(SERVER_KEYSTORE_FILE);
            String firstProperty3 = serverConfigurationService.getFirstProperty(SERVER_KEYSTORE_TYPE);
            String firstProperty4 = serverConfigurationService.getFirstProperty(SERVER_KEYSTORE_PASSWORD);
            String firstProperty5 = serverConfigurationService.getFirstProperty(SERVER_KEYSTORE_KEY_ALIAS);
            if (INTERNAL_KEYSTORE.equalsIgnoreCase(firstProperty)) {
                firstProperty2 = serverConfigurationService.getFirstProperty(SERVER_INTERNAL_KEYSTORE_FILE);
                firstProperty3 = serverConfigurationService.getFirstProperty(SERVER_INTERNAL_KEYSTORE_TYPE);
                firstProperty4 = serverConfigurationService.getFirstProperty(SERVER_INTERNAL_KEYSTORE_PASSWORD);
                firstProperty5 = serverConfigurationService.getFirstProperty(SERVER_INTERNAL_KEYSTORE_KEY_ALIAS);
            }
            FileInputStream fileInputStream = null;
            try {
                try {
                    try {
                        try {
                            try {
                                try {
                                    fileInputStream = new FileInputStream(new File(firstProperty2).getAbsolutePath());
                                    KeyStore keyStore = KeyStore.getInstance(firstProperty3);
                                    keyStore.load(fileInputStream, firstProperty4.toCharArray());
                                    Certificate[] certificateChain = keyStore.getCertificateChain(firstProperty5);
                                    if (System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY) != null) {
                                        cipherTransformation = System.getProperty(CIPHER_TRANSFORMATION_SYSTEM_PROPERTY);
                                        certificate = certificateChain[0];
                                        cipher = Cipher.getInstance(cipherTransformation, "BC");
                                    } else {
                                        cipher = Cipher.getInstance("RSA", "BC");
                                    }
                                    cipher.init(1, certificateChain[0].getPublicKey());
                                    if (fileInputStream != null) {
                                        try {
                                            fileInputStream.close();
                                        } catch (IOException e) {
                                            log.error("Exception occurred while trying to close the keystore file", e);
                                        }
                                    }
                                } catch (GeneralSecurityException e2) {
                                    throw new IdentityUserStoreMgtException("Some parameters assigned to access the keystore is invalid", e2);
                                }
                            } catch (FileNotFoundException e3) {
                                throw new IdentityUserStoreMgtException("Keystore File Not Found in configured location", e3);
                            }
                        } catch (KeyStoreException e4) {
                            throw new IdentityUserStoreMgtException("Faulty keystore", e4);
                        }
                    } catch (InvalidKeyException e5) {
                        throw new IdentityUserStoreMgtException("Invalid key is used to access keystore", e5);
                    }
                } catch (IOException e6) {
                    throw new IdentityUserStoreMgtException("Keystore File IO operation failed", e6);
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e7) {
                        log.error("Exception occurred while trying to close the keystore file", e7);
                    }
                }
                throw th;
            }
        }
    }

    public static String encryptPlainText(String str) throws IdentityUserStoreMgtException {
        if (cipher == null) {
            initializeKeyStore();
        }
        try {
            byte[] doFinal = cipher.doFinal(str.getBytes());
            if (cipherTransformation != null) {
                doFinal = CryptoUtil.getDefaultCryptoUtil().createSelfContainedCiphertext(doFinal, cipherTransformation, certificate);
            }
            return Base64.encode(doFinal);
        } catch (GeneralSecurityException e) {
            throw new IdentityUserStoreMgtException("Failed to generate the cipher text", e);
        }
    }

    public static Path getUserStoreConfigurationFile(String str) throws IdentityUserStoreMgtException {
        String replace = str.replace(UserStoreConfigurationConstant.PERIOD, UserStoreConfigurationConstant.UNDERSCORE);
        if (!IdentityUtil.isValidFileName(replace)) {
            throw new IdentityUserStoreMgtException("Provided domain name : '" + str + "' is invalid.");
        }
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        return getUserStoreConfigFile(true, tenantId == -1234 ? Paths.get(UserStoreConfigurationConstant.deploymentDirectory, new String[0]) : Paths.get(CarbonUtils.getCarbonTenantsDirPath(), String.valueOf(tenantId), UserStoreConfigurationConstant.USERSTORES), replace);
    }

    private static Path getUserStoreConfigFile(Boolean bool, Path path, String str) {
        int tenantId = CarbonContext.getThreadLocalCarbonContext().getTenantId();
        if (!Files.exists(path, new LinkOption[0])) {
            try {
                Files.createDirectory(path, new FileAttribute[0]);
                if (bool.booleanValue()) {
                    log.info("folder 'userstores' created to store configurations for tenant = " + tenantId);
                } else {
                    log.info("folder 'userstores' created to store configurations for super tenant");
                }
            } catch (IOException e) {
                log.error("Error while creating 'userstores' directory to store configurations for super tenant");
            }
        }
        return bool.booleanValue() ? Paths.get(UserStoreConfigurationConstant.deploymentDirectory, str + ".xml") : Paths.get(CarbonUtils.getCarbonTenantsDirPath(), String.valueOf(tenantId), UserStoreConfigurationConstant.USERSTORES, str + ".xml");
    }

    public static void writeUserMgtXMLFile(Path path, UserStoreDTO userStoreDTO, boolean z, boolean z2) throws IdentityUserStoreMgtException {
        boolean z3 = false;
        if (userStoreDTO.getDisabled() != null) {
            z3 = userStoreDTO.getDisabled().booleanValue();
        }
        String domainId = userStoreDTO.getDomainId();
        try {
            DocumentBuilder newDocumentBuilder = IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder();
            if (z2) {
                updateStateOfUserStore(path, z3, domainId, newDocumentBuilder);
            } else {
                updateUserStoreProperties(path, userStoreDTO, z, newDocumentBuilder);
            }
        } catch (IOException e) {
            throw new IdentityUserStoreMgtException(" Error occurred during the creating output stream from " + path, e);
        } catch (ParserConfigurationException e2) {
            throw new IdentityUserStoreMgtException(" Error occurred due to serious parser configuration exception of " + path, e2);
        } catch (TransformerException e3) {
            throw new IdentityUserStoreMgtException(" Error occurred during the transformation process of " + path, e3);
        } catch (SAXException e4) {
            throw new IdentityUserStoreMgtException("Error while updating user store state", e4);
        }
    }

    public static String getUserStoreProperties(UserStoreDTO userStoreDTO) throws IdentityUserStoreMgtException {
        try {
            Document document = getDocument(userStoreDTO, false, IdentityUtil.getSecuredDocumentBuilderFactory().newDocumentBuilder());
            StringWriter stringWriter = new StringWriter();
            transformProperties().transform(new DOMSource(document), new StreamResult(stringWriter));
            return stringWriter.getBuffer().toString().replaceAll("\n|\r", "");
        } catch (ParserConfigurationException | TransformerException e) {
            throw new IdentityUserStoreMgtException("Error occured while parsing the user store file.", e);
        } catch (IdentityUserStoreMgtException e2) {
            throw new IdentityUserStoreMgtException("Error occured while getting the user store properties.", e2);
        }
    }

    private static Transformer transformProperties() throws TransformerException {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("encoding", "UTF-8");
        newTransformer.setOutputProperty("method", "xml");
        newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "6");
        return newTransformer;
    }

    private static void updateUserStoreProperties(Path path, UserStoreDTO userStoreDTO, boolean z, DocumentBuilder documentBuilder) throws IdentityUserStoreMgtException, IOException, TransformerException {
        Document document = getDocument(userStoreDTO, z, documentBuilder);
        StreamResult streamResult = new StreamResult(Files.newOutputStream(path, new OpenOption[0]));
        transformProperties().transform(new DOMSource(document), streamResult);
    }

    private static Document getDocument(UserStoreDTO userStoreDTO, boolean z, DocumentBuilder documentBuilder) throws IdentityUserStoreMgtException {
        Document newDocument = documentBuilder.newDocument();
        Element createElement = newDocument.createElement("UserStoreManager");
        newDocument.appendChild(createElement);
        Attr createAttribute = newDocument.createAttribute("class");
        if (userStoreDTO != null) {
            createAttribute.setValue(userStoreDTO.getClassName());
            createElement.setAttributeNode(createAttribute);
            if (userStoreDTO.getClassName() != null) {
                addProperties(userStoreDTO.getClassName(), userStoreDTO.getProperties(), newDocument, createElement, z);
            }
            addProperty("DomainName", userStoreDTO.getDomainId(), newDocument, createElement, false);
            addProperty(UserStoreConfigurationConstant.DESCRIPTION, userStoreDTO.getDescription(), newDocument, createElement, false);
        }
        return newDocument;
    }

    private static void updateStateOfUserStore(Path path, boolean z, String str, DocumentBuilder documentBuilder) throws SAXException, IOException, TransformerException {
        Document parse = documentBuilder.parse(Files.newInputStream(path, new OpenOption[0]));
        NodeList elementsByTagName = parse.getElementsByTagName("Property");
        int i = 0;
        while (true) {
            if (i >= elementsByTagName.getLength()) {
                break;
            }
            if ("Disabled".compareToIgnoreCase(elementsByTagName.item(i).getAttributes().item(0).getNodeValue()) == 0) {
                elementsByTagName.item(i).setTextContent(String.valueOf(z));
                break;
            }
            i++;
        }
        transformProperties().transform(new DOMSource(parse), new StreamResult(Files.newOutputStream(path, new OpenOption[0])));
        if (log.isDebugEnabled()) {
            log.debug("New state :" + z + " of the user store '" + str + "' successfully written to the file system");
        }
    }

    private static Property[] getMandatoryProperties(String str) {
        return UserStoreManagerRegistry.getUserStoreProperties(str).getMandatoryProperties();
    }

    private static boolean isPropertyToBeEncrypted(Property[] propertyArr, String str) {
        for (Property property : propertyArr) {
            if (str.equalsIgnoreCase(property.getName())) {
                return property.getDescription().contains(UserStoreConfigurationConstant.ENCRYPT_TEXT);
            }
        }
        return false;
    }

    private static RandomPasswordContainer getAndRemoveRandomPasswordContainer(String str) {
        return (RandomPasswordContainer) RandomPasswordContainerCache.getInstance().getRandomPasswordContainerCache().getAndRemove(str);
    }

    private static String getUniqueIDFromUserDTO(PropertyDTO[] propertyDTOArr) {
        for (int length = propertyDTOArr.length - 1; length >= 0; length--) {
            PropertyDTO propertyDTO = propertyDTOArr[length];
            if (propertyDTO != null && propertyDTO.getName() != null && propertyDTO.getName().equalsIgnoreCase(UserStoreConfigurationConstant.UNIQUE_ID_CONSTANT)) {
                return propertyDTO.getValue();
            }
        }
        return null;
    }

    private static RandomPassword getRandomPassword(RandomPasswordContainer randomPasswordContainer, String str) {
        RandomPassword[] randomPasswords = randomPasswordContainer.getRandomPasswords();
        if (randomPasswords == null) {
            return null;
        }
        for (RandomPassword randomPassword : randomPasswords) {
            if (randomPassword.getPropertyName().equalsIgnoreCase(str)) {
                return randomPassword;
            }
        }
        return null;
    }

    private static void addProperty(String str, String str2, Document document, Element element, boolean z) {
        Element createElement = document.createElement("Property");
        if (z) {
            Attr createAttribute = document.createAttribute("encrypted");
            createAttribute.setValue("true");
            createElement.setAttributeNode(createAttribute);
        }
        Attr createAttribute2 = document.createAttribute("name");
        createAttribute2.setValue(str);
        createElement.setAttributeNode(createAttribute2);
        createElement.setTextContent(str2);
        element.appendChild(createElement);
    }

    private static void addProperties(String str, PropertyDTO[] propertyDTOArr, Document document, Element element, boolean z) throws IdentityUserStoreMgtException {
        RandomPassword randomPassword;
        RandomPasswordContainer randomPasswordContainer = null;
        if (z) {
            String uniqueIDFromUserDTO = getUniqueIDFromUserDTO(propertyDTOArr);
            if (uniqueIDFromUserDTO == null) {
                throw new IdentityUserStoreMgtException("UniqueID property is not provided.");
            }
            randomPasswordContainer = getAndRemoveRandomPasswordContainer(uniqueIDFromUserDTO);
            if (randomPasswordContainer == null) {
                log.error("randomPasswordContainer is null for uniqueID therefore proceeding without encryption=" + uniqueIDFromUserDTO);
                throw new IdentityUserStoreMgtException("Longer delay causes the edit operation be to abandoned");
            }
        }
        Property[] mandatoryProperties = getMandatoryProperties(str);
        for (PropertyDTO propertyDTO : propertyDTOArr) {
            String name = propertyDTO.getName();
            if (!UserStoreConfigurationConstant.UNIQUE_ID_CONSTANT.equalsIgnoreCase(name)) {
                String value = propertyDTO.getValue();
                if (value != null) {
                    boolean z2 = false;
                    if (isPropertyToBeEncrypted(mandatoryProperties, name)) {
                        if (randomPasswordContainer != null && (randomPassword = getRandomPassword(randomPasswordContainer, name)) != null && value.equalsIgnoreCase(randomPassword.getRandomPhrase())) {
                            value = randomPassword.getPassword();
                        }
                        try {
                            value = encryptPlainText(value);
                            z2 = true;
                        } catch (IdentityUserStoreMgtException e) {
                            log.error("addProperties failed to encrypt", e);
                        }
                    }
                    addProperty(name, value, document, element, z2);
                }
            }
        }
    }

    public static void validateForFederatedDomain(String str) throws UserStoreException {
        if (IdentityUtil.isNotBlank(str) && str.toUpperCase().startsWith(UserStoreConfigurationConstant.FEDERATED)) {
            throw new UserStoreException("'FEDERATED' is a reserved user domain prefix. Please start the domain name in a different manner.");
        }
    }

    public static UserStoreDAO getFileBasedUserStoreDAOFactory() throws UserStoreException {
        UserStoreDAO abstractUserStoreDAOFactory = UserStoreConfigListenersHolder.getInstance().getUserStoreDAOFactories().get(FileBasedUserStoreDAOFactory.class.getName()).getInstance();
        if (abstractUserStoreDAOFactory == null) {
            throw new UserStoreException("Error occured while creating an instance of FileBasedUserStoreDAOFactory.");
        }
        return abstractUserStoreDAOFactory;
    }

    public static RandomPassword[] getRandomPasswords(RealmConfiguration realmConfiguration, Map<String, String> map, String str, String str2, String str3) {
        RandomPassword[] randomPasswordProperties = getRandomPasswordProperties(str3, str2, realmConfiguration);
        if (randomPasswordProperties != null) {
            updatePasswordContainer(randomPasswordProperties, str);
        }
        for (RandomPassword randomPassword : randomPasswordProperties) {
            map.put(randomPassword.getPropertyName(), randomPassword.getRandomPhrase());
        }
        return randomPasswordProperties;
    }

    private static RandomPassword[] getRandomPasswordProperties(String str, String str2, RealmConfiguration realmConfiguration) {
        Property[] mandatoryProperties = getMandatoryProperties(str);
        ArrayList arrayList = new ArrayList();
        for (Property property : mandatoryProperties) {
            String name = property.getName();
            if (property.getDescription().contains(UserStoreConfigurationConstant.ENCRYPT_TEXT)) {
                RandomPassword randomPassword = new RandomPassword();
                randomPassword.setPropertyName(name);
                randomPassword.setPassword(realmConfiguration.getUserStoreProperty(name));
                randomPassword.setRandomPhrase(str2);
                arrayList.add(randomPassword);
            }
        }
        return (RandomPassword[]) arrayList.toArray(new RandomPassword[arrayList.size()]);
    }

    private static void updatePasswordContainer(RandomPassword[] randomPasswordArr, String str) {
        if (randomPasswordArr != null) {
            if (log.isDebugEnabled()) {
                log.debug("updatePasswordContainer reached for number of random password properties length = " + randomPasswordArr.length);
            }
            RandomPasswordContainer randomPasswordContainer = new RandomPasswordContainer();
            randomPasswordContainer.setRandomPasswords(randomPasswordArr);
            randomPasswordContainer.setUniqueID(str);
            RandomPasswordContainerCache.getInstance().getRandomPasswordContainerCache().put(str, randomPasswordContainer);
        }
    }

    public static PropertyDTO[] convertMapToArray(Map<String, String> map) {
        Set<Map.Entry<String, String>> entrySet = map.entrySet();
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<String, String> entry : entrySet) {
            arrayList.add(new PropertyDTO(entry.getKey(), entry.getValue()));
        }
        return (PropertyDTO[]) arrayList.toArray(new PropertyDTO[arrayList.size()]);
    }

    public static void triggerListnersOnUserStorePreUpdate(String str, String str2) throws UserStoreException {
        Iterator<UserStoreConfigListener> it = UserStoreConfigListenersHolder.getInstance().getUserStoreConfigListeners().iterator();
        while (it.hasNext()) {
            it.next().onUserStoreNamePreUpdate(CarbonContext.getThreadLocalCarbonContext().getTenantId(), str, str2);
        }
    }

    public static void triggerListnersOnUserStorePreDelete(String str) throws UserStoreException {
        Iterator<UserStoreConfigListener> it = UserStoreConfigListenersHolder.getInstance().getUserStoreConfigListeners().iterator();
        while (it.hasNext()) {
            it.next().onUserStorePreDelete(CarbonContext.getThreadLocalCarbonContext().getTenantId(), str);
        }
    }
}
