package org.wso2.carbon.security.keystore;

import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang.StringUtils;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.context.RegistryType;
import org.wso2.carbon.core.util.KeyStoreUtil;
import org.wso2.carbon.identity.core.util.IdentityTenantUtil;
import org.wso2.carbon.security.SecurityConfigException;
import org.wso2.carbon.security.SecurityConstants;
import org.wso2.carbon.security.keystore.service.CertData;
import org.wso2.carbon.security.keystore.service.CertDataDetail;
import org.wso2.carbon.security.keystore.service.KeyStoreData;

/* loaded from: input_file:org/wso2/carbon/security/keystore/KeyStoreManagementServiceImpl.class */
public class KeyStoreManagementServiceImpl implements KeyStoreManagementService {
    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public List<String> getKeyStoreCertificateAliases(String str, String str2) throws KeyStoreManagementException {
        return filterAlias(getAliasList(getKeystoreData(str, getKeyStoreName(str))), str2);
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public Map<String, X509Certificate> getPublicCertificate(String str) throws KeyStoreManagementException {
        HashMap hashMap = new HashMap();
        CertData key = getKeystoreData(str, getKeyStoreName(str)).getKey();
        hashMap.put(key.getAlias(), ((CertDataDetail) key).getCertificate());
        return hashMap;
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public X509Certificate getKeyStoreCertificate(String str, String str2) throws KeyStoreManagementException {
        if (StringUtils.isEmpty(str2)) {
            throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_EMPTY_ALIAS, null);
        }
        KeyStoreData keystoreData = getKeystoreData(str, getKeyStoreName(str));
        CertData key = keystoreData.getKey();
        if (key != null && StringUtils.equals(key.getAlias(), str2)) {
            return ((CertDataDetail) key).getCertificate();
        }
        for (CertData certData : keystoreData.getCerts()) {
            if (StringUtils.equals(certData.getAlias(), str2)) {
                return ((CertDataDetail) certData).getCertificate();
            }
        }
        return null;
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public List<String> getClientCertificateAliases(String str, String str2) throws KeyStoreManagementException {
        return filterAlias(getAliasList(getKeystoreData(str, getTrustStoreName())), str2);
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public X509Certificate getClientCertificate(String str, String str2) throws KeyStoreManagementException {
        if (StringUtils.isEmpty(str2)) {
            throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_EMPTY_ALIAS, null);
        }
        try {
            KeyStore trustStore = getKeyStoreAdmin(str).getTrustStore();
            if (trustStore == null) {
                return null;
            }
            try {
                if (trustStore.containsAlias(str2)) {
                    return (X509Certificate) trustStore.getCertificate(str2);
                }
                return null;
            } catch (KeyStoreException e) {
                throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_RETRIEVE_CLIENT_TRUSTSTORE_CERTIFICATE, str2, e);
            }
        } catch (SecurityConfigException e2) {
            throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_RETRIEVE_CLIENT_TRUSTSTORE, str, e2);
        }
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public void addCertificate(String str, String str2, String str3) throws KeyStoreManagementException {
        KeyStoreAdmin keyStoreAdmin = getKeyStoreAdmin(str);
        String keyStoreName = getKeyStoreName(str);
        try {
            X509Certificate extractCertificate = keyStoreAdmin.extractCertificate(str3);
            try {
                KeyStore keyStore = keyStoreAdmin.getKeyStore(keyStoreName);
                boolean containsAlias = keyStore.containsAlias(str2);
                String certificateAlias = keyStore.getCertificateAlias(extractCertificate);
                if (containsAlias) {
                    throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_ALIAS_EXISTS, str2);
                }
                if (certificateAlias != null) {
                    throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_CERTIFICATE_EXISTS, certificateAlias);
                }
                try {
                    keyStoreAdmin.importCertToStore(str2, str3, keyStoreName);
                } catch (SecurityConfigException e) {
                    throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_ADD_CERTIFICATE, str2, e);
                }
            } catch (Exception e2) {
                throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_VALIDATE_CERTIFICATE, null, e2);
            }
        } catch (SecurityConfigException e3) {
            throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_INVALID_CERTIFICATE, str2);
        }
    }

    @Override // org.wso2.carbon.security.keystore.KeyStoreManagementService
    public void deleteCertificate(String str, String str2) throws KeyStoreManagementException {
        try {
            if (getPublicCertificate(str).keySet().contains(str2)) {
                throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_CANNOT_DELETE_TENANT_CERT, str2);
            }
            getKeyStoreAdmin(str).removeCertFromStore(str2, getKeyStoreName(str));
        } catch (SecurityConfigException e) {
            throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_DELETE_CERTIFICATE, str2, e);
        }
    }

    private String getKeyStoreName(String str) throws KeyStoreManagementException {
        KeyStoreData keyStoreData;
        KeyStoreData[] keyStoreDataArr = new KeyStoreData[0];
        try {
            KeyStoreData[] keyStores = getKeyStoreAdmin(str).getKeyStores(isSuperTenant(str));
            int length = keyStores.length;
            for (int i = 0; i < length && (keyStoreData = keyStores[i]) != null; i++) {
                String keyStoreName = keyStoreData.getKeyStoreName();
                if (isSuperTenant(str)) {
                    if (KeyStoreUtil.isPrimaryStore(keyStoreName)) {
                        return keyStoreName;
                    }
                } else if (StringUtils.equals(keyStoreName, str.trim().replace(".", "-") + ".jks")) {
                    return keyStoreName;
                }
            }
            throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_RETRIEVE_KEYSTORE, str);
        } catch (SecurityConfigException e) {
            throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_RETRIEVE_KEYSTORE, str, e);
        }
    }

    private KeyStoreData getKeystoreData(String str, String str2) throws KeyStoreManagementException {
        KeyStoreAdmin keyStoreAdmin = getKeyStoreAdmin(str);
        keyStoreAdmin.setIncludeCert(true);
        try {
            return keyStoreAdmin.getKeystoreInfo(str2);
        } catch (SecurityConfigException e) {
            throw handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_RETRIEVE_KEYSTORE_INFORMATION, str2, e);
        }
    }

    private List<String> getAliasList(KeyStoreData keyStoreData) {
        ArrayList arrayList = new ArrayList();
        CertData key = keyStoreData.getKey();
        if (key != null && key.getAlias() != null) {
            arrayList.add(key.getAlias());
        }
        for (CertData certData : keyStoreData.getCerts()) {
            String alias = certData.getAlias();
            if (alias != null) {
                arrayList.add(alias);
            }
        }
        return arrayList;
    }

    private List<String> filterAlias(List<String> list, String str) throws KeyStoreManagementException {
        if (str != null) {
            String replace = str.replace(" ", "+");
            String[] split = replace.split("[+]");
            if (split.length != 3) {
                throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_BAD_VALUE_FOR_FILTER, replace);
            }
            if (StringUtils.equals(split[0], SecurityConstants.KeyStoreMgtConstants.FILTER_FIELD_ALIAS)) {
                String str2 = split[1];
                String str3 = split[2];
                if (StringUtils.equals(str2, SecurityConstants.KeyStoreMgtConstants.FILTER_OPERATION_EQUALS)) {
                    list = (List) list.stream().filter(str4 -> {
                        return str4.matches(str3);
                    }).collect(Collectors.toList());
                } else if (StringUtils.equals(str2, SecurityConstants.KeyStoreMgtConstants.FILTER_OPERATION_STARTS_WITH)) {
                    list = (List) list.stream().filter(str5 -> {
                        return str5.startsWith(str3);
                    }).collect(Collectors.toList());
                } else if (StringUtils.equals(str2, SecurityConstants.KeyStoreMgtConstants.FILTER_OPERATION_ENDS_WITH)) {
                    list = (List) list.stream().filter(str6 -> {
                        return str6.endsWith(str3);
                    }).collect(Collectors.toList());
                } else {
                    if (!StringUtils.equals(str2, SecurityConstants.KeyStoreMgtConstants.FILTER_OPERATION_CONTAINS)) {
                        throw handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage.ERROR_CODE_UNSUPPORTED_FILTER_OPERATION, str2);
                    }
                    list = (List) list.stream().filter(str7 -> {
                        return str7.contains(str3);
                    }).collect(Collectors.toList());
                }
            }
        }
        return list;
    }

    private KeyStoreAdmin getKeyStoreAdmin(String str) {
        return new KeyStoreAdmin(IdentityTenantUtil.getTenantId(str), CarbonContext.getThreadLocalCarbonContext().getRegistry(RegistryType.SYSTEM_GOVERNANCE));
    }

    private boolean isSuperTenant(String str) {
        return IdentityTenantUtil.getTenantId(str) == -1234;
    }

    private String getTrustStoreName() {
        return Paths.get(ServerConfiguration.getInstance().getFirstProperty("Security.TrustStore.Location"), new String[0]).getFileName().toString();
    }

    private KeyStoreManagementServerException handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage errorMessage, String str) {
        return new KeyStoreManagementServerException(errorMessage.getCode(), includeData(errorMessage, str));
    }

    private KeyStoreManagementServerException handleServerException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage errorMessage, String str, Throwable th) {
        return new KeyStoreManagementServerException(errorMessage.getCode(), includeData(errorMessage, str), th);
    }

    private KeyStoreManagementClientException handleClientException(SecurityConstants.KeyStoreMgtConstants.ErrorMessage errorMessage, String str) {
        return new KeyStoreManagementClientException(errorMessage.getCode(), includeData(errorMessage, str));
    }

    private static String includeData(SecurityConstants.KeyStoreMgtConstants.ErrorMessage errorMessage, String str) {
        return StringUtils.isNotBlank(str) ? String.format(errorMessage.getMessage(), str) : errorMessage.getMessage();
    }
}
