package org.wso2.carbon.mdm.mobileservices.windows.services.wstep.impl;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.Serializable;
import java.io.StringWriter;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.annotation.Resource;
import javax.jws.WebService;
import javax.servlet.ServletContext;
import javax.xml.bind.DatatypeConverter;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.ws.BindingType;
import javax.xml.ws.Holder;
import javax.xml.ws.WebServiceContext;
import javax.xml.ws.soap.Addressing;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequest;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.wso2.carbon.mdm.mobileservices.windows.common.Constants;
import org.wso2.carbon.mdm.mobileservices.windows.common.beans.WindowsPluginProperties;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.CertificateGenerationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.KeyStoreGenerationException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WAPProvisioningException;
import org.wso2.carbon.mdm.mobileservices.windows.common.exceptions.WindowsDeviceEnrolmentException;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.CertificateEnrollmentService;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.beans.AdditionalContext;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.beans.BinarySecurityToken;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.beans.RequestSecurityTokenResponse;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.beans.RequestedSecurityToken;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.util.CertificateSigningService;
import org.wso2.carbon.mdm.mobileservices.windows.services.wstep.util.KeyStoreGenerator;

@Addressing(enabled = true, required = true)
@BindingType("http://www.w3.org/2003/05/soap/bindings/HTTP/")
@WebService(endpointInterface = Constants.CERTIFICATE_ENROLLMENT_SERVICE_ENDPOINT, targetNamespace = Constants.DEVICE_ENROLLMENT_SERVICE_TARGET_NAMESPACE)
/* loaded from: input_file:WEB-INF/classes/org/wso2/carbon/mdm/mobileservices/windows/services/wstep/impl/CertificateEnrollmentServiceImpl.class */
public class CertificateEnrollmentServiceImpl implements CertificateEnrollmentService {
    private static final int REQUEST_ID = 0;
    private static final int CA_CERTIFICATE_POSITION = 0;
    private static final int SIGNED_CERTIFICATE_POSITION = 1;
    private static Log log = LogFactory.getLog(CertificateEnrollmentServiceImpl.class);
    private PrivateKey privateKey;
    private X509Certificate rootCACertificate;

    @Resource
    private WebServiceContext context;

    @Override // org.wso2.carbon.mdm.mobileservices.windows.services.wstep.CertificateEnrollmentService
    public void requestSecurityToken(String str, String str2, String str3, AdditionalContext additionalContext, Holder<RequestSecurityTokenResponse> holder) throws WindowsDeviceEnrolmentException {
        ServletContext servletContext = (ServletContext) this.context.getMessageContext().get("javax.xml.ws.servlet.context");
        File file = (File) servletContext.getAttribute(Constants.CONTEXT_WAP_PROVISIONING_FILE);
        WindowsPluginProperties windowsPluginProperties = (WindowsPluginProperties) servletContext.getAttribute(Constants.WINDOWS_PLUGIN_PROPERTIES);
        String keyStorePassword = windowsPluginProperties.getKeyStorePassword();
        String privateKeyPassword = windowsPluginProperties.getPrivateKeyPassword();
        String commonName = windowsPluginProperties.getCommonName();
        int notBeforeDays = windowsPluginProperties.getNotBeforeDays();
        int notAfterDays = windowsPluginProperties.getNotAfterDays();
        ArrayList arrayList = new ArrayList();
        arrayList.add(commonName);
        arrayList.add(Integer.valueOf(notBeforeDays));
        arrayList.add(Integer.valueOf(notAfterDays));
        try {
            setRootCertAndKey(keyStorePassword, privateKeyPassword);
            if (log.isDebugEnabled()) {
                log.debug("Received CSR from Device:" + str3);
            }
            String path = file.getPath();
            RequestSecurityTokenResponse requestSecurityTokenResponse = new RequestSecurityTokenResponse();
            requestSecurityTokenResponse.setTokenType(Constants.CertificateEnrolment.TOKEN_TYPE);
            try {
                String prepareWapProvisioningXML = prepareWapProvisioningXML(str3, arrayList, path);
                RequestedSecurityToken requestedSecurityToken = new RequestedSecurityToken();
                BinarySecurityToken binarySecurityToken = new BinarySecurityToken();
                binarySecurityToken.setValueType(Constants.CertificateEnrolment.VALUE_TYPE);
                binarySecurityToken.setEncodingType(Constants.CertificateEnrolment.ENCODING_TYPE);
                binarySecurityToken.setToken(prepareWapProvisioningXML);
                requestedSecurityToken.setBinarySecurityToken(binarySecurityToken);
                requestSecurityTokenResponse.setRequestedSecurityToken(requestedSecurityToken);
                requestSecurityTokenResponse.setRequestID(0);
                holder.value = requestSecurityTokenResponse;
            } catch (Exception e) {
                log.error("Wap provisioning file couldn't be prepared.", e);
                throw new WindowsDeviceEnrolmentException("Wap provisioning file couldn't be prepared.", e);
            }
        } catch (Exception e2) {
            log.error("Root certificate and private key couldn't be extracted from keystore.", e2);
            throw new WindowsDeviceEnrolmentException("Root certificate and private key couldn't be extracted from keystore.", e2);
        }
    }

    private String convertDocumentToString(Document document) throws TransformerException {
        DOMSource dOMSource = new DOMSource(document);
        StringWriter stringWriter = new StringWriter();
        TransformerFactory.newInstance().newTransformer().transform(dOMSource, new StreamResult(stringWriter));
        return stringWriter.toString();
    }

    public void setRootCertAndKey(String str, String str2) throws KeyStoreGenerationException, CertificateGenerationException {
        String path = new File(getClass().getClassLoader().getResource(Constants.CertificateEnrolment.WSO2_MDM_JKS_FILE).getFile()).getPath();
        try {
            KeyStore keyStore = KeyStoreGenerator.getKeyStore();
            try {
                KeyStoreGenerator.loadToStore(keyStore, str.toCharArray(), path);
                try {
                    this.privateKey = (PrivateKey) keyStore.getKey(Constants.CertificateEnrolment.CA_CERT, str2.toCharArray());
                    try {
                        try {
                            this.rootCACertificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(keyStore.getCertificate(Constants.CertificateEnrolment.CA_CERT).getEncoded()));
                        } catch (CertificateException e) {
                            log.error("X509 CA certificate cannot be generated.", e);
                            throw new CertificateGenerationException("X509 CA certificate cannot be generated.", (Exception) e);
                        }
                    } catch (KeyStoreException e2) {
                        log.error("Error occurred while accessing keystore for CA certificate retrieval.", e2);
                        throw new KeyStoreGenerationException("Error occurred while accessing keystore for CA certificate retrieval.", (Exception) e2);
                    } catch (CertificateEncodingException e3) {
                        log.error("Error occurred while encoding CA certificate.", e3);
                        throw new CertificateGenerationException("Error occurred while encoding CA certificate.", (Exception) e3);
                    } catch (CertificateException e4) {
                        log.error("Error occurred while initiating certificate factory for CA certificate retrieval.", e4);
                        throw new CertificateGenerationException("Error occurred while initiating certificate factory for CA certificate retrieval.", (Exception) e4);
                    }
                } catch (KeyStoreException e5) {
                    log.error("Cannot generate private key due to Key store error.", e5);
                    throw new CertificateGenerationException("Cannot generate private key due to Key store error.", (Exception) e5);
                } catch (NoSuchAlgorithmException e6) {
                    log.error("Requested cryptographic algorithm is not available in the environment.", e6);
                    throw new CertificateGenerationException("Requested cryptographic algorithm is not available in the environment.", (Exception) e6);
                } catch (UnrecoverableKeyException e7) {
                    log.error("Cannot recover private key.", e7);
                    throw new CertificateGenerationException("Cannot recover private key.", (Exception) e7);
                }
            } catch (KeyStoreGenerationException e8) {
                log.error("Cannot load the MDM key store.", e8);
                throw new KeyStoreGenerationException("Cannot load the MDM key store.", (Exception) e8);
            }
        } catch (KeyStoreGenerationException e9) {
            log.error("Cannot retrieve the MDM key store.", e9);
            throw new KeyStoreGenerationException("Cannot retrieve the MDM key store.", (Exception) e9);
        }
    }

    public String prepareWapProvisioningXML(String str, List<Serializable> list, String str2) throws CertificateGenerationException, WAPProvisioningException {
        try {
            X509Certificate signCSR = CertificateSigningService.signCSR(new JcaPKCS10CertificationRequest(new PKCS10CertificationRequest(DatatypeConverter.parseBase64Binary(str))), this.privateKey, this.rootCACertificate, list);
            Base64 base64 = new Base64();
            try {
                String encodeAsString = base64.encodeAsString(this.rootCACertificate.getEncoded());
                try {
                    String encodeAsString2 = base64.encodeAsString(signCSR.getEncoded());
                    try {
                        Document parse = DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(str2);
                        NodeList elementsByTagName = parse.getElementsByTagName(Constants.CertificateEnrolment.PARM);
                        Node item = elementsByTagName.item(0);
                        item.getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf(DigestUtils.sha1Hex(this.rootCACertificate.getEncoded())).toUpperCase());
                        Node namedItem = item.getAttributes().getNamedItem("value");
                        String replaceAll = encodeAsString.replaceAll(IOUtils.LINE_SEPARATOR_UNIX, "");
                        namedItem.setTextContent(replaceAll);
                        if (log.isDebugEnabled()) {
                            log.debug("Root certificate: " + replaceAll);
                        }
                        Node item2 = elementsByTagName.item(1);
                        item2.getParentNode().getAttributes().getNamedItem("type").setTextContent(String.valueOf(DigestUtils.sha1Hex(signCSR.getEncoded())).toUpperCase());
                        Node namedItem2 = item2.getAttributes().getNamedItem("value");
                        String replaceAll2 = encodeAsString2.replaceAll(IOUtils.LINE_SEPARATOR_UNIX, "");
                        namedItem2.setTextContent(replaceAll2);
                        if (log.isDebugEnabled()) {
                            log.debug("Signed certificate: " + replaceAll2);
                        }
                        return base64.encodeAsString(convertDocumentToString(parse).getBytes());
                    } catch (Exception e) {
                        log.error("Problem occurred with wap-provisioning.xml file.", e);
                        throw new WAPProvisioningException("Problem occurred with wap-provisioning.xml file.", e);
                    }
                } catch (CertificateEncodingException e2) {
                    log.error("Singed certificate cannot be encoded.", e2);
                    throw new CertificateGenerationException("Singed certificate cannot be encoded.", (Exception) e2);
                }
            } catch (CertificateEncodingException e3) {
                log.error("CA certificate cannot be encoded.", e3);
                throw new CertificateGenerationException("CA certificate cannot be encoded.", (Exception) e3);
            }
        } catch (IOException e4) {
            log.error("CSR cannot be recovered.", e4);
            throw new CertificateGenerationException("CSR cannot be recovered.", (Exception) e4);
        }
    }
}
