package org.cesecore.certificates.ca.catoken;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.PrintWriter;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.cesecore.internal.InternalResources;
import org.cesecore.internal.UpgradeableDataHashMap;
import org.cesecore.keys.token.CryptoToken;
import org.cesecore.keys.token.CryptoTokenOfflineException;
import org.cesecore.util.StringTools;

/* loaded from: input_file:org/cesecore/certificates/ca/catoken/CAToken.class */
public class CAToken extends UpgradeableDataHashMap {
    private static final long serialVersionUID = -459748276141898509L;
    private static final Logger log = Logger.getLogger(CAToken.class);
    private static final InternalResources intres = InternalResources.getInstance();
    public static final float LATEST_VERSION = 8.0f;

    @Deprecated
    public static final String CLASSPATH = "classpath";
    public static final String PROPERTYDATA = "propertydata";

    @Deprecated
    public static final String KEYSTORE = "KEYSTORE";
    public static final String DEFAULT_KEYSEQUENCE = "00000";
    public static final String SOFTPRIVATESIGNKEYALIAS = "signKey";
    public static final String SOFTPRIVATEDECKEYALIAS = "encryptKey";
    public static final String SEQUENCE = "sequence";
    public static final String SEQUENCE_FORMAT = "sequenceformat";
    public static final String SIGNATUREALGORITHM = "signaturealgorithm";
    public static final String ENCRYPTIONALGORITHM = "encryptionalgorithm";
    public static final String CRYPTOTOKENID = "cryptotokenid";
    private int cryptoTokenId;
    private transient PurposeMapping keyStrings = null;

    public CAToken(int i, Properties properties) {
        setCryptoTokenId(i);
        internalInit(properties);
    }

    private void internalInit(Properties properties) {
        this.keyStrings = new PurposeMapping(properties);
        setCATokenPropertyData(storeProperties(properties));
    }

    public CAToken(HashMap hashMap) {
        loadData(hashMap);
        Object obj = this.data.get(CRYPTOTOKENID);
        if (obj == null) {
            log.warn("No CryptoTokenId in CAToken map. This can safely be ignored if shown during an upgrade from EJBCA 5.0.x or lower.");
        } else {
            this.cryptoTokenId = Integer.parseInt((String) obj);
        }
        internalInit(getProperties());
    }

    public int getTokenStatus(boolean z, CryptoToken cryptoToken) {
        PublicKey publicKey;
        if (log.isTraceEnabled()) {
            log.trace(">getCATokenStatus");
        }
        int i = 2;
        try {
            if (this.keyStrings != null) {
                String[] aliases = this.keyStrings.getAliases();
                String aliasFromPurpose = getAliasFromPurpose(4);
                int i2 = 0;
                if (cryptoToken != null) {
                    HashMap hashMap = new HashMap();
                    for (String str : aliases) {
                        PrivateKey privateKey = (PrivateKey) hashMap.get(str);
                        if (privateKey == null) {
                            try {
                                privateKey = cryptoToken.getPrivateKey(str);
                                if (privateKey != null) {
                                    hashMap.put(str, privateKey);
                                }
                            } catch (CryptoTokenOfflineException e) {
                                privateKey = null;
                            }
                        }
                        if (privateKey == null && log.isDebugEnabled()) {
                            log.debug("Missing private key for alias: " + str);
                        }
                        i2++;
                        if (str.equals(aliasFromPurpose)) {
                            try {
                                publicKey = cryptoToken.getPublicKey(aliasFromPurpose);
                            } catch (CryptoTokenOfflineException e2) {
                                publicKey = null;
                            }
                            if (publicKey == null && log.isDebugEnabled()) {
                                log.debug("Missing public key for alias: " + str);
                            }
                            if (z) {
                                try {
                                    cryptoToken.testKeyPair(str, publicKey, privateKey);
                                } catch (Throwable th) {
                                    log.error(intres.getLocalizedMessage("token.activationtestfail", Integer.valueOf(cryptoToken.getId())), th);
                                }
                            }
                            i = 1;
                        }
                    }
                }
                if (i2 < aliases.length && log.isDebugEnabled()) {
                    StringBuilder sb = new StringBuilder();
                    for (String str2 : aliases) {
                        sb.append(' ').append(str2);
                    }
                    log.debug("Not enough keys for the key aliases: " + sb.toString());
                }
            }
        } catch (CryptoTokenOfflineException e3) {
            if (log.isDebugEnabled()) {
                log.debug("CryptoToken offline: " + e3.getMessage());
            }
        }
        if (log.isTraceEnabled()) {
            log.trace("<getCATokenStatus: " + i);
        }
        return i;
    }

    public String getAliasFromPurpose(int i) throws CryptoTokenOfflineException {
        if (this.keyStrings == null) {
            this.keyStrings = new PurposeMapping(getProperties());
        }
        String alias = this.keyStrings.getAlias(i);
        if (alias == null) {
            throw new CryptoTokenOfflineException("No alias for key purpose " + i);
        }
        return alias;
    }

    public int getCryptoTokenId() {
        return this.cryptoTokenId;
    }

    public void setCryptoTokenId(int i) {
        this.cryptoTokenId = i;
        this.data.put(CRYPTOTOKENID, String.valueOf(i));
    }

    public void setProperty(String str, String str2) {
        Properties properties = getProperties();
        properties.setProperty(str, str2);
        setCATokenPropertyData(storeProperties(properties));
    }

    private String storeProperties(Properties properties) {
        this.keyStrings = new PurposeMapping(properties);
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        PrintWriter printWriter = new PrintWriter(byteArrayOutputStream);
        Enumeration keys = properties.keys();
        while (keys.hasMoreElements()) {
            Object nextElement = keys.nextElement();
            if (properties.get(nextElement) != null) {
                printWriter.println(nextElement + "=" + properties.get(nextElement));
            }
        }
        printWriter.close();
        return byteArrayOutputStream.toString();
    }

    private void setCATokenPropertyData(String str) {
        this.data.put(PROPERTYDATA, str);
    }

    public Properties getProperties() {
        String str = null;
        if (this.data != null) {
            str = (String) this.data.get(PROPERTYDATA);
        }
        return getPropertiesFromString(str);
    }

    public static Properties getPropertiesFromString(String str) {
        Properties properties = new Properties();
        if (StringUtils.isNotEmpty(str)) {
            try {
                properties.load(new ByteArrayInputStream(StringUtils.replace(str, "\\", "\\\\").getBytes()));
                for (String str2 : properties.keySet()) {
                    properties.setProperty(str2, properties.getProperty(str2).trim());
                }
            } catch (IOException e) {
                log.error("Error getting PCKS#11 token properties: ", e);
            }
        }
        return properties;
    }

    public String getKeySequence() {
        Object obj = this.data.get(SEQUENCE);
        if (obj == null) {
            obj = new String(DEFAULT_KEYSEQUENCE);
        }
        return (String) obj;
    }

    public void setKeySequence(String str) {
        this.data.put(SEQUENCE, str);
    }

    public void setKeySequenceFormat(int i) {
        this.data.put(SEQUENCE_FORMAT, Integer.valueOf(i));
    }

    public int getKeySequenceFormat() {
        Object obj = this.data.get(SEQUENCE_FORMAT);
        if (obj == null) {
            obj = 1;
        }
        return ((Integer) obj).intValue();
    }

    public String getSignatureAlgorithm() {
        return (String) this.data.get(SIGNATUREALGORITHM);
    }

    public void setSignatureAlgorithm(String str) {
        this.data.put(SIGNATUREALGORITHM, str);
    }

    public String getEncryptionAlgorithm() {
        return (String) this.data.get(ENCRYPTIONALGORITHM);
    }

    public void setEncryptionAlgorithm(String str) {
        this.data.put(ENCRYPTIONALGORITHM, str);
    }

    @Override // org.cesecore.internal.UpgradeableDataHashMap, org.cesecore.internal.IUpgradeableData
    public float getLatestVersion() {
        return 8.0f;
    }

    @Override // org.cesecore.internal.UpgradeableDataHashMap, org.cesecore.internal.IUpgradeableData
    public void upgrade() {
        if (Float.compare(8.0f, getVersion()) != 0) {
            log.info(intres.getLocalizedMessage("token.upgrade", new Float(getVersion())));
            if (this.data.get(SEQUENCE_FORMAT) == null) {
                log.info("Adding new sequence format to CA Token data: 1");
                this.data.put(SEQUENCE_FORMAT, 1);
            }
            if (this.data.get(SEQUENCE) == null) {
                log.info("Adding new default key sequence to CA Token data: 00000");
                this.data.put(SEQUENCE, DEFAULT_KEYSEQUENCE);
            }
            if (this.data.get(CLASSPATH) != null) {
                String str = (String) this.data.get(CLASSPATH);
                log.info("Upgrading CA token classpath: " + str);
                String str2 = str;
                if (StringUtils.equals(str, "org.ejbca.core.model.ca.catoken.SoftCAToken")) {
                    str2 = "org.cesecore.keys.token.SoftCryptoToken";
                    Properties properties = getProperties();
                    if (properties.getProperty(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING) == null && properties.getProperty(CATokenConstants.CAKEYPURPOSE_DEFAULT_STRING) == null) {
                        log.info("Setting CAKEYPURPOSE_CERTSIGN_STRING and CAKEYPURPOSE_CRLSIGN_STRING to signKey.");
                        properties.setProperty(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING, SOFTPRIVATESIGNKEYALIAS);
                        properties.setProperty(CATokenConstants.CAKEYPURPOSE_CRLSIGN_STRING, SOFTPRIVATESIGNKEYALIAS);
                    }
                    if (properties.getProperty(CATokenConstants.CAKEYPURPOSE_DEFAULT_STRING) == null && properties.getProperty(CATokenConstants.CAKEYPURPOSE_TESTKEY_STRING) == null) {
                        log.info("Setting CAKEYPURPOSE_DEFAULT_STRING to encryptKey.");
                        properties.setProperty(CATokenConstants.CAKEYPURPOSE_DEFAULT_STRING, SOFTPRIVATEDECKEYALIAS);
                    }
                    setCATokenPropertyData(storeProperties(properties));
                } else if (StringUtils.equals(str, "org.ejbca.core.model.ca.catoken.PKCS11CAToken")) {
                    str2 = "org.cesecore.keys.token.PKCS11CryptoToken";
                } else if (StringUtils.equals(str, "org.ejbca.core.model.ca.catoken.NullCAToken")) {
                    str2 = "org.cesecore.keys.token.NullCryptoToken";
                } else if (StringUtils.equals(str, "org.ejbca.core.model.ca.catoken.NFastCAToken")) {
                    log.error("Upgrading of NFastCAToken not supported, you need to convert to using PKCS11CAToken before upgrading.");
                }
                this.data.put(CLASSPATH, str2);
            }
            this.data.put(UpgradeableDataHashMap.VERSION, new Float(8.0f));
        }
    }

    public String generateNextSignKeyAlias() {
        String keySequence = getKeySequence();
        String incrementKeySequence = StringTools.incrementKeySequence(getKeySequenceFormat(), keySequence);
        if (log.isDebugEnabled()) {
            log.debug("Current key sequence: " + keySequence + "  New key sequence: " + incrementKeySequence);
        }
        String alias = this.keyStrings.getAlias(1);
        String str = StringUtils.removeEnd(alias, keySequence) + incrementKeySequence;
        if (log.isDebugEnabled()) {
            log.debug("Current sign key alias: " + alias + "  New sign key alias: " + str);
        }
        setNextCertSignKey(str);
        setNextKeySequence(incrementKeySequence);
        return str;
    }

    public void activateNextSignKey() {
        Properties properties = getProperties();
        boolean z = false;
        String alias = this.keyStrings.getAlias(7);
        if (alias != null) {
            String alias2 = this.keyStrings.getAlias(1);
            String alias3 = this.keyStrings.getAlias(2);
            if (log.isDebugEnabled()) {
                log.debug("CERTSIGN_NEXT: " + alias);
                log.debug("CERTSIGN:      " + alias2);
                log.debug("CRLSIGN:       " + alias3);
            }
            if (StringUtils.equals(alias2, alias3)) {
                log.info("Setting CRL signing key alias to: " + alias);
                properties.setProperty(CATokenConstants.CAKEYPURPOSE_CRLSIGN_STRING, alias);
            }
            log.info("Setting certificate signing key alias to: " + alias);
            properties.setProperty(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING_PREVIOUS, alias2);
            properties.setProperty(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING, alias);
            properties.remove(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING_NEXT);
            z = !StringUtils.equals(alias, alias2);
        }
        String property = properties.getProperty(CATokenConstants.NEXT_SEQUENCE_PROPERTY);
        String keySequence = getKeySequence();
        if (property != null) {
            if (log.isDebugEnabled()) {
                log.debug("Current KeySequence: " + getKeySequence());
            }
            log.info("Set key sequence from nextSequence: " + property);
            properties.setProperty(CATokenConstants.PREVIOUS_SEQUENCE_PROPERTY, keySequence);
            setKeySequence(property);
            properties.remove(CATokenConstants.NEXT_SEQUENCE_PROPERTY);
        } else if (z) {
            String incrementKeySequence = StringTools.incrementKeySequence(getKeySequenceFormat(), keySequence);
            properties.setProperty(CATokenConstants.PREVIOUS_SEQUENCE_PROPERTY, keySequence);
            setKeySequence(incrementKeySequence);
        } else {
            properties.setProperty(CATokenConstants.PREVIOUS_SEQUENCE_PROPERTY, keySequence);
        }
        setCATokenPropertyData(storeProperties(properties));
    }

    public void setNextCertSignKey(String str) {
        Properties properties = getProperties();
        properties.setProperty(CATokenConstants.CAKEYPURPOSE_CERTSIGN_STRING_NEXT, str);
        setCATokenPropertyData(storeProperties(properties));
    }

    public void setNextKeySequence(String str) {
        Properties properties = getProperties();
        properties.setProperty(CATokenConstants.NEXT_SEQUENCE_PROPERTY, str);
        setCATokenPropertyData(storeProperties(properties));
    }
}
