package org.wso2.carbon.apimgt.impl.utils;

import java.io.ByteArrayInputStream;
import java.io.Closeable;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.apimgt.impl.APIConstants;
import org.wso2.carbon.apimgt.impl.certificatemgt.ResponseCode;

/* loaded from: input_file:org/wso2/carbon/apimgt/impl/utils/CertificateMgtUtils.class */
public class CertificateMgtUtils {
    private static Log log = LogFactory.getLog(CertificateMgtUtils.class);
    private static char[] TRUST_STORE_PASSWORD = System.getProperty("javax.net.ssl.trustStorePassword").toCharArray();
    private static String TRUST_STORE = System.getProperty("javax.net.ssl.trustStore");
    private static InputStream localTrustStoreStream = null;
    private static OutputStream fileOutputStream = null;
    private static ResponseCode responseCode;

    public ResponseCode addCertificateToTrustStore(String str, String str2) {
        ByteArrayInputStream byteArrayInputStream;
        boolean z = false;
        boolean z2 = false;
        try {
            try {
                try {
                    try {
                        try {
                            byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str.getBytes(APIConstants.DigestAuthConstants.CHARSET)));
                        } catch (KeyStoreException e) {
                            log.error("Error reading certificate contents.", e);
                            responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                            closeStreams(localTrustStoreStream, fileOutputStream, null);
                        }
                    } catch (UnsupportedEncodingException e2) {
                        log.error("Error retrieving certificate from String", e2);
                        responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                        closeStreams(localTrustStoreStream, fileOutputStream, null);
                    }
                } catch (IOException e3) {
                    log.error("Error in loading the certificate.", e3);
                    responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                    closeStreams(localTrustStoreStream, fileOutputStream, null);
                } catch (CertificateException e4) {
                    log.error("Error loading certificate.", e4);
                    responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                    closeStreams(localTrustStoreStream, fileOutputStream, null);
                }
            } catch (FileNotFoundException e5) {
                log.error("Error reading/ writing to the certificate file.", e5);
                responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                closeStreams(localTrustStoreStream, fileOutputStream, null);
            } catch (NoSuchAlgorithmException e6) {
                log.error("Could not find the algorithm to load the certificate.", e6);
                responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                closeStreams(localTrustStoreStream, fileOutputStream, null);
            }
            if (byteArrayInputStream.available() == 0) {
                log.error("Certificate is empty for the provided alias " + str2);
                ResponseCode responseCode2 = ResponseCode.INTERNAL_SERVER_ERROR;
                closeStreams(localTrustStoreStream, fileOutputStream, byteArrayInputStream);
                return responseCode2;
            }
            File file = new File(TRUST_STORE);
            localTrustStoreStream = new FileInputStream(file);
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(localTrustStoreStream, TRUST_STORE_PASSWORD);
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            while (byteArrayInputStream.available() > 0) {
                Certificate generateCertificate = certificateFactory.generateCertificate(byteArrayInputStream);
                if (keyStore.containsAlias(str2)) {
                    z = true;
                } else if (((X509Certificate) generateCertificate).getNotAfter().getTime() <= System.currentTimeMillis()) {
                    z2 = true;
                    if (log.isDebugEnabled()) {
                        log.debug("Provided certificate is expired.");
                    }
                } else {
                    keyStore.setCertificateEntry(str2, generateCertificate);
                }
            }
            fileOutputStream = new FileOutputStream(file);
            keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD);
            responseCode = z2 ? ResponseCode.CERTIFICATE_EXPIRED : z ? ResponseCode.ALIAS_EXISTS_IN_TRUST_STORE : ResponseCode.SUCCESS;
            closeStreams(localTrustStoreStream, fileOutputStream, byteArrayInputStream);
            return responseCode;
        } catch (Throwable th) {
            closeStreams(localTrustStoreStream, fileOutputStream, null);
            throw th;
        }
    }

    public ResponseCode removeCertificateFromTrustStore(String str) {
        boolean z;
        try {
            try {
                try {
                    File file = new File(TRUST_STORE);
                    localTrustStoreStream = new FileInputStream(file);
                    KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                    keyStore.load(localTrustStoreStream, TRUST_STORE_PASSWORD);
                    if (keyStore.containsAlias(str)) {
                        keyStore.deleteEntry(str);
                        z = true;
                    } else {
                        z = false;
                        if (log.isDebugEnabled()) {
                            log.debug("Certificate for alias '" + str + "' not found in the trust store.");
                        }
                    }
                    fileOutputStream = new FileOutputStream(file);
                    keyStore.store(fileOutputStream, TRUST_STORE_PASSWORD);
                    responseCode = z ? ResponseCode.SUCCESS : ResponseCode.CERTIFICATE_NOT_FOUND;
                    closeStreams(localTrustStoreStream, fileOutputStream);
                } catch (IOException e) {
                    log.error("Error in loading the certificate.", e);
                    responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                    closeStreams(localTrustStoreStream, fileOutputStream);
                } catch (KeyStoreException e2) {
                    log.error("Error reading certificate contents.", e2);
                    responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                    closeStreams(localTrustStoreStream, fileOutputStream);
                }
            } catch (NoSuchAlgorithmException e3) {
                log.error("Could not find the algorithm to load the certificate.", e3);
                responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                closeStreams(localTrustStoreStream, fileOutputStream);
            } catch (CertificateException e4) {
                log.error("Error loading certificate.", e4);
                responseCode = ResponseCode.INTERNAL_SERVER_ERROR;
                closeStreams(localTrustStoreStream, fileOutputStream);
            }
            return responseCode;
        } catch (Throwable th) {
            closeStreams(localTrustStoreStream, fileOutputStream);
            throw th;
        }
    }

    private void closeStreams(Closeable... closeableArr) {
        try {
            for (Closeable closeable : closeableArr) {
                if (closeable != null) {
                    closeable.close();
                }
            }
        } catch (IOException e) {
            log.error("Error closing the stream.", e);
        }
    }
}
