package org.wso2.carbon.identity.api.server.keystore.management.v1.core;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateEncodingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.identity.api.server.common.ContextLoader;
import org.wso2.carbon.identity.api.server.common.error.APIError;
import org.wso2.carbon.identity.api.server.common.error.ErrorResponse;
import org.wso2.carbon.identity.api.server.keystore.management.common.KeyStoreConstants;
import org.wso2.carbon.identity.api.server.keystore.management.common.KeyStoreManagamentDataHolder;
import org.wso2.carbon.identity.api.server.keystore.management.v1.model.CertificateResponse;
import org.wso2.carbon.security.keystore.KeyStoreManagementException;
import org.wso2.carbon.security.keystore.KeyStoreManagementServerException;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.identity.api.server.keystore.management.v1-1.2.128.jar:org/wso2/carbon/identity/api/server/keystore/management/v1/core/KeyStoreService.class */
public class KeyStoreService {
    private static final Log LOG = LogFactory.getLog(KeyStoreService.class);

    public List<CertificateResponse> listCertificateAliases(String str) {
        try {
            return generateCertificateResponseList(KeyStoreManagamentDataHolder.getKeyStoreManager().getKeyStoreCertificateAliases(ContextLoader.getTenantDomainFromContext(), str), false);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to list certificates from keystore.");
        }
    }

    public File getCertificate(String str, boolean z) {
        try {
            X509Certificate keyStoreCertificate = KeyStoreManagamentDataHolder.getKeyStoreManager().getKeyStoreCertificate(ContextLoader.getTenantDomainFromContext(), str);
            if (keyStoreCertificate == null) {
                throw handleException(KeyStoreConstants.ErrorMessage.ERROR_CODE_INVALID_ALIAS, str, "Couldn't find a certificate with alias: " + str + " from the keystore.", Response.Status.BAD_REQUEST);
            }
            return generateCertificateFile(str, keyStoreCertificate, z);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to retrieve the certificate with alias: " + str + " from keystore");
        }
    }

    public URI uploadCertificate(String str, String str2) {
        try {
            KeyStoreManagamentDataHolder.getKeyStoreManager().addCertificate(ContextLoader.getTenantDomainFromContext(), str, str2);
            return ContextLoader.buildURIForHeader(String.format("/v1/keystores/certs/%s", str));
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to upload the certificate with alias: " + str + " to the keystore.");
        }
    }

    public void deleteCertificate(String str) {
        try {
            KeyStoreManagamentDataHolder.getKeyStoreManager().deleteCertificate(ContextLoader.getTenantDomainFromContext(), str);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to remove the certificate with alias: " + str + " from the keystore.");
        }
    }

    public List<CertificateResponse> listClientCertificateAliases(String str) {
        try {
            return generateCertificateResponseList(KeyStoreManagamentDataHolder.getKeyStoreManager().getClientCertificateAliases(ContextLoader.getTenantDomainFromContext(), str), true);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to retrieve the list of certificates from client truststore.");
        }
    }

    public File getClientCertificate(String str, boolean z) {
        try {
            X509Certificate clientCertificate = KeyStoreManagamentDataHolder.getKeyStoreManager().getClientCertificate(ContextLoader.getTenantDomainFromContext(), str);
            if (clientCertificate == null) {
                throw handleException(KeyStoreConstants.ErrorMessage.ERROR_CODE_INVALID_ALIAS, str, "Couldn't find a certificate with alias: " + str + " from the keystore.", Response.Status.BAD_REQUEST);
            }
            return generateCertificateFile(str, clientCertificate, z);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to retrieve the certificate with alias: " + str + " from client truststore.");
        }
    }

    public File getPublicCertificate(boolean z) {
        try {
            Map publicCertificate = KeyStoreManagamentDataHolder.getKeyStoreManager().getPublicCertificate(ContextLoader.getTenantDomainFromContext());
            r9 = null;
            X509Certificate x509Certificate = null;
            for (String str : publicCertificate.keySet()) {
                x509Certificate = (X509Certificate) publicCertificate.get(str);
            }
            return generateCertificateFile(str, x509Certificate, z);
        } catch (KeyStoreManagementException e) {
            throw handleException(e, "Unable to retrieve the public certificate from from keystore.");
        }
    }

    private List<CertificateResponse> generateCertificateResponseList(List<String> list, boolean z) {
        ArrayList arrayList = new ArrayList();
        String str = !z ? KeyStoreConstants.CERTIFICATE_PATH_COMPONENT : KeyStoreConstants.CLIENT_CERTIFICATE_PATH_COMPONENT;
        for (String str2 : list) {
            CertificateResponse certificateResponse = new CertificateResponse();
            certificateResponse.setAlias(str2);
            certificateResponse.setCertificate(ContextLoader.buildURIForHeader(String.format("/v1/keystores" + str, str2)));
            arrayList.add(certificateResponse);
        }
        return arrayList;
    }

    private File generateCertificateFile(String str, X509Certificate x509Certificate, boolean z) {
        String encodeToString;
        if (z) {
            try {
                encodeToString = Base64.getEncoder().encodeToString(x509Certificate.getEncoded());
            } catch (CertificateEncodingException e) {
                throw handleException(KeyStoreConstants.ErrorMessage.ERROR_CODE_ENCODE_CERTIFICATE, str, e, Response.Status.INTERNAL_SERVER_ERROR);
            }
        } else {
            encodeToString = x509Certificate.toString();
        }
        String str2 = str + KeyStoreConstants.CERTIFICATE_FILE_EXTENSION;
        File absoluteFile = new File(KeyStoreConstants.CERTIFICATE_TEMPORARY_DIRECTORY_PATH).getAbsoluteFile();
        if (absoluteFile.mkdirs() && LOG.isDebugEnabled()) {
            LOG.debug(absoluteFile.toString() + " has been created.");
        }
        File absoluteFile2 = new File("tmp/certs/" + str2).getAbsoluteFile();
        try {
            if (absoluteFile2.createNewFile() && LOG.isDebugEnabled()) {
                LOG.debug("A file has been created with name: " + str2);
            }
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(absoluteFile2), StandardCharsets.UTF_8);
            try {
                outputStreamWriter.write(encodeToString);
                outputStreamWriter.close();
                return absoluteFile2;
            } finally {
            }
        } catch (IOException e2) {
            throw handleException(KeyStoreConstants.ErrorMessage.ERROR_CODE_FILE_WRITE, str2, e2, Response.Status.INTERNAL_SERVER_ERROR);
        }
    }

    private APIError handleException(KeyStoreManagementException keyStoreManagementException, String str) {
        ErrorResponse build;
        Response.Status status;
        ErrorResponse.Builder withDescription = new ErrorResponse.Builder().withCode(keyStoreManagementException.getErrorCode()).withMessage(str).withDescription(keyStoreManagementException.getMessage());
        if (keyStoreManagementException instanceof KeyStoreManagementServerException) {
            build = withDescription.build(LOG, keyStoreManagementException, str);
            status = Response.Status.INTERNAL_SERVER_ERROR;
        } else {
            build = withDescription.build(LOG, str);
            status = Response.Status.BAD_REQUEST;
        }
        return new APIError(status, build);
    }

    private APIError handleException(KeyStoreConstants.ErrorMessage errorMessage, String str, Exception exc, Response.Status status) {
        return new APIError(status, new ErrorResponse.Builder().withCode(errorMessage.getCode()).withMessage(generateErrorMessage(errorMessage.getMessage(), str)).withDescription(exc.getMessage()).build(LOG, exc, exc.getMessage()));
    }

    private APIError handleException(KeyStoreConstants.ErrorMessage errorMessage, String str, String str2, Response.Status status) {
        return new APIError(status, new ErrorResponse.Builder().withCode(errorMessage.getCode()).withMessage(generateErrorMessage(errorMessage.getMessage(), str)).withDescription(str2).build());
    }

    private static String generateErrorMessage(String str, String str2) {
        if (StringUtils.isNotBlank(str2)) {
            str = String.format(str, str2);
        }
        return str;
    }
}
