package org.wso2.carbon.core.encryption;

import java.security.PrivateKey;
import java.security.Signature;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import org.apache.commons.cli.HelpFormatter;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.core.util.KeyStoreManager;
import org.wso2.carbon.crypto.api.CertificateInfo;
import org.wso2.carbon.crypto.api.CryptoContext;
import org.wso2.carbon.crypto.api.CryptoException;
import org.wso2.carbon.crypto.api.ExternalCryptoProvider;
import org.wso2.carbon.crypto.api.PrivateKeyInfo;

/* loaded from: input_file:WEB-INF/lib/org.wso2.carbon.core-4.4.35.jar:org/wso2/carbon/core/encryption/KeyStoreBasedExternalCryptoProvider.class */
public class KeyStoreBasedExternalCryptoProvider implements ExternalCryptoProvider {
    private static Log log = LogFactory.getLog(KeyStoreBasedExternalCryptoProvider.class);

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public byte[] sign(byte[] bArr, String str, String str2, CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        try {
            Signature signature = StringUtils.isBlank(str2) ? Signature.getInstance(str) : Signature.getInstance(str, str2);
            PrivateKey privateKey = getPrivateKey(cryptoContext, privateKeyInfo);
            if (privateKey == null) {
                String format = String.format("Could not retrieve the private key using '%s' and '%s'. ", privateKeyInfo, cryptoContext);
                log.error(format);
                throw new CryptoException(format);
            }
            signature.initSign(privateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully signed data using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s", str, str2, cryptoContext, privateKeyInfo));
            }
            return sign;
        } catch (Exception e) {
            String format2 = String.format("An error occurred while signing using the algorithm : '%s' and the Java Security API provider : '%s'; %s ; %s", str, str2, cryptoContext, privateKeyInfo);
            if (log.isDebugEnabled()) {
                log.debug(format2, e);
            }
            throw new CryptoException(format2, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public byte[] decrypt(byte[] bArr, String str, String str2, CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        try {
            Cipher cipher = StringUtils.isBlank(str2) ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            PrivateKey privateKey = getPrivateKey(cryptoContext, privateKeyInfo);
            if (privateKey == null) {
                String format = String.format("Could not retrieve the private key using '%s' and '%s'. ", privateKeyInfo, cryptoContext);
                log.error(format);
                throw new CryptoException(format);
            }
            cipher.init(2, privateKey);
            byte[] doFinal = cipher.doFinal(bArr);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully decrypted data using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s", str, str2, cryptoContext, privateKeyInfo));
            }
            return doFinal;
        } catch (Exception e) {
            String format2 = String.format("An error occurred while decrypting using the algorithm : '%s' and the Java Security API provider : '%s'; %s ; %s", str, str2, cryptoContext, privateKeyInfo);
            if (log.isDebugEnabled()) {
                log.debug(format2, e);
            }
            throw new CryptoException(format2, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public byte[] encrypt(byte[] bArr, String str, String str2, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        try {
            Cipher cipher = StringUtils.isBlank(str2) ? Cipher.getInstance(str) : Cipher.getInstance(str, str2);
            Certificate certificate = getCertificate(cryptoContext, certificateInfo);
            if (certificate == null) {
                String format = String.format("Could not retrieve the certificate using '%s' and '%s'. ", certificateInfo, cryptoContext);
                log.error(format);
                throw new CryptoException(format);
            }
            cipher.init(2, certificate);
            byte[] doFinal = cipher.doFinal(bArr);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully encrypted data using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s", str, str2, cryptoContext, certificateInfo));
            }
            return doFinal;
        } catch (Exception e) {
            String format2 = String.format("An error occurred while encrypting using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s", str, str2, cryptoContext, certificateInfo);
            if (log.isDebugEnabled()) {
                log.debug(format2, e);
            }
            throw new CryptoException(format2, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public boolean verifySignature(byte[] bArr, byte[] bArr2, String str, String str2, CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        try {
            Signature signature = StringUtils.isBlank(str2) ? Signature.getInstance(str) : Signature.getInstance(str, str2);
            Certificate certificate = getCertificate(cryptoContext, certificateInfo);
            if (certificate == null) {
                String format = String.format("Could not retrieve the certificate using '%s' and '%s'. ", certificateInfo, cryptoContext);
                log.error(format);
                throw new CryptoException(format);
            }
            signature.initVerify(certificate);
            signature.update(bArr);
            boolean verify = signature.verify(bArr2);
            if (log.isDebugEnabled()) {
                log.debug(String.format("Successfully carried out the signature validation operation using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s. Verification Result : '%s'", str, str2, cryptoContext, certificateInfo, Boolean.valueOf(verify)));
            }
            return verify;
        } catch (Exception e) {
            String format2 = String.format("An error occurred while verifying the signature using the algorithm '%s' and the Java Security API provider '%s'; %s ; %s ", str, str2, cryptoContext, certificateInfo);
            if (log.isDebugEnabled()) {
                log.debug(format2, e);
            }
            throw new CryptoException(format2, e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public Certificate getCertificate(CryptoContext cryptoContext, CertificateInfo certificateInfo) throws CryptoException {
        failIfContextInformationIsMissing(cryptoContext);
        if (certificateInfo.getCertificate() != null) {
            return certificateInfo.getCertificate();
        }
        KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(cryptoContext.getTenantId());
        try {
            if (-1234 == cryptoContext.getTenantId()) {
                if (log.isDebugEnabled()) {
                    log.debug("Looking for the certificate in the super tenant using " + certificateInfo);
                }
                return keyStoreManager.getPrimaryKeyStore().getCertificate(certificateInfo.getCertificateAlias());
            }
            if (log.isDebugEnabled()) {
                log.debug(String.format("Looking for the certificate in the tenant '%s' using %s", cryptoContext.getTenantDomain(), certificateInfo));
            }
            return keyStoreManager.getKeyStore(getTenantKeyStoreName(cryptoContext.getTenantDomain())).getCertificate(certificateInfo.getCertificateAlias());
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("An error occurred while retrieving the certificate from the key store.", e);
            }
            throw new CryptoException("An error occurred while retrieving the certificate from the key store.", e);
        }
    }

    @Override // org.wso2.carbon.crypto.api.ExternalCryptoProvider
    public PrivateKey getPrivateKey(CryptoContext cryptoContext, PrivateKeyInfo privateKeyInfo) throws CryptoException {
        PrivateKey privateKey;
        failIfContextInformationIsMissing(cryptoContext);
        try {
            KeyStoreManager keyStoreManager = KeyStoreManager.getInstance(cryptoContext.getTenantId());
            if (-1234 == cryptoContext.getTenantId()) {
                if (log.isDebugEnabled()) {
                    log.debug("Looking for the private key in the super tenant using " + privateKeyInfo);
                }
                privateKey = (PrivateKey) keyStoreManager.getPrimaryKeyStore().getKey(privateKeyInfo.getKeyAlias(), privateKeyInfo.getKeyPassword().toCharArray());
            } else {
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Looking for the private key in the tenant '%s' using %s", cryptoContext.getTenantDomain(), privateKeyInfo));
                }
                String tenantKeyStoreName = getTenantKeyStoreName(cryptoContext.getTenantDomain());
                if (log.isDebugEnabled()) {
                    log.debug(String.format("Derived Key Store name of the the tenant '%s' is %s", cryptoContext.getTenantDomain(), tenantKeyStoreName));
                }
                privateKey = (PrivateKey) keyStoreManager.getPrivateKey(tenantKeyStoreName, privateKeyInfo.getKeyAlias());
            }
            return privateKey;
        } catch (Exception e) {
            if (log.isDebugEnabled()) {
                log.debug("An error occurred while retrieving the private key from the key store.", e);
            }
            throw new CryptoException("An error occurred while retrieving the private key from the key store.", e);
        }
    }

    private void failIfContextInformationIsMissing(CryptoContext cryptoContext) throws CryptoException {
        if (cryptoContext.getTenantId() == 0 || StringUtils.isBlank(cryptoContext.getTenantDomain())) {
            throw new CryptoException("Tenant information is missing in the crypto context.");
        }
    }

    private String getTenantKeyStoreName(String str) {
        return str.trim().replace(".", HelpFormatter.DEFAULT_OPT_PREFIX) + ".jks";
    }
}
