package com.alfaariss.oa.engine.core.crypto;

import com.alfaariss.oa.OAException;
import com.alfaariss.oa.api.IComponent;
import com.alfaariss.oa.api.configuration.ConfigurationException;
import com.alfaariss.oa.api.configuration.IConfigurationManager;
import com.alfaariss.oa.engine.core.crypto.factory.AbstractCipherFactory;
import com.alfaariss.oa.engine.core.crypto.factory.AbstractSigningFactory;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Signature;
import java.security.cert.Certificate;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/engine/core/crypto/CryptoManager.class */
public class CryptoManager implements IComponent {
    private static final String DEFAULT_SIGNATURE_ALGORITHM = "SHA1withRSA";
    private static final String DEFAULT_RANDOM_ALGORITHM = "SHA1PRNG";
    private static final String DEFAULT_ENCRYPTION_ALGORITHM = "DESede";
    private static final String DEFAULT_DIGEST_ALGORITHM = "SHA1";
    private static Log _logger;
    private IConfigurationManager _configManager;
    private SecretKey _secretKey;
    private String _sMessageDigestAlgorithm;
    private String _sMessageDigestProvider;
    private String _sCipherAlgorithm;
    private String _sCipherProvider;
    private SecureRandom _secureRandom;
    private AbstractCipherFactory _cipherFactory;
    private String _sSigningAlgorithm;
    private String _sSigningProvider;
    private PrivateKey _privateKey;
    private Certificate _certificate;
    private AbstractSigningFactory _signingFactory;

    public CryptoManager() {
        _logger = LogFactory.getLog(CryptoManager.class);
    }

    public void start(IConfigurationManager iConfigurationManager, Element element) throws OAException {
        this._configManager = iConfigurationManager;
        readEncryptionConfig(element);
        readSigningConfig(element);
        readRandomConfig(element);
        readMessageDigestConfig(element);
    }

    public void restart(Element element) throws CryptoException {
        try {
            synchronized (this) {
                if (this._cipherFactory != null) {
                    this._cipherFactory.stop();
                }
                readEncryptionConfig(element);
                readSigningConfig(element);
                readRandomConfig(element);
                readMessageDigestConfig(element);
            }
        } catch (CryptoException e) {
            throw e;
        } catch (Exception e2) {
            _logger.error("Internal error during restart", e2);
            throw new CryptoException(1);
        }
    }

    public SecureRandom getSecureRandom() {
        return this._secureRandom;
    }

    public MessageDigest getMessageDigest() throws CryptoException {
        try {
            return this._sMessageDigestProvider != null ? MessageDigest.getInstance(this._sMessageDigestAlgorithm, this._sMessageDigestProvider) : MessageDigest.getInstance(this._sMessageDigestAlgorithm);
        } catch (NoSuchAlgorithmException e) {
            _logger.error("Invalid message digest algorithm", e);
            throw new CryptoException(1);
        } catch (NoSuchProviderException e2) {
            _logger.error("Invalid message digest provider", e2);
            throw new CryptoException(1);
        }
    }

    public Cipher getCipher() throws CryptoException {
        Cipher cipher = null;
        if (this._sCipherAlgorithm != null) {
            try {
                cipher = this._sCipherProvider != null ? Cipher.getInstance(this._sCipherAlgorithm, this._sCipherProvider) : Cipher.getInstance(this._sCipherAlgorithm);
            } catch (NoSuchAlgorithmException e) {
                _logger.error("Invalid cipher algorithm", e);
                throw new CryptoException(1);
            } catch (NoSuchProviderException e2) {
                _logger.error("Invalid cipher provider", e2);
                throw new CryptoException(1);
            } catch (NoSuchPaddingException e3) {
                _logger.error("Padding exception", e3);
                throw new CryptoException(1);
            }
        } else {
            _logger.debug("Encryption disabled");
        }
        return cipher;
    }

    public SecretKey getSecretKey() {
        return this._secretKey;
    }

    public Signature getSignature() throws CryptoException {
        Signature signature = null;
        if (this._sSigningAlgorithm != null) {
            try {
                signature = this._sSigningProvider != null ? Signature.getInstance(this._sSigningAlgorithm, this._sSigningProvider) : Signature.getInstance(this._sSigningAlgorithm);
                _logger.debug("Established Signature instance of provider " + signature.getProvider().getName());
            } catch (NoSuchAlgorithmException e) {
                _logger.error("Invalid signature algorithm", e);
                throw new CryptoException(1);
            } catch (NoSuchProviderException e2) {
                _logger.error("Invalid signature provider", e2);
                throw new CryptoException(1);
            }
        } else {
            _logger.debug("Signing disabled");
        }
        return signature;
    }

    public PrivateKey getPrivateKey() {
        return this._privateKey;
    }

    public Certificate getCertificate() {
        return this._certificate;
    }

    public Certificate getCertificate(String str) throws CryptoException {
        if (this._signingFactory != null) {
            return this._signingFactory.getCertificate(str);
        }
        _logger.debug("Signing disabled");
        return null;
    }

    public AbstractSigningFactory getSigningFactory() {
        return this._signingFactory;
    }

    public void stop() {
        if (this._cipherFactory != null) {
            this._cipherFactory.stop();
        }
    }

    private void readEncryptionConfig(Element element) throws CryptoException {
        try {
            Element section = this._configManager.getSection(element, "encryption");
            if (section == null) {
                _logger.info("Could not retrieve 'encryption' config section, encryption disabled");
            } else {
                try {
                    this._sCipherAlgorithm = this._configManager.getParam(section, "algorithm");
                    if (this._sCipherAlgorithm == null) {
                        this._sCipherAlgorithm = DEFAULT_ENCRYPTION_ALGORITHM;
                        _logger.info("Could not retrieve 'algorithm' config parameter. Using default algorithm");
                    }
                    try {
                        this._sCipherProvider = this._configManager.getParam(section, "provider");
                        if (this._sCipherProvider == null) {
                            _logger.info("Could not retrieve 'provider' config parameter. Using default first suitable provider.");
                        }
                        Element section2 = this._configManager.getSection(section, "cipherfactory");
                        if (section2 == null) {
                            _logger.error("Could not retrieve valid 'cipherfactory' config section");
                            throw new CryptoException(17);
                        }
                        this._cipherFactory = AbstractCipherFactory.createInstance(this._configManager, section2);
                        this._cipherFactory.start();
                        this._secretKey = this._cipherFactory.getSecretKey(this._sCipherAlgorithm, this._sCipherProvider);
                        getCipher();
                    } catch (ConfigurationException e) {
                        _logger.error("Could not read 'provider' config parameter", e);
                        throw new CryptoException(17);
                    }
                } catch (ConfigurationException e2) {
                    _logger.error("Could not read 'algorithm' config parameter", e2);
                    throw new CryptoException(17);
                }
            }
        } catch (CryptoException e3) {
            throw e3;
        } catch (Exception e4) {
            _logger.fatal("Internal error during crypto init", e4);
            throw new CryptoException(1);
        }
    }

    private void readMessageDigestConfig(Element element) throws CryptoException {
        try {
            Element section = this._configManager.getSection(element, "message_digest");
            if (section == null) {
                this._sMessageDigestAlgorithm = DEFAULT_DIGEST_ALGORITHM;
                _logger.info("Could not retrieve 'message_digest' config section. Using default algorithm and provider");
            } else {
                try {
                    this._sMessageDigestAlgorithm = this._configManager.getParam(section, "algorithm");
                    if (this._sMessageDigestAlgorithm == null) {
                        this._sMessageDigestAlgorithm = DEFAULT_DIGEST_ALGORITHM;
                        _logger.info("Could not retrieve 'algorithm' config parameter. Using default algorithm");
                    }
                    try {
                        this._sMessageDigestProvider = this._configManager.getParam(section, "provider");
                        if (this._sMessageDigestProvider == null) {
                            _logger.info("Could not retrieve 'provider' config parameter. Using first suitable provider");
                        }
                        getMessageDigest();
                    } catch (ConfigurationException e) {
                        _logger.error("Could not read 'provider' config parameter", e);
                        throw new CryptoException(17);
                    }
                } catch (ConfigurationException e2) {
                    _logger.error("Could not read 'algorithm' config parameter", e2);
                    throw new CryptoException(17);
                }
            }
        } catch (CryptoException e3) {
            throw e3;
        } catch (Exception e4) {
            _logger.fatal("Internal error during crypto init", e4);
            throw new CryptoException(1);
        }
    }

    private void readSigningConfig(Element element) throws CryptoException {
        try {
            Element section = this._configManager.getSection(element, "signing");
            if (section == null) {
                this._signingFactory = null;
                this._privateKey = null;
                this._certificate = null;
                this._sSigningProvider = null;
                this._sSigningAlgorithm = DEFAULT_SIGNATURE_ALGORITHM;
                _logger.info("Could not retrieve 'signing' config section, signing disabled");
            } else {
                try {
                    this._sSigningAlgorithm = this._configManager.getParam(section, "algorithm");
                    if (this._sSigningAlgorithm == null) {
                        this._sSigningAlgorithm = DEFAULT_SIGNATURE_ALGORITHM;
                        _logger.info("Could not retrieve 'algorithm' config parameter. Using default algorithm");
                    }
                    try {
                        this._sSigningProvider = this._configManager.getParam(section, "provider");
                        if (this._sSigningProvider == null) {
                            _logger.info("Could not retrieve 'provider' config parameter. Using first suitable provider");
                        }
                        Element section2 = this._configManager.getSection(section, "signingfactory");
                        if (section2 == null) {
                            _logger.error("Could not retrieve valid 'signingfactory' config section");
                            throw new CryptoException(17);
                        }
                        this._signingFactory = AbstractSigningFactory.createInstance(this._configManager, section2);
                        this._signingFactory.start();
                        this._privateKey = this._signingFactory.getPrivateKey();
                        this._certificate = this._signingFactory.getCertificate();
                        getSignature();
                    } catch (ConfigurationException e) {
                        _logger.error("Could not read 'provider' config parameter", e);
                        throw new CryptoException(17);
                    }
                } catch (ConfigurationException e2) {
                    _logger.error("Could not read 'algorithm' config parameter", e2);
                    throw new CryptoException(17);
                }
            }
        } catch (CryptoException e3) {
            throw e3;
        } catch (Exception e4) {
            _logger.fatal("Internal error during signing init", e4);
            throw new CryptoException(1);
        }
    }

    private void readRandomConfig(Element element) throws CryptoException {
        String param;
        String str = null;
        try {
            Element section = this._configManager.getSection(element, "random_generator");
            if (section == null) {
                param = DEFAULT_RANDOM_ALGORITHM;
                _logger.info("Could not retrieve 'random' config section. Using default algorithm and provider");
            } else {
                try {
                    param = this._configManager.getParam(section, "algorithm");
                    if (param == null) {
                        param = DEFAULT_RANDOM_ALGORITHM;
                        _logger.info("Could not retrieve 'algorithm' config parameter. Using default algorithm");
                    }
                    try {
                        str = this._configManager.getParam(section, "provider");
                        if (str == null) {
                            _logger.info("Could not retrieve 'provider' config parameter. Using first suitable provider");
                        }
                    } catch (ConfigurationException e) {
                        _logger.error("Could not read 'provider' config parameter", e);
                        throw new CryptoException(17);
                    }
                } catch (ConfigurationException e2) {
                    _logger.error("Could not read 'algorithm' config parameter", e2);
                    throw new CryptoException(17);
                }
            }
            if (str == null) {
                this._secureRandom = SecureRandom.getInstance(param);
            } else {
                this._secureRandom = SecureRandom.getInstance(param, str);
            }
        } catch (CryptoException e3) {
            throw e3;
        } catch (NoSuchAlgorithmException e4) {
            _logger.error("Invalid random algorithm", e4);
            throw new CryptoException(2);
        } catch (NoSuchProviderException e5) {
            _logger.error("Invalid random provider", e5);
            throw new CryptoException(2);
        } catch (Exception e6) {
            _logger.fatal("Internal error during configuration reading", e6);
            throw new CryptoException(1);
        }
    }
}
