package com.alfaariss.oa.engine.crypto.keystore;

import com.alfaariss.oa.api.configuration.ConfigurationException;
import com.alfaariss.oa.engine.core.crypto.CryptoException;
import com.alfaariss.oa.engine.core.crypto.factory.AbstractSigningFactory;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.asimba.utility.filesystem.PathTranslator;
import org.w3c.dom.Element;

/* loaded from: input_file:com/alfaariss/oa/engine/crypto/keystore/KeystoreSigningFactory.class */
public class KeystoreSigningFactory extends AbstractSigningFactory {
    private static final String DEFAULT_ALIAS = "mykey";
    private Log _logger = LogFactory.getLog(KeystoreSigningFactory.class);
    private KeyStore _keystore;
    private KeyStore _certificatestore;
    private String _sKeystorePassword;
    private String _sPassword;
    private String _sAlias;

    public void start() throws CryptoException {
        try {
            Element section = this._configurationManager.getSection(this._eSection, "keystore");
            Element section2 = this._configurationManager.getSection(this._eSection, "truststore");
            if (section == null && section2 == null) {
                this._logger.error("Could not retrieve 'keystore' or 'truststore' section in config");
                throw new CryptoException(17);
            }
            if (section != null) {
                this._keystore = loadKeystore(section);
                this._sAlias = this._configurationManager.getParam(section, "alias");
                if (this._sAlias == null) {
                    this._sAlias = DEFAULT_ALIAS;
                    this._logger.info("Could not retrieve 'alias' paramater, using default: mykey");
                }
                this._sPassword = this._configurationManager.getParam(section, "password");
                if (this._sPassword == null) {
                    this._logger.error("No 'password' parameter supplied");
                    throw new CryptoException(17);
                }
                if (!this._keystore.containsAlias(this._sAlias)) {
                    this._logger.error("Configured alias does not exist: " + this._sAlias);
                    throw new CryptoException(2);
                }
                if (!this._keystore.isKeyEntry(this._sAlias)) {
                    this._logger.error("Configured alias is not a valid key entry: " + this._sAlias);
                    throw new CryptoException(2);
                }
                this._logger.info("Succesfully loaded: keystore");
            } else {
                this._keystore = null;
                this._logger.info("Disabled: keystore");
            }
            if (section2 != null) {
                this._certificatestore = loadKeystore(section2);
                this._logger.info("Succesfully loaded: truststore");
            } else {
                this._certificatestore = null;
                this._logger.info("Disabled: truststore");
            }
        } catch (ConfigurationException e) {
            this._logger.error("Could not initialize signing, configuration error", e);
            throw new CryptoException(2, e);
        } catch (KeyStoreException e2) {
            this._logger.error("Could not load keystore", e2);
            throw new CryptoException(2, e2);
        }
    }

    public Certificate getCertificate(String str) throws CryptoException {
        try {
            if (this._certificatestore == null) {
                return null;
            }
            Certificate certificate = this._certificatestore.getCertificate(str);
            if (certificate instanceof X509Certificate) {
                return certificate;
            }
            this._logger.error("Could not find a valid certificate with alias " + str);
            throw new CryptoException(49);
        } catch (KeyStoreException e) {
            this._logger.error("Could not load keystore", e);
            throw new CryptoException(1, e);
        } catch (CryptoException e2) {
            throw e2;
        }
    }

    public Certificate getCertificate() throws CryptoException {
        try {
            if (this._keystore == null) {
                return null;
            }
            Certificate certificate = this._keystore.getCertificate(this._sAlias);
            if (certificate instanceof X509Certificate) {
                return certificate;
            }
            this._logger.error("Could not find a valid certificate with alias " + this._sAlias);
            throw new CryptoException(49);
        } catch (CryptoException e) {
            throw e;
        } catch (KeyStoreException e2) {
            this._logger.error("Could not load keystore", e2);
            throw new CryptoException(1, e2);
        }
    }

    public PrivateKey getPrivateKey() throws CryptoException {
        try {
            if (this._keystore == null) {
                return null;
            }
            Key key = this._keystore.getKey(this._sAlias, this._sPassword.toCharArray());
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            this._logger.error("Could not find a valid private key with alias " + this._sAlias);
            throw new CryptoException(49);
        } catch (KeyStoreException e) {
            this._logger.error("Could not load keystore", e);
            throw new CryptoException(33, e);
        } catch (NoSuchAlgorithmException e2) {
            this._logger.error("Could not load keystore, no such algorithm", e2);
            throw new CryptoException(1, e2);
        } catch (UnrecoverableKeyException e3) {
            this._logger.error("Could not load keystore,unrecoverable key error", e3);
            throw new CryptoException(35, e3);
        } catch (CryptoException e4) {
            throw e4;
        }
    }

    public String getAlias() {
        return this._sAlias;
    }

    public String getPrivateKeyPassword() throws CryptoException {
        return this._sPassword;
    }

    public KeyStore getKeyStore() {
        return this._keystore;
    }

    public Enumeration<String> getAliases() throws CryptoException {
        try {
            return this._certificatestore.aliases();
        } catch (KeyStoreException e) {
            this._logger.warn("Could not retrieve certificate aliases", e);
            throw new CryptoException(35);
        }
    }

    public String getCertificateAlias(Certificate certificate) throws CryptoException {
        try {
            return this._certificatestore.getCertificateAlias(certificate);
        } catch (KeyStoreException e) {
            this._logger.warn("Could not retrieve alias for certificate: " + certificate, e);
            throw new CryptoException(35);
        }
    }

    public String getAliasForX509Cert(String str, BigInteger bigInteger) throws CryptoException {
        Certificate certificate;
        X500Principal x500Principal = new X500Principal(str);
        try {
            Enumeration<String> aliases = this._certificatestore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                Certificate[] certificateChain = this._certificatestore.getCertificateChain(nextElement);
                if (certificateChain == null || certificateChain.length == 0) {
                    certificate = this._certificatestore.getCertificate(nextElement);
                    if (certificate == null) {
                        return null;
                    }
                } else {
                    certificate = certificateChain[0];
                }
                if (certificate instanceof X509Certificate) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    if ((bigInteger == null || x509Certificate.getSerialNumber().compareTo(bigInteger) == 0) && new X500Principal(x509Certificate.getIssuerDN().getName()).equals(x500Principal)) {
                        return nextElement;
                    }
                }
            }
            return null;
        } catch (KeyStoreException e) {
            this._logger.error("Could not read alias from trust store", e);
            throw new CryptoException(35, e);
        }
    }

    private KeyStore loadKeystore(Element element) throws CryptoException {
        try {
            String param = this._configurationManager.getParam(element, "type");
            if (param == null) {
                param = KeyStore.getDefaultType();
                this._logger.info("Could not retrieve keystore 'type' paramater, using default: " + param);
            }
            String param2 = this._configurationManager.getParam(element, "file");
            if (param2 == null) {
                this._logger.error("Could not retrieve keystore 'file' parameter");
                throw new CryptoException(17);
            }
            String trim = PathTranslator.getInstance().map(param2).trim();
            char[] cArr = null;
            this._sKeystorePassword = this._configurationManager.getParam(element, "keystore_password");
            if (this._sKeystorePassword == null) {
                this._logger.info("No optional 'keystore_password' parameter supplied");
            } else {
                cArr = this._sKeystorePassword.toCharArray();
            }
            KeyStore keyStore = KeyStore.getInstance(param);
            keyStore.load(new FileInputStream(trim), cArr);
            this._logger.info("Loaded keystore: " + trim);
            return keyStore;
        } catch (ConfigurationException e) {
            this._logger.error("Could not read keystore configuration", e);
            throw new CryptoException(2, e);
        } catch (FileNotFoundException e2) {
            this._logger.error("Could not load keystore, file not found", e2);
            throw new CryptoException(2, e2);
        } catch (IOException e3) {
            this._logger.error("Could not load keystore, I/O error", e3);
            throw new CryptoException(2, e3);
        } catch (KeyStoreException e4) {
            this._logger.error("Could not load keystore", e4);
            throw new CryptoException(2, e4);
        } catch (NoSuchAlgorithmException e5) {
            this._logger.error("Could not load keystore, no such algorithm", e5);
            throw new CryptoException(2, e5);
        } catch (CertificateException e6) {
            this._logger.error("Could not load keystore, certificate error", e6);
            throw new CryptoException(2, e6);
        }
    }
}
