package org.kuali.rice.ksb.security.admin.service.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.jce.X509Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.x509.X509V3CertificateGenerator;
import org.dom4j.rule.Pattern;
import org.kuali.rice.core.api.config.property.ConfigContext;
import org.kuali.rice.ksb.security.admin.KeyStoreEntryDataContainer;
import org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService;
import org.opensaml.security.crypto.JCAConstants;
import org.springframework.beans.factory.InitializingBean;

/* loaded from: input_file:WEB-INF/lib/rice-ksb-client-impl-2206.0002.jar:org/kuali/rice/ksb/security/admin/service/impl/JavaSecurityManagementServiceImpl.class */
public class JavaSecurityManagementServiceImpl implements JavaSecurityManagementService, InitializingBean {
    protected final String CLIENT_KEY_GENERATOR_ALGORITHM = JCAConstants.KEY_ALGO_RSA;
    protected final String CLIENT_SECURE_RANDOM_ALGORITHM = "SHA1PRNG";
    protected final int CLIENT_KEY_PAIR_KEY_SIZE = 512;
    private final int CLIENT_CERT_EXPIRATION_DAYS = Pattern.NONE;
    private static final String MODULE_SHA_RSA_ALGORITHM = "SHA1withRSA";
    private static final String MODULE_JKS_TYPE = "JKS";
    private String moduleKeyStoreLocation;
    private String moduleKeyStoreAlias;
    private String moduleKeyStorePassword;
    private KeyStore moduleKeyStore;
    private PrivateKey modulePrivateKey;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        if (StringUtils.isEmpty(getModuleKeyStoreLocation())) {
            setModuleKeyStoreLocation(ConfigContext.getCurrentContextConfig().getKeystoreFile());
        }
        if (StringUtils.isEmpty(getModuleKeyStoreAlias())) {
            setModuleKeyStoreAlias(ConfigContext.getCurrentContextConfig().getKeystoreAlias());
        }
        if (StringUtils.isEmpty(getModuleKeyStorePassword())) {
            setModuleKeyStorePassword(ConfigContext.getCurrentContextConfig().getKeystorePassword());
        }
        verifyConfiguration();
        this.moduleKeyStore = loadKeyStore();
        this.modulePrivateKey = loadPrivateKey();
    }

    protected void verifyConfiguration() {
        if (StringUtils.isEmpty(getModuleKeyStoreLocation())) {
            throw new RuntimeException("Value for configuration parameter 'keystore.file' could not be found.  Please ensure that the keystore is configured properly.");
        }
        if (StringUtils.isEmpty(getModuleKeyStoreAlias())) {
            throw new RuntimeException("Value for configuration parameter 'keystore.alias' could not be found.  Please ensure that the keystore is configured properly.");
        }
        if (StringUtils.isEmpty(getModuleKeyStorePassword())) {
            throw new RuntimeException("Value for configuration parameter 'keystore.password' could not be found.  Please ensure that the keystore is configured properly.");
        }
        File file = new File(getModuleKeyStoreLocation());
        if (!file.exists()) {
            throw new RuntimeException("Value for configuration parameter 'keystore.file' is invalid.  The file does not exist on the filesystem, location was: '" + getModuleKeyStoreLocation() + "'");
        }
        if (!file.canRead()) {
            throw new RuntimeException("Value for configuration parameter 'keystore.file' is invalid.  The file exists but is not readable (please check permissions), location was: '" + getModuleKeyStoreLocation() + "'");
        }
    }

    protected KeyStore loadKeyStore() throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(getModuleKeyStoreType());
        FileInputStream fileInputStream = null;
        try {
            fileInputStream = new FileInputStream(getModuleKeyStoreLocation());
            keyStore.load(fileInputStream, getModuleKeyStorePassword().toCharArray());
            fileInputStream.close();
        } catch (Exception e) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (Exception e2) {
                }
            }
        }
        return keyStore;
    }

    protected PrivateKey loadPrivateKey() throws GeneralSecurityException {
        return (PrivateKey) getModuleKeyStore().getKey(getModuleKeyStoreAlias(), getModuleKeyStorePassword().toCharArray());
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public void removeClientCertificate(String str) throws KeyStoreException {
        if (!getModuleKeyStore().entryInstanceOf(str, KeyStore.TrustedCertificateEntry.class)) {
            throw new RuntimeException("Only entries of type " + KeyStoreEntryDataContainer.DISPLAYABLE_ENTRY_TYPES.get(KeyStore.TrustedCertificateEntry.class) + " can be removed");
        }
        getModuleKeyStore().deleteEntry(str);
    }

    protected void addClientCertificateToModuleKeyStore(String str, Certificate certificate) throws KeyStoreException {
        getModuleKeyStore().setEntry(str, new KeyStore.TrustedCertificateEntry(certificate), null);
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public boolean isAliasInKeystore(String str) throws KeyStoreException {
        return getModuleKeyStore().containsAlias(str);
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public String getCertificateAlias(Certificate certificate) throws KeyStoreException {
        return getModuleKeyStore().getCertificateAlias(certificate);
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public KeyStore generateClientKeystore(String str, String str2) throws GeneralSecurityException {
        if (isAliasInKeystore(str)) {
            throw new KeyStoreException("Alias '" + str + "' already exists in module keystore");
        }
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(JCAConstants.KEY_ALGO_RSA);
            keyPairGenerator.initialize(512);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            Certificate generateCertificate = generateCertificate(generateKeyPair, str);
            KeyStore generateKeyStore = generateKeyStore(generateCertificate, generateKeyPair.getPrivate(), str, str2);
            generateKeyStore.setEntry(getModuleKeyStoreAlias(), new KeyStore.TrustedCertificateEntry(getCertificate(getModuleKeyStoreAlias())), null);
            addClientCertificateToModuleKeyStore(str, generateCertificate);
            return generateKeyStore;
        } catch (IOException e) {
            throw new RuntimeException("Could not create new KeyStore", e);
        }
    }

    protected Certificate generateCertificate(KeyPair keyPair, String str) throws GeneralSecurityException {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
        x509V3CertificateGenerator.setSignatureAlgorithm("MD5WithRSA");
        x509V3CertificateGenerator.setSerialNumber(new BigInteger("1"));
        X509Principal x509Principal = new X509Principal("CN=" + str);
        x509V3CertificateGenerator.setIssuerDN(x509Principal);
        x509V3CertificateGenerator.setSubjectDN(x509Principal);
        x509V3CertificateGenerator.setNotBefore(new Date());
        Calendar calendar = Calendar.getInstance();
        calendar.add(5, Pattern.NONE);
        x509V3CertificateGenerator.setNotAfter(calendar.getTime());
        x509V3CertificateGenerator.setPublicKey(keyPair.getPublic());
        return x509V3CertificateGenerator.generate(keyPair.getPrivate(), BouncyCastleProvider.PROVIDER_NAME);
    }

    protected KeyStore generateKeyStore(Certificate certificate, PrivateKey privateKey, String str, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(getModuleKeyStoreType());
        keyStore.load(null, str2.toCharArray());
        keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate}), new KeyStore.PasswordProtection(str2.toCharArray()));
        return keyStore;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public List<KeyStoreEntryDataContainer> getListOfModuleKeyStoreEntries() {
        ArrayList arrayList = new ArrayList();
        try {
            KeyStore moduleKeyStore = getModuleKeyStore();
            Enumeration<String> aliases = moduleKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                KeyStoreEntryDataContainer keyStoreEntryDataContainer = new KeyStoreEntryDataContainer(nextElement, moduleKeyStore.getCreationDate(nextElement));
                KeyStore.PasswordProtection passwordProtection = null;
                if (moduleKeyStore.isKeyEntry(nextElement)) {
                    passwordProtection = new KeyStore.PasswordProtection(getModuleKeyStorePassword().toCharArray());
                }
                keyStoreEntryDataContainer.setType(moduleKeyStore.getEntry(nextElement, passwordProtection).getClass());
                arrayList.add(keyStoreEntryDataContainer);
            }
            return arrayList;
        } catch (KeyStoreException e) {
            e.printStackTrace();
            throw new RuntimeException(e);
        } catch (NoSuchAlgorithmException e2) {
            e2.printStackTrace();
            throw new RuntimeException(e2);
        } catch (UnrecoverableEntryException e3) {
            e3.printStackTrace();
            throw new RuntimeException(e3);
        }
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public String getModuleSignatureAlgorithm() {
        return getModuleAlgorithm();
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public Certificate getCertificate(String str) throws KeyStoreException {
        return getModuleKeyStore().getCertificate(str);
    }

    protected String getModuleKeyStoreType() {
        return "JKS";
    }

    protected String getModuleAlgorithm() {
        return "SHA1withRSA";
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public String getModuleKeyStoreLocation() {
        return this.moduleKeyStoreLocation;
    }

    public void setModuleKeyStoreLocation(String str) {
        this.moduleKeyStoreLocation = str;
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public String getModuleKeyStoreAlias() {
        return this.moduleKeyStoreAlias;
    }

    public void setModuleKeyStoreAlias(String str) {
        this.moduleKeyStoreAlias = str;
    }

    public String getModuleKeyStorePassword() {
        return this.moduleKeyStorePassword;
    }

    public void setModuleKeyStorePassword(String str) {
        this.moduleKeyStorePassword = str;
    }

    public KeyStore getModuleKeyStore() {
        return this.moduleKeyStore;
    }

    @Override // org.kuali.rice.ksb.security.admin.service.JavaSecurityManagementService
    public PrivateKey getModulePrivateKey() {
        return this.modulePrivateKey;
    }
}
