package com.appiancorp.common.crypto;

import com.appiancorp.common.config.FatalConfigurationException;
import com.appiancorp.common.io.Files2;
import com.appiancorp.core.crypto.Cryptographer;
import com.appiancorp.core.crypto.CryptographerSupplier;
import com.appiancorp.core.crypto.EncryptionType;
import com.appiancorp.core.crypto.KeyAlias;
import com.appiancorp.features.FeatureToggleClient;
import com.appiancorp.plugins.charset.CharsetRegistry;
import com.appiancorp.suiteapi.common.exceptions.ErrorCode;
import com.appiancorp.suiteapi.common.exceptions.LocaleFormatter;
import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Stopwatch;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.nio.channels.FileChannel;
import java.nio.channels.FileLock;
import java.nio.charset.Charset;
import java.nio.file.AtomicMoveNotSupportedException;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.concurrent.TimeUnit;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.Logger;

/* loaded from: input_file:com/appiancorp/common/crypto/KeyStoreConfig.class */
public class KeyStoreConfig implements CryptographerSupplier {
    private CryptographerFactory<byte[]> factory;
    private AES256PGPCryptographerFactory aes256Factory;
    private FPECryptographerFactory fpeFactory;
    private final EncryptionConfiguration config;
    private final CharsetRegistry charsetRegistry;
    private final FeatureToggleClient featureToggleClient;
    private Map<KeyAlias, Cryptographer> cachedCryptographerMap = new HashMap();
    private static final Logger LOG = Logger.getLogger(KeyStoreConfig.class);
    private static final Cryptographer NO_CRYPTOGRAPHER = new NoopCryptographer();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.appiancorp.common.crypto.KeyStoreConfig$2, reason: invalid class name */
    /* loaded from: input_file:com/appiancorp/common/crypto/KeyStoreConfig$2.class */
    public static /* synthetic */ class AnonymousClass2 {
        static final /* synthetic */ int[] $SwitchMap$com$appiancorp$core$crypto$EncryptionType = new int[EncryptionType.values().length];

        static {
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.OPENPGP.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.OPENPGP_AES256.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.OPENPGP_CONSISTENT.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.FPE_ALPHA_NUMERIC.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.FPE_BASE_64.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$com$appiancorp$core$crypto$EncryptionType[EncryptionType.HMAC.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:com/appiancorp/common/crypto/KeyStoreConfig$KeyStoreAccessor.class */
    public static abstract class KeyStoreAccessor {
        abstract void writeKeyStore(KeyStore keyStore, char[] cArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException;

        abstract boolean keyStoreExists();

        abstract KeyStore loadKeyStore(char[] cArr) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException;

        abstract FileLock lockKeyStore() throws IOException;
    }

    public KeyStoreConfig(EncryptionConfiguration encryptionConfiguration, CharsetRegistry charsetRegistry, FeatureToggleClient featureToggleClient) {
        this.config = encryptionConfiguration;
        this.charsetRegistry = charsetRegistry;
        this.featureToggleClient = featureToggleClient;
    }

    public void finish() throws FatalConfigurationException {
        Stopwatch createStarted = Stopwatch.createStarted();
        this.factory = buildCryptographerFactory(getStaticInitializationVector());
        this.aes256Factory = buildAes256CryptographerFactory(this.factory);
        this.fpeFactory = buildFpeCryptographerFactory();
        KeyStoreAccessor keyStoreAccessor = getKeyStoreAccessor();
        synchronized (KeyStoreConfig.class) {
            try {
                FileLock lockKeyStore = keyStoreAccessor.lockKeyStore();
                Throwable th = null;
                try {
                    try {
                        ensureValidState(keyStoreAccessor.keyStoreExists(), this.config.getKeystorePassword());
                        initializeKeyStore(keyStoreAccessor, getConfiguredPassword());
                        createStarted.stop();
                        LOG.info("KeyStoreConfig initialized in " + createStarted.elapsed(TimeUnit.SECONDS) + " seconds");
                        if (lockKeyStore != null) {
                            if (0 != 0) {
                                try {
                                    lockKeyStore.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                lockKeyStore.close();
                            }
                        }
                        if (LOG.isDebugEnabled()) {
                            LOG.debug("KeyStore lock file released");
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (lockKeyStore != null) {
                        if (th != null) {
                            try {
                                lockKeyStore.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            lockKeyStore.close();
                        }
                    }
                    throw th3;
                }
            } catch (IOException e) {
                throw new FatalConfigurationException(e, ErrorCode.KEYSTORE_UNABLE_TO_INITIALIZE, new Object[0]);
            }
        }
    }

    public CryptographerFactory<byte[]> buildCryptographerFactory() {
        return buildCryptographerFactory(null);
    }

    public AES256PGPCryptographerFactory buildAes256CryptographerFactory(CryptographerFactory<byte[]> cryptographerFactory) {
        return new AES256PGPCryptographerFactory(cryptographerFactory);
    }

    public AES256PGPCryptographerFactory buildAes256CryptographerFactory(CryptographerFactory<byte[]> cryptographerFactory, byte[] bArr) {
        return new AES256PGPCryptographerFactory(cryptographerFactory, bArr);
    }

    public CryptographerFactory<byte[]> buildCryptographerFactory(byte[] bArr) {
        this.factory = new RetryPGPCryptographerFactory(new PGPCryptographerFactory(bArr), Charset.forName(this.config.getKeyCharsetName()), getFallbackCharset(), this.charsetRegistry);
        return this.factory;
    }

    public FPECryptographerFactory buildFpeCryptographerFactory() {
        return new FPECryptographerFactory();
    }

    private Charset getFallbackCharset() {
        Charset forName;
        String fallbackCharsetName = this.config.getFallbackCharsetName();
        if (fallbackCharsetName == null) {
            forName = Charset.defaultCharset();
            this.config.setFallbackCharsetName(forName.name());
        } else {
            forName = Charset.forName(fallbackCharsetName);
        }
        return forName;
    }

    private void ensureValidState(boolean z, char[] cArr) throws FatalConfigurationException {
        boolean z2 = cArr != null;
        if (z2 && !z) {
            LOG.fatal(ErrorCode.KEYSTORE_INVALID_MISSING_FILE.getMessageWithCode(new LocaleFormatter(Locale.US), new Object[0]));
            throw new FatalConfigurationException(ErrorCode.KEYSTORE_INVALID_MISSING_FILE, new Object[0]);
        }
        if (!z2 && z) {
            LOG.fatal(ErrorCode.KEYSTORE_INVALID_MISSING_PASSWORD.getMessageWithCode(new LocaleFormatter(Locale.US), new Object[0]));
            throw new FatalConfigurationException(ErrorCode.KEYSTORE_INVALID_MISSING_PASSWORD, new Object[0]);
        }
        if (LOG.isDebugEnabled()) {
            LOG.debug("Valid Keystore state, keystoreExists: " + z + ", passwordExists: " + z2);
        }
    }

    private File getKeystoreLockFile() throws IOException {
        FileOutputStream fileOutputStream;
        Throwable th;
        File file = new File(this.config.getKeystoreFile() + ".lock");
        if (file.getParentFile() != null) {
            if (LOG.isDebugEnabled()) {
                LOG.debug("Creating KeyStore lock file directory structure");
            }
            file.getParentFile().mkdirs();
        }
        file.createNewFile();
        try {
            fileOutputStream = new FileOutputStream(file);
            th = null;
        } catch (IOException e) {
        }
        try {
            try {
                String valueOf = String.valueOf(System.currentTimeMillis());
                LOG.debug("Wrote: " + valueOf.getBytes());
                fileOutputStream.write(valueOf.getBytes());
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
                return file;
            } finally {
            }
        } finally {
        }
    }

    private void initializeKeyStore(KeyStoreAccessor keyStoreAccessor, char[] cArr) throws FatalConfigurationException {
        try {
            KeyStore loadKeyStore = keyStoreAccessor.loadKeyStore(cArr);
            buildCryptographers(loadKeyStore);
            keyStoreAccessor.writeKeyStore(loadKeyStore, cArr);
            if (LOG.isDebugEnabled()) {
                LOG.debug("KeyStore has been initialized");
            }
        } catch (Exception e) {
            throw new FatalConfigurationException(e, ErrorCode.KEYSTORE_UNABLE_TO_INITIALIZE, new Object[0]);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:17:0x010b  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00ef A[SYNTHETIC] */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void buildCryptographers(java.security.KeyStore r9) throws java.lang.Exception {
        /*
            Method dump skipped, instructions count: 301
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: com.appiancorp.common.crypto.KeyStoreConfig.buildCryptographers(java.security.KeyStore):void");
    }

    private byte[] getStaticInitializationVector() {
        byte[] staticInitializationVector = this.config.getStaticInitializationVector();
        if (staticInitializationVector == null) {
            staticInitializationVector = new byte[8];
            new SecureRandom().nextBytes(staticInitializationVector);
            this.config.setStaticInitializationVector(staticInitializationVector);
        }
        return staticInitializationVector;
    }

    private Key createKeyIfMissing(KeyStore keyStore, KeyAlias keyAlias) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException, UnsupportedEncodingException {
        Key key;
        char[] configuredPassword = getConfiguredPassword();
        if (keyStore.containsAlias(keyAlias.toString())) {
            key = keyStore.getKey(keyAlias.toString(), configuredPassword);
        } else {
            key = new KeyFactory(this.config.getKeyCharsetName(), KeyGeneratorWrapper.build(this.config.getKeyAlgorithm(), this.config.getKeySize().intValue())).buildKey();
            keyStore.setKeyEntry(keyAlias.toString(), key, configuredPassword, null);
        }
        return key;
    }

    private KeyStore getKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String keystoreFile = this.config.getKeystoreFile();
        char[] configuredPassword = getConfiguredPassword();
        File file = new File(keystoreFile);
        KeyStore keyStore = KeyStore.getInstance(this.config.getKeystoreType());
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            try {
                keyStore.load(fileInputStream, configuredPassword);
                fileInputStream.close();
            } catch (Throwable th) {
                fileInputStream.close();
                throw th;
            }
        } else {
            file.getParentFile().mkdirs();
            keyStore.load(null, null);
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressFBWarnings({"PATH_TRAVERSAL_IN"})
    public void writeKeyStoreFile(KeyStore keyStore, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        Path path = Paths.get(this.config.getKeystoreFile(), new String[0]);
        File file = path.toFile();
        if (!file.exists() && !file.getParentFile().mkdirs()) {
            LOG.error(String.format("Unable to make parent directory for keystore at path %s", path));
        }
        Path path2 = Paths.get(path + ".tmp", new String[0]);
        Path parent = path2.getParent();
        if (parent == null) {
            throw new IllegalStateException(String.format("Could not get parent directory of %s", path2));
        }
        Files2.createDirectories(parent, new FileAttribute[0]);
        OutputStream newOutputStream = Files.newOutputStream(path2, new OpenOption[0]);
        Throwable th = null;
        try {
            try {
                keyStore.store(newOutputStream, cArr);
                if (newOutputStream != null) {
                    if (0 != 0) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                if (!Files.exists(path2, new LinkOption[0]) || Files.size(path2) == 0) {
                    throw new IllegalStateException(String.format("Failed to store temporary KeyStore at %s", path2));
                }
                try {
                    Files.move(path2, path, StandardCopyOption.ATOMIC_MOVE);
                } catch (AtomicMoveNotSupportedException e) {
                    Files.move(path2, path, new CopyOption[0]);
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (newOutputStream != null) {
                if (th != null) {
                    try {
                        newOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    newOutputStream.close();
                }
            }
            throw th4;
        }
    }

    private char[] getConfiguredPassword() {
        char[] keystorePassword = this.config.getKeystorePassword();
        return (keystorePassword == null || keystorePassword.length <= 0) ? createAndPersistKeyStorePassword() : keystorePassword;
    }

    private char[] createAndPersistKeyStorePassword() {
        byte[] bArr = new byte[64];
        new SecureRandom().nextBytes(bArr);
        this.config.setKeystorePassword(new Base64().encodeToString(bArr).replaceAll("\\s", ""));
        return this.config.getKeystorePassword();
    }

    public Cryptographer getCryptographer(KeyAlias keyAlias) {
        return this.cachedCryptographerMap.get(keyAlias);
    }

    @VisibleForTesting
    void setCryptographer(KeyAlias keyAlias, Cryptographer cryptographer) throws IllegalStateException {
        if (this.cachedCryptographerMap.containsKey(keyAlias)) {
            throw new IllegalStateException("Cryptographer for " + keyAlias.toString() + " already set");
        }
        this.cachedCryptographerMap.put(keyAlias, cryptographer);
    }

    protected KeyStoreAccessor getKeyStoreAccessor() {
        return new KeyStoreAccessor() { // from class: com.appiancorp.common.crypto.KeyStoreConfig.1
            @Override // com.appiancorp.common.crypto.KeyStoreConfig.KeyStoreAccessor
            void writeKeyStore(KeyStore keyStore, char[] cArr) throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
                KeyStoreConfig.this.writeKeyStoreFile(keyStore, cArr);
            }

            @Override // com.appiancorp.common.crypto.KeyStoreConfig.KeyStoreAccessor
            boolean keyStoreExists() {
                return KeyStoreConfig.this.keyStoreFileExists();
            }

            @Override // com.appiancorp.common.crypto.KeyStoreConfig.KeyStoreAccessor
            KeyStore loadKeyStore(char[] cArr) throws CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
                return KeyStoreConfig.this.loadKeyStoreFromFile(cArr);
            }

            @Override // com.appiancorp.common.crypto.KeyStoreConfig.KeyStoreAccessor
            FileLock lockKeyStore() throws IOException {
                return KeyStoreConfig.this.lockKeyStoreFile();
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    @SuppressFBWarnings({"PATH_TRAVERSAL_IN"})
    public boolean keyStoreFileExists() {
        return new File(this.config.getKeystoreFile()).exists();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @SuppressFBWarnings({"PATH_TRAVERSAL_IN"})
    public KeyStore loadKeyStoreFromFile(char[] cArr) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        File file = new File(this.config.getKeystoreFile());
        KeyStore keyStore = KeyStore.getInstance(this.config.getKeystoreType());
        if (file.exists()) {
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            try {
                try {
                    keyStore.load(fileInputStream, cArr);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (Throwable th3) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th3;
            }
        } else {
            keyStore.load(null, null);
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public FileLock lockKeyStoreFile() throws IOException {
        try {
            File keystoreLockFile = getKeystoreLockFile();
            FileChannel channel = new FileOutputStream(keystoreLockFile).getChannel();
            if (LOG.isDebugEnabled()) {
                LOG.debug("Obtaining KeyStore file lock: " + keystoreLockFile);
            }
            FileLock lock = channel.lock();
            if (LOG.isDebugEnabled()) {
                LOG.debug("KeyStore lock file obtained");
            }
            return lock;
        } catch (IOException e) {
            throw new FatalConfigurationException(e, ErrorCode.KEYSTORE_UNABLE_TO_BUILD_LOCK_FILE, new Object[0]);
        }
    }
}
