package de.governikus.bea.beaToolkit.certificateCache;

import de.bos_bremen.ci.asn1.ParseException;
import de.bos_bremen.ci.asn1.x509.Certificate;
import de.bos_bremen.commons.base64.Base64;
import de.governikus.bea.beaToolkit.BeaToolkitContext;
import de.governikus.bea.beaToolkit.crypto.handler.AESHandler;
import de.governikus.bea.beaToolkit.crypto.worker.CipherWorker;
import de.governikus.bea.beaToolkit.crypto.worker.SoftTokenWorker;
import de.governikus.bea.beaToolkit.ui.CertificateWrapper;
import de.governikus.bea.beaToolkit.ui.DialogFactory;
import de.governikus.bea.beaToolkit.ui.DialogResult;
import de.governikus.bea.beaToolkit.ui.PINDilaogContext;
import de.governikus.bea.beaToolkit.ui.WarningKey;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.Locale;
import java.util.Optional;
import java.util.Properties;
import java.util.Random;
import javafx.scene.control.Alert;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

/* loaded from: input_file:de/governikus/bea/beaToolkit/certificateCache/CertificateCache.class */
public class CertificateCache {
    private static final Logger LOG = LogManager.getLogger(CertificateCache.class);
    private File cacheDir = new File(System.getProperty("user.home") + File.separator + ".beaCache");
    private SoftKeyCache softKeyCache = new SoftKeyCache();

    public CertificateCache() throws IOException, GeneralSecurityException {
        checkCertificateDirectory();
    }

    public static CipherWorker initializeSmartCardWorker(DisplayedAlias displayedAlias, KeyStore keyStore) {
        SoftTokenWorker softTokenWorker = new SoftTokenWorker();
        softTokenWorker.setKeyStore(keyStore);
        return softTokenWorker;
    }

    private void checkCertificateDirectory() throws IOException, GeneralSecurityException {
        if (!this.cacheDir.exists()) {
            this.cacheDir.mkdir();
        }
        File[] listFiles = this.cacheDir.listFiles((file, str) -> {
            return str.endsWith(".properties");
        });
        this.softKeyCache = new SoftKeyCache();
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        if (listFiles != null) {
            for (File file2 : listFiles) {
                Properties properties = new Properties();
                FileInputStream fileInputStream = new FileInputStream(file2);
                properties.load(fileInputStream);
                fileInputStream.close();
                File file3 = new File(properties.getProperty("SOURCE") + ".p12");
                if (file3.exists()) {
                    File file4 = new File(properties.getProperty("SOURCE") + ".crt");
                    if (file4.exists()) {
                        String property = properties.getProperty("ALIAS", null);
                        if (property == null) {
                            LOG.warn("invalid alias in file: " + file2.getName());
                            if (!file2.delete()) {
                                LOG.warn("could not delete file: " + file2);
                            }
                        } else {
                            SoftKeyCacheEntry softKeyCacheEntry = new SoftKeyCacheEntry();
                            softKeyCacheEntry.setAlias(property);
                            FileInputStream fileInputStream2 = new FileInputStream(file4);
                            softKeyCacheEntry.setCertificate((X509Certificate) certificateFactory.generateCertificate(fileInputStream2));
                            fileInputStream2.close();
                            softKeyCacheEntry.setCertificateFile(file4);
                            softKeyCacheEntry.setKeystoreFile(file3);
                            softKeyCacheEntry.setPropertiesFile(file2);
                            this.softKeyCache.getEntries().add(softKeyCacheEntry);
                        }
                    } else {
                        LOG.warn("invalid crt-file in file: " + file2.getName());
                        if (!file2.delete()) {
                            LOG.warn("could not delete file: " + file2);
                        }
                    }
                } else {
                    LOG.warn("invalid p12-file in file: " + file2.getName());
                    if (!file2.delete()) {
                        LOG.warn("could not delete file: " + file2);
                    }
                }
            }
        }
        File file5 = new File(this.cacheDir, "stores");
        if (!file5.exists() || file5.delete()) {
            return;
        }
        file5.deleteOnExit();
    }

    private void importLegacyCache(File file) throws IOException, GeneralSecurityException {
        SoftKeyCache softKeyCache = (SoftKeyCache) BeaToolkitContext.getInstance().getJackson().readValue(new String(new AESHandler(new String(Base64.toBinary("RGFzIGJlQSBpc3QgZGlnaXRhbC5IYWxsb1BhcHBuYXNlMTIzLk1pdCBkZW0gYmVBIGthbm4gamVkZXIgUmVjaHRzYW53YWx0IGv8bmZ0aWcgc2ljaGVyIHVuZCBlaW5mYWNoIG1pdCBLb2xsZWdlbiB1bmQgc3VremVzc2l2ZSBhdWNoIG1pdCBkZXIgSnVzdGl6IGVsZWt0cm9uaXNjaCBrb21tdW5pemllcmVuLg")).substring(20, 36).getBytes()).decrypt(null, FileUtils.readFileToByteArray(file), null, "http://www.w3.org/2001/04/xmlenc#aes256-cbc")), SoftKeyCache.class);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (SoftKeyCacheEntry softKeyCacheEntry : softKeyCache.getEntries()) {
            FileInputStream fileInputStream = new FileInputStream(softKeyCacheEntry.getCertificateFile());
            X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
            fileInputStream.close();
            boolean z = false;
            Iterator<SoftKeyCacheEntry> it = this.softKeyCache.getEntries().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (it.next().getCertificate().equals(x509Certificate)) {
                    if (!softKeyCacheEntry.getCertificateFile().delete()) {
                        softKeyCacheEntry.getCertificateFile().deleteOnExit();
                    }
                    if (!softKeyCacheEntry.getKeystoreFile().delete()) {
                        softKeyCacheEntry.getKeystoreFile().deleteOnExit();
                    }
                    z = true;
                }
            }
            if (!z) {
                String absolutePath = softKeyCacheEntry.getKeystoreFile().getAbsolutePath();
                String substring = absolutePath.substring(0, absolutePath.lastIndexOf(".p12"));
                File file2 = new File(substring + ".properties");
                FileOutputStream fileOutputStream = new FileOutputStream(file2);
                Properties properties = new Properties();
                properties.put("ALIAS", softKeyCacheEntry.getAlias());
                properties.put("SOURCE", substring);
                properties.store(fileOutputStream, "NO COMMENT");
                fileOutputStream.close();
                SoftKeyCacheEntry softKeyCacheEntry2 = new SoftKeyCacheEntry();
                softKeyCacheEntry2.setAlias(softKeyCacheEntry.getAlias());
                softKeyCacheEntry2.setCertificate(x509Certificate);
                File file3 = new File(substring + ".crt");
                FileOutputStream fileOutputStream2 = new FileOutputStream(file3);
                try {
                    fileOutputStream2.write(softKeyCacheEntry2.getCertificate().getEncoded());
                    fileOutputStream2.close();
                    if (!softKeyCacheEntry.getCertificateFile().delete()) {
                        softKeyCacheEntry.getCertificateFile().deleteOnExit();
                    }
                    softKeyCacheEntry2.setCertificateFile(file3);
                    softKeyCacheEntry2.setKeystoreFile(softKeyCacheEntry.getKeystoreFile());
                    softKeyCacheEntry2.setPropertiesFile(file2);
                    this.softKeyCache.getEntries().add(softKeyCacheEntry2);
                } catch (Throwable th) {
                    try {
                        fileOutputStream2.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
        }
    }

    private char[] getNewPin(PINDilaogContext pINDilaogContext, CertificateWrapper... certificateWrapperArr) {
        char[] cArr = null;
        DialogResult showPinDialog = DialogFactory.getInstance().showPinDialog(pINDilaogContext, certificateWrapperArr);
        if (showPinDialog.getReason() == DialogResult.Reason.CMD_OK) {
            if (showPinDialog.getResult() == null) {
                return null;
            }
            cArr = ((String) showPinDialog.getResult()).toCharArray();
            if (pINDilaogContext == PINDilaogContext.SAVE_SOFT_TOKEN) {
                if (StringUtils.isBlank(new String(cArr))) {
                    return getNewPin(pINDilaogContext, certificateWrapperArr);
                }
            } else if (ArrayUtils.isEmpty(cArr)) {
                return getNewPin(pINDilaogContext, certificateWrapperArr);
            }
        }
        return cArr;
    }

    public void addWorkerToCache(SoftTokenWorker softTokenWorker) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        addWorkerToCache(softTokenWorker, null);
    }

    public void addWorkerToCache(SoftTokenWorker softTokenWorker, char[] cArr) throws UnrecoverableKeyException, NoSuchAlgorithmException {
        try {
            if (!keystoreExistsInCache(softTokenWorker.getKeyStore())) {
                KeyStore keyStore = softTokenWorker.getKeyStore();
                char[] newPin = cArr == null ? getNewPin(PINDilaogContext.SAVE_SOFT_TOKEN, new CertificateWrapper(Certificate.forX509((X509Certificate) keyStore.getCertificate(keyStore.aliases().nextElement())), CertificateWrapper.UsageType.BOTH_USAGE)) : cArr;
                if (newPin != null) {
                    extractAllCertificates(keyStore, softTokenWorker.getPassword(), newPin);
                } else {
                    LOG.info("Cancelled by user");
                }
            } else if (cArr == null) {
                DialogFactory.getInstance().popAlert(WarningKey.CERTIFICATE_CACHE_ALERT_TOKEN_EXISTS_MSG, Alert.AlertType.ERROR);
            } else {
                LOG.warn("Token is already in cache");
            }
        } catch (IOException | KeyStoreException | CertificateException | ParseException e) {
            LOG.error("", e);
        }
    }

    public boolean keystoreExistsInCache(KeyStore keyStore) {
        try {
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate((String) it.next());
                Iterator<SoftKeyCacheEntry> it2 = this.softKeyCache.getEntries().iterator();
                while (it2.hasNext()) {
                    if (it2.next().getCertificate().equals(x509Certificate)) {
                        return true;
                    }
                }
            }
            return false;
        } catch (KeyStoreException e) {
            LOG.error(e.toString(), e);
            return false;
        }
    }

    private void extractAllCertificates(KeyStore keyStore, char[] cArr, char[] cArr2) throws KeyStoreException, CertificateEncodingException, CertificateException, IOException, UnrecoverableKeyException, NoSuchAlgorithmException {
        ArrayList list = Collections.list(keyStore.aliases());
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            Key key = null;
            try {
                key = keyStore.getKey(str, cArr);
            } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
                try {
                    key = keyStore.getKey(str, getNewPin(PINDilaogContext.OPEN_SOFTKEY, new CertificateWrapper[0]));
                } catch (NoSuchAlgorithmException | UnrecoverableKeyException e2) {
                    extractAllCertificates(keyStore, cArr, cArr2);
                }
            }
            if (key instanceof PrivateKey) {
                String str2 = this.cacheDir + File.separator + Integer.toString(new Random().nextInt(888889) + 111111);
                File file = new File(str2 + ".crt");
                FileUtils.writeByteArrayToFile(file, x509Certificate.getEncoded());
                File file2 = new File(str2 + ".p12");
                exportKeyStore(keyStore, str, file2, cArr2, (PrivateKey) keyStore.getKey(str, cArr2));
                File file3 = new File(str2 + ".properties");
                FileOutputStream fileOutputStream = new FileOutputStream(file3);
                Properties properties = new Properties();
                properties.put("ALIAS", str);
                properties.put("SOURCE", str2);
                properties.store(fileOutputStream, "NO COMMENT");
                fileOutputStream.close();
                SoftKeyCacheEntry softKeyCacheEntry = new SoftKeyCacheEntry();
                softKeyCacheEntry.setAlias(str);
                FileInputStream fileInputStream = new FileInputStream(file);
                softKeyCacheEntry.setCertificate((X509Certificate) certificateFactory.generateCertificate(fileInputStream));
                fileInputStream.close();
                softKeyCacheEntry.setCertificateFile(file);
                softKeyCacheEntry.setKeystoreFile(file2);
                softKeyCacheEntry.setPropertiesFile(file3);
                this.softKeyCache.getEntries().add(softKeyCacheEntry);
            }
        }
    }

    public void exportKeyStore(KeyStore keyStore, String str, File file, char[] cArr, PrivateKey privateKey) {
        try {
            KeyStore keyStore2 = KeyStore.getInstance("PKCS12");
            keyStore2.load(null, cArr);
            keyStore2.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, keyStore.getCertificateChain(str)), new KeyStore.PasswordProtection(cArr));
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            keyStore2.store(fileOutputStream, cArr);
            fileOutputStream.close();
        } catch (Exception e) {
            LOG.error("", e);
        }
    }

    public boolean removeAlias(DisplayedAlias displayedAlias) {
        return removeAlias(displayedAlias, null);
    }

    public boolean removeAlias(DisplayedAlias displayedAlias, char[] cArr) {
        CertificateWrapper certificateWrapper = null;
        try {
            FileInputStream fileInputStream = new FileInputStream(displayedAlias.getCacheEntry().getCertificateFile());
            try {
                certificateWrapper = new CertificateWrapper(Certificate.forX509((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream)), CertificateWrapper.UsageType.BOTH_USAGE);
                fileInputStream.close();
            } finally {
            }
        } catch (IOException | CertificateException | ParseException e) {
            LOG.error(e.toString(), e);
        }
        boolean z = false;
        char[] newPin = cArr == null ? getNewPin(PINDilaogContext.REMOVE_SOFT_TOKEN, certificateWrapper) : cArr;
        if (newPin != null) {
            File keystoreFile = displayedAlias.getCacheEntry().getKeystoreFile();
            try {
                KeyStore keyStore = KeyStore.getInstance(getKeystoreTypeByExtension(FilenameUtils.getExtension(keystoreFile.getName())));
                FileInputStream fileInputStream2 = new FileInputStream(keystoreFile);
                keyStore.load(fileInputStream2, newPin);
                keyStore.deleteEntry(displayedAlias.getAlias());
                fileInputStream2.close();
                if (!keyStore.aliases().hasMoreElements() && !keystoreFile.delete()) {
                    keystoreFile.deleteOnExit();
                }
                if (!displayedAlias.getCacheEntry().getCertificateFile().delete()) {
                    displayedAlias.getCacheEntry().getCertificateFile().deleteOnExit();
                }
                z = this.softKeyCache.getEntries().remove(displayedAlias.getCacheEntry());
                if (!displayedAlias.getCacheEntry().getCertificateFile().delete()) {
                    displayedAlias.getCacheEntry().getCertificateFile().deleteOnExit();
                }
                if (!displayedAlias.getCacheEntry().getKeystoreFile().delete()) {
                    displayedAlias.getCacheEntry().getKeystoreFile().deleteOnExit();
                }
                File retrievePropertiesFile = retrievePropertiesFile(displayedAlias.getCacheEntry());
                if (!retrievePropertiesFile.delete()) {
                    retrievePropertiesFile.deleteOnExit();
                }
            } catch (IOException e2) {
                LOG.error("", e2);
                if (cArr == null) {
                    DialogFactory.getInstance().popAlert(WarningKey.CERTIFICATE_CACHE_ALERT_WRONG_PIN_MSG, Alert.AlertType.ERROR);
                    z = removeAlias(displayedAlias);
                }
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e3) {
                LOG.error("", e3);
                z = false;
            }
        }
        return z;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static File retrievePropertiesFile(SoftKeyCacheEntry softKeyCacheEntry) {
        String absolutePath = softKeyCacheEntry.getCertificateFile().getAbsolutePath();
        return new File(absolutePath.substring(0, absolutePath.lastIndexOf(".crt")) + ".properties");
    }

    public boolean forceRemoveAlias(DisplayedAlias displayedAlias) {
        SoftKeyCacheEntry cacheEntry = displayedAlias.getCacheEntry();
        if (cacheEntry == null) {
            return false;
        }
        try {
            if (!cacheEntry.getCertificateFile().delete()) {
                cacheEntry.getCertificateFile().deleteOnExit();
            }
            if (!cacheEntry.getKeystoreFile().delete()) {
                cacheEntry.getKeystoreFile().deleteOnExit();
            }
            File file = (File) Optional.of(cacheEntry.getPropertiesFile()).orElseGet(() -> {
                return retrievePropertiesFile(cacheEntry);
            });
            if (!file.delete()) {
                file.deleteOnExit();
            }
            return this.softKeyCache.getEntries().remove(cacheEntry);
        } catch (Exception e) {
            LOG.error("Failed force deletion of token.", e);
            return false;
        }
    }

    public CipherWorker initializeSoftKeyWorker(DisplayedAlias displayedAlias, boolean z) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, ParseException {
        SoftTokenWorker softTokenWorker = new SoftTokenWorker();
        FileInputStream fileInputStream = new FileInputStream(displayedAlias.getCacheEntry().getCertificateFile());
        try {
            CertificateWrapper certificateWrapper = new CertificateWrapper(Certificate.forX509((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream)), CertificateWrapper.UsageType.BOTH_USAGE);
            fileInputStream.close();
            if (z) {
                DialogResult showPinDialog = DialogFactory.getInstance().showPinDialog(PINDilaogContext.OPEN_SOFT_TOKEN, certificateWrapper);
                if (showPinDialog.getReason() != DialogResult.Reason.CMD_OK) {
                    return null;
                }
                char[] charArray = ((String) showPinDialog.getResult()).toCharArray();
                if (StringUtils.isBlank(new String(charArray))) {
                    return initializeSoftKeyWorker(displayedAlias, z);
                }
                File keystoreFile = displayedAlias.getCacheEntry().getKeystoreFile();
                softTokenWorker.setKeyStore(KeyStore.getInstance(getKeystoreTypeByExtension(FilenameUtils.getExtension(keystoreFile.getName()))));
                softTokenWorker.getKeyStore().load(new FileInputStream(keystoreFile), charArray);
                softTokenWorker.setPassword(charArray);
            } else {
                softTokenWorker.initWithFile(displayedAlias.getCacheEntry().getCertificateFile().toPath());
            }
            return softTokenWorker;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public CipherWorker initializeSoftKeyWorker(DisplayedAlias displayedAlias, boolean z, char[] cArr) throws CertificateException, IOException, KeyStoreException, NoSuchAlgorithmException, ParseException {
        SoftTokenWorker softTokenWorker = new SoftTokenWorker();
        FileInputStream fileInputStream = new FileInputStream(displayedAlias.getCacheEntry().getCertificateFile());
        try {
            fileInputStream.close();
            if (!z) {
                softTokenWorker.initWithFile(displayedAlias.getCacheEntry().getCertificateFile().toPath());
            } else {
                if (StringUtils.isBlank(new String(cArr))) {
                    return null;
                }
                File keystoreFile = displayedAlias.getCacheEntry().getKeystoreFile();
                softTokenWorker.setKeyStore(KeyStore.getInstance(getKeystoreTypeByExtension(FilenameUtils.getExtension(keystoreFile.getName()))));
                fileInputStream = new FileInputStream(keystoreFile);
                try {
                    softTokenWorker.getKeyStore().load(fileInputStream, cArr);
                    fileInputStream.close();
                    softTokenWorker.setPassword(cArr);
                } finally {
                }
            }
            return softTokenWorker;
        } finally {
        }
    }

    public String getKeystoreTypeByExtension(String str) {
        return (str.toLowerCase(Locale.ENGLISH).endsWith("p12") || str.toLowerCase(Locale.ENGLISH).endsWith("pfx")) ? "PKCS12" : "JKS";
    }

    public File getCacheDir() {
        return this.cacheDir;
    }

    public SoftKeyCache getSoftKeyCache() {
        return this.softKeyCache;
    }
}
