package org.openanzo.security.keystore;

import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Dictionary;
import java.util.GregorianCalendar;
import java.util.Iterator;
import java.util.List;
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.commons.lang3.StringUtils;
import org.openanzo.client.AnzoConnection;
import org.openanzo.exceptions.AnzoException;
import org.openanzo.exceptions.ExceptionConstants;
import org.openanzo.execution.v2.IBundledSemanticService;
import org.openanzo.execution.v2.IExecutionContext;
import org.openanzo.execution.v2.OperationAnnotation;
import org.openanzo.execution.v2.PermissionAnnotation;
import org.openanzo.execution.v2.ResourceStyleOperationAnnotation;
import org.openanzo.execution.v2.RunAsRequestUser;
import org.openanzo.ontologies.execution.SemanticService;
import org.openanzo.ontologies.keystore.AliasListing;
import org.openanzo.ontologies.keystore.AliasTypeEnum;
import org.openanzo.ontologies.keystore.Certificate;
import org.openanzo.ontologies.keystore.CertificateListing;
import org.openanzo.ontologies.keystore.DeleteCertificateRequest;
import org.openanzo.ontologies.keystore.DeleteCertificateResponse;
import org.openanzo.ontologies.keystore.DeletedCertificateListing;
import org.openanzo.ontologies.keystore.Fingerprint;
import org.openanzo.ontologies.keystore.KeyStoreFactory;
import org.openanzo.ontologies.keystore.ListAliasRequest;
import org.openanzo.ontologies.keystore.ListAliasResponse;
import org.openanzo.ontologies.keystore.ListCertificateRequest;
import org.openanzo.ontologies.keystore.ListCertificateResponse;
import org.openanzo.osgi.OsgiConfigurationUtils;
import org.openanzo.rdf.Constants;
import org.openanzo.rdf.IDataset;
import org.openanzo.rdf.URI;
import org.openanzo.services.DynamicServiceStats;
import org.openanzo.services.ServicesDictionary;
import org.osgi.framework.BundleContext;
import org.osgi.service.cm.ConfigurationAdmin;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@PermissionAnnotation({"perm://admin-certificates"})
/* loaded from: input_file:org/openanzo/security/keystore/KeyStoreManagementService.class */
public class KeyStoreManagementService implements IBundledSemanticService {
    private static final String ANZO_CLIENT_TRUSTSTORE = "anzoClientTruststore";
    private static final String ANZO_BROKER_TRUSTSTORE = "anzoBrokerTruststore";
    private static final String ANZO_CLIENT_KEYSTORE = "anzoClientKeystore";
    private static final String ANZO_BROKER_KEYSTORE = "anzoBrokerKeystore";
    String user;
    IKeyStoreManager keystoreManager;
    ConfigurationAdmin configurationAdmin;
    static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreManagementService.class);
    static final URI serviceURI = Constants.valueFactory.createURI("http://openanzo.org/semanticServices/keystoreManagementService");
    BundleContext context = null;
    DynamicServiceStats stats = new DynamicServiceStats("KeyStore");
    Dictionary<String, ? extends Object> systemProps = null;

    public KeyStoreManagementService(BundleContext bundleContext, IKeyStoreManager iKeyStoreManager, Dictionary<String, ? extends Object> dictionary, ConfigurationAdmin configurationAdmin) throws AnzoException {
        this.user = null;
        this.keystoreManager = null;
        this.configurationAdmin = null;
        this.user = ServicesDictionary.getUser(dictionary, null);
        this.keystoreManager = iKeyStoreManager;
        this.configurationAdmin = configurationAdmin;
        updateConfigProperties();
    }

    public void updateConfigProperties() throws AnzoException {
        try {
            this.systemProps = this.configurationAdmin.getConfiguration("org.openanzo.osgi.SystemConfig", (String) null).getProperties();
            OsgiConfigurationUtils.updateConfigProperties(this.systemProps, this.context);
        } catch (IOException e) {
            throw new AnzoException(ExceptionConstants.OSGI.INTERNAL_COMPONENT_ERROR, e, new String[0]);
        }
    }

    public URI getServiceUri() {
        return serviceURI;
    }

    public String getServiceUser() {
        return this.user;
    }

    public boolean isLongRunning() {
        return false;
    }

    public String getDescription() {
        return "Keystore Management Service";
    }

    public String getName() {
        return "KeystoreManagementService";
    }

    public DynamicServiceStats getStatistics() {
        return this.stats;
    }

    private void deleteCertificate(KeyStore keyStore, String str, String str2, Collection<String> collection, DeleteCertificateResponse deleteCertificateResponse) {
        DeletedCertificateListing addDeletedCertificateListing = deleteCertificateResponse.addDeletedCertificateListing();
        if (str != null) {
            addDeletedCertificateListing.setReferenceId(str);
        }
        addDeletedCertificateListing.setKeystorePath(str2);
        int i = 0;
        for (String str3 : collection) {
            try {
                this.keystoreManager.deleteCertificate(keyStore, str3, str2);
                i++;
            } catch (AnzoException e) {
                addDeletedCertificateListing.addUnableToDelete(str3);
                addDeletedCertificateListing.setStatusMessage("Certificate with alias [" + str3 + "] could not be deleted.  Please view server logs for more information");
                log.error("Certificate with alias [" + str3 + "] could not be removed", (Throwable) e);
            }
        }
        addDeletedCertificateListing.setCertificatesDeleted(Integer.valueOf(i));
        addDeletedCertificateListing.setStatusMessage("Certificates with aliases [" + StringUtils.join(collection, ",") + "] were successfully deleted.");
    }

    private static XMLGregorianCalendar convertToXsdDate(Date date) throws DatatypeConfigurationException {
        GregorianCalendar gregorianCalendar = new GregorianCalendar();
        gregorianCalendar.setTime(date);
        XMLGregorianCalendar newXMLGregorianCalendar = DatatypeFactory.newInstance().newXMLGregorianCalendar(gregorianCalendar);
        newXMLGregorianCalendar.setHour(Integer.MIN_VALUE);
        newXMLGregorianCalendar.setMinute(Integer.MIN_VALUE);
        newXMLGregorianCalendar.setSecond(Integer.MIN_VALUE);
        return newXMLGregorianCalendar;
    }

    private void addCertificateToResult(KeyStore keyStore, String str, String str2, Collection<String> collection, boolean z, ListCertificateResponse listCertificateResponse) throws Exception {
        List<String> listCertificateAliases = this.keystoreManager.listCertificateAliases(keyStore);
        if (!z) {
            listCertificateAliases.addAll(this.keystoreManager.listKeyAliases(keyStore));
        }
        CertificateListing addCertificateListing = listCertificateResponse.addCertificateListing();
        if (str != null) {
            addCertificateListing.setReferenceId(str);
        }
        addCertificateListing.setKeystorePath(new File(str2).getCanonicalPath());
        addCertificateListing.setKeystoreProvider(keyStore.getProvider().getName());
        addCertificateListing.setKeystoreType(keyStore.getType());
        boolean z2 = !collection.isEmpty();
        for (String str3 : listCertificateAliases) {
            if (!z2 || collection.contains(str3)) {
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str3);
                if (x509Certificate != null) {
                    Certificate addCertificate = addCertificateListing.addCertificate();
                    addCertificate.setAlias(str3);
                    if (x509Certificate.getSerialNumber() != null) {
                        addCertificate.setSerialNumber(x509Certificate.getSerialNumber().toString());
                    }
                    if (x509Certificate.getIssuerDN() != null) {
                        addCertificate.setIssuerDN(x509Certificate.getIssuerDN().getName());
                    }
                    Iterator<String> it = KeyStoreManager.getIssuerAlternativeNames(x509Certificate).iterator();
                    while (it.hasNext()) {
                        addCertificate.addIssuerAlternativeName(it.next());
                    }
                    if (x509Certificate.getSubjectDN() != null) {
                        addCertificate.setSubjectDN(x509Certificate.getSubjectDN().getName());
                    }
                    Iterator<String> it2 = KeyStoreManager.getSubjectAlternativeNames(x509Certificate).iterator();
                    while (it2.hasNext()) {
                        addCertificate.addSubjectAlternativeName(it2.next());
                    }
                    addCertificate.setCertificateChainLength(Integer.valueOf(keyStore.getCertificateChain(str3) != null ? keyStore.getCertificateChain(str3).length : 1));
                    addCertificate.setCreationDate(convertToXsdDate(keyStore.getCreationDate(str3)));
                    addCertificate.setType(x509Certificate.getType());
                    addCertificate.setVersion(Integer.valueOf(x509Certificate.getVersion()));
                    Date notAfter = x509Certificate.getNotAfter();
                    Date notBefore = x509Certificate.getNotBefore();
                    addCertificate.setNotAfterDate(convertToXsdDate(notAfter));
                    addCertificate.setNotBeforeDate(convertToXsdDate(notBefore));
                    addCertificate.setPublicKey(KeyStoreManager.getBytesAsString(x509Certificate.getPublicKey().getEncoded()));
                    addCertificate.setSignatureAlgorithm(x509Certificate.getSigAlgName());
                    addCertificate.setSignature(KeyStoreManager.getBytesAsString(x509Certificate.getSignature()));
                    Fingerprint addFingerprint = addCertificate.addFingerprint();
                    Fingerprint addFingerprint2 = addCertificate.addFingerprint();
                    addFingerprint.setAlgorithm("md5");
                    addFingerprint.setDigest(KeyStoreManager.getCertificateFingerPrint("md5", x509Certificate));
                    addFingerprint2.setAlgorithm("sha1");
                    addFingerprint2.setDigest(KeyStoreManager.getCertificateFingerPrint("sha1", x509Certificate));
                }
            }
        }
    }

    private void addAliasToResponse(KeyStore keyStore, String str, String str2, AliasTypeEnum aliasTypeEnum, ListAliasResponse listAliasResponse) throws AnzoException {
        AliasListing addAliasListing = listAliasResponse.addAliasListing();
        if (str != null) {
            addAliasListing.setReferenceId(str);
        }
        addAliasListing.setKeystorePath(str2);
        addAliasListing.setKeystoreProvider(keyStore.getProvider().getName());
        addAliasListing.setKeystoreType(keyStore.getType());
        List<String> emptyList = Collections.emptyList();
        if (aliasTypeEnum.resource().equals(AliasTypeEnum.KeyType)) {
            emptyList = this.keystoreManager.listKeyAliases(keyStore);
        } else if (aliasTypeEnum.resource().equals(AliasTypeEnum.CertificateType)) {
            emptyList = this.keystoreManager.listCertificateAliases(keyStore);
        }
        Iterator<String> it = emptyList.iterator();
        while (it.hasNext()) {
            addAliasListing.addAliasValue(it.next());
        }
    }

    @RunAsRequestUser(runAsRequestUser = true)
    @OperationAnnotation(title = "List Aliases", description = "List all the aliases within either a keystore or truststore")
    @PermissionAnnotation({"perm://admin"})
    @ResourceStyleOperationAnnotation(requestClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#ListAliasRequest", responseClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#ListAliasResponse", ontologyURI = {"http://openanzo.org/ontologies/2008/07/System", "http://openanzo.org/ontologies/2011/03/KeyStore"})
    public void listAliases(IExecutionContext iExecutionContext, IDataset iDataset, IDataset iDataset2) throws AnzoException {
        List<ListAliasRequest> allListAliasRequest = KeyStoreFactory.getAllListAliasRequest(iDataset);
        ListAliasResponse createListAliasResponse = KeyStoreFactory.createListAliasResponse(ListAliasResponse.listAliasResponse, iDataset2);
        for (ListAliasRequest listAliasRequest : allListAliasRequest) {
            for (org.openanzo.ontologies.keystore.KeyStore keyStore : listAliasRequest.getFromKeystore()) {
                AliasTypeEnum aliasType = listAliasRequest.getAliasType();
                String referenceId = keyStore.getReferenceId();
                if (referenceId != null) {
                    try {
                        if (referenceId.equalsIgnoreCase(ANZO_BROKER_KEYSTORE)) {
                            addAliasToResponse(this.keystoreManager.getAnzoBrokerKeystore(), referenceId, KeyStoreDictionary.getKeyFileLocation(this.systemProps), aliasType, createListAliasResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_KEYSTORE)) {
                            addAliasToResponse(this.keystoreManager.getAnzoClientKeystore(), referenceId, KeyStoreDictionary.getClientKeyFileLocation(this.systemProps), aliasType, createListAliasResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_BROKER_TRUSTSTORE)) {
                            addAliasToResponse(this.keystoreManager.getAnzoBrokerTruststore(), referenceId, KeyStoreDictionary.getTrustFileLocation(this.systemProps), aliasType, createListAliasResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_TRUSTSTORE)) {
                            addAliasToResponse(this.keystoreManager.getAnzoClientTruststore(), referenceId, KeyStoreDictionary.getClientTrustFileLocation(this.systemProps), aliasType, createListAliasResponse);
                        }
                    } catch (Exception e) {
                        log.error("Error listing aliases for " + referenceId, (Throwable) e);
                    }
                } else {
                    String keystoreType = keyStore.getKeystoreType();
                    String keystorePath = keyStore.getKeystorePath();
                    try {
                        addAliasToResponse(this.keystoreManager.getKeystore(keystoreType, keyStore.getKeystorePassword().getDecrypted(), keystorePath), referenceId, keystorePath, aliasType, createListAliasResponse);
                    } catch (Exception e2) {
                        log.error("Error listing aliases for keystorePath=" + keystorePath + "; keystoreType=" + keystoreType, (Throwable) e2);
                    }
                }
            }
        }
    }

    @RunAsRequestUser(runAsRequestUser = true)
    @OperationAnnotation(title = "List Certificates", description = "List all the certificates within either a keystore or truststore")
    @ResourceStyleOperationAnnotation(requestClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#ListCertificateRequest", responseClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#ListCertificateResponse", ontologyURI = {"http://openanzo.org/ontologies/2008/07/System", "http://openanzo.org/ontologies/2011/03/KeyStore"})
    public void listCertificate(IExecutionContext iExecutionContext, IDataset iDataset, IDataset iDataset2) throws AnzoException {
        List<ListCertificateRequest> allListCertificateRequest = KeyStoreFactory.getAllListCertificateRequest(iDataset);
        ListCertificateResponse createListCertificateResponse = KeyStoreFactory.createListCertificateResponse(ListCertificateResponse.listCertificateResponse, iDataset2);
        Iterator<ListCertificateRequest> it = allListCertificateRequest.iterator();
        while (it.hasNext()) {
            for (org.openanzo.ontologies.keystore.KeyStore keyStore : it.next().getFromKeystore()) {
                String referenceId = keyStore.getReferenceId();
                Collection<String> certificateAlias = keyStore.getCertificateAlias();
                boolean z = keyStore.getTrustedCertificatesOnly() != null && keyStore.getTrustedCertificatesOnly().booleanValue();
                if (referenceId != null) {
                    try {
                        if (referenceId.equalsIgnoreCase(ANZO_BROKER_KEYSTORE)) {
                            addCertificateToResult(this.keystoreManager.getAnzoBrokerKeystore(), referenceId, KeyStoreDictionary.getKeyFileLocation(this.systemProps), certificateAlias, z, createListCertificateResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_KEYSTORE)) {
                            addCertificateToResult(this.keystoreManager.getAnzoClientKeystore(), referenceId, KeyStoreDictionary.getClientKeyFileLocation(this.systemProps), certificateAlias, z, createListCertificateResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_BROKER_TRUSTSTORE)) {
                            addCertificateToResult(this.keystoreManager.getAnzoBrokerTruststore(), referenceId, KeyStoreDictionary.getTrustFileLocation(this.systemProps), certificateAlias, z, createListCertificateResponse);
                        } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_TRUSTSTORE)) {
                            addCertificateToResult(this.keystoreManager.getAnzoClientTruststore(), referenceId, KeyStoreDictionary.getClientTrustFileLocation(this.systemProps), certificateAlias, z, createListCertificateResponse);
                        }
                    } catch (Exception e) {
                        log.error("Error listing certificates for " + referenceId, (Throwable) e);
                    }
                } else {
                    String keystoreType = keyStore.getKeystoreType();
                    String keystorePath = keyStore.getKeystorePath();
                    try {
                        addCertificateToResult(this.keystoreManager.getKeystore(keystoreType, keyStore.getKeystorePassword().getDecrypted(), keystorePath), referenceId, keystorePath, certificateAlias, z, createListCertificateResponse);
                    } catch (Exception e2) {
                        log.error("Error listing certificates for keystorePath=" + keystorePath + "; keystoreType=" + keystoreType, (Throwable) e2);
                    }
                }
            }
        }
    }

    @RunAsRequestUser(runAsRequestUser = true)
    @OperationAnnotation(title = "Delete Certificates", description = "Delete a certificates within either a keystore or truststore")
    @ResourceStyleOperationAnnotation(requestClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#DeleteCertificateRequest", responseClassURI = "http://openanzo.org/ontologies/2011/03/KeyStore#DeleteCertificateResponse", ontologyURI = {"http://openanzo.org/ontologies/2008/07/System", "http://openanzo.org/ontologies/2011/03/KeyStore"})
    public void deleteCertificate(IExecutionContext iExecutionContext, IDataset iDataset, IDataset iDataset2) throws AnzoException {
        List<DeleteCertificateRequest> allDeleteCertificateRequest = KeyStoreFactory.getAllDeleteCertificateRequest(iDataset);
        DeleteCertificateResponse createDeleteCertificateResponse = KeyStoreFactory.createDeleteCertificateResponse(DeleteCertificateResponse.deleteCertificateResponse, iDataset2);
        Iterator<DeleteCertificateRequest> it = allDeleteCertificateRequest.iterator();
        while (it.hasNext()) {
            for (org.openanzo.ontologies.keystore.KeyStore keyStore : it.next().getFromKeystore()) {
                String referenceId = keyStore.getReferenceId();
                Collection<String> certificateAlias = keyStore.getCertificateAlias();
                if (referenceId == null) {
                    String keystoreType = keyStore.getKeystoreType();
                    String keystorePath = keyStore.getKeystorePath();
                    deleteCertificate(this.keystoreManager.getKeystore(keystoreType, keyStore.getKeystorePassword().getDecrypted(), keystorePath), referenceId, keystorePath, certificateAlias, createDeleteCertificateResponse);
                } else if (referenceId.equalsIgnoreCase(ANZO_BROKER_KEYSTORE)) {
                    deleteCertificate(this.keystoreManager.getAnzoBrokerKeystore(), referenceId, KeyStoreDictionary.getKeyFileLocation(this.systemProps), certificateAlias, createDeleteCertificateResponse);
                } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_KEYSTORE)) {
                    deleteCertificate(this.keystoreManager.getAnzoClientKeystore(), referenceId, KeyStoreDictionary.getClientKeyFileLocation(this.systemProps), certificateAlias, createDeleteCertificateResponse);
                } else if (referenceId.equalsIgnoreCase(ANZO_BROKER_TRUSTSTORE)) {
                    deleteCertificate(this.keystoreManager.getAnzoBrokerTruststore(), referenceId, KeyStoreDictionary.getTrustFileLocation(this.systemProps), certificateAlias, createDeleteCertificateResponse);
                } else if (referenceId.equalsIgnoreCase(ANZO_CLIENT_TRUSTSTORE)) {
                    deleteCertificate(this.keystoreManager.getAnzoClientTruststore(), referenceId, KeyStoreDictionary.getClientTrustFileLocation(this.systemProps), certificateAlias, createDeleteCertificateResponse);
                }
            }
        }
    }

    public void initialize(SemanticService semanticService, AnzoConnection anzoConnection) throws AnzoException {
    }

    public void stop(AnzoConnection anzoConnection) throws AnzoException {
    }

    public boolean getRestrictInitialPermission() {
        return false;
    }
}
