package org.nuxeo.ecm.platform.signature.core.pki;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import org.nuxeo.ecm.platform.signature.api.exception.CertException;
import org.nuxeo.ecm.platform.signature.api.pki.RootService;
import org.nuxeo.runtime.model.ComponentContext;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/signature/core/pki/RootServiceImpl.class */
public class RootServiceImpl extends DefaultComponent implements RootService {
    private KeyStore rootKeyStore;
    private String rootKeystoreFilePath;
    private String rootKeystorePassword;
    private String rootCertificateAlias;
    private String rootKeyAlias;
    private String rootKeyPassword;
    protected List<RootDescriptor> config;
    private static final String KEYSTORE_TYPE = "JKS";

    public void activate(ComponentContext componentContext) {
        this.config = new ArrayList();
    }

    public KeyStore getRootKeyStore() {
        return this.rootKeyStore;
    }

    public void setRootKeyStore(KeyStore keyStore) {
        this.rootKeyStore = keyStore;
    }

    public String getRootKeystoreFilePath() {
        return this.rootKeystoreFilePath;
    }

    public void setRootKeystoreFilePath(String str) {
        this.rootKeystoreFilePath = str;
    }

    public String getRootKeystorePassword() {
        return this.rootKeystorePassword;
    }

    public void setRootKeystorePassword(String str) {
        this.rootKeystorePassword = str;
    }

    public String getRootCertificateAlias() {
        return this.rootCertificateAlias;
    }

    public void setRootCertificateAlias(String str) {
        this.rootCertificateAlias = str;
    }

    public String getRootKeyAlias() {
        return this.rootKeyAlias;
    }

    public void setRootKeyAlias(String str) {
        this.rootKeyAlias = str;
    }

    public String getRootKeyPassword() {
        return this.rootKeyPassword;
    }

    public void setRootKeyPassword(String str) {
        this.rootKeyPassword = str;
    }

    public boolean isRootSetup() {
        boolean z = false;
        if (this.rootKeyStore != null && this.rootKeystorePassword != null && this.rootCertificateAlias != null && this.rootKeyAlias != null && this.rootKeyPassword != null) {
            z = true;
        }
        return z;
    }

    protected void initializeRoot() throws CertException {
        for (RootDescriptor rootDescriptor : this.config) {
            if (rootDescriptor.getRootKeystoreFilePath() != null) {
                setRootKeystoreFilePath(rootDescriptor.getRootKeystoreFilePath());
            } else if (getRootKeyStore() == null) {
                throw new CertException("Keystore path is missing");
            }
            if (rootDescriptor.getRootCertificateAlias() == null) {
                throw new CertException("You have to provide root certificate alias");
            }
            setRootCertificateAlias(rootDescriptor.getRootCertificateAlias());
            if (rootDescriptor.getRootKeystorePassword() == null) {
                throw new CertException("You have to provide root keystore password");
            }
            setRootKeystorePassword(rootDescriptor.getRootKeystorePassword());
            if (rootDescriptor.getRootKeyAlias() == null) {
                throw new CertException("You have to provide root key alias");
            }
            setRootKeyAlias(rootDescriptor.getRootKeyAlias());
            if (rootDescriptor.getRootKeyPassword() == null) {
                throw new CertException("You have to provide root key password");
            }
            setRootKeyPassword(rootDescriptor.getRootKeyPassword());
        }
        setRootKeyStore(getKeyStore(getRootKeystoreIS(), getRootKeystorePassword()));
    }

    public KeyStore getKeyStore(InputStream inputStream, String str) throws CertException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(inputStream, str.toCharArray());
            return keyStore;
        } catch (IOException e) {
            throw new CertException(e);
        } catch (KeyStoreException e2) {
            throw new CertException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new CertException(e3);
        } catch (CertificateException e4) {
            throw new CertException(e4);
        }
    }

    public InputStream getRootKeystoreIS() throws CertException {
        File file = null;
        try {
            File file2 = new File(getRootKeystoreFilePath());
            return file2.exists() ? new FileInputStream(file2) : Thread.currentThread().getContextClassLoader().getResourceAsStream(getRootKeystoreFilePath());
        } catch (FileNotFoundException e) {
            throw new CertException("Certificate not found at" + file.getAbsolutePath());
        } catch (Exception e2) {
            throw new CertException("Root certificate problem: " + file.getAbsolutePath());
        }
    }

    public byte[] getRootPublicCertificate() throws CertException {
        try {
            return getCertificate(getRootKeyStore(), getRootCertificateAlias()).getEncoded();
        } catch (Exception e) {
            throw new CertException(e);
        }
    }

    protected X509Certificate getCertificate(KeyStore keyStore, String str) throws CertException {
        try {
            if (keyStore == null) {
                throw new CertException("Keystore missing for " + str);
            }
            if (keyStore.containsAlias(str)) {
                return (X509Certificate) keyStore.getCertificate(str);
            }
            throw new CertException("Certificate not found");
        } catch (KeyStoreException e) {
            throw new CertException(e);
        }
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) throws CertException {
        this.config.add((RootDescriptor) obj);
        initializeRoot();
        if (!isRootSetup()) {
            throw new CertException("Root keystore was not set up correctly");
        }
    }

    public void unregisterContribution(Object obj, String str, ComponentInstance componentInstance) {
        this.config.remove(obj);
    }
}
