package org.nuxeo.ecm.platform.signature.core.user;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.nuxeo.ecm.core.api.DocumentModel;
import org.nuxeo.ecm.directory.DirectoryException;
import org.nuxeo.ecm.directory.Session;
import org.nuxeo.ecm.directory.api.DirectoryService;
import org.nuxeo.ecm.platform.signature.api.exception.CertException;
import org.nuxeo.ecm.platform.signature.api.pki.CertService;
import org.nuxeo.ecm.platform.signature.api.pki.RootService;
import org.nuxeo.ecm.platform.signature.api.user.AliasType;
import org.nuxeo.ecm.platform.signature.api.user.AliasWrapper;
import org.nuxeo.ecm.platform.signature.api.user.CNField;
import org.nuxeo.ecm.platform.signature.api.user.CUserService;
import org.nuxeo.ecm.platform.signature.api.user.UserInfo;
import org.nuxeo.runtime.api.Framework;
import org.nuxeo.runtime.model.ComponentInstance;
import org.nuxeo.runtime.model.DefaultComponent;

/* loaded from: input_file:org/nuxeo/ecm/platform/signature/core/user/CUserServiceImpl.class */
public class CUserServiceImpl extends DefaultComponent implements CUserService {
    private static final Log LOG;
    private static final String CERTIFICATE_DIRECTORY_NAME = "certificate";
    protected RootService rootService;
    protected CertService certService;
    protected String countryCode;
    protected String organization;
    protected String organizationalUnit;
    static final /* synthetic */ boolean $assertionsDisabled;

    public UserInfo getUserInfo(DocumentModel documentModel) throws CertException {
        String str = (String) documentModel.getPropertyValue("user:username");
        String str2 = (String) documentModel.getPropertyValue("user:firstName");
        String str3 = (String) documentModel.getPropertyValue("user:lastName");
        String str4 = (String) documentModel.getPropertyValue("user:email");
        HashMap hashMap = new HashMap();
        hashMap.put(CNField.C, this.countryCode);
        hashMap.put(CNField.O, this.organization);
        hashMap.put(CNField.OU, this.organizationalUnit);
        hashMap.put(CNField.CN, str2 + " " + str3);
        hashMap.put(CNField.Email, str4);
        hashMap.put(CNField.UserID, str);
        return new UserInfo(hashMap);
    }

    public KeyStore getUserKeystore(String str, String str2) throws CertException {
        return getCertService().getKeyStore(new ByteArrayInputStream(Base64.decodeBase64((String) Framework.doPrivileged(() -> {
            Session open = getDirectoryService().open(CERTIFICATE_DIRECTORY_NAME);
            Throwable th = null;
            try {
                DocumentModel entry = open.getEntry(str);
                if (entry == null) {
                    throw new CertException("No directory entry for " + str);
                }
                String str3 = (String) entry.getPropertyValue("cert:keystore");
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return str3;
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        }))), str2);
    }

    public DocumentModel createCertificate(DocumentModel documentModel, String str) throws CertException {
        return (DocumentModel) Framework.doPrivileged(() -> {
            try {
                Session open = getDirectoryService().open(CERTIFICATE_DIRECTORY_NAME);
                Throwable th = null;
                try {
                    String str2 = (String) documentModel.getPropertyValue("user:username");
                    if (open.hasEntry(str2)) {
                        throw new CertException(str2 + " already has a certificate");
                    }
                    LOG.info("Starting certificate generation for: " + str2);
                    HashMap hashMap = new HashMap();
                    hashMap.put("userid", str2);
                    KeyStore initializeUser = getCertService().initializeUser(getUserInfo(documentModel), str);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    getCertService().storeCertificate(initializeUser, byteArrayOutputStream, str);
                    hashMap.put("keystore", Base64.encodeBase64String(byteArrayOutputStream.toByteArray()));
                    hashMap.put(CERTIFICATE_DIRECTORY_NAME, getUserCertInfo(initializeUser, documentModel));
                    hashMap.put("keypassword", str);
                    DocumentModel createEntry = open.createEntry(hashMap);
                    if (open != null) {
                        if (0 != 0) {
                            try {
                                open.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            open.close();
                        }
                    }
                    return createEntry;
                } finally {
                }
            } catch (DirectoryException e) {
                LOG.error(e);
                throw new CertException(e);
            }
        });
    }

    protected static DirectoryService getDirectoryService() {
        return (DirectoryService) Framework.getService(DirectoryService.class);
    }

    public String getUserCertInfo(DocumentModel documentModel, String str) throws CertException {
        return getUserCertInfo(getUserKeystore((String) documentModel.getPropertyValue("user:username"), str), documentModel);
    }

    private String getUserCertInfo(KeyStore keyStore, DocumentModel documentModel) throws CertException {
        String str = null;
        if (null != keyStore) {
            X509Certificate certificate = getCertService().getCertificate(keyStore, new AliasWrapper((String) documentModel.getPropertyValue("user:username")).getId(AliasType.CERT));
            str = certificate.getSubjectDN() + " valid till: " + certificate.getNotAfter();
        }
        return str;
    }

    public DocumentModel getCertificate(String str) {
        return (DocumentModel) Framework.doPrivileged(() -> {
            Session open = getDirectoryService().open(CERTIFICATE_DIRECTORY_NAME);
            Throwable th = null;
            try {
                DocumentModel entry = open.getEntry(str);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return entry;
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        });
    }

    public byte[] getRootCertificateData() {
        return getRootService().getRootPublicCertificate();
    }

    public boolean hasCertificate(String str) throws CertException {
        return ((Boolean) Framework.doPrivileged(() -> {
            Session open = getDirectoryService().open(CERTIFICATE_DIRECTORY_NAME);
            Throwable th = null;
            try {
                Boolean valueOf = Boolean.valueOf(open.getEntry(str) != null);
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        open.close();
                    }
                }
                return valueOf;
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        })).booleanValue();
    }

    public void deleteCertificate(String str) throws CertException {
        Framework.doPrivileged(() -> {
            Session open = getDirectoryService().open(CERTIFICATE_DIRECTORY_NAME);
            Throwable th = null;
            try {
                open.deleteEntry(open.getEntry(str));
                if (!$assertionsDisabled && null != open.getEntry(str)) {
                    throw new AssertionError();
                }
                if (open != null) {
                    if (0 == 0) {
                        open.close();
                        return;
                    }
                    try {
                        open.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                if (open != null) {
                    if (0 != 0) {
                        try {
                            open.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        open.close();
                    }
                }
                throw th3;
            }
        });
    }

    public void registerContribution(Object obj, String str, ComponentInstance componentInstance) {
        if (obj instanceof CUserDescriptor) {
            CUserDescriptor cUserDescriptor = (CUserDescriptor) obj;
            this.countryCode = cUserDescriptor.getCountryCode();
            this.organization = cUserDescriptor.getOrganization();
            this.organizationalUnit = cUserDescriptor.getOrganizationalUnit();
        }
    }

    protected CertService getCertService() {
        if (this.certService == null) {
            this.certService = (CertService) Framework.getService(CertService.class);
        }
        return this.certService;
    }

    protected RootService getRootService() {
        if (this.rootService == null) {
            this.rootService = (RootService) Framework.getService(RootService.class);
        }
        return this.rootService;
    }

    static {
        $assertionsDisabled = !CUserServiceImpl.class.desiredAssertionStatus();
        LOG = LogFactory.getLog(CUserServiceImpl.class);
    }
}
