package com.ibm.ws.security.audit.file;

import com.ibm.json.java.JSONArray;
import com.ibm.json.java.JSONObject;
import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.websphere.ras.annotation.TraceOptions;
import com.ibm.websphere.security.audit.AuditEvent;
import com.ibm.websphere.security.audit.InvalidConfigurationException;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.config.xml.internal.nester.Nester;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.logging.data.GenericData;
import com.ibm.ws.logging.data.KeyValuePair;
import com.ibm.ws.logging.data.KeyValueStringPair;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.ws.security.audit.encryption.AuditEncryptionImpl;
import com.ibm.ws.security.audit.encryption.AuditSigningImpl;
import com.ibm.ws.security.audit.event.AuditMgmtEvent;
import com.ibm.ws.security.audit.logutils.FileLog;
import com.ibm.ws.security.audit.utils.AuditConstants;
import com.ibm.ws.ssl.KeyStoreService;
import com.ibm.wsspi.collector.manager.BufferManager;
import com.ibm.wsspi.collector.manager.CollectorManager;
import com.ibm.wsspi.collector.manager.Handler;
import com.ibm.wsspi.collector.manager.SynchronousHandler;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.utils.AtomicServiceReference;
import com.ibm.wsspi.security.audit.AuditEncryptionException;
import com.ibm.wsspi.security.audit.AuditService;
import com.ibm.wsspi.security.audit.AuditSigningException;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.service.component.ComponentException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.ConfigurationPolicy;
import org.osgi.service.component.annotations.Deactivate;
import org.osgi.service.component.annotations.Reference;
import org.osgi.service.component.annotations.ReferencePolicy;
import org.osgi.service.component.annotations.ReferencePolicyOption;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
@Component(service = {Handler.class}, configurationPid = {"com.ibm.ws.security.audit.file.handler"}, configurationPolicy = ConfigurationPolicy.OPTIONAL, property = {"service.vendor=IBM"}, immediate = true)
@TraceOptions
/* loaded from: input_file:com/ibm/ws/security/audit/file/AuditFileHandler.class */
public class AuditFileHandler implements SynchronousHandler {
    private static final String AUDIT_FILE_LOG_DEFAULT_NAME = "audit.log";
    private volatile CollectorManager collectorMgr;
    private static final String KEY_EXECUTOR_SERVICE = "executorSrvc";
    static final String KEY_KEYSTORE_SERVICE_REF = "keyStoreService";
    private static final String KEY_AUDIT_SERVICE = "auditService";
    private Map<String, Object> thisConfiguration;
    private static final String encryptionOpenTag = "<EncryptionInformation>\n";
    private static final String encryptionCloseTag = "</EncryptionInformation>\n";
    private static final String encryptedSharedKeyOpenTag = "   <encryptedSharedKey>";
    private static final String encryptedSharedKeyCloseTag = "</encryptedSharedKey>\n";
    private static final String encryptionCertAliasOpenTag = "   <encryptionCertAlias>";
    private static final String encryptionCertAliasCloseTag = "</encryptionCertAlias>\n";
    private static final String signingCertAliasOpenTag = "   <signingCertAlias>";
    private static final String signingCertAliasCloseTag = "</signingCertAlias>\n";
    private static final String encryptionKeyStoreOpenTag = "   <encryptionKeyStore>";
    private static final String encryptionKeyStoreCloseTag = "</encryptionKeyStore>\n";
    private static final String signingKeyStoreOpenTag = "   <signingKeyStore>";
    private static final String signingKeyStoreCloseTag = "</signingKeyStore>\n";
    private static final String keyStoreNameOpenTag = "   <keyStoreName>";
    private static final String keyStoreNameCloseTag = "</keyStoreName>\n";
    private static final String encryptionCertificateOpenTag = "   <encryptionCertificate>";
    private static final String encryptionCertificateCloseTag = "</encryptionCertificate>\n";
    private static final String signingCertificateOpenTag = "   <signingCertificate>";
    private static final String signingCertificateCloseTag = "</signingCertificate>\n";
    private static final String scopeOpenTag = "   <scope>";
    private static final String scopeCloseTag = "</scope>\n";
    private static final String signatureOpenTag = "<signature>";
    private static final String signatureCloseTag = "</signature>";
    private static final String signingOpenTag = "<SigningInformation>\n";
    private static final String signingCloseTag = "</SigningInformation>\n";
    private static final String signingSharedKeyOpenTag = "   <signingSharedKey>";
    private static final String signingSharedKeyCloseTag = "</signingSharedKey>\n";
    private static final String newLine = "\n";
    private static final String begin = "<auditRecord>";
    private static final String end = "</auditRecord>";
    static final long serialVersionUID = -2001078064883682586L;
    private static final TraceComponent tc = Tr.register(AuditFileHandler.class, "auditFileHandler", "com.ibm.ws.security.audit.file.internal.resources.AuditMessages");
    private static Object syncObject = new Object();
    private static Object syncSeqNum = new Object();
    private final AtomicServiceReference<ExecutorService> executorSrvcRef = new AtomicServiceReference<>(KEY_EXECUTOR_SERVICE);
    private final AtomicServiceReference<KeyStoreService> keyStoreServiceRef = new AtomicServiceReference<>(KEY_KEYSTORE_SERVICE_REF);
    private volatile Future<?> handlerTaskRef = null;
    private volatile BufferManager bufferMgr = null;
    protected volatile FileLog auditLog = null;
    private final String KEY_LOCATION_ADMIN = "locationAdmin";
    private final AtomicServiceReference<WsLocationAdmin> locationAdminRef = new AtomicServiceReference<>("locationAdmin");
    protected final AtomicServiceReference<AuditService> auditServiceRef = new AtomicServiceReference<>(KEY_AUDIT_SERVICE);
    private final List<String> sourceIds = new ArrayList<String>() { // from class: com.ibm.ws.security.audit.file.AuditFileHandler.1
        static final long serialVersionUID = -7688872831171341278L;
        private static final /* synthetic */ TraceComponent $$$tc$$$ = Tr.register("com.ibm.ws.security.audit.file.AuditFileHandler$1", AnonymousClass1.class, "auditFileHandler", "com.ibm.ws.security.audit.file.internal.resources.AuditMessages");

        {
            add("audit|server");
        }
    };
    private boolean encrypt = false;
    private boolean sign = false;
    private String encryptAlias = null;
    private String signerAlias = null;
    private String encryptKeyStoreRef = null;
    private String signerKeyStoreRef = null;
    private String wrapBehavior = null;
    private String logDirectory = null;
    private Integer maxFiles = -1;
    private Integer maxFileSize = -1;
    private String[] events = null;
    private boolean compact = false;
    private String encryptKeyStoreLocation = null;
    private String signerKeyStoreLocation = null;
    private final Certificate encryptCert = null;
    private Key sharedKey = null;
    private String sharedKeyAlias = null;
    private Key publicKey = null;
    private byte[] encryptedSharedKey = null;
    private X509Certificate cert = null;
    private AuditService auditService = null;
    private Key signedSharedKey = null;
    private Key publicSignerKey = null;
    private Key privateSignerKey = null;
    private byte[] encryptedSignerSharedKey = null;
    private X509Certificate signerCert = null;
    private byte[] signerCertBytes = null;
    private final String signerKeyStoreName = null;
    private final String signerKeyStoreScope = null;
    private final String signerCertAlias = null;
    private final String signerKeyFileLocation = null;
    List<Map<String, Object>> configuredEvents = null;
    AuditEncryptionImpl ae = null;
    AuditSigningImpl as = null;
    boolean encryptHeaderEmitted = false;
    boolean signerHeaderEmitted = false;
    private final int eventSequenceNumber = 0;
    byte[] signedEncryptedAuditRecord = null;
    byte[] signedAuditRecord = null;
    byte[] mergedByteRecord = null;
    byte[] er = null;
    ByteArrayOutputStream baos = null;

    @Activate
    protected void activate(ComponentContext componentContext) throws KeyStoreException, AuditEncryptionException, AuditSigningException {
        Tr.info(tc, "AUDIT_FILEHANDLER_STARTING", new Object[0]);
        this.locationAdminRef.activate(componentContext);
        this.executorSrvcRef.activate(componentContext);
        this.auditServiceRef.activate(componentContext);
        Map<String, Object> map = (Map) componentContext.getProperties();
        this.thisConfiguration = map;
        if (map != null && !map.isEmpty()) {
            for (Map.Entry<String, Object> entry : map.entrySet()) {
                String key = entry.getKey();
                Object value = entry.getValue();
                if (key.equals(AuditConstants.MAX_FILES)) {
                    setMaxFiles(value);
                } else if (key.equals(AuditConstants.MAX_FILE_SIZE)) {
                    setMaxFileSize(value);
                } else if (key.equals(AuditConstants.ENCRYPT)) {
                    setEncrypt(value);
                } else if (key.equals(AuditConstants.SIGN)) {
                    setSign(value);
                } else if (key.equals(AuditConstants.WRAP_BEHAVIOR)) {
                    setWrapBehavior(value);
                } else if (key.equals(AuditConstants.LOG_DIRECTORY)) {
                    setLogDirectory(value);
                } else if (key.equals(AuditConstants.COMPACT)) {
                    setCompact(value);
                } else if (key.equals(AuditConstants.ENCRYPT_ALIAS)) {
                    setEncryptAlias(value);
                } else if (key.equals(AuditConstants.SIGNING_ALIAS)) {
                    setSignerAlias(value);
                } else if (key.equals(AuditConstants.ENCRYPT_KEYSTORE_REF)) {
                    setEncryptKeyStoreRef(value);
                } else if (key.equals(AuditConstants.SIGNING_KEYSTORE_REF)) {
                    setSignerKeyStoreRef(value);
                }
            }
        }
        this.configuredEvents = Nester.nest(AuditConstants.EVENTS, map);
        if (tc.isDebugEnabled()) {
            Tr.debug(tc, "configuredEvents being sent to AuditService: " + this.configuredEvents.toString(), new Object[0]);
        }
        if (getEncrypt().booleanValue() || getSign().booleanValue()) {
            this.keyStoreServiceRef.activate(componentContext);
        }
        this.auditService = (AuditService) this.auditServiceRef.getService();
        try {
            this.auditService.registerEvents(getHandlerName(), this.configuredEvents);
            this.auditLog = FileLog.createFileLogHolder(null, this.logDirectory != null ? new File(this.logDirectory) : new File(getLogDir()), AUDIT_FILE_LOG_DEFAULT_NAME, this.maxFiles.intValue() != -1 ? this.maxFiles.intValue() : 100, this.maxFileSize.intValue() != -1 ? this.maxFileSize.intValue() * 1024 * 1024 : 20971520L);
            if (getEncrypt().booleanValue()) {
                setEncryptionKeys();
            }
            if (getSign().booleanValue()) {
                setSignerKeys();
            }
            Tr.info(tc, "AUDIT_FILEHANDLER_READY", new Object[0]);
        } catch (InvalidConfigurationException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "253", this, new Object[]{componentContext});
            this.locationAdminRef.deactivate(componentContext);
            this.executorSrvcRef.deactivate(componentContext);
            this.auditServiceRef.deactivate(componentContext);
            this.keyStoreServiceRef.deactivate(componentContext);
            componentContext.disableComponent((String) map.get("service.pid"));
            Tr.info(tc, "AUDIT_FILEHANDLER_STOPPED", new Object[0]);
            throw new ComponentException("Caught invalidConfigurationException");
        }
    }

    @Deactivate
    protected void deactivate(ComponentContext componentContext) {
        this.auditService.unRegisterEvents(getHandlerName());
        this.locationAdminRef.deactivate(componentContext);
        this.executorSrvcRef.deactivate(componentContext);
        this.auditServiceRef.deactivate(componentContext);
        if (getEncrypt().booleanValue() || getSign().booleanValue()) {
            this.keyStoreServiceRef.deactivate(componentContext);
        }
        this.auditLog.close();
        Tr.info(tc, "AUDIT_FILEHANDLER_STOPPED", new Object[0]);
    }

    @Reference(service = WsLocationAdmin.class, name = "locationAdmin")
    protected void setLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.setReference(serviceReference);
    }

    protected void unsetLocationAdmin(ServiceReference<WsLocationAdmin> serviceReference) {
        this.locationAdminRef.unsetReference(serviceReference);
    }

    @Reference(service = AuditService.class, name = KEY_AUDIT_SERVICE)
    protected void setAuditService(ServiceReference<AuditService> serviceReference) {
        this.auditServiceRef.setReference(serviceReference);
    }

    protected void unsetAuditService(ServiceReference<AuditService> serviceReference) {
        this.auditServiceRef.unsetReference(serviceReference);
    }

    @Reference(service = ExecutorService.class, name = KEY_EXECUTOR_SERVICE, policy = ReferencePolicy.DYNAMIC, policyOption = ReferencePolicyOption.GREEDY)
    protected void setExecutorSrvc(ServiceReference<ExecutorService> serviceReference) {
        this.executorSrvcRef.setReference(serviceReference);
    }

    protected void unsetExecutorSrvc(ServiceReference<ExecutorService> serviceReference) {
        this.executorSrvcRef.unsetReference(serviceReference);
    }

    @Reference(name = KEY_KEYSTORE_SERVICE_REF, service = KeyStoreService.class)
    protected void setKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.setReference(serviceReference);
    }

    protected void unsetKeyStoreService(ServiceReference<KeyStoreService> serviceReference) {
        this.keyStoreServiceRef.unsetReference(serviceReference);
    }

    public String getHandlerName() {
        return "AuditFileHandler";
    }

    public void init(CollectorManager collectorManager) {
        try {
            this.collectorMgr = collectorManager;
            this.collectorMgr.subscribe(this, this.sourceIds);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "347", this, new Object[]{collectorManager});
        }
    }

    public void setBufferManager(String str, BufferManager bufferManager) {
        this.auditService.sendEvent((AuditEvent) null);
    }

    public void unsetBufferManager(String str, BufferManager bufferManager) {
        if (this.auditService.isAuditRequired(AuditConstants.SECURITY_AUDIT_MGMT, AuditConstants.SUCCESS)) {
            Map<String, Object> map = this.thisConfiguration;
            StringBuilder append = new StringBuilder().append("AuditHandler:");
            AuditService auditService = this.auditService;
            this.auditService.sendEvent(new AuditMgmtEvent(map, append.append("AuditFileHandler").toString(), "stop"));
            this.auditService.sendEvent(new AuditMgmtEvent(this.thisConfiguration, "AuditService", "stop"));
        }
    }

    private String getLogDir() {
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append(((WsLocationAdmin) this.locationAdminRef.getService()).resolveString("${server.output.dir}").replace('\\', '/')).append("/logs");
        return stringBuffer.toString();
    }

    private String mapToJSONString(Map<String, Object> map) {
        JSONObject jSONObject = new JSONObject();
        String str = null;
        map2JSON(jSONObject, map);
        try {
            str = !this.compact ? jSONObject.serialize(true).replaceAll("\\\\/", "/") : jSONObject.toString();
        } catch (IOException e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "402", this, new Object[]{map});
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "Unexpected error converting AuditEvent to JSON String", new Object[]{e});
            }
        }
        return str;
    }

    private JSONObject map2JSON(JSONObject jSONObject, Map<String, Object> map) {
        String key;
        for (Map.Entry<String, Object> entry : map.entrySet()) {
            String str = null;
            Object value = entry.getValue();
            int indexOf = entry.getKey().indexOf(".");
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "raw key, index", new Object[]{entry.getKey(), Integer.valueOf(indexOf)});
            }
            if (indexOf > -1) {
                str = entry.getKey().substring(indexOf + 1);
                key = entry.getKey().substring(0, indexOf);
            } else {
                key = entry.getKey();
            }
            if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                Tr.debug(tc, "key, subkeys", new Object[]{key, str});
            }
            if (str == null) {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "simple key: " + entry.getKey(), new Object[0]);
                }
                if (value == null) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "value is null", new Object[0]);
                    }
                    jSONObject.put(key, "null");
                } else if (value instanceof Map) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "value is a Map, calling map2JSON", new Object[]{value});
                    }
                    jSONObject.put(key, map2JSON(new JSONObject(), (Map) value));
                } else if (value.getClass().isArray()) {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "value is an array, calling array2JSON", new Object[]{value});
                    }
                    jSONObject.put(key, array2JSON(new JSONArray(), (Object[]) value));
                } else {
                    if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                        Tr.debug(tc, "simple value, adding to jo", new Object[]{value});
                    }
                    jSONObject.put(key, value);
                }
            } else {
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "compound key: " + entry.getKey(), new Object[0]);
                }
                JSONObject jSONObject2 = (JSONObject) jSONObject.get(key);
                if (jSONObject2 == null) {
                    jSONObject2 = new JSONObject();
                    jSONObject.put(key, jSONObject2);
                }
                TreeMap treeMap = new TreeMap();
                treeMap.put(str, value);
                map2JSON(jSONObject2, treeMap);
            }
        }
        return jSONObject;
    }

    private JSONArray array2JSON(JSONArray jSONArray, Object[] objArr) {
        for (int i = 0; i < objArr.length; i++) {
            if (objArr[i] instanceof Map) {
                jSONArray.add(map2JSON(new JSONObject(), (Map) objArr[i]));
            } else if (objArr[i].getClass().isArray()) {
                jSONArray.add(array2JSON(new JSONArray(), (Object[]) objArr[i]));
            } else {
                jSONArray.add(objArr[i]);
            }
        }
        return jSONArray;
    }

    public void setMaxFiles(Object obj) {
        this.maxFiles = (Integer) obj;
    }

    public Integer getMaxFiles() {
        return this.maxFiles;
    }

    public void setMaxFileSize(Object obj) {
        this.maxFileSize = (Integer) obj;
    }

    public Integer getMaxFileSize() {
        return this.maxFileSize;
    }

    public void setLogDirectory(Object obj) {
        this.logDirectory = (String) obj;
    }

    public String getLogDirectory() {
        return this.logDirectory;
    }

    public void setWrapBehavior(Object obj) {
        this.wrapBehavior = (String) obj;
    }

    public String getWrapBehavior() {
        return this.wrapBehavior;
    }

    public void setEncrypt(Object obj) {
        this.encrypt = ((Boolean) obj).booleanValue();
    }

    public Boolean getEncrypt() {
        return Boolean.valueOf(this.encrypt);
    }

    public void setSign(Object obj) {
        this.sign = ((Boolean) obj).booleanValue();
    }

    public Boolean getSign() {
        return Boolean.valueOf(this.sign);
    }

    public void setCompact(Object obj) {
        this.compact = ((Boolean) obj).booleanValue();
    }

    public Boolean getCompact() {
        return Boolean.valueOf(this.compact);
    }

    public void setEncryptAlias(Object obj) {
        this.encryptAlias = (String) obj;
    }

    public String getEncryptAlias() {
        return this.encryptAlias;
    }

    public void setSignerAlias(Object obj) {
        this.signerAlias = (String) obj;
    }

    public String getSignerAlias() {
        return this.signerAlias;
    }

    public void setEncryptKeyStoreRef(Object obj) {
        this.encryptKeyStoreRef = (String) obj;
    }

    public String getEncryptKeyStoreRef() {
        return this.encryptKeyStoreRef;
    }

    public void setSignerKeyStoreRef(Object obj) {
        this.signerKeyStoreRef = (String) obj;
    }

    public String getSignerKeyStoreRef() {
        return this.signerKeyStoreRef;
    }

    public void setEvents(Object obj) {
        this.events = ((String) obj).split(", ");
    }

    public String[] getEvents() {
        return this.events;
    }

    public void setSignerKeys() throws KeyStoreException, AuditSigningException {
        KeyStoreService keyStoreService = null;
        if (getSign().booleanValue()) {
            keyStoreService = (KeyStoreService) this.keyStoreServiceRef.getService();
            try {
                this.signerKeyStoreLocation = keyStoreService.getKeyStoreLocation(this.signerKeyStoreRef);
            } catch (KeyStoreException e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "636", this, new Object[0]);
                int i = 0 + 1;
                try {
                    Thread.sleep(10000L);
                } catch (InterruptedException e2) {
                    FFDCFilter.processException(e2, "com.ibm.ws.security.audit.file.AuditFileHandler", "640", this, new Object[0]);
                }
                if (i < 6) {
                    try {
                        this.signerKeyStoreLocation = keyStoreService.getKeyStoreLocation(this.signerKeyStoreRef);
                    } catch (KeyStoreException e3) {
                        FFDCFilter.processException(e3, "com.ibm.ws.security.audit.file.AuditFileHandler", "646", this, new Object[0]);
                    }
                }
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Exception with keystore.", new Object[]{e.getMessage()});
                }
                Tr.error(tc, "FAILURE_INITIALIZING_SIGNING_CONFIGURATION", new Object[]{e.getMessage()});
                throw new KeyStoreException(e);
            }
        }
        try {
            this.as = new AuditSigningImpl(this.signerKeyStoreRef, this.signerKeyStoreLocation, null, null, null, this.signerAlias);
            try {
                this.signedSharedKey = this.as.generateSharedKey();
                try {
                    this.signerCert = keyStoreService.getX509CertificateFromKeyStore(this.signerKeyStoreRef, this.signerAlias);
                    this.publicSignerKey = this.signerCert.getPublicKey();
                    this.privateSignerKey = keyStoreService.getPrivateKeyFromKeyStore(this.signerKeyStoreRef, this.signerAlias, (String) null);
                    this.encryptedSignerSharedKey = this.as.encryptSharedKey(this.signedSharedKey, this.publicSignerKey);
                } catch (IOException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ws.security.audit.file.AuditFileHandler", "682", this, new Object[0]);
                    Tr.error(tc, "security.audit.keystore.open.error", new Object[]{e4});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception opening keystore.", new Object[]{e4.getMessage()});
                    }
                    Tr.error(tc, "FAILURE_INITIALIZING_SIGNING_CONFIGURATION", new Object[]{e4.getMessage()});
                    throw new AuditSigningException(e4.getMessage());
                } catch (KeyStoreException e5) {
                    FFDCFilter.processException(e5, "com.ibm.ws.security.audit.file.AuditFileHandler", "693", this, new Object[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception with keystore.", new Object[]{e5.getMessage()});
                    }
                    Tr.error(tc, "INCORRECT_AUDIT_ENCRYPTION_CONFIGURATION", new Object[]{this.signerAlias, this.signerKeyStoreRef});
                    throw new AuditSigningException(e5.getMessage());
                } catch (CertificateException e6) {
                    FFDCFilter.processException(e6, "com.ibm.ws.security.audit.file.AuditFileHandler", "688", this, new Object[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception with certificate.", new Object[]{e6.getMessage()});
                    }
                    Tr.error(tc, "INCORRECT_AUDIT_SIGNING_CONFIGURATION", new Object[]{this.signerAlias, this.signerKeyStoreRef});
                    throw new AuditSigningException(e6.getMessage());
                } catch (Exception e7) {
                    FFDCFilter.processException(e7, "com.ibm.ws.security.audit.file.AuditFileHandler", "698", this, new Object[0]);
                    Tr.error(tc, "security.audit.retrieve.signer.error", new Object[]{e7});
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Failed to retrieve the signer information.", new Object[]{e7.getMessage()});
                    }
                    Tr.error(tc, "FAILURE_INITIALIZING_SIGNING_CONFIGURATION", new Object[]{e7.getMessage()});
                    throw new AuditSigningException(e7.getMessage());
                }
            } catch (Exception e8) {
                FFDCFilter.processException(e8, "com.ibm.ws.security.audit.file.AuditFileHandler", "670", this, new Object[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error generating key.", new Object[]{e8});
                }
                Tr.error(tc, "FAILURE_INITIALIZING_SIGNING_CONFIGURATION", new Object[]{e8.getMessage()});
                throw new AuditSigningException(e8.getMessage(), e8);
            }
        } catch (AuditSigningException e9) {
            FFDCFilter.processException(e9, "com.ibm.ws.security.audit.file.AuditFileHandler", "660", this, new Object[0]);
            Tr.error(tc, "FAILURE_INITIALIZING_SIGNING_CONFIGURATION", new Object[]{e9.getMessage()});
            throw new AuditSigningException(e9);
        }
    }

    public void setEncryptionKeys() throws KeyStoreException, AuditEncryptionException {
        KeyStoreService keyStoreService = null;
        if (getEncrypt().booleanValue()) {
            keyStoreService = (KeyStoreService) this.keyStoreServiceRef.getService();
            for (int i = 0; i < 10; i++) {
                try {
                    this.encryptKeyStoreLocation = keyStoreService.getKeyStoreLocation(this.encryptKeyStoreRef);
                } catch (KeyStoreException e) {
                    FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "721", this, new Object[0]);
                    if (i == 9) {
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "Exception with keystore.", new Object[]{e.getMessage()});
                        }
                        Tr.error(tc, "FAILURE_INITIALIZING_ENCRYPTION_CONFIGURATION", new Object[]{e.getMessage()});
                        throw new KeyStoreException(e);
                    }
                    try {
                        Thread.sleep(1000L);
                    } catch (InterruptedException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.audit.file.AuditFileHandler", "730", this, new Object[0]);
                    }
                }
            }
        }
        try {
            this.ae = new AuditEncryptionImpl(this.encryptKeyStoreRef, this.encryptKeyStoreLocation, null, null, null, this.encryptAlias);
            try {
                this.sharedKey = this.ae.generateSharedKey();
                this.sharedKeyAlias = this.ae.generateAliasForSharedKey();
                try {
                    this.cert = keyStoreService.getX509CertificateFromKeyStore(this.encryptKeyStoreRef, this.encryptAlias);
                    this.publicKey = this.cert.getPublicKey();
                    this.encryptedSharedKey = this.ae.encryptSharedKey(this.sharedKey, this.publicKey);
                } catch (IOException e3) {
                    FFDCFilter.processException(e3, "com.ibm.ws.security.audit.file.AuditFileHandler", "761", this, new Object[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception opening keystore.", new Object[]{e3.getMessage()});
                    }
                    Tr.error(tc, "FAILURE_INITIALIZING_ENCRYPTION_CONFIGURATION", new Object[]{e3.getMessage()});
                    throw new AuditEncryptionException(e3.getMessage());
                } catch (KeyStoreException e4) {
                    FFDCFilter.processException(e4, "com.ibm.ws.security.audit.file.AuditFileHandler", "771", this, new Object[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception with keystore.", new Object[]{e4.getMessage()});
                    }
                    Tr.error(tc, "INCORRECT_AUDIT_ENCRYPTION_CONFIGURATION", new Object[]{this.encryptAlias, this.encryptKeyStoreRef});
                    throw new AuditEncryptionException(e4.getMessage());
                } catch (CertificateException e5) {
                    FFDCFilter.processException(e5, "com.ibm.ws.security.audit.file.AuditFileHandler", "766", this, new Object[0]);
                    if (tc.isDebugEnabled()) {
                        Tr.debug(tc, "Exception with certificate.", new Object[]{e5.getMessage()});
                    }
                    Tr.error(tc, "INCORRECT_AUDIT_ENCRYPTION_CONFIGURATION", new Object[]{this.encryptAlias, this.encryptKeyStoreRef});
                    throw new AuditEncryptionException(e5.getMessage());
                }
            } catch (Exception e6) {
                FFDCFilter.processException(e6, "com.ibm.ws.security.audit.file.AuditFileHandler", "747", this, new Object[0]);
                if (tc.isDebugEnabled()) {
                    Tr.debug(tc, "Error generating key.", new Object[]{e6});
                }
                Tr.error(tc, "FAILURE_INITIALIZING_ENCRYPTION_CONFIGURATION", new Object[]{e6.getMessage()});
                throw new AuditEncryptionException(e6.getMessage(), e6);
            }
        } catch (AuditEncryptionException e7) {
            FFDCFilter.processException(e7, "com.ibm.ws.security.audit.file.AuditFileHandler", "740", this, new Object[0]);
            Tr.error(tc, "FAILURE_INITIALIZING_ENCRYPTION_CONFIGURATION", new Object[]{e7.getMessage()});
            throw new AuditEncryptionException(e7);
        }
    }

    public String buildEncSignerHeader() {
        String str = null;
        if (getEncrypt().booleanValue()) {
            str = buildEncryptionHeader();
        }
        if (getSign().booleanValue()) {
            String buildSignerHeader = buildSignerHeader();
            str = str != null ? str.concat(buildSignerHeader) : buildSignerHeader;
        }
        return str;
    }

    public String buildEncryptionHeader() {
        return encryptionOpenTag.concat(encryptedSharedKeyOpenTag).concat(new String(Base64Coder.base64Encode(this.encryptedSharedKey))).concat(encryptedSharedKeyCloseTag).concat(encryptionCertAliasOpenTag).concat(this.encryptAlias).concat(encryptionCertAliasCloseTag).concat(encryptionKeyStoreOpenTag).concat(this.encryptKeyStoreLocation).concat(encryptionKeyStoreCloseTag).concat(encryptionCertificateOpenTag).concat(new String(this.publicKey.toString().getBytes())).concat(newLine).concat(encryptionCertificateCloseTag).concat(encryptionCloseTag);
    }

    public String buildSignerHeader() {
        String str = null;
        this.signerCertBytes = this.publicSignerKey.toString().getBytes();
        return (0 == 0 ? signingOpenTag : str.concat(signingOpenTag)).concat(signingSharedKeyOpenTag).concat(new String(Base64Coder.base64Encode(this.encryptedSignerSharedKey))).concat(signingSharedKeyCloseTag).concat(signingCertAliasOpenTag).concat(this.signerAlias).concat(signingCertAliasCloseTag).concat(signingKeyStoreOpenTag).concat(this.signerKeyStoreLocation).concat(signingKeyStoreCloseTag).concat(signingCertificateOpenTag).concat(new String(this.signerCertBytes)).concat(newLine).concat(signingCertificateCloseTag).concat(signingCloseTag);
    }

    public void synchronousWrite(Object obj) {
        synchronized (syncSeqNum) {
            if (getEncrypt().booleanValue() && !this.encryptHeaderEmitted) {
                this.auditLog.writeRecord(buildEncryptionHeader());
                this.encryptHeaderEmitted = true;
            }
            if (getSign().booleanValue() && !this.signerHeaderEmitted) {
                this.auditLog.writeRecord(buildSignerHeader());
                this.signerHeaderEmitted = true;
            }
            try {
                AuditEvent auditEvent = new AuditEvent();
                for (KeyValuePair keyValuePair : ((GenericData) obj).getPairs()) {
                    if ((keyValuePair instanceof KeyValueStringPair) && !keyValuePair.getKey().equals("ibm_datetime") && !keyValuePair.getKey().equals("ibm_sequence")) {
                        auditEvent.set(keyValuePair.getKey(), keyValuePair.getStringValue());
                    }
                }
                if (TraceComponent.isAnyTracingEnabled() && tc.isDebugEnabled()) {
                    Tr.debug(tc, "Received event " + auditEvent, new Object[]{this});
                }
                AuditService auditService = (AuditService) this.auditServiceRef.getService();
                if (auditService != null && auditService.isAuditRequired((String) auditEvent.getMap().get(AuditConstants.EVENT_NAME), (String) auditEvent.getMap().get(AuditConstants.OUTCOME))) {
                    if (getEncrypt().booleanValue()) {
                        byte[] bytes = mapToJSONString(auditEvent.getMap()).getBytes("UTF-8");
                        String str = new String(bytes);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "eventBytes: " + str + "eventBytes.length: " + bytes.length, new Object[0]);
                        }
                        byte[] encrypt = this.ae.encrypt(bytes, this.sharedKey);
                        byte[] bArr = new byte[encrypt.length];
                        System.arraycopy(encrypt, 0, bArr, 0, encrypt.length);
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "length of er: " + encrypt.length + " length of encryptedAuditRecord: " + bArr.length, new Object[0]);
                            Tr.debug(tc, "encryptedAuditRecord: " + new String(bArr), new Object[0]);
                            Tr.debug(tc, "er: " + new String(encrypt), new Object[0]);
                        }
                        if (getSign().booleanValue()) {
                            this.signedEncryptedAuditRecord = this.as.sign(encrypt, this.signedSharedKey);
                            byte[] bytes2 = signatureOpenTag.getBytes();
                            byte[] bytes3 = signatureCloseTag.getBytes();
                            this.baos = new ByteArrayOutputStream(encrypt.length + bytes2.length + this.signedEncryptedAuditRecord.length + bytes3.length);
                            this.baos.write(encrypt, 0, encrypt.length);
                            this.baos.write(bytes2, 0, bytes2.length);
                            this.baos.write(this.signedEncryptedAuditRecord, 0, this.signedEncryptedAuditRecord.length);
                            this.baos.write(bytes3, 0, bytes3.length);
                            this.mergedByteRecord = new byte[this.baos.toByteArray().length];
                            this.mergedByteRecord = this.baos.toByteArray();
                            byte[] base64Encode = Base64Coder.base64Encode(this.mergedByteRecord);
                            synchronized (syncObject) {
                                long length = begin.getBytes().length + base64Encode.length + end.getBytes().length;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "total_to_add_length: " + length, new Object[0]);
                                }
                                long currentCountStream = this.auditLog.getCurrentCountStream();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "currentFileSize: " + currentCountStream, new Object[0]);
                                }
                                if (currentCountStream != 0) {
                                    if (getMaxFileSize().intValue() != 0) {
                                        long intValue = getMaxFileSize().intValue() * 1024 * 1024;
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "maxFileSize: " + intValue, new Object[0]);
                                        }
                                        if (currentCountStream + length >= intValue) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "adding padding to roll into new log", new Object[0]);
                                            }
                                            this.auditLog.writeRecord(new byte[(int) (intValue - currentCountStream)], buildEncSignerHeader());
                                        }
                                    }
                                    this.auditLog.writeRecord(begin);
                                    this.auditLog.writeRecord(base64Encode, buildEncSignerHeader());
                                    this.auditLog.writeRecord(end);
                                }
                            }
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "mergedByteRecord: " + new String(base64Encode), new Object[0]);
                            }
                        } else {
                            byte[] base64Encode2 = Base64Coder.base64Encode(encrypt);
                            synchronized (syncObject) {
                                long length2 = begin.getBytes().length + base64Encode2.length + end.getBytes().length;
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "total_to_add_length: " + length2, new Object[0]);
                                }
                                long currentCountStream2 = this.auditLog.getCurrentCountStream();
                                if (tc.isDebugEnabled()) {
                                    Tr.debug(tc, "currentFileSize: " + currentCountStream2, new Object[0]);
                                }
                                if (currentCountStream2 != 0) {
                                    if (getMaxFileSize().intValue() != 0) {
                                        long intValue2 = getMaxFileSize().intValue() * 1024 * 1024;
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "maxFileSize: " + intValue2, new Object[0]);
                                        }
                                        if (currentCountStream2 + length2 >= intValue2) {
                                            if (tc.isDebugEnabled()) {
                                                Tr.debug(tc, "adding padding to roll into new log", new Object[0]);
                                            }
                                            this.auditLog.writeRecord(new byte[(int) (intValue2 - currentCountStream2)], buildEncSignerHeader());
                                        }
                                    }
                                    this.auditLog.writeRecord(begin);
                                    this.auditLog.writeRecord(base64Encode2, buildEncSignerHeader());
                                    this.auditLog.writeRecord(end);
                                }
                            }
                        }
                    }
                    if (getSign().booleanValue() && !getEncrypt().booleanValue()) {
                        byte[] bytes4 = mapToJSONString(auditEvent.getMap()).getBytes("UTF-8");
                        this.signedAuditRecord = this.as.sign(bytes4, this.signedSharedKey);
                        byte[] bytes5 = signatureOpenTag.getBytes();
                        byte[] bytes6 = signatureCloseTag.getBytes();
                        this.baos = new ByteArrayOutputStream(bytes4.length + bytes5.length + this.signedAuditRecord.length + bytes6.length);
                        this.baos.write(bytes4, 0, bytes4.length);
                        this.baos.write(bytes5, 0, bytes5.length);
                        this.baos.write(this.signedAuditRecord, 0, this.signedAuditRecord.length);
                        this.baos.write(bytes6, 0, bytes6.length);
                        this.mergedByteRecord = new byte[this.baos.toByteArray().length];
                        this.mergedByteRecord = this.baos.toByteArray();
                        byte[] base64Encode3 = Base64Coder.base64Encode(this.mergedByteRecord);
                        synchronized (syncObject) {
                            long length3 = begin.getBytes().length + base64Encode3.length + end.getBytes().length;
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "total_to_add_length: " + length3, new Object[0]);
                            }
                            long currentCountStream3 = this.auditLog.getCurrentCountStream();
                            if (tc.isDebugEnabled()) {
                                Tr.debug(tc, "currentFileSize: " + currentCountStream3, new Object[0]);
                            }
                            if (currentCountStream3 != 0) {
                                if (getMaxFileSize().intValue() != 0) {
                                    long intValue3 = getMaxFileSize().intValue() * 1024 * 1024;
                                    if (tc.isDebugEnabled()) {
                                        Tr.debug(tc, "maxFileSize: " + intValue3, new Object[0]);
                                    }
                                    if (currentCountStream3 + length3 >= intValue3) {
                                        if (tc.isDebugEnabled()) {
                                            Tr.debug(tc, "adding padding to roll into new log", new Object[0]);
                                        }
                                        this.auditLog.writeRecord(new byte[(int) (intValue3 - currentCountStream3)], buildEncSignerHeader());
                                    }
                                }
                                this.auditLog.writeRecord(begin);
                                this.auditLog.writeRecord(base64Encode3, buildEncSignerHeader());
                                this.auditLog.writeRecord(end);
                            }
                        }
                        if (tc.isDebugEnabled()) {
                            Tr.debug(tc, "mergedByteRecord: " + new String(base64Encode3), new Object[0]);
                        }
                    }
                    if (!getEncrypt().booleanValue() && !getSign().booleanValue()) {
                        this.auditLog.writeRecord(mapToJSONString(auditEvent.getMap()));
                    }
                }
            } catch (Exception e) {
                FFDCFilter.processException(e, "com.ibm.ws.security.audit.file.AuditFileHandler", "1076", this, new Object[]{obj});
            }
        }
    }
}
