package com.ibm.ws.security.token.ltpa.internal;

import com.ibm.websphere.ras.Tr;
import com.ibm.websphere.ras.TraceComponent;
import com.ibm.websphere.ras.annotation.Sensitive;
import com.ibm.websphere.ras.annotation.TraceObjectField;
import com.ibm.ws.common.internal.encoder.Base64Coder;
import com.ibm.ws.crypto.ltpakeyutil.KeyEncryptor;
import com.ibm.ws.ffdc.FFDCFilter;
import com.ibm.ws.ras.instrument.annotation.InjectedFFDC;
import com.ibm.wsspi.kernel.service.location.WsLocationAdmin;
import com.ibm.wsspi.kernel.service.location.WsResource;
import com.ibm.wsspi.kernel.service.utils.TimestampUtils;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Properties;

@InjectedFFDC
@TraceObjectField(fieldName = "tc", fieldDesc = "Lcom/ibm/websphere/ras/TraceComponent;")
/* loaded from: input_file:com/ibm/ws/security/token/ltpa/internal/LTPAKeyInfoManager.class */
public class LTPAKeyInfoManager {
    private static final TraceComponent tc = Tr.register(LTPAKeyInfoManager.class);
    private static final String SECRETKEY = "secretkey";
    private static final String PRIVATEKEY = "privatekey";
    private static final String PUBLICKEY = "publickey";
    private final List<String> importFileCache = new ArrayList();
    private final Map<String, byte[]> keyCache = new Hashtable();
    private final Map<String, String> realmCache = new Hashtable();
    static final long serialVersionUID = 4985268335767495062L;

    private final Properties loadPropertiesFile(WsResource wsResource) throws IOException {
        Properties properties = new Properties();
        InputStream inputStream = wsResource.get();
        try {
            try {
                properties.load(inputStream);
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e) {
                        FFDCFilter.processException(e, "com.ibm.ws.security.token.ltpa.internal.LTPAKeyInfoManager", "84", this, new Object[]{wsResource});
                    }
                }
                return properties;
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (IOException e2) {
                        FFDCFilter.processException(e2, "com.ibm.ws.security.token.ltpa.internal.LTPAKeyInfoManager", "84", this, new Object[]{wsResource});
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            FFDCFilter.processException(e3, "com.ibm.ws.security.token.ltpa.internal.LTPAKeyInfoManager", "75", this, new Object[]{wsResource});
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(this, tc, "Error loading properties; " + e3, new Object[0]);
            }
            throw e3;
        }
    }

    public final synchronized void prepareLTPAKeyInfo(WsLocationAdmin wsLocationAdmin, String str, @Sensitive byte[] bArr) throws Exception {
        Properties createLTPAKeysFile;
        if (this.importFileCache.contains(str)) {
            return;
        }
        if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
            Tr.event(this, tc, "Loading keyfile [" + str + "]", new Object[0]);
        }
        WsResource lTPAKeyFileResource = getLTPAKeyFileResource(wsLocationAdmin, str);
        if (lTPAKeyFileResource != null) {
            createLTPAKeysFile = loadPropertiesFile(lTPAKeyFileResource);
        } else {
            long currentTimeMillis = System.currentTimeMillis();
            Tr.info(tc, "LTPA_CREATE_KEYS_START", new Object[0]);
            createLTPAKeysFile = new LTPAKeyFileCreatorImpl().createLTPAKeysFile(wsLocationAdmin, str, bArr);
            Tr.audit(tc, "LTPA_CREATE_KEYS_COMPLETE", new Object[]{TimestampUtils.getElapsedTime(currentTimeMillis), str});
        }
        String property = createLTPAKeysFile.getProperty("com.ibm.websphere.ltpa.Realm");
        String property2 = createLTPAKeysFile.getProperty("com.ibm.websphere.ltpa.3DESKey");
        String property3 = createLTPAKeysFile.getProperty("com.ibm.websphere.ltpa.PrivateKey");
        String property4 = createLTPAKeysFile.getProperty("com.ibm.websphere.ltpa.PublicKey");
        try {
            KeyEncryptor keyEncryptor = new KeyEncryptor(bArr);
            if (property2 == null || property2.length() == 0) {
                Tr.error(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.3DESKey"});
                throw new IllegalArgumentException(Tr.formatMessage(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.3DESKey"}));
            }
            byte[] decrypt = keyEncryptor.decrypt(Base64Coder.base64DecodeString(property2));
            if (property3 == null || property3.length() == 0) {
                Tr.error(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.PrivateKey"});
                throw new IllegalArgumentException(Tr.formatMessage(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.PrivateKey"}));
            }
            byte[] decrypt2 = keyEncryptor.decrypt(Base64Coder.base64DecodeString(property3));
            if (property4 == null || property4.length() == 0) {
                Tr.error(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.PublicKey"});
                throw new IllegalArgumentException(Tr.formatMessage(tc, "LTPA_TOKEN_SERVICE_MISSING_KEY", new Object[]{"com.ibm.websphere.ltpa.PublicKey"}));
            }
            byte[] base64DecodeString = Base64Coder.base64DecodeString(property4);
            if (decrypt != null) {
                this.keyCache.put(str + SECRETKEY, decrypt);
            }
            if (decrypt2 != null) {
                this.keyCache.put(str + PRIVATEKEY, decrypt2);
            }
            if (base64DecodeString != null) {
                this.keyCache.put(str + PUBLICKEY, base64DecodeString);
            }
            if (property != null) {
                this.realmCache.put(str, property);
            }
            this.importFileCache.add(str);
        } catch (Exception e) {
            FFDCFilter.processException(e, "com.ibm.ws.security.token.ltpa.internal.LTPAKeyInfoManager", "156", this, new Object[]{wsLocationAdmin, str, "<sensitive byte[]>"});
            if (TraceComponent.isAnyTracingEnabled() && tc.isEventEnabled()) {
                Tr.event(this, tc, "Error loading key; " + e, new Object[0]);
            }
            throw e;
        }
    }

    final WsResource getLTPAKeyFileResource(WsLocationAdmin wsLocationAdmin, String str) {
        WsResource resolveResource = wsLocationAdmin.resolveResource(str);
        if (resolveResource == null || !resolveResource.exists()) {
            return null;
        }
        return resolveResource;
    }

    @Sensitive
    public final byte[] getSecretKey(String str) {
        return this.keyCache.get(str + SECRETKEY);
    }

    @Sensitive
    public final byte[] getPrivateKey(String str) {
        return this.keyCache.get(str + PRIVATEKEY);
    }

    public final byte[] getPublicKey(String str) {
        return this.keyCache.get(str + PUBLICKEY);
    }

    final String getRealm(String str) {
        return this.realmCache.get(str);
    }
}
