package com.ibm.ws.st.core.internal.security;

import com.ibm.ws.kernel.provisioning.ExtensionConstants;
import com.ibm.ws.st.core.internal.Activator;
import com.ibm.ws.st.core.internal.Messages;
import com.ibm.ws.st.core.internal.Trace;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.CertPath;
import java.security.cert.Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.UUID;
import org.eclipse.core.runtime.IPath;
import org.eclipse.equinox.security.storage.ISecurePreferences;
import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
import org.eclipse.equinox.security.storage.StorageException;
import org.eclipse.osgi.util.NLS;

/* loaded from: input_file:com/ibm/ws/st/core/internal/security/LibertyX509CertRegistry.class */
public class LibertyX509CertRegistry {
    private static LibertyX509CertRegistry instance_;
    private static final String USER_KEYSTORE = "libertycertsKeystore";
    private static final String SECURE_STORAGE_NODE = "com.ibm.ws.st.core.internal.security.LibertyX509CertRegistry";
    private static final String SECURE_STORAGE_PASSWORD_KEY = "password";
    private File keyStoreFile_ = null;
    private KeyStore transientKeyStore_ = null;
    private KeyStore persistentKeyStore_ = null;

    private LibertyX509CertRegistry() {
    }

    public static LibertyX509CertRegistry instance() {
        if (instance_ == null) {
            instance_ = new LibertyX509CertRegistry();
        }
        return instance_;
    }

    public void trustCertificateTransiently(Certificate certificate) throws KeyStoreException {
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "certificate=[" + certificate + "]");
        }
        if (certificate != null) {
            String certificateAlias = transientKeyStore().getCertificateAlias(certificate);
            if (Trace.ENABLED) {
                Trace.trace((byte) 9, "prior transient alias=[" + certificateAlias + "]");
            }
            if (certificateAlias == null) {
                this.transientKeyStore_.setCertificateEntry(newAlias(), certificate);
            }
            String certificateAlias2 = persistentKeyStore().getCertificateAlias(certificate);
            if (Trace.ENABLED) {
                Trace.trace((byte) 9, "prior persistent alias=[" + certificateAlias2 + "]");
            }
            if (certificateAlias2 != null) {
                this.persistentKeyStore_.deleteEntry(certificateAlias2);
                store();
            }
        }
    }

    public void trustCertificatePersistently(Certificate certificate) throws KeyStoreException {
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "certificate=[" + certificate + "]");
        }
        if (certificate != null) {
            String certificateAlias = persistentKeyStore().getCertificateAlias(certificate);
            if (Trace.ENABLED) {
                Trace.trace((byte) 9, "prior persistent alias=[" + certificateAlias + "]");
            }
            if (certificateAlias == null) {
                this.persistentKeyStore_.setCertificateEntry(newAlias(), certificate);
                store();
            }
            if (this.transientKeyStore_ != null) {
                String certificateAlias2 = this.transientKeyStore_.getCertificateAlias(certificate);
                if (Trace.ENABLED) {
                    Trace.trace((byte) 9, "prior transient alias=[" + certificateAlias2 + "]");
                }
                if (certificateAlias2 != null) {
                    this.transientKeyStore_.deleteEntry(certificateAlias2);
                }
            }
        }
    }

    public void removeCertificate(Certificate certificate) throws KeyStoreException {
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "certificate=[" + certificate + "]");
        }
        if (certificate != null) {
            if (this.transientKeyStore_ != null) {
                String certificateAlias = this.transientKeyStore_.getCertificateAlias(certificate);
                if (Trace.ENABLED) {
                    Trace.trace((byte) 9, "prior transient alias=[" + certificateAlias + "]");
                }
                if (certificateAlias != null) {
                    this.transientKeyStore_.deleteEntry(certificateAlias);
                }
            }
            String certificateAlias2 = persistentKeyStore().getCertificateAlias(certificate);
            if (Trace.ENABLED) {
                Trace.trace((byte) 9, "prior persistent alias=[" + certificateAlias2 + "]");
            }
            if (certificateAlias2 != null) {
                this.persistentKeyStore_.deleteEntry(certificateAlias2);
                store();
            }
        }
    }

    public Certificate[] getCertificatesTrustedTransiently() throws KeyStoreException {
        return this.transientKeyStore_ == null ? new Certificate[0] : certificates(this.transientKeyStore_);
    }

    public Certificate[] getCertificatesTrustedPersistently() throws KeyStoreException {
        return certificates(persistentKeyStore());
    }

    public boolean isTrusted(Certificate certificate) throws KeyStoreException {
        boolean z = (certificate == null || ((this.transientKeyStore_ == null || this.transientKeyStore_.getCertificateAlias(certificate) == null) && persistentKeyStore().getCertificateAlias(certificate) == null)) ? false : true;
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "certificate=[" + certificate + "] trusted=[" + z + "]");
        }
        return z;
    }

    public boolean isTrusted(CertPath certPath) throws KeyStoreException {
        boolean z = false;
        if (certPath != null) {
            Iterator<? extends Certificate> it = certPath.getCertificates().iterator();
            while (it.hasNext()) {
                if (isTrusted(it.next())) {
                    z = true;
                }
            }
        }
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "certPath=[" + certPath + "] trusted=[" + z + "]");
        }
        return z;
    }

    public void purge(boolean z) {
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "removeTransientCertificates=[" + z + "]");
        }
        this.persistentKeyStore_ = null;
        if (z) {
            this.transientKeyStore_ = null;
        }
    }

    private String newAlias() {
        String uuid = UUID.randomUUID().toString();
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "alias=[" + uuid + "]");
        }
        return uuid;
    }

    private KeyStore transientKeyStore() throws KeyStoreException {
        if (this.transientKeyStore_ == null) {
            this.transientKeyStore_ = KeyStore.getInstance(KeyStore.getDefaultType());
            try {
                this.transientKeyStore_.load(null, getPassword().toCharArray());
            } catch (Exception e) {
                Trace.logError(e.getMessage(), e);
                throw new KeyStoreException(Messages.X509_CANNOT_LOAD_TRANSIENT_KEYSTORE, e);
            }
        }
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "transientKeyStore_=[" + this.transientKeyStore_ + "]");
        }
        return this.transientKeyStore_;
    }

    private KeyStore persistentKeyStore() throws KeyStoreException {
        if (this.persistentKeyStore_ == null) {
            File keyStoreFile = keyStoreFile();
            this.persistentKeyStore_ = KeyStore.getInstance(KeyStore.getDefaultType());
            if (keyStoreFile.exists()) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(keyStoreFile);
                    this.persistentKeyStore_.load(fileInputStream, getPassword().toCharArray());
                    fileInputStream.close();
                } catch (Exception e) {
                    Trace.logError(e.getMessage(), e);
                    throw new KeyStoreException(NLS.bind(Messages.X509_CANNOT_READ_PERSISTENT_KEYSTORE, keyStoreFile), e);
                }
            } else {
                try {
                    this.persistentKeyStore_.load(null, getPassword().toCharArray());
                } catch (Exception e2) {
                    Trace.logError(e2.getMessage(), e2);
                    throw new KeyStoreException(Messages.X509_CANNOT_LOAD_PERSISTENT_KEYSTORE, e2);
                }
            }
        }
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "persistentKeyStore_=[" + this.persistentKeyStore_ + "]");
        }
        return this.persistentKeyStore_;
    }

    private void store() throws KeyStoreException {
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "persistentKeyStore_=[" + this.persistentKeyStore_ + "]");
        }
        if (this.persistentKeyStore_ != null) {
            File keyStoreFile = keyStoreFile();
            try {
                FileOutputStream fileOutputStream = new FileOutputStream(keyStoreFile);
                this.persistentKeyStore_.store(fileOutputStream, getPassword().toCharArray());
                fileOutputStream.close();
            } catch (Exception e) {
                Trace.logError(e.getMessage(), e);
                throw new KeyStoreException(NLS.bind(Messages.X509_CANNOT_WRITE_PERSISTENT_KEYSTORE, keyStoreFile));
            }
        }
    }

    private File keyStoreFile() throws KeyStoreException {
        if (this.keyStoreFile_ == null) {
            IPath stateLocation = Activator.getInstance().getStateLocation();
            if (stateLocation == null) {
                throw new KeyStoreException(Messages.X509_CANNOT_GET_PLUGIN_STATE_LOCATION);
            }
            this.keyStoreFile_ = stateLocation.append(USER_KEYSTORE).toFile();
        }
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "keyStoreFile_=[" + this.keyStoreFile_ + "]");
        }
        return this.keyStoreFile_;
    }

    private Certificate[] certificates(KeyStore keyStore) throws KeyStoreException {
        LinkedList linkedList = new LinkedList();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            Certificate certificate = keyStore.getCertificate(aliases.nextElement());
            if (certificate != null) {
                linkedList.add(certificate);
            }
        }
        if (Trace.ENABLED) {
            Trace.trace((byte) 9, "keystore=[" + keyStore + "] certificates=[" + linkedList + "]");
        }
        return (Certificate[]) linkedList.toArray(new Certificate[0]);
    }

    private static void savePassword(String str) {
        ISecurePreferences iSecurePreferences = SecurePreferencesFactory.getDefault();
        try {
            iSecurePreferences.node(SECURE_STORAGE_NODE).put("password", str, true);
            iSecurePreferences.flush();
        } catch (Exception e) {
            Trace.logError("Failed to store server password", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String getPassword() {
        String str = null;
        try {
            str = SecurePreferencesFactory.getDefault().node(SECURE_STORAGE_NODE).get("password", ExtensionConstants.CORE_EXTENSION);
        } catch (StorageException e) {
            Trace.logError("Failed to retrieve server password", e);
        }
        if (str == null || str.isEmpty()) {
            str = LibertySecurityHelper.generatePassword();
            savePassword(str);
        }
        return str;
    }
}
