package com.ibm.ISecurityUtilityImpl.aes;

import com.ibm.wsspi.security.crypto.aes.EncryptionKeyManager;
import com.ibm.wsspi.security.crypto.aes.EncryptionKeyManagerException;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: input_file:wasJars/com.ibm.ws.admin.client_9.0.jar:com/ibm/ISecurityUtilityImpl/aes/DefaultEncryptionKeyManager.class */
public class DefaultEncryptionKeyManager implements EncryptionKeyManager {
    private static Logger log;
    private KeyStore keystore;
    private char[] masterPassword;
    private String aliasPrefix;
    private String latestKeyAlias;
    private PropertyManager pm;
    static final /* synthetic */ boolean $assertionsDisabled;

    public DefaultEncryptionKeyManager(char[] cArr) throws AesEncryptionException {
        this.aliasPrefix = null;
        this.latestKeyAlias = null;
        this.pm = null;
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "constructing DefaultEncryptionKeyManager with password.");
        }
        initialize(cArr, null);
    }

    public DefaultEncryptionKeyManager(String str, char[] cArr, PropertyManager propertyManager) throws EncryptionKeyManagerException, AesEncryptionException {
        this.aliasPrefix = null;
        this.latestKeyAlias = null;
        this.pm = null;
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Loading DefaultEncryptionKeyManager. keyfile = {0}", (Object[]) new String[]{str});
        }
        this.pm = propertyManager;
        FileInputStream fileInputStream = null;
        try {
            try {
                this.masterPassword = cArr;
                this.aliasPrefix = getProperties().getAliasPrefix();
                this.keystore = KeyStore.getInstance(getProperties().getKeyStoreProvider());
                fileInputStream = new FileInputStream(str);
                this.keystore.load(fileInputStream, cArr);
                if (log.isLoggable(Level.FINEST)) {
                    log.log(Level.FINEST, "Keystore has this many keys: " + this.keystore.size());
                }
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e) {
                        throw new EncryptionKeyManagerException(e);
                    }
                }
                if (propertyManager != null) {
                    this.latestKeyAlias = computeCurrentKeyAlias(getProperties().getCurrentAlias());
                }
            } catch (Exception e2) {
                throw new EncryptionKeyManagerException(e2);
            }
        } catch (Throwable th) {
            if (fileInputStream != null) {
                try {
                    fileInputStream.close();
                } catch (IOException e3) {
                    throw new EncryptionKeyManagerException(e3);
                }
            }
            throw th;
        }
    }

    @Override // com.ibm.wsspi.security.crypto.aes.EncryptionKeyManager
    public SecretKey getKey(String str) throws EncryptionKeyManagerException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "keyAlias to lookup : {0}", str);
        }
        try {
            SecretKey secretKey = (SecretKey) this.keystore.getKey(str, this.masterPassword);
            if (secretKey == null) {
                initialize(this.masterPassword, this.aliasPrefix);
                secretKey = (SecretKey) this.keystore.getKey(str, this.masterPassword);
                if (secretKey == null) {
                    throw new EncryptionKeyManagerException("No key found with keyAlias " + str);
                }
            }
            return secretKey;
        } catch (Exception e) {
            throw new EncryptionKeyManagerException(e);
        }
    }

    @Override // com.ibm.wsspi.security.crypto.aes.EncryptionKeyManager
    public List<String> getAllKeyAliases() throws EncryptionKeyManagerException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Getting all key aliases.");
        }
        try {
            ArrayList list = Collections.list(this.keystore.aliases());
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "Key aliases : " + list);
            }
            return list;
        } catch (KeyStoreException e) {
            throw new EncryptionKeyManagerException(e);
        }
    }

    @Override // com.ibm.wsspi.security.crypto.aes.EncryptionKeyManager
    public String getActiveEncryptionKeyAlias() {
        return this.latestKeyAlias;
    }

    public String addNewKey() throws AesEncryptionException {
        return addNewKey(null);
    }

    public String addNewKey(String str) throws AesEncryptionException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Generating new encryption key and saving in keystore. Alias name : " + str);
        }
        try {
            String str2 = str;
            SecretKey generateNewKey = generateNewKey();
            if (str2 == null) {
                str2 = Long.toString(System.currentTimeMillis());
                if (this.aliasPrefix != null) {
                    str2 = this.aliasPrefix + "/" + str2;
                }
            }
            if (log.isLoggable(Level.FINEST)) {
                log.log(Level.FINEST, "The alias name of the new key is " + str2);
            }
            this.keystore.setKeyEntry(str2, generateNewKey, this.masterPassword, null);
            this.latestKeyAlias = str2;
            return this.latestKeyAlias;
        } catch (Exception e) {
            throw new AesEncryptionException(e);
        }
    }

    public void deleteKey(String str) throws AesEncryptionException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Removing key version from keystore: {0}", str);
        }
        if (this.latestKeyAlias.equalsIgnoreCase(str)) {
            throw new AesEncryptionException("It is not allowed to delete the most current key version : " + str);
        }
        try {
            if (!this.keystore.containsAlias(str)) {
                throw new AesEncryptionException("the specified alias " + str + " does not exist in the keystore.");
            }
            this.keystore.deleteEntry(str);
            invariants();
        } catch (KeyStoreException e) {
            throw new AesEncryptionException(e);
        }
    }

    public void storeToFile(String str) throws AesEncryptionException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Storing encryption information. keyfile : {0}", str);
        }
        FileOutputStream fileOutputStream = null;
        try {
            try {
                File file = new File(str);
                File parentFile = file.getParentFile();
                if (!parentFile.exists()) {
                    parentFile.mkdirs();
                }
                fileOutputStream = new FileOutputStream(file);
                this.keystore.store(fileOutputStream, this.masterPassword);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                        throw new AesEncryptionException(e);
                    }
                }
            } catch (Exception e2) {
                throw new AesEncryptionException(e2);
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                try {
                    fileOutputStream.close();
                } catch (IOException e3) {
                    throw new AesEncryptionException(e3);
                }
            }
            throw th;
        }
    }

    public void setKey(String str, SecretKey secretKey) throws AesEncryptionException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Setting key in key store. keyAlias : {0}", str);
        }
        try {
            this.keystore.setKeyEntry(str, secretKey, this.masterPassword, null);
        } catch (Exception e) {
            throw new AesEncryptionException(e);
        }
    }

    public String computeCurrentKeyAlias(String str) throws EncryptionKeyManagerException, AesEncryptionException {
        String str2 = null;
        if (str != null) {
            try {
                if (!this.keystore.containsAlias(str)) {
                    String str3 = "The aes key alias name " + str + " does not exist.";
                    if (log.isLoggable(Level.SEVERE)) {
                        log.log(Level.SEVERE, str3);
                    }
                    throw new EncryptionKeyManagerException(str3);
                }
                str2 = str;
            } catch (Exception e) {
                if (log.isLoggable(Level.SEVERE)) {
                    log.log(Level.SEVERE, "An exception is caught while invoking a keystore command. Exception is " + e);
                }
                throw new EncryptionKeyManagerException(e);
            }
        }
        if (str2 == null) {
            List<String> allKeyAliases = getAllKeyAliases();
            if (allKeyAliases.size() == 1) {
                str2 = allKeyAliases.get(0);
            } else {
                long j = -1;
                for (String str4 : allKeyAliases) {
                    String[] split = str4.split("/");
                    long j2 = -1;
                    if (split.length == 2 && ((this.aliasPrefix != null && this.aliasPrefix.equalsIgnoreCase(split[0])) || (this.aliasPrefix == null && split[0].length() == 0))) {
                        try {
                            j2 = Long.parseLong(split[1]);
                        } catch (Exception e2) {
                            if (log.isLoggable(Level.FINEST)) {
                                log.log(Level.FINEST, "Alias name is not considered as a candidate of the current key : {0} because of an exception {1}", new Object[]{str4, e2});
                            }
                        }
                    } else if (split.length == 1 && this.aliasPrefix == null) {
                        try {
                            j2 = Long.parseLong(split[0]);
                        } catch (Exception e3) {
                            if (log.isLoggable(Level.FINEST)) {
                                log.log(Level.FINEST, "Alias name is not considered as a candidate of the current key : {0} because of an exception {1}", new Object[]{str4, e3});
                            }
                        }
                    } else if (log.isLoggable(Level.FINEST)) {
                        log.log(Level.FINEST, "Alias name is not considered as a candidate of the current key : {0}", str4);
                    }
                    if (j2 > j) {
                        j = j2;
                        str2 = str4;
                    }
                }
            }
        }
        if (str2 == null) {
            throw new AesEncryptionException("There is no matching alias in the keystore.");
        }
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "The current alias name is " + str2);
        }
        return str2;
    }

    private void initialize(char[] cArr, String str) throws AesEncryptionException {
        this.masterPassword = cArr;
        if (str == null) {
            this.aliasPrefix = getProperties().getAliasPrefix();
        } else {
            this.aliasPrefix = str;
        }
        try {
            this.keystore = KeyStore.getInstance(getProperties().getKeyStoreProvider());
            this.keystore.load(null, null);
        } catch (Exception e) {
            throw new AesEncryptionException(e);
        }
    }

    private SecretKey generateNewKey() throws AesEncryptionException, FileNotFoundException, IOException {
        if (log.isLoggable(Level.FINEST)) {
            log.log(Level.FINEST, "Generating new encryption key.");
        }
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(getProperties().getKeyType());
            keyGenerator.init(getProperties().getKeyLength());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new AesEncryptionException(e);
        }
    }

    private void invariants() {
        try {
            if (!$assertionsDisabled && this.keystore.size() <= 0) {
                throw new AssertionError("No keys left in keystore");
            }
            if (!$assertionsDisabled && !this.keystore.containsAlias(this.latestKeyAlias)) {
                throw new AssertionError("The current key isn't in the keystore");
            }
        } catch (KeyStoreException e) {
            log.log(Level.SEVERE, "Invariant Check failed with Exception", (Throwable) e);
            throw new AssertionError(e);
        }
    }

    private PropertyManager getProperties() throws AesEncryptionException {
        if (this.pm != null) {
            return this.pm;
        }
        try {
            return PropertyManager.getInstance();
        } catch (Exception e) {
            throw new AesEncryptionException(e);
        }
    }

    static {
        $assertionsDisabled = !DefaultEncryptionKeyManager.class.desiredAssertionStatus();
        log = Logger.getLogger(DefaultEncryptionKeyManager.class.getName());
    }
}
