package org.apache.cxf.xkms.x509.repo.file;

import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.math.BigInteger;
import java.net.URISyntaxException;
import java.security.cert.CRLException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509CRL;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.regex.Pattern;
import org.apache.cxf.xkms.exception.XKMSConfigurationException;
import org.apache.cxf.xkms.model.xkms.ResultMajorEnum;
import org.apache.cxf.xkms.model.xkms.ResultMinorEnum;
import org.apache.cxf.xkms.model.xkms.UseKeyWithType;
import org.apache.cxf.xkms.x509.repo.CertificateRepo;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;

/* loaded from: input_file:WEB-INF/lib/cxf-services-xkms-x509-handlers-2.7.19-MULE-005.jar:org/apache/cxf/xkms/x509/repo/file/FileCertificateRepo.class */
public class FileCertificateRepo implements CertificateRepo {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FileCertificateRepo.class);
    private static final String CN_PREFIX = "cn=";
    private static final String TRUSTED_CAS_PATH = "trusted_cas";
    private static final String CRLS_PATH = "crls";
    private static final String CAS_PATH = "cas";
    private final File storageDir;
    private final CertificateFactory certFactory;

    public FileCertificateRepo(String str) {
        this.storageDir = new File(str);
        try {
            this.certFactory = CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
        } catch (Exception e) {
            throw new RuntimeException(e.getMessage(), e);
        }
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public void saveCertificate(X509Certificate x509Certificate, UseKeyWithType useKeyWithType) {
        saveCategorizedCertificate(x509Certificate, useKeyWithType, false, false);
    }

    public void saveTrustedCACertificate(X509Certificate x509Certificate, UseKeyWithType useKeyWithType) {
        saveCategorizedCertificate(x509Certificate, useKeyWithType, true, false);
    }

    public void saveCACertificate(X509Certificate x509Certificate, UseKeyWithType useKeyWithType) {
        saveCategorizedCertificate(x509Certificate, useKeyWithType, false, true);
    }

    public void saveCRL(X509CRL x509crl, UseKeyWithType useKeyWithType) {
        String name = x509crl.getIssuerX500Principal().getName();
        try {
            String str = convertDnForFileSystem(name) + ".cer";
            if (!Pattern.compile("[a-zA-Z_0-9-_]").matcher(str).find()) {
                throw new URISyntaxException(str, "Input did not match [a-zA-Z_0-9-_].");
            }
            File file = new File(this.storageDir + "/" + CRLS_PATH, str);
            file.getParentFile().mkdirs();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);
            bufferedOutputStream.write(x509crl.getEncoded());
            bufferedOutputStream.close();
            fileOutputStream.close();
        } catch (Exception e) {
            throw new RuntimeException("Error saving CRL " + name + ": " + e.getMessage(), e);
        }
    }

    private boolean saveCategorizedCertificate(X509Certificate x509Certificate, UseKeyWithType useKeyWithType, boolean z, boolean z2) {
        String name = x509Certificate.getSubjectX500Principal().getName();
        String str = z ? TRUSTED_CAS_PATH : "";
        if (z2) {
            str = CAS_PATH;
        }
        try {
            File file = new File(this.storageDir + "/" + str, getRelativePathForSubjectDn(x509Certificate));
            file.getParentFile().mkdirs();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            BufferedOutputStream bufferedOutputStream = new BufferedOutputStream(fileOutputStream);
            bufferedOutputStream.write(x509Certificate.getEncoded());
            bufferedOutputStream.close();
            fileOutputStream.close();
            return true;
        } catch (Exception e) {
            throw new RuntimeException("Error saving certificate " + name + ": " + e.getMessage(), e);
        }
    }

    public String convertDnForFileSystem(String str) {
        return str.replace("=", "-").replace(", ", "_").replace(StringArrayPropertyEditor.DEFAULT_SEPARATOR, "_").replace("/", "_").replace("\\", "_").replace("{", "_").replace("}", "_").replace(":", "_");
    }

    public String getRelativePathForSubjectDn(X509Certificate x509Certificate) throws URISyntaxException {
        String str = convertDnForFileSystem(x509Certificate.getIssuerX500Principal().getName()) + "-" + x509Certificate.getSerialNumber().toString() + ".cer";
        if (Pattern.compile("[a-zA-Z_0-9-_]").matcher(str).find()) {
            return str;
        }
        throw new URISyntaxException(str, "Input did not match [a-zA-Z_0-9-_].");
    }

    private File[] getX509Files() {
        ArrayList arrayList = new ArrayList();
        try {
            arrayList.addAll(Arrays.asList(this.storageDir.listFiles()));
            arrayList.addAll(Arrays.asList(new File(this.storageDir + "/" + TRUSTED_CAS_PATH).listFiles()));
            arrayList.addAll(Arrays.asList(new File(this.storageDir + "/" + CAS_PATH).listFiles()));
            arrayList.addAll(Arrays.asList(new File(this.storageDir + "/" + CRLS_PATH).listFiles()));
        } catch (NullPointerException e) {
        }
        if (arrayList.isEmpty()) {
            throw new XKMSConfigurationException(ResultMajorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_RECEIVER, ResultMinorEnum.HTTP_WWW_W_3_ORG_2002_03_XKMS_FAILURE, "File base persistence storage is not found: " + this.storageDir.getPath());
        }
        return (File[]) arrayList.toArray(new File[arrayList.size()]);
    }

    public X509Certificate readCertificate(File file) throws CertificateException, FileNotFoundException {
        return (X509Certificate) this.certFactory.generateCertificate(new FileInputStream(file));
    }

    public X509CRL readCRL(File file) throws FileNotFoundException, CRLException {
        return (X509CRL) this.certFactory.generateCRL(new FileInputStream(file));
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public List<X509Certificate> getTrustedCaCerts() {
        ArrayList arrayList = new ArrayList();
        for (File file : getX509Files()) {
            try {
                if (!file.isDirectory()) {
                    if (file.getParent().endsWith(TRUSTED_CAS_PATH)) {
                        arrayList.add(readCertificate(file));
                    }
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load certificate from file: %s. Error: %s", file, e.getMessage()));
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public List<X509Certificate> getCaCerts() {
        ArrayList arrayList = new ArrayList();
        for (File file : getX509Files()) {
            try {
                if (!file.isDirectory()) {
                    if (file.getParent().endsWith(CAS_PATH)) {
                        arrayList.add(readCertificate(file));
                    }
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load certificate from file: %s. Error: %s", file, e.getMessage()));
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public List<X509CRL> getCRLs() {
        ArrayList arrayList = new ArrayList();
        for (File file : getX509Files()) {
            try {
                if (!file.isDirectory()) {
                    if (file.getParent().endsWith(CRLS_PATH)) {
                        arrayList.add(readCRL(file));
                    }
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load CRL from file: %s. Error: %s", file, e.getMessage()));
            }
        }
        return arrayList;
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public X509Certificate findByServiceName(String str) {
        return findBySubjectDn(CN_PREFIX + str);
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public X509Certificate findBySubjectDn(String str) {
        ArrayList arrayList = new ArrayList();
        for (File file : getX509Files()) {
            try {
                if (!file.isDirectory()) {
                    X509Certificate readCertificate = readCertificate(file);
                    LOG.debug("Searching for " + str + ". Checking cert " + readCertificate.getSubjectDN().getName() + ", " + readCertificate.getSubjectX500Principal().getName());
                    if (str.equalsIgnoreCase(readCertificate.getSubjectDN().getName()) || str.equalsIgnoreCase(readCertificate.getSubjectX500Principal().getName())) {
                        arrayList.add(readCertificate);
                    }
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load certificate from file: %s. Error: %s", file, e.getMessage()));
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (X509Certificate) arrayList.get(0);
    }

    @Override // org.apache.cxf.xkms.x509.repo.CertificateRepo
    public X509Certificate findByIssuerSerial(String str, String str2) {
        ArrayList arrayList = new ArrayList();
        for (File file : getX509Files()) {
            try {
                if (!file.isDirectory()) {
                    X509Certificate readCertificate = readCertificate(file);
                    BigInteger serialNumber = readCertificate.getSerialNumber();
                    BigInteger bigInteger = new BigInteger(str2, 16);
                    if (str.equalsIgnoreCase(readCertificate.getIssuerX500Principal().getName()) && serialNumber.equals(bigInteger)) {
                        arrayList.add(readCertificate);
                    }
                }
            } catch (Exception e) {
                LOG.warn(String.format("Cannot load certificate from file: %s. Error: %s", file, e.getMessage()));
            }
        }
        if (arrayList.isEmpty()) {
            return null;
        }
        return (X509Certificate) arrayList.get(0);
    }
}
