package com.manydesigns.crypto;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.pqc.jcajce.spec.McElieceCCA2KeyGenParameterSpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/portofino-cryptography-4.2.13-SNAPSHOT.jar:com/manydesigns/crypto/KeyManager.class */
public class KeyManager {
    public static final Logger logger = LoggerFactory.getLogger((Class<?>) KeyManager.class);
    private static final String PROPERTY_ALG = "com.manydesigns.crypto.algorithm";
    private static final String PROPERTY_PRIVATE_KEY = "com.manydesigns.crypto.private.key";
    private static final String PROPERTY_PUBLIC_KEY = "com.manydesigns.crypto.public.key";
    private static final String PROPERTY_PRIVATE_KEY_DELETE = "com.manydesigns.crypto.delete.key";
    private static final String PROPERTY_PASSPHRASE = "com.manydesigns.crypto.passphrase";
    private static final String PROPERTY_SECURITY_LOCATION = "com.manydesigns.crypto.location";
    private static final String ASYMMETRIC_ALG = "ASIM";
    private static final String SYMMETRIC_ALG = "SIM";
    private SecretKey simmK;
    private PublicKey pbK;
    private PrivateKey prK;
    private String algo;
    private static KeyManager single;

    private KeyManager(Configuration configuration) throws GeneralSecurityException, IOException, InvalidPassphraseException, InvalidSettingsException {
        this.algo = configuration.getString(PROPERTY_ALG);
        if (this.algo == null) {
            logger.warn("No com.manydesigns.crypto.algorithm defined, KeyManager will not be initialized ");
            return;
        }
        boolean z = configuration.getBoolean(PROPERTY_PRIVATE_KEY_DELETE, false);
        String string = configuration.getString(PROPERTY_SECURITY_LOCATION);
        String str = string + "/" + configuration.getString(PROPERTY_PUBLIC_KEY);
        String str2 = string + "/" + configuration.getString(PROPERTY_PRIVATE_KEY);
        String str3 = string + "/" + configuration.getString(PROPERTY_PASSPHRASE);
        if (StringUtils.trimToNull(string) == null) {
            throw new InvalidSettingsException("Required property com.manydesigns.crypto.location is invalid or empty");
        }
        if (this.algo.equals(ASYMMETRIC_ALG)) {
            this.prK = getPrivateKey(str2);
            this.pbK = getPublicKey(str);
            this.simmK = null;
            checkOrSaveHash(str2, this.prK.toString());
            if (z) {
                CryptoUtils.secureDeleteFile(str2);
                return;
            }
            return;
        }
        if (!this.algo.equals(SYMMETRIC_ALG)) {
            throw new InvalidSettingsException(this.algo + " not supported, possible values are: SIM | ASIM");
        }
        String passPhrase = getPassPhrase(str3);
        checkOrSaveHash(str3, passPhrase);
        CryptoUtils.checkPassphrase(passPhrase);
        this.simmK = new SecretKeySpec(Arrays.copyOf(MessageDigest.getInstance(McElieceCCA2KeyGenParameterSpec.SHA1).digest(passPhrase.getBytes(StandardCharsets.UTF_8)), 16), "AES");
        if (z) {
            CryptoUtils.secureDeleteFile(str3);
        }
    }

    private void checkOrSaveHash(String str, String str2) throws IOException, GeneralSecurityException, InvalidPassphraseException {
        File file = new File(str + ".sum");
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(str.getBytes(StandardCharsets.UTF_8));
        String stringChecksum = CryptoUtils.getStringChecksum(messageDigest, str2);
        if (file.exists()) {
            if (!stringChecksum.equals(StringUtils.trimToEmpty(CryptoUtils.getKey(file.getAbsolutePath())))) {
                throw new InvalidPassphraseException("Checksum test failed, passphrase differs from last one used file: " + file.getAbsolutePath());
            }
            return;
        }
        PrintWriter printWriter = new PrintWriter(file);
        try {
            printWriter.print(stringChecksum);
            printWriter.close();
        } catch (Throwable th) {
            try {
                printWriter.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static KeyManager init(Configuration configuration) throws IOException, GeneralSecurityException, InvalidPassphraseException, InvalidSettingsException {
        if (isActive()) {
            throw new GeneralSecurityException("Key manager already initialized");
        }
        single = new KeyManager(configuration);
        return getInstance();
    }

    public static KeyManager getInstance() throws GeneralSecurityException {
        if (single == null) {
            throw new GeneralSecurityException("Key manager not initialized");
        }
        return single;
    }

    public static boolean isActive() {
        return single != null;
    }

    public SecretKey getSimmK() {
        return this.simmK;
    }

    public PublicKey getPbKey() {
        return this.pbK;
    }

    public PrivateKey getPrKey() {
        return this.prK;
    }

    public String getAlgo() {
        return this.algo;
    }

    private static PrivateKey getPrivateKey(String str) throws IOException, GeneralSecurityException {
        return getPrivateKeyFromString(CryptoUtils.getKey(str));
    }

    private static PrivateKey getPrivateKeyFromString(String str) throws IOException, GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PRIVATE KEY-----\n", "").replace("-----END PRIVATE KEY-----", "").getBytes())));
    }

    private static PublicKey getPublicKey(String str) throws IOException, GeneralSecurityException {
        return getPublicKeyFromString(CryptoUtils.getKey(str));
    }

    private static PublicKey getPublicKeyFromString(String str) throws IOException, GeneralSecurityException {
        return KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode(str.replace("-----BEGIN PUBLIC KEY-----\n", "").replace("-----END PUBLIC KEY-----", "").getBytes())));
    }

    private String getPassPhrase(String str) throws IOException, InvalidPassphraseException {
        logger.info("Retrieving passphrase");
        StringBuilder sb = new StringBuilder();
        try {
            BufferedReader bufferedReader = new BufferedReader(new FileReader(str));
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        bufferedReader.close();
                        return sb.toString();
                    }
                    sb.append(readLine);
                } finally {
                }
            }
        } catch (IOException e) {
            logger.error("getPassPhrase: " + e.getMessage(), (Throwable) e);
            throw e;
        }
    }
}
