package com.hypersocket.certificates;

import com.hypersocket.ApplicationContextServiceImpl;
import com.hypersocket.certificates.events.CertificateResourceCreatedEvent;
import com.hypersocket.certificates.events.CertificateResourceDeletedEvent;
import com.hypersocket.certificates.events.CertificateResourceEvent;
import com.hypersocket.certificates.events.CertificateResourceUpdatedEvent;
import com.hypersocket.certificates.jobs.CertificateExpiringMessageRepository;
import com.hypersocket.certs.FileFormatException;
import com.hypersocket.certs.InvalidPassphraseException;
import com.hypersocket.certs.MismatchedCertificateException;
import com.hypersocket.certs.X509CertificateUtils;
import com.hypersocket.events.EventService;
import com.hypersocket.i18n.I18NService;
import com.hypersocket.json.utils.HypersocketUtils;
import com.hypersocket.message.MessageResourceService;
import com.hypersocket.permissions.AccessDeniedException;
import com.hypersocket.permissions.PermissionCategory;
import com.hypersocket.permissions.PermissionService;
import com.hypersocket.properties.EntityResourcePropertyStore;
import com.hypersocket.properties.PropertyCategory;
import com.hypersocket.properties.PropertyFilter;
import com.hypersocket.properties.ResourceUtils;
import com.hypersocket.realm.Realm;
import com.hypersocket.realm.RealmService;
import com.hypersocket.resource.AbstractResourceRepository;
import com.hypersocket.resource.AbstractResourceServiceImpl;
import com.hypersocket.resource.PropertyChange;
import com.hypersocket.resource.ResourceChangeException;
import com.hypersocket.resource.ResourceCreationException;
import com.hypersocket.resource.ResourceException;
import com.hypersocket.resource.ResourceNotFoundException;
import com.hypersocket.resource.SimpleResource;
import com.hypersocket.resource.TransactionAdapter;
import com.hypersocket.resource.TransactionOperation;
import com.hypersocket.upgrade.UpgradeService;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPrivateKey;
import java.security.interfaces.ECKey;
import java.security.interfaces.RSAPrivateKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.web.multipart.MultipartFile;

@Service
/* loaded from: input_file:com/hypersocket/certificates/CertificateResourceServiceImpl.class */
public class CertificateResourceServiceImpl extends AbstractResourceServiceImpl<CertificateResource> implements CertificateResourceService {
    static Logger log = LoggerFactory.getLogger(CertificateResourceServiceImpl.class);
    public static final String DEFAULT_CERTIFICATE_NAME = "Default SSL Certificate";
    public static final String MESSAGE_CERTIFICATE_CREATED = "message.certificateCreated";
    public static final String MESSAGE_CERTIFICATE_UPDATED = "message.certificateUpdated";
    public static final String MESSAGE_CERTIFICATE_EXPIRING = "message.certificateExpiring";
    public static final String MESSAGE_CERTIFICATE_EXPIRED = "message.certificateExpired";

    @Autowired
    private CertificateResourceRepository repository;

    @Autowired
    private I18NService i18nService;

    @Autowired
    private PermissionService permissionService;

    @Autowired
    private RealmService realmService;

    @Autowired
    private EventService eventService;

    @Autowired
    private MessageResourceService messageService;

    @Autowired
    private CertificateExpiringMessageRepository certificateExpiryMessageRepository;
    private Map<String, CertificateProvider> providers;

    public CertificateResourceServiceImpl() {
        super("certificates");
        this.providers = new HashMap();
    }

    @PostConstruct
    private void postConstruct() {
        this.i18nService.registerBundle(CertificateResourceService.RESOURCE_BUNDLE);
        PermissionCategory registerPermissionCategory = this.permissionService.registerPermissionCategory(CertificateResourceService.RESOURCE_BUNDLE, "category.certificates");
        for (CertificateResourcePermission certificateResourcePermission : CertificateResourcePermission.values()) {
            this.permissionService.registerPermission(certificateResourcePermission, registerPermissionCategory);
        }
        this.repository.loadPropertyTemplates("certificateResourceTemplate.xml");
        this.eventService.registerEvent(CertificateResourceEvent.class, CertificateResourceService.RESOURCE_BUNDLE, this);
        this.eventService.registerEvent(CertificateResourceCreatedEvent.class, CertificateResourceService.RESOURCE_BUNDLE, this);
        this.eventService.registerEvent(CertificateResourceUpdatedEvent.class, CertificateResourceService.RESOURCE_BUNDLE, this);
        this.eventService.registerEvent(CertificateResourceDeletedEvent.class, CertificateResourceService.RESOURCE_BUNDLE, this);
        EntityResourcePropertyStore.registerResourceService(CertificateResource.class, this.repository);
        registerProvider(new DefaultCertificateProvider());
        this.messageService.registerI18nMessage(CertificateResourceService.RESOURCE_BUNDLE, MESSAGE_CERTIFICATE_CREATED, CertificateResolver.getVariables());
        this.messageService.registerI18nMessage(CertificateResourceService.RESOURCE_BUNDLE, MESSAGE_CERTIFICATE_UPDATED, CertificateResolver.getVariables());
        this.messageService.registerI18nMessage(CertificateResourceService.RESOURCE_BUNDLE, MESSAGE_CERTIFICATE_EXPIRED, CertificateResolver.getVariables());
        this.messageService.registerI18nMessage(CertificateResourceService.RESOURCE_BUNDLE, MESSAGE_CERTIFICATE_EXPIRING, CertificateResolver.getVariables(), false, this.certificateExpiryMessageRepository);
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected AbstractResourceRepository<CertificateResource> getRepository() {
        return this.repository;
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected String getResourceBundle() {
        return CertificateResourceService.RESOURCE_BUNDLE;
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public Class<CertificateResourcePermission> getPermissionType() {
        return CertificateResourcePermission.class;
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected Class<CertificateResource> getResourceClass() {
        return CertificateResource.class;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceCreationEvent(CertificateResource certificateResource) {
        if (getCurrentPrincipal().isSystem()) {
            return;
        }
        this.eventService.publishEvent(new CertificateResourceCreatedEvent(this, getCurrentSession(), certificateResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceCreationEvent(CertificateResource certificateResource, Throwable th) {
        if (getCurrentPrincipal().isSystem()) {
            return;
        }
        this.eventService.publishEvent(new CertificateResourceCreatedEvent(this, certificateResource, th, getCurrentSession()));
    }

    /* renamed from: fireNonStandardEvents, reason: avoid collision after fix types in other method */
    protected boolean fireNonStandardEvents2(CertificateResource certificateResource, List<PropertyChange> list) {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceUpdateEvent(CertificateResource certificateResource) {
        this.eventService.publishEvent(new CertificateResourceUpdatedEvent(this, getCurrentSession(), certificateResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceUpdateEvent(CertificateResource certificateResource, Throwable th) {
        this.eventService.publishEvent(new CertificateResourceUpdatedEvent(this, certificateResource, th, getCurrentSession()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceDeletionEvent(CertificateResource certificateResource) {
        this.eventService.publishEvent(new CertificateResourceDeletedEvent(this, getCurrentSession(), certificateResource));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    public void fireResourceDeletionEvent(CertificateResource certificateResource, Throwable th) {
        this.eventService.publishEvent(new CertificateResourceDeletedEvent(this, certificateResource, th, getCurrentSession()));
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public void updateCertificate(CertificateResource certificateResource) throws ResourceException, AccessDeniedException {
        updateResource(certificateResource, new TransactionAdapter<CertificateResource>() { // from class: com.hypersocket.certificates.CertificateResourceServiceImpl.1
            public void afterOperation(CertificateResource certificateResource2, Map<String, String> map) throws ResourceException {
                CertificateResourceServiceImpl.this.sendCertificateNotification(certificateResource2, CertificateResourceServiceImpl.MESSAGE_CERTIFICATE_UPDATED);
            }

            @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
            public /* bridge */ /* synthetic */ void afterOperation(Object obj, Map map) throws ResourceException {
                afterOperation((CertificateResource) obj, (Map<String, String>) map);
            }
        });
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource updateResource(CertificateResource certificateResource, final String str, Map<String, String> map) throws ResourceException, AccessDeniedException {
        certificateResource.setName(str);
        updateResource((CertificateResourceServiceImpl) certificateResource, map, (TransactionOperation<CertificateResourceServiceImpl>[]) new TransactionOperation[]{new TransactionAdapter<CertificateResource>() { // from class: com.hypersocket.certificates.CertificateResourceServiceImpl.2
            public void beforeOperation(CertificateResource certificateResource2, Map<String, String> map2) throws ResourceException {
                try {
                    CertificateResourceServiceImpl.this.getProvider(certificateResource2.getProvider()).update(certificateResource2, str, map2);
                } catch (FileFormatException | InvalidPassphraseException | AccessDeniedException | UnsupportedEncodingException | CertificateException e) {
                    throw new IllegalStateException(e.getMessage(), e);
                }
            }

            public void afterOperation(CertificateResource certificateResource2, Map<String, String> map2) throws ResourceException {
                CertificateResourceServiceImpl.this.sendCertificateNotification(certificateResource2, CertificateResourceServiceImpl.MESSAGE_CERTIFICATE_UPDATED);
            }

            @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
            public /* bridge */ /* synthetic */ void afterOperation(Object obj, Map map2) throws ResourceException {
                afterOperation((CertificateResource) obj, (Map<String, String>) map2);
            }

            @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
            public /* bridge */ /* synthetic */ void beforeOperation(Object obj, Map map2) throws ResourceException {
                beforeOperation((CertificateResource) obj, (Map<String, String>) map2);
            }
        }});
        return certificateResource;
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource createResource(String str, final Realm realm, Map<String, String> map, boolean z) throws ResourceException, AccessDeniedException {
        CertificateResource certificateResource = new CertificateResource();
        certificateResource.setName(str);
        certificateResource.setRealm(realm);
        certificateResource.setSystem(z);
        createResource(certificateResource, map, new TransactionAdapter<CertificateResource>() { // from class: com.hypersocket.certificates.CertificateResourceServiceImpl.3
            public void beforeOperation(CertificateResource certificateResource2, Map<String, String> map2) throws ResourceException {
                try {
                    CertificateResourceServiceImpl.this.getProvider(certificateResource2.getProvider()).create(certificateResource2, map2);
                } catch (AccessDeniedException | UnsupportedEncodingException | CertificateException e) {
                    throw new IllegalStateException(e.getMessage(), e);
                }
            }

            public void afterOperation(CertificateResource certificateResource2, Map<String, String> map2) throws ResourceException {
                if (CertificateResourceServiceImpl.this.getProvider(certificateResource2.getProvider()).isDeferredCertificateCreation(certificateResource2, realm, map2, true)) {
                    return;
                }
                CertificateResourceServiceImpl.this.sendCertificateNotification(certificateResource2, CertificateResourceServiceImpl.MESSAGE_CERTIFICATE_CREATED);
            }

            @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
            public /* bridge */ /* synthetic */ void afterOperation(Object obj, Map map2) throws ResourceException {
                afterOperation((CertificateResource) obj, (Map<String, String>) map2);
            }

            @Override // com.hypersocket.resource.TransactionAdapter, com.hypersocket.resource.TransactionOperation
            public /* bridge */ /* synthetic */ void beforeOperation(Object obj, Map map2) throws ResourceException {
                beforeOperation((CertificateResource) obj, (Map<String, String>) map2);
            }
        });
        return certificateResource;
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateProvider getProvider(String str) {
        CertificateProvider certificateProvider = this.providers.get(StringUtils.isBlank(str) ? DefaultCertificateProvider.RESOURCE_KEY : str);
        if (certificateProvider == null) {
            throw new IllegalArgumentException(String.format("No provider with ID of %s", str));
        }
        return certificateProvider;
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource createResource(String str, Realm realm, CertificateType certificateType, String str2, String str3, String str4, String str5, String str6, String str7, boolean z) throws ResourceException, AccessDeniedException {
        HashMap hashMap = new HashMap();
        hashMap.put("certType", certificateType.toString());
        hashMap.put("commonName", str2);
        hashMap.put("organizationalUnit", str3);
        hashMap.put("organization", str4);
        hashMap.put("location", str5);
        hashMap.put("state", str6);
        hashMap.put("country", str7);
        return createResource(str, realm, hashMap, z);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public Collection<PropertyCategory> getPropertyTemplate() throws AccessDeniedException {
        assertPermission(CertificateResourcePermission.READ);
        return this.repository.getPropertyCategories((SimpleResource) null, new PropertyFilter[0]);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public Collection<PropertyCategory> getPropertyTemplate(CertificateResource certificateResource) throws AccessDeniedException {
        assertPermission(CertificateResourcePermission.READ);
        return this.repository.getPropertyCategories(certificateResource, new PropertyFilter[0]);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public KeyStore getDefaultCertificate() throws ResourceException, AccessDeniedException {
        CertificateResource createResource;
        try {
            createResource = getResourceByName(DEFAULT_CERTIFICATE_NAME);
        } catch (ResourceNotFoundException e) {
            HashMap hashMap = new HashMap();
            hashMap.put("certType", "RSA_2048");
            hashMap.put("commonName", "localhost");
            hashMap.put("organizationalUnit", "Default");
            hashMap.put("organization", "Default");
            hashMap.put("location", "Unknown");
            hashMap.put("state", "Unknown");
            hashMap.put("country", "US");
            createResource = createResource(DEFAULT_CERTIFICATE_NAME, this.realmService.getSystemRealm(), hashMap, true);
        }
        return getResourceKeystore(createResource, "hypersocket", "changeit");
    }

    protected KeyStore loadPEMCertificate(InputStream inputStream, InputStream inputStream2, InputStream inputStream3, String str, char[] cArr, char[] cArr2) throws CertificateException, MismatchedCertificateException {
        try {
            if (inputStream3 == null) {
                return X509CertificateUtils.createKeystore(X509CertificateUtils.loadKeyPairFromPEM(inputStream, cArr), new X509Certificate[]{X509CertificateUtils.loadCertificateFromPEM(inputStream2)}, str, cArr2);
            }
            X509Certificate[] x509CertificateArr = (X509Certificate[]) ArrayUtils.add(X509CertificateUtils.loadCertificateChainFromPEM(inputStream3), X509CertificateUtils.loadCertificateFromPEM(inputStream2));
            ArrayUtils.reverse(x509CertificateArr);
            return X509CertificateUtils.createKeystore(X509CertificateUtils.loadKeyPairFromPEM(inputStream, cArr), x509CertificateArr, str, cArr2);
        } catch (MismatchedCertificateException e) {
            throw e;
        } catch (Exception e2) {
            throw new CertificateException("Failed to load key/certificate files", e2);
        }
    }

    protected void loadPEMCertificate(CertificateResource certificateResource, String str, String str2, KeyStore keyStore) throws ResourceException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certificateResource.getPrivateKey().getBytes("UTF-8"));
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(certificateResource.getCertificate().getBytes("UTF-8"));
            ByteArrayInputStream byteArrayInputStream3 = null;
            if (!StringUtils.isEmpty(certificateResource.getBundle())) {
                byteArrayInputStream3 = new ByteArrayInputStream(certificateResource.getBundle().getBytes("UTF-8"));
            }
            loadPEMCertificate(byteArrayInputStream, byteArrayInputStream2, byteArrayInputStream3, str, null, str2.toCharArray(), keyStore);
        } catch (MismatchedCertificateException e) {
            log.error("Failed to load certificate", e);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        } catch (UnsupportedEncodingException e2) {
            log.error("Failed to encode certificate", e2);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e2.getMessage());
        } catch (CertificateException e3) {
            log.error("Failed to generate certificate", e3);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e3.getMessage());
        }
    }

    protected void loadPEMCertificate(InputStream inputStream, InputStream inputStream2, InputStream inputStream3, String str, char[] cArr, char[] cArr2, KeyStore keyStore) throws CertificateException, MismatchedCertificateException {
        mergeKeystores(keyStore, loadPEMCertificate(inputStream, inputStream2, inputStream3, str, cArr, cArr2), "changeit");
    }

    private void mergeKeystores(KeyStore keyStore, KeyStore keyStore2, String str) throws CertificateException {
        try {
            Enumeration<String> aliases = keyStore2.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                keyStore.setKeyEntry(nextElement, keyStore2.getKey(nextElement, str.toCharArray()), str.toCharArray(), keyStore2.getCertificateChain(nextElement));
            }
        } catch (Exception e) {
            throw new CertificateException("Failed to load key/certificate files", e);
        }
    }

    private KeyPair loadKeyPair(CertificateResource certificateResource) throws CertificateException, UnsupportedEncodingException, InvalidPassphraseException, FileFormatException {
        return X509CertificateUtils.loadKeyPairFromPEM(new ByteArrayInputStream(certificateResource.getPrivateKey().getBytes("UTF-8")), null);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public String generateCSR(CertificateResource certificateResource) throws UnsupportedEncodingException, Exception {
        KeyPair loadKeyPair = loadKeyPair(certificateResource);
        return new String(X509CertificateUtils.generatePKCS10(loadKeyPair.getPrivate(), loadKeyPair.getPublic(), certificateResource.getCommonName(), certificateResource.getOrganizationalUnit(), certificateResource.getOrganization(), certificateResource.getLocation(), certificateResource.getState(), certificateResource.getCountry(), ResourceUtils.explodeValues(certificateResource.getSan())), "UTF-8");
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public void updateCertificate(CertificateResource certificateResource, MultipartFile multipartFile, MultipartFile multipartFile2) throws ResourceException {
        try {
            updateCertificate(certificateResource, multipartFile.getInputStream(), multipartFile2 == null ? null : multipartFile2.getInputStream());
        } catch (IOException e) {
            throw new ResourceChangeException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public void updateCertificate(CertificateResource certificateResource, InputStream inputStream, InputStream inputStream2) throws ResourceException {
        try {
            try {
                X509Certificate loadCertificateFromPEM = X509CertificateUtils.loadCertificateFromPEM(inputStream);
                X509Certificate[] x509CertificateArr = null;
                if (inputStream2 != null) {
                    x509CertificateArr = X509CertificateUtils.loadCertificateChainFromPEM(inputStream2);
                    X509CertificateUtils.validateChain(x509CertificateArr, loadCertificateFromPEM);
                }
                if (!loadKeyPair(certificateResource).getPublic().equals(loadCertificateFromPEM.getPublicKey())) {
                    throw new MismatchedCertificateException("The certificate does not match the private key.");
                }
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                X509CertificateUtils.saveCertificate(new Certificate[]{loadCertificateFromPEM}, byteArrayOutputStream);
                if (x509CertificateArr != null) {
                    ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                    X509CertificateUtils.saveCertificate(x509CertificateArr, byteArrayOutputStream2);
                    certificateResource.setBundle(new String(byteArrayOutputStream2.toByteArray(), "UTF-8"));
                }
                certificateResource.setCertificate(new String(byteArrayOutputStream.toByteArray(), "UTF-8"));
                updateResource(certificateResource, new TransactionOperation[0]);
                IOUtils.closeQuietly(inputStream);
                IOUtils.closeQuietly(inputStream2);
            } catch (FileFormatException | InvalidPassphraseException | MismatchedCertificateException | AccessDeniedException | ResourceChangeException | IOException | CertificateException e) {
                log.error("Failed to generate certificate", e);
                throw new ResourceChangeException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
            }
        } catch (Throwable th) {
            IOUtils.closeQuietly(inputStream);
            IOUtils.closeQuietly(inputStream2);
            throw th;
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource importPrivateKey(InputStream inputStream, String str, InputStream inputStream2, InputStream inputStream3) throws ResourceException, InvalidPassphraseException {
        CertificateResource certificateResource = new CertificateResource();
        try {
            doInternalPrivateKey(certificateResource, inputStream, str, inputStream2, inputStream3);
            certificateResource.setRealm(getCurrentRealm());
            createResource(certificateResource, new HashMap(), new TransactionOperation[0]);
            return certificateResource;
        } catch (FileFormatException | MismatchedCertificateException | AccessDeniedException | IOException | CertificateException e) {
            log.error("Failed to generate certificate", e);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource importPrivateKey(MultipartFile multipartFile, String str, MultipartFile multipartFile2, MultipartFile multipartFile3) throws ResourceException, InvalidPassphraseException {
        CertificateResource certificateResource = new CertificateResource();
        try {
            doInternalPrivateKey(certificateResource, multipartFile, str, multipartFile2, multipartFile3);
            certificateResource.setRealm(getCurrentRealm());
            createResource(certificateResource, new HashMap(), new TransactionOperation[0]);
            return certificateResource;
        } catch (FileFormatException | MismatchedCertificateException | AccessDeniedException | IOException | CertificateException e) {
            log.error("Failed to generate certificate", e);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource replacePrivateKey(CertificateResource certificateResource, MultipartFile multipartFile, String str, MultipartFile multipartFile2, MultipartFile multipartFile3) throws ResourceException, InvalidPassphraseException, IOException {
        return replacePrivateKey(certificateResource, multipartFile.getInputStream(), str, multipartFile2.getInputStream(), multipartFile3.getInputStream());
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource replacePrivateKey(CertificateResource certificateResource, InputStream inputStream, String str, InputStream inputStream2, InputStream inputStream3) throws ResourceException, InvalidPassphraseException {
        try {
            doInternalPrivateKey(certificateResource, inputStream, str, inputStream2, inputStream3);
            updateResource((CertificateResourceServiceImpl) certificateResource, (Map<String, String>) new HashMap(), (TransactionOperation<CertificateResourceServiceImpl>[]) new TransactionOperation[0]);
            return certificateResource;
        } catch (FileFormatException | MismatchedCertificateException | AccessDeniedException | IOException | CertificateException e) {
            log.error("Failed to replace certificate", e);
            throw new ResourceChangeException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        }
    }

    private void doInternalPrivateKey(CertificateResource certificateResource, MultipartFile multipartFile, String str, MultipartFile multipartFile2, MultipartFile multipartFile3) throws InvalidPassphraseException, CertificateException, IOException, FileFormatException, MismatchedCertificateException {
        doInternalPrivateKey(certificateResource, multipartFile.getInputStream(), str, multipartFile2.getInputStream(), multipartFile3 == null ? null : multipartFile3.getInputStream());
    }

    private void doInternalPrivateKey(CertificateResource certificateResource, InputStream inputStream, String str, InputStream inputStream2, InputStream inputStream3) throws InvalidPassphraseException, CertificateException, IOException, FileFormatException, MismatchedCertificateException {
        X509Certificate loadCertificateFromPEM = X509CertificateUtils.loadCertificateFromPEM(inputStream2);
        X509Certificate[] x509CertificateArr = null;
        if (inputStream3 != null) {
            x509CertificateArr = X509CertificateUtils.loadCertificateChainFromPEM(inputStream3);
            X509CertificateUtils.validateChain(x509CertificateArr, loadCertificateFromPEM);
        }
        KeyPair loadKeyPairFromPEM = X509CertificateUtils.loadKeyPairFromPEM(inputStream, str.toCharArray());
        if (!loadKeyPairFromPEM.getPublic().equals(loadCertificateFromPEM.getPublicKey())) {
            throw new MismatchedCertificateException("The certificate does not match the private key.");
        }
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        X509CertificateUtils.saveKeyPair(loadKeyPairFromPEM, byteArrayOutputStream);
        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
        X509CertificateUtils.saveCertificate(new Certificate[]{loadCertificateFromPEM}, byteArrayOutputStream2);
        if (x509CertificateArr != null) {
            ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
            X509CertificateUtils.saveCertificate(x509CertificateArr, byteArrayOutputStream3);
            certificateResource.setBundle(new String(byteArrayOutputStream3.toByteArray(), "UTF-8"));
        }
        X500Name subject = new JcaX509CertificateHolder(loadCertificateFromPEM).getSubject();
        RDN rdn = subject.getRDNs(BCStyle.CN)[0];
        for (RDN rdn2 : subject.getRDNs()) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn2.getTypesAndValues()) {
                log.info(attributeTypeAndValue.getType().toString() + ": " + IETFUtils.valueToString(attributeTypeAndValue.getValue()));
            }
        }
        if (!DEFAULT_CERTIFICATE_NAME.equals(certificateResource.getName())) {
            certificateResource.setName(IETFUtils.valueToString(rdn.getFirst().getValue()));
        }
        certificateResource.setCommonName(IETFUtils.valueToString(rdn.getFirst().getValue()));
        certificateResource.setCountry("");
        certificateResource.setLocation("");
        certificateResource.setOrganization("");
        certificateResource.setOrganizationalUnit("");
        certificateResource.setState("");
        certificateResource.setPrivateKey(new String(byteArrayOutputStream.toByteArray(), "UTF-8"));
        certificateResource.setCertificate(new String(byteArrayOutputStream2.toByteArray(), "UTF-8"));
        if (loadCertificateFromPEM.getNotBefore() != null) {
            certificateResource.setIssueDate(loadCertificateFromPEM.getNotBefore());
        }
        if (loadCertificateFromPEM.getNotAfter() != null) {
            certificateResource.setExpiryDate(loadCertificateFromPEM.getNotAfter());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource importPfx(MultipartFile multipartFile, String str) throws ResourceException, AccessDeniedException {
        CertificateResource certificateResource = new CertificateResource();
        try {
            internalDoPfx(certificateResource, multipartFile, str);
            certificateResource.setRealm(getCurrentRealm());
            createResource(certificateResource, new HashMap(), new TransactionOperation[0]);
            return certificateResource;
        } catch (MismatchedCertificateException | IOException | KeyStoreException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e) {
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.genericError", e.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource replacePfx(CertificateResource certificateResource, MultipartFile multipartFile, String str) throws AccessDeniedException, ResourceException, IOException {
        return replacePfx(certificateResource, multipartFile.getInputStream(), str);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public CertificateResource replacePfx(CertificateResource certificateResource, InputStream inputStream, String str) throws AccessDeniedException, ResourceException {
        try {
            internalDoPfx(certificateResource, inputStream, str);
            updateResource((CertificateResourceServiceImpl) certificateResource, (Map<String, String>) new HashMap(), (TransactionOperation<CertificateResourceServiceImpl>[]) new TransactionOperation[0]);
            return certificateResource;
        } catch (MismatchedCertificateException | IOException | NoSuchAlgorithmException | NoSuchProviderException | UnrecoverableKeyException | CertificateException e) {
            throw new ResourceChangeException(CertificateResourceService.RESOURCE_BUNDLE, "error.genericError", e.getMessage());
        } catch (KeyStoreException e2) {
            throw new ResourceChangeException(CertificateResourceService.RESOURCE_BUNDLE, "error.keyError", e2.getMessage());
        }
    }

    private void internalDoPfx(CertificateResource certificateResource, MultipartFile multipartFile, String str) throws AccessDeniedException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOException, MismatchedCertificateException {
        internalDoPfx(certificateResource, multipartFile.getInputStream(), str);
    }

    private void internalDoPfx(CertificateResource certificateResource, InputStream inputStream, String str) throws AccessDeniedException, UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, NoSuchProviderException, IOException, MismatchedCertificateException {
        int fieldSize;
        try {
            KeyStore loadKeyStoreFromPFX = X509CertificateUtils.loadKeyStoreFromPFX(inputStream, str.toCharArray());
            Enumeration<String> aliases = loadKeyStoreFromPFX.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (loadKeyStoreFromPFX.isKeyEntry(nextElement)) {
                    Key key = loadKeyStoreFromPFX.getKey(nextElement, str.toCharArray());
                    if (key instanceof PrivateKey) {
                        X509Certificate x509Certificate = (X509Certificate) loadKeyStoreFromPFX.getCertificate(nextElement);
                        Certificate[] certificateChain = loadKeyStoreFromPFX.getCertificateChain(nextElement);
                        PublicKey publicKey = x509Certificate.getPublicKey();
                        PrivateKey privateKey = (PrivateKey) key;
                        KeyPair keyPair = new KeyPair(publicKey, privateKey);
                        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                        X509CertificateUtils.saveKeyPair(keyPair, byteArrayOutputStream);
                        certificateResource.setPrivateKey(new String(byteArrayOutputStream.toByteArray(), "UTF-8"));
                        ArrayList arrayList = new ArrayList(Arrays.asList(certificateChain));
                        if (arrayList.size() > 1) {
                            arrayList.remove(0);
                        }
                        Certificate[] certificateArr = (Certificate[]) arrayList.toArray(new Certificate[0]);
                        X509CertificateUtils.validateChain(certificateArr, x509Certificate);
                        if (!keyPair.getPublic().equals(x509Certificate.getPublicKey())) {
                            throw new MismatchedCertificateException();
                        }
                        ByteArrayOutputStream byteArrayOutputStream2 = new ByteArrayOutputStream();
                        X509CertificateUtils.saveCertificate(certificateArr, byteArrayOutputStream2);
                        certificateResource.setBundle(new String(byteArrayOutputStream2.toByteArray(), "UTF-8"));
                        ByteArrayOutputStream byteArrayOutputStream3 = new ByteArrayOutputStream();
                        X509CertificateUtils.saveCertificate(new Certificate[]{x509Certificate}, byteArrayOutputStream3);
                        certificateResource.setCertificate(new String(byteArrayOutputStream3.toByteArray(), "UTF-8"));
                        X500Name subject = new JcaX509CertificateHolder(x509Certificate).getSubject();
                        RDN rdn = subject.getRDNs(BCStyle.CN)[0];
                        for (RDN rdn2 : subject.getRDNs()) {
                            for (AttributeTypeAndValue attributeTypeAndValue : rdn2.getTypesAndValues()) {
                                log.info(attributeTypeAndValue.getType().toString() + ": " + IETFUtils.valueToString(attributeTypeAndValue.getValue()));
                            }
                        }
                        if (certificateResource.getName() == null || !certificateResource.getName().equals(DEFAULT_CERTIFICATE_NAME)) {
                            certificateResource.setName(IETFUtils.valueToString(rdn.getFirst().getValue()));
                        }
                        certificateResource.setCommonName(IETFUtils.valueToString(rdn.getFirst().getValue()));
                        certificateResource.setCountry("");
                        certificateResource.setLocation("");
                        certificateResource.setOrganization("");
                        certificateResource.setOrganizationalUnit("");
                        certificateResource.setState("");
                        if (privateKey instanceof RSAPrivateKey) {
                            fieldSize = ((RSAPrivateKey) privateKey).getModulus().bitLength();
                        } else if (privateKey instanceof DSAPrivateKey) {
                            fieldSize = 1024;
                        } else {
                            if (!(privateKey instanceof ECKey)) {
                                throw new UnsupportedOperationException("Key type not supported.");
                            }
                            fieldSize = ((ECKey) privateKey).getParams().getCurve().getField().getFieldSize();
                        }
                        certificateResource.setType(CertificateType.valueOf(privateKey.getAlgorithm() + "_" + fieldSize));
                        if (x509Certificate.getNotBefore() != null) {
                            certificateResource.setIssueDate(x509Certificate.getNotBefore());
                        }
                        if (x509Certificate.getNotAfter() != null) {
                            certificateResource.setExpiryDate(x509Certificate.getNotAfter());
                        }
                    } else {
                        continue;
                    }
                }
            }
        } catch (IOException e) {
            throw new KeyStoreException(e.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public void registerProvider(CertificateProvider certificateProvider) {
        if (this.providers.containsKey(certificateProvider.getResourceKey())) {
            throw new IllegalArgumentException(String.format("The provider %s is alread registered.", certificateProvider.getResourceKey()));
        }
        this.providers.put(certificateProvider.getResourceKey(), certificateProvider);
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public KeyStore getResourceKeystore(CertificateResource certificateResource) throws ResourceException {
        return getResourceKeystore(certificateResource, "hypersocket", "changeit");
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public KeyStore getKeystoreWithCertificates(CertificateResource certificateResource, Collection<CertificateResource> collection) throws ResourceException, AccessDeniedException {
        KeyStore resourceKeystore = getResourceKeystore(certificateResource, "hypersocket", "changeit");
        for (CertificateResource certificateResource2 : collection) {
            loadPEMCertificate(certificateResource2, certificateResource2.getCommonName(), "changeit", resourceKeystore);
        }
        return resourceKeystore;
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public KeyStore getResourceKeystore(CertificateResource certificateResource, String str, String str2) throws ResourceException {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(certificateResource.getPrivateKey().getBytes("UTF-8"));
            ByteArrayInputStream byteArrayInputStream2 = new ByteArrayInputStream(certificateResource.getCertificate().getBytes("UTF-8"));
            ByteArrayInputStream byteArrayInputStream3 = null;
            if (!StringUtils.isEmpty(certificateResource.getBundle())) {
                byteArrayInputStream3 = new ByteArrayInputStream(certificateResource.getBundle().getBytes("UTF-8"));
            }
            return loadPEMCertificate(byteArrayInputStream, byteArrayInputStream2, byteArrayInputStream3, str, null, str2.toCharArray());
        } catch (MismatchedCertificateException e) {
            log.error("Failed to load certificate", e);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e.getMessage());
        } catch (UnsupportedEncodingException e2) {
            log.error("Failed to encode certificate", e2);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e2.getMessage());
        } catch (CertificateException e3) {
            log.error("Failed to generate certificate", e3);
            throw new ResourceCreationException(CertificateResourceService.RESOURCE_BUNDLE, "error.certificateError", e3.getMessage());
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public Map<String, CertificateProvider> getProviders() {
        return Collections.unmodifiableMap(this.providers);
    }

    private void sendCertificateNotification(CertificateResource certificateResource, String str) {
        if (((UpgradeService) ApplicationContextServiceImpl.getInstance().getBean("upgradeService", UpgradeService.class)).isDone()) {
            try {
                this.messageService.newMessageSender(certificateResource.getRealm()).messageResourceKey(str).tokenResolver(new CertificateResolver(certificateResource, getX509Certificate(certificateResource))).principals(this.permissionService.iteratePrincipalsByRole(certificateResource.getRealm(), this.permissionService.getSystemAdministratorRole(), this.permissionService.getRealmAdministratorRole(certificateResource.getRealm()))).send();
            } catch (AccessDeniedException | ResourceException | CertificateException e) {
                log.error("Failed to send certificate message", e);
            }
        }
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public X509Certificate getX509Certificate(CertificateResource certificateResource) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(HypersocketUtils.getUTF8Bytes(certificateResource.getCertificate())));
    }

    @Override // com.hypersocket.certificates.CertificateResourceService
    public void sendExpiringNotification(CertificateResource certificateResource, X509Certificate x509Certificate) {
        if (x509Certificate.getNotAfter().before(new Date())) {
            sendCertificateNotification(certificateResource, MESSAGE_CERTIFICATE_EXPIRED);
        } else {
            sendCertificateNotification(certificateResource, MESSAGE_CERTIFICATE_EXPIRING);
        }
    }

    @Override // com.hypersocket.resource.AbstractResourceServiceImpl
    protected /* bridge */ /* synthetic */ boolean fireNonStandardEvents(CertificateResource certificateResource, List list) {
        return fireNonStandardEvents2(certificateResource, (List<PropertyChange>) list);
    }
}
