package pl.edu.icm.yadda.aas.keystore.impl;

import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.opensaml.lite.security.TrustLevel;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import pl.edu.icm.yadda.aas.credential.builder.CredentialDTO;
import pl.edu.icm.yadda.aas.credential.builder.ICredentialBuilder;
import pl.edu.icm.yadda.aas.credential.cloner.ICloner;
import pl.edu.icm.yadda.aas.extractor.IExtractor;
import pl.edu.icm.yadda.aas.keystore.IInternalKeyStore;
import pl.edu.icm.yadda.aas.keystore.KeyQueryRequest;
import pl.edu.icm.yadda.aas.keystore.KeyQueryResponse;
import pl.edu.icm.yadda.aas.keystore.KeyStoreException;
import pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher;

/* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.7.0.jar:pl/edu/icm/yadda/aas/keystore/impl/InternalFileBasedKeystore.class */
public class InternalFileBasedKeystore<C> implements IInternalKeyStore<C> {
    public static final String STORED_LOCAL_CREDENTIAL_ALIAS = "IFBKS#local_cred_alias";
    private ICredentialBuilder<C> x509TrustAwareCredentialBuilder;
    private IExtractor<C, String> credentialIdExtractor;
    private ICloner<C> x509CredentialCloner;
    private String localKeystoreLocation;
    private String localKeystoreType;
    private String localKeystoreProvider;
    private String localKeystorePassword;
    private String localKeystorePrivKeyAlias;
    private String localKeystorePrivKeyPassword;
    private String certPEMFileLocation;
    protected final Logger log = LoggerFactory.getLogger(getClass());
    protected TrustLevel localTrustLevel = TrustLevel.OWN_TRUST;
    private int checkIntervalSecs = 60;
    private boolean enableFileChangesMonitor = false;
    private FileChangeTimestampBasedWatcher watcher = null;
    private C localCredential = null;
    private C localNoPrivKeyCredential = null;
    private Object mutex = new Object();

    /* loaded from: input_file:WEB-INF/lib/yadda-aas2-common-1.7.0.jar:pl/edu/icm/yadda/aas/keystore/impl/InternalFileBasedKeystore$LocalCredentialChangeListener.class */
    private class LocalCredentialChangeListener implements FileChangeTimestampBasedWatcher.FileChangeListener {
        private final String fileLocation;
        private final InternalFileBasedKeystore<C> keyStore;

        public LocalCredentialChangeListener(String str, InternalFileBasedKeystore<C> internalFileBasedKeystore) {
            this.fileLocation = str;
            this.keyStore = internalFileBasedKeystore;
        }

        @Override // pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher.FileChangeListener
        public String getLocation() {
            return this.fileLocation;
        }

        /* JADX WARN: Multi-variable type inference failed */
        @Override // pl.edu.icm.yadda.common.utils.FileChangeTimestampBasedWatcher.FileChangeListener
        public void notify(List<FileChangeTimestampBasedWatcher.FileStateChangedEntry> list) {
            if (list == null || list.size() <= 0) {
                return;
            }
            Object readLocalCredential = InternalFileBasedKeystore.this.readLocalCredential();
            synchronized (InternalFileBasedKeystore.this.mutex) {
                if (readLocalCredential != null) {
                    ((InternalFileBasedKeystore) this.keyStore).localCredential = readLocalCredential;
                    ((InternalFileBasedKeystore) this.keyStore).localNoPrivKeyCredential = InternalFileBasedKeystore.this.x509CredentialCloner.clone(readLocalCredential, false);
                } else {
                    ((InternalFileBasedKeystore) this.keyStore).localCredential = null;
                    ((InternalFileBasedKeystore) this.keyStore).localNoPrivKeyCredential = null;
                    InternalFileBasedKeystore.this.log.warn("setting local credential to null!");
                }
            }
        }
    }

    public void init() {
        C readLocalCredential = readLocalCredential();
        if (readLocalCredential != null) {
            synchronized (this.mutex) {
                this.localCredential = readLocalCredential;
                this.localNoPrivKeyCredential = this.x509CredentialCloner.clone(readLocalCredential, false);
            }
        } else {
            this.log.warn("cannot set local credential");
        }
        if (this.enableFileChangesMonitor) {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new LocalCredentialChangeListener(this.localKeystoreLocation, this));
            arrayList.add(new LocalCredentialChangeListener(this.certPEMFileLocation, this));
            this.watcher = new FileChangeTimestampBasedWatcher(this.checkIntervalSecs, arrayList);
            new Thread(this.watcher).start();
        }
    }

    public void destroy() {
        if (this.watcher != null) {
            this.watcher.setStopRunning(true);
        }
    }

    protected C readLocalCredential() {
        PrivateKey readPrivateKey = KeyStoreHelper.readPrivateKey(this.localKeystoreLocation, this.localKeystoreType, this.localKeystoreProvider, this.localKeystorePassword, this.localKeystorePrivKeyAlias, this.localKeystorePrivKeyPassword);
        if (readPrivateKey == null) {
            this.log.warn("cannot set X509Credential: no private key found!");
            return null;
        }
        X509Certificate readCertificate = KeyStoreHelper.readCertificate(this.certPEMFileLocation);
        if (readCertificate == null) {
            this.log.warn("cannot set X509Credential: no certificate found!");
            return null;
        }
        CredentialDTO credentialDTO = new CredentialDTO(STORED_LOCAL_CREDENTIAL_ALIAS);
        credentialDTO.setEntityCert(readCertificate);
        credentialDTO.setPrivateKey(readPrivateKey);
        credentialDTO.setTrustLevel(this.localTrustLevel);
        return this.x509TrustAwareCredentialBuilder.build(credentialDTO);
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public Map<String, C> getAllCredentials() {
        HashMap hashMap = new HashMap();
        synchronized (this.mutex) {
            if (this.localNoPrivKeyCredential != null) {
                hashMap.put(this.credentialIdExtractor.extract(this.localNoPrivKeyCredential), this.localNoPrivKeyCredential);
            }
        }
        return hashMap;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalEncryptionCredential() {
        return getInternalSigningCredential();
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalSigningCredential() {
        C c;
        synchronized (this.mutex) {
            c = this.localCredential;
        }
        return c;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalEncryptionCredentialNoPrivKey() {
        return getInternalSigningCredentialNoPrivKey();
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IInternalKeyStore
    public C getInternalSigningCredentialNoPrivKey() {
        C c;
        synchronized (this.mutex) {
            c = this.localNoPrivKeyCredential;
        }
        return c;
    }

    @Override // pl.edu.icm.yadda.aas.keystore.IKeyStore
    public KeyQueryResponse<C> queryKeys(KeyQueryRequest keyQueryRequest) throws KeyStoreException {
        if (keyQueryRequest != null && keyQueryRequest.getAlias() != null) {
            synchronized (this.mutex) {
                if (this.localNoPrivKeyCredential != null && keyQueryRequest.getAlias().equals(this.credentialIdExtractor.extract(this.localNoPrivKeyCredential))) {
                    return new KeyQueryResponse<>(this.localNoPrivKeyCredential);
                }
            }
        }
        return new KeyQueryResponse<>();
    }

    public void setEnableFileChangesMonitor(boolean z) {
        this.enableFileChangesMonitor = z;
    }

    public void setCheckIntervalSecs(int i) {
        this.checkIntervalSecs = i;
    }

    public void setLocalKeystoreLocation(String str) {
        this.localKeystoreLocation = str;
    }

    public void setLocalKeystoreType(String str) {
        this.localKeystoreType = str;
    }

    public void setLocalKeystoreProvider(String str) {
        this.localKeystoreProvider = str;
    }

    public void setLocalKeystorePassword(String str) {
        this.localKeystorePassword = str;
    }

    public void setLocalKeystorePrivKeyAlias(String str) {
        this.localKeystorePrivKeyAlias = str;
    }

    public void setLocalKeystorePrivKeyPassword(String str) {
        this.localKeystorePrivKeyPassword = str;
    }

    public void setCertPEMFileLocation(String str) {
        this.certPEMFileLocation = str;
    }

    public void setX509TrustAwareCredentialBuilder(ICredentialBuilder<C> iCredentialBuilder) {
        this.x509TrustAwareCredentialBuilder = iCredentialBuilder;
    }

    public void setCredentialIdExtractor(IExtractor<C, String> iExtractor) {
        this.credentialIdExtractor = iExtractor;
    }

    public void setX509CredentialCloner(ICloner<C> iCloner) {
        this.x509CredentialCloner = iCloner;
    }

    static {
        Security.addProvider(new BouncyCastleProvider());
    }
}
