package org.nhindirect.config.ui;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.inject.Inject;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.io.IOUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.cxf.common.util.StringUtils;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.nhind.config.rest.CertificateService;
import org.nhindirect.common.crypto.KeyStoreProtectionManager;
import org.nhindirect.common.crypto.MutableKeyStoreProtectionManager;
import org.nhindirect.common.crypto.WrappableKeyProtectionManager;
import org.nhindirect.common.crypto.exceptions.CryptoException;
import org.nhindirect.common.rest.exceptions.ServiceException;
import org.nhindirect.config.model.Certificate;
import org.nhindirect.config.model.EntityStatus;
import org.nhindirect.config.model.utils.CertUtils;
import org.nhindirect.config.ui.form.CertificateForm;
import org.nhindirect.config.ui.form.SearchDomainForm;
import org.nhindirect.config.ui.util.AjaxUtils;
import org.nhindirect.config.ui.util.PrivateKeyType;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.util.ClassUtils;
import org.springframework.web.bind.annotation.ExceptionHandler;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@RequestMapping({"/certificates"})
@Controller
/* loaded from: input_file:WEB-INF/classes/org/nhindirect/config/ui/CertificatesController.class */
public class CertificatesController {
    private final Log log = LogFactory.getLog(getClass());
    private CertificateService certService;

    @Autowired(required = false)
    private WrappableKeyProtectionManager keyManager;

    @Inject
    public void setCertificateService(CertificateService certificateService) {
        this.certService = certificateService;
    }

    public CertificatesController() {
        if (this.log.isDebugEnabled()) {
            this.log.debug("ConfigurationController initialized");
        }
    }

    @RequestMapping(value = {"/addcertificate"}, method = {RequestMethod.POST})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public ModelAndView addCertificate(@RequestHeader(value = "X-Requested-With", required = false) String str, HttpSession httpSession, @ModelAttribute CertificateForm certificateForm, Model model, @RequestParam("submitType") String str2) {
        ModelAndView modelAndView = new ModelAndView();
        this.log.error("Enter domain/addcertificate");
        if (str2.equalsIgnoreCase("cancel")) {
            if (this.log.isDebugEnabled()) {
                this.log.debug("trying to cancel from saveupdate");
            }
            Object obj = (SearchDomainForm) httpSession.getAttribute("searchDomainForm");
            model.addAttribute(obj != null ? obj : new SearchDomainForm());
            model.addAttribute("ajaxRequest", Boolean.valueOf(AjaxUtils.isAjaxRequest(str)));
            modelAndView.setViewName("main");
            modelAndView.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
            modelAndView.addObject("statusList", EntityStatus.getEntityStatusList());
            return modelAndView;
        }
        if (str2.equalsIgnoreCase("newcertificate") || str2.equalsIgnoreCase("add certificate")) {
            this.log.debug("Attempting to add certificate");
            if (this.keyManager == null) {
                this.log.debug("Key manager is null");
            } else {
                this.log.debug("Key manager is non-null");
            }
            String str3 = "" + certificateForm.getId();
            EntityStatus status = certificateForm.getStatus();
            if (this.log.isDebugEnabled()) {
                this.log.debug("beginning to evaluate filedata");
            }
            try {
                model.addAttribute("certerror", false);
                model.addAttribute("passphraseError", false);
                if (!certificateForm.getFileData().isEmpty()) {
                    String keyPassphrase = certificateForm.getKeyPassphrase() == null ? "" : certificateForm.getKeyPassphrase();
                    PrivateKeyType fromString = PrivateKeyType.fromString(certificateForm.getPrivKeyType());
                    if ((fromString == PrivateKeyType.PKCS8_PASSPHRASE || fromString == PrivateKeyType.PKCS_12_PASSPHRASE) && StringUtils.isEmpty(keyPassphrase)) {
                        model.addAttribute("passphraseError", true);
                    } else {
                        byte[] bytes = certificateForm.getFileData().getBytes();
                        byte[] bArr = null;
                        if (fromString == PrivateKeyType.PKCS_12_PASSPHRASE || fromString == PrivateKeyType.PKCS_12_UNPROTECTED) {
                            this.log.debug("Converting byte stream to cert container");
                            this.log.debug("Private key exists; normalizing to non-protected p12 format.");
                            bytes = CertUtils.changePkcs12Protection(bytes, keyPassphrase.toCharArray(), keyPassphrase.toCharArray(), "".toCharArray(), "".toCharArray());
                        } else if (fromString != PrivateKeyType.NONE) {
                            bArr = certificateForm.getPrivKeyData().getBytes();
                            if (fromString == PrivateKeyType.PKCS8_PASSPHRASE) {
                                try {
                                    EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
                                    Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
                                    cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(keyPassphrase.toCharArray())), encryptedPrivateKeyInfo.getAlgParameters());
                                    bArr = KeyFactory.getInstance("RSA").generatePrivate(encryptedPrivateKeyInfo.getKeySpec(cipher)).getEncoded();
                                } catch (Exception e) {
                                    return modelAndView;
                                }
                            }
                        }
                        String contentType = certificateForm.getFileData().getContentType();
                        if (contentType.matches("application/x-x509-ca-cert") || contentType.matches("application/octet-stream") || contentType.matches("application/x-pkcs12")) {
                            Certificate certificate = new Certificate();
                            certificate.setData(toCertDataFormat(bytes, bArr, fromString));
                            certificate.setOwner("");
                            certificate.setStatus(EntityStatus.valueOf(status.toString()));
                            new ArrayList().add(certificate);
                            this.log.debug("Adding certificate to config store.");
                            this.certService.addCertificate(certificate);
                            this.log.debug("Certificate add SUCCESSFUL");
                        } else {
                            model.addAttribute("certerror", true);
                        }
                    }
                } else if (this.log.isDebugEnabled()) {
                    this.log.debug("DO NOT store the certificate into database BECAUSE THERE IS NO FILE");
                }
            } catch (ServiceException e2) {
                this.log.error(e2);
            } catch (Exception e3) {
                this.log.error(e3);
                e3.printStackTrace();
            }
            try {
                Collection<Certificate> allCertificates = this.certService.getAllCertificates();
                if (this.keyManager != null && (this.keyManager instanceof MutableKeyStoreProtectionManager)) {
                    KeyStore ks = ((MutableKeyStoreProtectionManager) this.keyManager).getKS();
                    for (Certificate certificate2 : allCertificates) {
                        if (!certificate2.isPrivateKey()) {
                            try {
                                String certificateAlias = ks.getCertificateAlias(CertUtils.toX509Certificate(certificate2.getData()));
                                if (!StringUtils.isEmpty(certificateAlias) && ((PrivateKey) ks.getKey(certificateAlias, "".toCharArray())) != null) {
                                    certificate2.setPrivateKey(true);
                                }
                            } catch (Exception e4) {
                            }
                        }
                    }
                }
                model.addAttribute("certificatesResults", allCertificates);
                CertificateForm certificateForm2 = new CertificateForm();
                certificateForm2.setId(0L);
                model.addAttribute("certificateForm", certificateForm2);
            } catch (ServiceException e5) {
                e5.printStackTrace();
            }
            model.addAttribute("ajaxRequest", Boolean.valueOf(AjaxUtils.isAjaxRequest(str)));
            org.nhindirect.config.ui.form.SimpleForm simpleForm = new org.nhindirect.config.ui.form.SimpleForm();
            simpleForm.setId(Long.parseLong(str3));
            model.addAttribute("simpleForm", simpleForm);
            modelAndView.setViewName("certificates");
            model.addAttribute("action", "Update");
            model.addAttribute("ajaxRequest", Boolean.valueOf(AjaxUtils.isAjaxRequest(str)));
            modelAndView.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
            modelAndView.addObject("statusList", EntityStatus.getEntityStatusList());
        }
        return modelAndView;
    }

    private byte[] toCertDataFormat(byte[] bArr, byte[] bArr2, PrivateKeyType privateKeyType) throws CryptoException {
        try {
            if (privateKeyType == PrivateKeyType.NONE) {
                return bArr;
            }
            CertUtils.CertContainer certContainer = CertUtils.toCertContainer(bArr);
            if ((privateKeyType == PrivateKeyType.PKCS_12_PASSPHRASE) || (privateKeyType == PrivateKeyType.PKCS_12_UNPROTECTED)) {
                if (this.keyManager == null) {
                    this.log.info("Storing PKCS12 file in PKCS12 unprotected format");
                    return bArr;
                }
                this.log.info("Storing PKCS12 file in wrapped format");
                return CertUtils.certAndWrappedKeyToRawByteFormat(this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) this.keyManager).getPrivateKeyProtectionKey(), certContainer.getKey()), certContainer.getCert());
            }
            if (privateKeyType == PrivateKeyType.PKCS8_WRAPPED) {
                this.log.info("Storing already wrapped PKCS8 file");
                return CertUtils.certAndWrappedKeyToRawByteFormat(bArr2, certContainer.getCert());
            }
            PrivateKey generatePrivate = KeyFactory.getInstance("RSA", CertUtils.getJCEProviderName()).generatePrivate(new PKCS8EncodedKeySpec(bArr2));
            if (this.keyManager != null) {
                this.log.info("Storing PKCS8 private key in wrapped format");
                return CertUtils.certAndWrappedKeyToRawByteFormat(this.keyManager.wrapWithSecretKey((SecretKey) ((KeyStoreProtectionManager) this.keyManager).getPrivateKeyProtectionKey(), generatePrivate), certContainer.getCert());
            }
            this.log.info("Storing PKCS8 private key in PKCS12 unprotected format");
            KeyStore keyStore = KeyStore.getInstance("PKCS12", CertUtils.getJCEProviderName());
            keyStore.load(null, null);
            keyStore.setKeyEntry("privCert", generatePrivate, "".toCharArray(), new java.security.cert.Certificate[]{certContainer.getCert()});
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            keyStore.store(byteArrayOutputStream, "".toCharArray());
            try {
                byte[] byteArray = byteArrayOutputStream.toByteArray();
                IOUtils.closeQuietly(byteArrayOutputStream);
                return byteArray;
            } catch (Throwable th) {
                IOUtils.closeQuietly(byteArrayOutputStream);
                throw th;
            }
        } catch (Exception e) {
            throw new CryptoException("Failed to conver certificate and key to cert data format: " + e.getMessage(), e);
        }
    }

    @RequestMapping(value = {"/removecertifcates"}, method = {RequestMethod.POST})
    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public ModelAndView removeCertificates(@RequestHeader(value = "X-Requested-With", required = false) String str, HttpSession httpSession, @ModelAttribute CertificateForm certificateForm, Model model, @RequestParam("submitType") String str2) {
        ModelAndView modelAndView = new ModelAndView();
        if (this.log.isDebugEnabled()) {
            this.log.debug("Enter domain/removecertificates");
        }
        if (certificateForm.getRemove() != null && this.log.isDebugEnabled()) {
            this.log.debug("the list of checkboxes checked or not is: " + certificateForm.getRemove().toString());
        }
        if (this.certService != null && certificateForm != null && str2 != null && ((str2.equalsIgnoreCase("deletecertificate") || str2.equalsIgnoreCase("Remove Selected")) && certificateForm.getRemove() != null)) {
            int size = certificateForm.getRemove().size();
            if (this.log.isDebugEnabled()) {
                this.log.debug("removing certificates");
            }
            try {
                Collection<Certificate> allCertificates = this.certService.getAllCertificates();
                ArrayList arrayList = new ArrayList();
                for (int i = 0; i < size; i++) {
                    String str3 = certificateForm.getRemove().get(i);
                    Iterator<Certificate> it = allCertificates.iterator();
                    while (true) {
                        if (it.hasNext()) {
                            Certificate next = it.next();
                            if (next.getId() == Long.parseLong(str3)) {
                                if (this.log.isDebugEnabled()) {
                                    this.log.debug(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                                    this.log.debug("domain address id: " + next.getId());
                                    this.log.debug(MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR);
                                }
                                arrayList.add(Long.valueOf(next.getId()));
                            }
                        }
                    }
                }
                if (this.log.isDebugEnabled()) {
                    this.log.debug(" Trying to remove certificates from database");
                }
                this.certService.deleteCertificatesByIds(arrayList);
                if (this.log.isDebugEnabled()) {
                    this.log.debug(" SUCCESS Trying to update certificates");
                }
            } catch (ServiceException e) {
                if (this.log.isDebugEnabled()) {
                    this.log.error(e);
                }
            }
        }
        model.addAttribute("ajaxRequest", Boolean.valueOf(AjaxUtils.isAjaxRequest(str)));
        CertificateForm certificateForm2 = new CertificateForm();
        certificateForm2.setId(0L);
        model.addAttribute("certificateForm", certificateForm2);
        modelAndView.setViewName("certificates");
        model.addAttribute("action", "Update");
        model.addAttribute("ajaxRequest", Boolean.valueOf(AjaxUtils.isAjaxRequest(str)));
        modelAndView.addObject("action", "Update");
        Collection<Certificate> collection = null;
        try {
            collection = this.certService.getAllCertificates();
            if (this.keyManager != null && (this.keyManager instanceof MutableKeyStoreProtectionManager)) {
                KeyStore ks = ((MutableKeyStoreProtectionManager) this.keyManager).getKS();
                for (Certificate certificate : collection) {
                    if (!certificate.isPrivateKey()) {
                        try {
                            String certificateAlias = ks.getCertificateAlias(CertUtils.toX509Certificate(certificate.getData()));
                            if (!StringUtils.isEmpty(certificateAlias) && ((PrivateKey) ks.getKey(certificateAlias, "".toCharArray())) != null) {
                                certificate.setPrivateKey(true);
                            }
                        } catch (Exception e2) {
                        }
                    }
                }
            }
        } catch (ServiceException e3) {
            e3.printStackTrace();
        }
        model.addAttribute("certificatesResults", collection);
        modelAndView.addObject("privKeyTypeList", PrivateKeyType.getPrivKeyTypeList());
        modelAndView.addObject("statusList", EntityStatus.getEntityStatusList());
        model.addAttribute("simpleForm", certificateForm);
        String str4 = "" + certificateForm.getId();
        if (this.log.isDebugEnabled()) {
            this.log.debug(" the value of id of simpleform is: " + str4);
        }
        return modelAndView;
    }

    @ExceptionHandler({IOException.class})
    public String handleIOException(IOException iOException, HttpServletRequest httpServletRequest) {
        return ClassUtils.getShortName(iOException.getClass() + ":" + iOException.getMessage());
    }
}
