package org.xipki.security;

import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Security;
import java.util.Properties;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xipki.password.PasswordResolverImpl;
import org.xipki.password.SinglePasswordResolver;
import org.xipki.security.pkcs11.P11CryptServiceFactory;
import org.xipki.security.pkcs11.P11CryptServiceFactoryImpl;
import org.xipki.security.pkcs11.P11ModuleFactoryRegisterImpl;
import org.xipki.security.pkcs11.P11SignerFactory;
import org.xipki.security.pkcs11.emulator.EmulatorP11ModuleFactory;
import org.xipki.security.pkcs11.iaik.IaikP11ModuleFactory;
import org.xipki.security.pkcs11.proxy.ProxyP11ModuleFactory;
import org.xipki.security.pkcs12.P12SignerFactory;
import org.xipki.util.InvalidConfException;

/* loaded from: input_file:WEB-INF/lib/security-5.0.0.jar:org/xipki/security/Securities.class */
public class Securities implements Closeable {
    private static final Logger LOG = LoggerFactory.getLogger(Securities.class);
    private static final String DFLT_PASSWORD_CFG = "xipki/etc/org.xipki.password.cfg";
    private static final String DFLT_SECURITY_CFG = "xipki/etc/org.xipki.security.cfg";
    private String passwordCfg;
    private String securityCfg;
    private PasswordResolverImpl passwordResolver;
    private P11ModuleFactoryRegisterImpl p11ModuleFactoryRegister;
    private P11CryptServiceFactoryImpl p11CryptServiceFactory;
    private SecurityFactoryImpl securityFactory;

    public void setPasswordCfg(String str) {
        this.passwordCfg = str;
    }

    public void setSecuirtyCfg(String str) {
        this.securityCfg = str;
    }

    public SecurityFactory getSecurityFactory() {
        return this.securityFactory;
    }

    public P11CryptServiceFactory getP11CryptServiceFactory() {
        return this.p11CryptServiceFactory;
    }

    public void init() throws IOException, InvalidConfException {
        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
            Security.addProvider(new BouncyCastleProvider());
        }
        initPassword();
        initSecurityFactory();
    }

    @Override // java.io.Closeable, java.lang.AutoCloseable
    public void close() {
        if (this.p11ModuleFactoryRegister != null) {
            try {
                this.p11ModuleFactoryRegister.close();
            } catch (Throwable th) {
                LOG.error("error while closing P11ModuleFactoryRegister", th);
            }
            this.p11ModuleFactoryRegister = null;
        }
        if (this.p11CryptServiceFactory != null) {
            try {
                this.p11CryptServiceFactory.close();
            } catch (Throwable th2) {
                LOG.error("error while closing P11CryptServiceFactory", th2);
            }
            this.p11CryptServiceFactory = null;
        }
    }

    private void initPassword() throws IOException, InvalidConfException {
        this.passwordResolver = new PasswordResolverImpl();
        Properties loadProperties = loadProperties(this.passwordCfg, DFLT_PASSWORD_CFG);
        this.passwordResolver.setMasterPasswordCallback(getString(loadProperties, "masterPassword.callback", "FILE file=xipki/security/masterpassword.secret"));
        this.passwordResolver.init();
        String string = getString(loadProperties, "additional.singlePasswordResolvers", null);
        String[] split = string == null ? null : string.split(", ");
        if (split != null) {
            for (String str : split) {
                try {
                    this.passwordResolver.registResolver((SinglePasswordResolver) Class.forName(str).newInstance());
                } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new InvalidConfException("error caught while initializing SinglePasswordResolver " + str + ": " + e.getClass().getName() + ": " + e.getMessage(), e);
                }
            }
        }
    }

    private void initSecurityFactory() throws IOException, InvalidConfException {
        this.securityFactory = new SecurityFactoryImpl();
        Properties loadProperties = loadProperties(this.securityCfg, DFLT_SECURITY_CFG);
        this.securityFactory.setStrongRandom4SignEnabled(getBoolean(loadProperties, "sign.strongrandom.enabled", false));
        this.securityFactory.setStrongRandom4KeyEnabled(getBoolean(loadProperties, "key.strongrandom.enabled", false));
        this.securityFactory.setDefaultSignerParallelism(getInt(loadProperties, "defaultSignerParallelism", 32));
        SignerFactoryRegisterImpl signerFactoryRegisterImpl = new SignerFactoryRegisterImpl();
        this.securityFactory.setSignerFactoryRegister(signerFactoryRegisterImpl);
        this.securityFactory.setPasswordResolver(this.passwordResolver);
        initSecurityPkcs12(signerFactoryRegisterImpl);
        initSecurityPkcs11(getString(loadProperties, "pkcs11.confFile", "xipki/security/pkcs11.json"), signerFactoryRegisterImpl);
        String string = getString(loadProperties, "additional.signerFactories", null);
        String[] split = string == null ? null : string.split(", ");
        if (split != null) {
            for (String str : split) {
                try {
                    signerFactoryRegisterImpl.registFactory((SignerFactory) Class.forName(str).newInstance());
                } catch (ClassCastException | ClassNotFoundException | IllegalAccessException | InstantiationException e) {
                    throw new InvalidConfException("error caught while initializing SignerFactory " + str + ": " + e.getClass().getName() + ": " + e.getMessage(), e);
                }
            }
        }
    }

    private void initSecurityPkcs12(SignerFactoryRegisterImpl signerFactoryRegisterImpl) throws IOException {
        P12SignerFactory p12SignerFactory = new P12SignerFactory();
        p12SignerFactory.setSecurityFactory(this.securityFactory);
        signerFactoryRegisterImpl.registFactory(p12SignerFactory);
    }

    private void initSecurityPkcs11(String str, SignerFactoryRegisterImpl signerFactoryRegisterImpl) throws InvalidConfException {
        this.p11ModuleFactoryRegister = new P11ModuleFactoryRegisterImpl();
        this.p11ModuleFactoryRegister.registFactory(new EmulatorP11ModuleFactory());
        this.p11ModuleFactoryRegister.registFactory(new IaikP11ModuleFactory());
        this.p11ModuleFactoryRegister.registFactory(new ProxyP11ModuleFactory());
        this.p11CryptServiceFactory = new P11CryptServiceFactoryImpl();
        this.p11CryptServiceFactory.setP11ModuleFactoryRegister(this.p11ModuleFactoryRegister);
        this.p11CryptServiceFactory.setPasswordResolver(this.passwordResolver);
        this.p11CryptServiceFactory.setPkcs11ConfFile(str);
        this.p11CryptServiceFactory.init();
        P11SignerFactory p11SignerFactory = new P11SignerFactory();
        p11SignerFactory.setSecurityFactory(this.securityFactory);
        p11SignerFactory.setP11CryptServiceFactory(this.p11CryptServiceFactory);
        signerFactoryRegisterImpl.registFactory(p11SignerFactory);
    }

    public static Properties loadProperties(String str, String str2) throws IOException {
        return loadProperties(str == null ? str2 : str);
    }

    public static Properties loadProperties(String str) throws IOException {
        Path path = Paths.get(str, new String[0]);
        if (!Files.exists(path, new LinkOption[0])) {
            throw new IOException("File " + str + " does not exist");
        }
        if (!Files.isReadable(path)) {
            throw new IOException("File " + str + " is not readable");
        }
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
        Throwable th = null;
        try {
            properties.load(newInputStream);
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    newInputStream.close();
                }
            }
            return properties;
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (0 != 0) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static String getString(Properties properties, String str, String str2) {
        String property = properties.getProperty(str);
        return property == null ? str2 : property;
    }

    public static int getInt(Properties properties, String str, int i) {
        String property = properties.getProperty(str);
        return property == null ? i : Integer.parseInt(property);
    }

    public static boolean getBoolean(Properties properties, String str, boolean z) {
        String property = properties.getProperty(str);
        return property == null ? z : Boolean.parseBoolean(property);
    }
}
