package com.unbound.provider;

import com.unbound.common.Base64;
import com.unbound.common.JSON;
import com.unbound.common.Log;
import com.unbound.common.STR;
import com.unbound.common.crypto.X509;
import com.unbound.provider.kmip.KMIP;
import com.unbound.provider.kmip.attribute.Authentication;
import com.unbound.provider.kmip.request.GetAttributesRequest;
import com.unbound.provider.kmip.request.GetRequest;
import com.unbound.provider.kmip.request.LocateRequest;
import com.unbound.provider.kmip.request.RequestItem;
import com.unbound.provider.kmip.request.RequestMessage;
import com.unbound.provider.kmip.request.dy.DyLoginRequest;
import com.unbound.provider.kmip.response.LocateResponse;
import com.unbound.provider.kmip.response.ResponseItem;
import com.unbound.provider.kmip.response.ResponseMessage;
import com.unbound.provider.kmip.response.dy.DyLoginResponse;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Clock;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:com/unbound/provider/Partition.class */
public class Partition {
    private static HashMap<String, Partition> partitions = new HashMap<>();
    private static final Clock clock = Clock.systemUTC();
    KeyManager[] keyManagers;
    String name;
    UBKeyStore keyStore;
    private byte[] jwt = null;
    private long jwtValidityClock;

    private Partition(String str, KeyStore keyStore, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        Log end = Log.func("Partition").log("name", str).end();
        try {
            try {
                this.name = str;
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, str2.toCharArray());
                this.keyManagers = keyManagerFactory.getKeyManagers();
                this.keyStore = new UBKeyStore(this);
                end.leave();
            } catch (Exception e) {
                end.failed(e);
                throw e;
            }
        } catch (Throwable th) {
            end.leave();
            throw th;
        }
    }

    private static KeyStore loadPfx(String str, String str2) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        char[] charArray;
        Log end = Log.func("Partition.loadPfx").log("pfxFileName", str).log("pass", str2 != null).end();
        try {
            if (str2 == null) {
                charArray = null;
            } else {
                try {
                    charArray = str2.toCharArray();
                } catch (Exception e) {
                    end.failed(e);
                    throw e;
                }
            }
            char[] cArr = charArray;
            KeyStore keyStore = KeyStore.getInstance("pkcs12");
            keyStore.load(new FileInputStream(str), cArr);
            end.leave();
            return keyStore;
        } catch (Throwable th) {
            end.leave();
            throw th;
        }
    }

    private static String getNameFromPfx(KeyStore keyStore, String str) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        if (!aliases.hasMoreElements()) {
            throw new ProviderException("Empty store");
        }
        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(aliases.nextElement());
        if (x509Certificate == null) {
            throw new ProviderException("Empty store");
        }
        X500Principal subjectX500Principal = x509Certificate.getSubjectX500Principal();
        if (subjectX500Principal == null) {
            throw new ProviderException("Invalid prinicpal");
        }
        String name = X509.getName(subjectX500Principal, str);
        if (name == null) {
            throw new ProviderException("Invalid prinicpal");
        }
        return name;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized Partition registerPfx(String str, String str2) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, UnrecoverableKeyException {
        return registerPfx(loadPfx(str, str2), str2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static synchronized Partition registerPfx(KeyStore keyStore, String str) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        String nameFromPfx = getNameFromPfx(keyStore, "OU");
        Partition partition = partitions.get(nameFromPfx);
        if (partition == null) {
            partition = new Partition(nameFromPfx, keyStore, str);
            partitions.put(nameFromPfx, partition);
        }
        return partition;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseMessage transmit(RequestMessage requestMessage) throws IOException {
        byte[] bArr;
        long j;
        Log end = Log.func("Partition.transmit").end();
        try {
            try {
                synchronized (this) {
                    bArr = this.jwt;
                    j = this.jwtValidityClock;
                }
                if (requestMessage.header.auth == null && bArr != null) {
                    if (j < clock.millis()) {
                        loginRenew();
                    }
                    requestMessage.header.auth = new Authentication();
                    requestMessage.header.auth.credType = 3;
                    requestMessage.header.auth.attestationType = -2147483647;
                    requestMessage.header.auth.attestationAssertion = bArr;
                }
                ResponseMessage transmit = Client.transmit(this, requestMessage);
                end.leave();
                return transmit;
            } catch (Exception e) {
                end.failed(e);
                throw e;
            }
        } catch (Throwable th) {
            end.leave();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseItem transmit(RequestItem requestItem) throws IOException {
        RequestMessage requestMessage = new RequestMessage();
        requestMessage.batch.add(requestItem);
        return transmit(requestMessage).batch.get(0);
    }

    private static GetAttributesRequest prepareGetAttrRequest(long j) {
        GetAttributesRequest getAttributesRequest = new GetAttributesRequest();
        getAttributesRequest.uid = UBObject.uidToStr(j);
        getAttributesRequest.names.add("Object Type");
        getAttributesRequest.names.add("Cryptographic Algorithm");
        getAttributesRequest.names.add("Name");
        getAttributesRequest.names.add("Initial Date");
        return getAttributesRequest;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseMessage read(long[] jArr) throws IOException {
        RequestMessage requestMessage = new RequestMessage();
        for (long j : jArr) {
            GetAttributesRequest prepareGetAttrRequest = prepareGetAttrRequest(j);
            GetRequest getRequest = new GetRequest();
            getRequest.uid = UBObject.uidToStr(j);
            getRequest.formatType = 5;
            requestMessage.batch.add(prepareGetAttrRequest);
            requestMessage.batch.add(getRequest);
        }
        return transmit(requestMessage);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ResponseMessage read(long j) throws IOException {
        RequestMessage requestMessage = new RequestMessage();
        GetAttributesRequest prepareGetAttrRequest = prepareGetAttrRequest(j);
        GetRequest getRequest = new GetRequest();
        getRequest.uid = UBObject.uidToStr(j);
        getRequest.formatType = 5;
        requestMessage.batch.add(prepareGetAttrRequest);
        requestMessage.batch.add(getRequest);
        return transmit(requestMessage);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long[] locate(int i, int i2) throws IOException {
        Log end = Log.func("Partition.locate").log("objectType", i).log("algType", i2).end();
        try {
            try {
                LocateRequest locateRequest = UBObject.locateRequest(i, i2, null);
                locateRequest.maxItems = Integer.valueOf(KMIP.CryptographicUsageMask.ContentCommitment);
                LocateResponse locateResponse = (LocateResponse) transmit(locateRequest);
                long[] jArr = new long[locateResponse.list.size()];
                int i3 = 0;
                Iterator<String> it = locateResponse.list.iterator();
                while (it.hasNext()) {
                    long strToUid = UBObject.strToUid(it.next());
                    Log.print("Object").logHex("uid", strToUid).end();
                    int i4 = i3;
                    i3++;
                    jArr[i4] = strToUid;
                }
                return jArr;
            } catch (Exception e) {
                end.failed(e);
                throw e;
            }
        } finally {
            end.leave();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long locate(LocateRequest locateRequest) throws IOException {
        LocateResponse locateResponse = (LocateResponse) transmit(locateRequest);
        if (locateResponse.list.isEmpty()) {
            return 0L;
        }
        return UBObject.strToUid(locateResponse.list.get(0));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public long locate(int i, int i2, String str) throws IOException {
        long j = 0;
        Log end = Log.func("Partition.locate").log("objectType", i).log("algType", i2).log("alias", str).end();
        try {
            try {
                j = locate(UBObject.locateRequest(i, i2, str));
                end.leavePrint().logHex("uid", j).end();
                return j;
            } catch (Exception e) {
                end.failed(e);
                throw e;
            }
        } catch (Throwable th) {
            end.leavePrint().logHex("uid", j).end();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void login(String str) throws IOException {
        loginOrRenew(str, false);
    }

    private void loginRenew() throws IOException {
        loginOrRenew(null, true);
    }

    private void loginOrRenew(String str, boolean z) throws IOException {
        String str2;
        int jwtTokenValidity;
        Log end = Log.func("Partition.login").log("renewWjt", z).log("password", (str == null || str.isEmpty()) ? false : true).end();
        try {
            try {
                RequestMessage requestMessage = new RequestMessage();
                requestMessage.header.auth = new Authentication();
                if (z) {
                    requestMessage.header.auth = new Authentication();
                    requestMessage.header.auth.credType = 3;
                    requestMessage.header.auth.attestationType = -2147483647;
                    requestMessage.header.auth.attestationAssertion = this.jwt;
                } else {
                    requestMessage.header.auth.credType = 1;
                    requestMessage.header.auth.username = "user";
                    requestMessage.header.auth.password = "";
                    if (str != null) {
                        try {
                            Map map = (Map) JSON.convert(str);
                            str2 = (String) map.get("username");
                            str = (String) map.get("password");
                        } catch (Exception e) {
                            str2 = "user";
                        }
                        requestMessage.header.auth.password = str;
                        requestMessage.header.auth.username = str2;
                    }
                }
                DyLoginRequest dyLoginRequest = new DyLoginRequest();
                dyLoginRequest.doCreateWjt = true;
                requestMessage.batch.add(dyLoginRequest);
                try {
                    DyLoginResponse dyLoginResponse = (DyLoginResponse) transmit(requestMessage).batch.get(0);
                    if (dyLoginResponse.jwt != null && (jwtTokenValidity = jwtTokenValidity(STR.utf8(dyLoginResponse.jwt))) > 0) {
                        synchronized (this) {
                            long millis = clock.millis();
                            this.jwt = dyLoginResponse.jwt;
                            this.jwtValidityClock = millis + (jwtTokenValidity * 1000);
                        }
                    }
                } catch (Exception e2) {
                    synchronized (this) {
                        this.jwt = null;
                        throw e2;
                    }
                }
            } catch (Exception e3) {
                end.failed(e3);
                throw e3;
            }
        } finally {
            end.leave();
        }
    }

    private static int jwtTokenValidity(String str) throws IOException {
        String[] split = str.split("\\.");
        if (split.length != 3) {
            return 0;
        }
        Map map = (Map) JSON.convert(STR.utf8(Base64.decodeUrl(split[1])));
        return (int) ((((Long) map.get("exp")).longValue() - ((Long) map.get("iat")).longValue()) - 30);
    }
}
