package de.tsl2.nano.d8portal;

import de.tsl2.nano.core.ManagedException;
import de.tsl2.nano.core.execution.SystemUtil;
import de.tsl2.nano.core.secure.Crypt;
import de.tsl2.nano.core.secure.DistinguishedName;
import de.tsl2.nano.core.util.FileUtil;
import de.tsl2.nano.core.util.MyProperties;
import de.tsl2.nano.core.util.Period;
import de.tsl2.nano.core.util.Util;
import de.tsl2.nano.util.Mail;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Locale;

/* loaded from: input_file:de/tsl2/nano/d8portal/RepositoryPortal.class */
public class RepositoryPortal implements IRepositoryPortal {
    private DistinguishedName orga;
    private KeyStore rootStore;
    KeyStore orgaStore;
    KeyStore clientStore;
    private String rootPasswd;
    private String passwd;
    Mail mail = new Mail(System.out, "UTF8");
    String smtpServer;
    String publishOptions;
    private boolean mailEnabled;
    static final String SIG_EXT = ".sig";
    static final String CERT_FILEEXTENSION = ".pem";
    private static final MyProperties MY = new MyProperties(RepositoryPortal.class, "tsl2nano.portal.");
    static final boolean SIG_ALWAYS = ((Boolean) property("verify.file.signature", true)).booleanValue();
    static final String KS_TYPE = (String) property("keystore.type", "pkcs12");
    static final String KS_EXT = "." + KS_TYPE.toLowerCase();
    static final String CERT_X509_EXT_BC_CA_0 = (String) property("x509.ext.ca", "-ext bc:ca,pathlen:0");
    static final String CERT_X509_EXT_BC_CA_1 = (String) property("x509.ext.ca", "-ext bc:ca,pathlen:1");
    static final String CERT_X509_EXT_SAN_DNS = (String) property("x509.ext.dns", "-ext SAN=DNS:localhost,IP:127.0.0.1");
    static final String KT_GENKEYPAIR = (String) property("keytool.genkeypair", "keytool -genkeypair -v -noprompt -alias %s -keyalg RSA -keystore %s.pkcs12 -dname %s -storepass %s -keypass %s %s  -validity 9999 -deststoretype pkcs12");
    static final String KT_REQUEST = (String) property("keytool.certreq", "keytool -certreq -v -noprompt -keystore %s.pkcs12 -alias %s -storepass %s | keytool -gencert -v -noprompt -keystore %s.pkcs12 -alias %s  -storepass %s -ext BC=0 -rfc -outfile %s.pem");
    static final String KT_EXPORT = (String) property("keytool.export", "keytool -export -v -alias %s -storepass %s -file %s.pem -keystore %s.pkcs12 -rfc");
    static final String KT_IMPORT = (String) property("keytool.importcert", "keytool -importcert -v -noprompt -keystore %s.pkcs12 -alias %s -storepass %s -file %s.pem");

    static <T> T property(String str, T t) {
        return (T) MY.geT(str, t);
    }

    public void createRootCA() {
        String root = getRoot();
        String generatePassword = Crypt.generatePassword((byte) 24);
        this.rootPasswd = generatePassword;
        this.rootStore = createCertificate(root, generatePassword, new DistinguishedName(getRoot(), Locale.getDefault().getCountry()), CERT_X509_EXT_BC_CA_1, null, null);
    }

    private String getRoot() {
        return getClass().getSimpleName();
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public void createOrganisation(String str, String str2, String str3, String str4) {
        this.smtpServer = str4;
        this.orga = new DistinguishedName(str3, Locale.getDefault().getCountry(), (String) null, (String) null, str, str, (String) null, (String) null, str2);
        this.orga.setOutputSimpleValuesOnly();
        if (this.rootStore == null) {
            createRootCA();
        }
        this.passwd = Crypt.generatePassword((byte) 24);
        this.orgaStore = createCertificate(str, this.passwd, this.orga, CERT_X509_EXT_BC_CA_0, getRoot(), this.rootPasswd);
        this.clientStore = (KeyStore) Util.trY(() -> {
            return KeyStore.getInstance("PKCS12");
        });
        Util.trY(() -> {
            this.clientStore.load(null);
        });
        Repository repository = new Repository(str, str3, this.publishOptions);
        repository.create();
        repository.addFile(this.orga.getOrganizationName() + CERT_FILEEXTENSION);
        repository.publish();
    }

    void setPublishOptions(String str) {
        this.publishOptions = str;
    }

    private KeyStore createCertificate(String str, String str2, DistinguishedName distinguishedName, String str3, String str4, String str5) {
        keytool(KT_GENKEYPAIR, str, str, distinguishedName, str2, str2, str3);
        if (str4 != null) {
            keytool(KT_REQUEST, str, str, str2, str4, str4, str5, str);
            keytool(KT_IMPORT, str, str, str2, str);
        } else {
            exportCertificate(str, str2);
        }
        return loadKeyStore(getFolder(this.orga.getOrganizationName()).getPath() + "/" + str, str2);
    }

    private void keytool(String str, Object... objArr) {
        SystemUtil.executeShell(getFolder(this.orga.getOrganizationName()), new String[]{String.format(str, objArr)});
    }

    private KeyStore loadKeyStore(String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KS_TYPE);
            keyStore.load(FileUtil.getFile(str + KS_EXT), str2.toCharArray());
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            ManagedException.forward(e);
            return null;
        }
    }

    private void exportCertificate(String str, String str2) {
        keytool(KT_EXPORT, str, str2, str, str);
    }

    private File getFolder(String str) {
        File userDirFile = FileUtil.userDirFile(str);
        userDirFile.mkdirs();
        return userDirFile;
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public void createRepository(String str, String str2, String str3, String str4) {
        KeyStore createCertificate = createCertificate(str, str4, new DistinguishedName(str2, str2), "", this.orga.getOrganizationName(), this.passwd);
        Util.trY(() -> {
            this.clientStore.setCertificateEntry(str, createCertificate.getCertificate(str));
        });
        Util.trY(() -> {
            this.clientStore.store(FileUtil.getFileOutput(getFolder(this.orga.getOrganizationName()) + "/" + this.orga.getOrganizationName() + "-clients" + KS_EXT), this.passwd.toCharArray());
        });
        FileUtil.writeBytes(String.format("ID: %s\nNAME: %s\nEMAIL: %s\n", str, str2, str3).getBytes(), getFolder(str) + "/readme.md", false);
        Repository repository = new Repository(str, this.orga.getCommonName(), this.publishOptions);
        repository.create();
        repository.addFile("readme.md");
        repository.publish();
        Key key = (Key) Util.trY(() -> {
            return createCertificate.getKey(str, str4.toCharArray());
        });
        sendmail(str3, (String) Util.trY(() -> {
            return new String(key.getEncoded(), "UTF8");
        }));
    }

    void sendmail(String str, String str2) {
        if (this.mailEnabled) {
            this.mail.sendEmail(this.smtpServer, this.orga.getEmail(), this.orga.getEmail(), str, str, "account to " + this.orga.getOrganizationName(), str2);
        }
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public String upload(String str, String str2, String str3, String str4, Period period, String str5) {
        Certificate certificate = (Certificate) Util.trY(() -> {
            return this.clientStore.getCertificate(str);
        });
        if (certificate == null) {
            throw new IllegalArgumentException("no client certificate found for id: " + str);
        }
        InputStream encrypt = new Crypt(certificate.getPublicKey()).encrypt(FileUtil.getFile(str2));
        Repository clientRepository = getClientRepository(str);
        String evalSpecFileName = evalSpecFileName(str3, str4, period);
        String str6 = clientRepository.getBaseDir() + "/" + evalSpecFileName;
        FileUtil.write(encrypt, str6);
        clientRepository.addFile(evalSpecFileName);
        if (SIG_ALWAYS) {
            FileUtil.writeBytes(getPrivateCrypt(this.orga.getOrganizationName(), this.passwd).sign(FileUtil.getFileString(str2)).getBytes(), str6 + SIG_EXT, false);
            clientRepository.addFile(str6 + SIG_EXT);
        }
        clientRepository.publish();
        return str6;
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public byte[] download(String str, String str2, String str3) {
        verify(str, str2);
        Crypt privateCrypt = getPrivateCrypt(str2, str3);
        return (byte[]) Util.trY(() -> {
            return FileUtil.readBytes(privateCrypt.decrypt(FileUtil.getFile(str)));
        });
    }

    InputStream decrypt(String str, String str2, String str3) {
        verify(str, str2);
        return getPrivateCrypt(str2, str3).decrypt(FileUtil.getFile(str));
    }

    private Repository getClientRepository(String str) {
        return new Repository(str, null, this.publishOptions);
    }

    private Crypt getPrivateCrypt(String str, String str2) {
        KeyStore loadKeyStore = loadKeyStore(getFolder(this.orga.getOrganizationName()).getPath() + "/" + str, str2);
        return new Crypt((Key) Util.trY(() -> {
            return loadKeyStore.getKey(str, str2.toCharArray());
        }));
    }

    private void verify(String str, String str2) {
        loadSignature(str, str2);
    }

    private String loadSignature(String str, String str2) {
        String str3 = str + SIG_EXT;
        if (new File(str3).exists()) {
            return FileUtil.getFileString(str3);
        }
        if (SIG_ALWAYS) {
            throw new IllegalStateException("cannot verify signature file " + str3);
        }
        return null;
    }

    private String evalSpecFileName(String str, String str2, Period period) {
        return Util.toString("-", new Object[]{str2, str, "period", period, "ts", Long.valueOf(System.currentTimeMillis())});
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public List<String> synchronize(String str) {
        return newFiles(str);
    }

    private List<String> newFiles(String str) {
        Repository clientRepository = getClientRepository(str);
        List<String> newFiles = clientRepository.newFiles();
        clientRepository.refresh();
        return newFiles;
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public List<String> find(String str, String str2) {
        return getClientRepository(str).lsFiles();
    }

    @Override // de.tsl2.nano.d8portal.IRepositoryPortal
    public Long createQRCode(String str) {
        return null;
    }

    public void setMailEnabled(boolean z) {
        this.mailEnabled = z;
    }
}
