package org.lightningj.paywall.keymgmt;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.security.InvalidAlgorithmParameterException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.spec.AlgorithmParameterSpec;
import java.time.Clock;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.logging.Level;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.bouncycastle.jce.ECNamedCurveTable;
import org.lightningj.paywall.InternalErrorException;
import org.lightningj.paywall.btcpayserver.BTCPayServerHelper;
import org.lightningj.paywall.btcpayserver.BTCPayServerKeyContext;

/* loaded from: input_file:org/lightningj/paywall/keymgmt/DefaultFileKeyManager.class */
public abstract class DefaultFileKeyManager extends FileKeyManager implements AsymmetricKeyManager, SymmetricKeyManager {
    static final String ASYM_PRIVATE_KEYNAME = "/asymkey_prv.pem";
    static final String ASYM_PUBLIC_KEYNAME = "/asymkey_pub.pem";
    protected static final String BTCPAY_SERVER_PRIVATE_KEYNAME = "/btcpayserver_key_prv.pem";
    protected static final String BTCPAY_SERVER_PUBLIC_KEYNAME = "/btcpayserver_key_pub_sin_@SIN@.pem";
    protected static final String SYMMENTRIC_FILENAME = "/secret.key";
    private static final long CACHE_TIME = 300000;
    private static final int RSA_KEY_LENGTH = 2048;
    static final String BTCPAY_SERVER_ECDSA_CURVE = "secp256k1";
    private static final int AES_KEY_LENGTH = 256;
    private KeyFactory rsaKeyFactory;
    private KeyFactory ecKeyFactory;
    KeyPair asymKeyPair;
    KeyPair btcKeyPair;
    protected Key secretKey;
    long trustStoreCacheExpireDate = 0;
    Map<String, PublicKey> trustedSigningKeysCache = new ConcurrentHashMap();
    protected Clock clock = Clock.systemDefaultZone();
    protected BTCPayServerHelper btcPayServerHelper = new BTCPayServerHelper();
    static final /* synthetic */ boolean $assertionsDisabled;

    @Override // org.lightningj.paywall.keymgmt.AsymmetricKeyManager
    public PublicKey getPublicKey(Context context) throws UnsupportedOperationException, InternalErrorException {
        return context instanceof BTCPayServerKeyContext ? getBTCPayServerKeyPair().getPublic() : getAsymKeyPair().getPublic();
    }

    @Override // org.lightningj.paywall.keymgmt.AsymmetricKeyManager
    public PrivateKey getPrivateKey(Context context) throws UnsupportedOperationException, InternalErrorException {
        return context instanceof BTCPayServerKeyContext ? getBTCPayServerKeyPair().getPrivate() : getAsymKeyPair().getPrivate();
    }

    @Override // org.lightningj.paywall.keymgmt.AsymmetricKeyManager
    public Map<String, PublicKey> getTrustedKeys(Context context) throws UnsupportedOperationException, InternalErrorException {
        if (hasCacheExpired(this.trustStoreCacheExpireDate)) {
            synchronized (this) {
                this.trustedSigningKeysCache.clear();
                for (File file : getAsymTrustStoreFiles()) {
                    try {
                        log.fine("Parsing trusted public key file: " + file.getPath());
                        PublicKey deserializePublicKey = KeySerializationHelper.deserializePublicKey(Files.readAllBytes(file.toPath()), getRSAKeyFactory());
                        this.trustedSigningKeysCache.put(KeySerializationHelper.genKeyId(deserializePublicKey.getEncoded()), deserializePublicKey);
                    } catch (Exception e) {
                        log.log(Level.SEVERE, "Error parsing trusted public key file: " + file.getPath() + ", error: " + e.getMessage(), (Throwable) e);
                    }
                }
                this.trustStoreCacheExpireDate = this.clock.millis() + 300000;
            }
        }
        return this.trustedSigningKeysCache;
    }

    @Override // org.lightningj.paywall.keymgmt.SymmetricKeyManager
    public Key getSymmetricKey(Context context) throws UnsupportedOperationException, InternalErrorException {
        if (this.secretKey == null) {
            File symmetricKeyFile = getSymmetricKeyFile();
            if (symmetricKeyFile.exists()) {
                this.secretKey = parseSymmetricKeyFile(symmetricKeyFile, getProtectPassphraseWithDefault());
            } else {
                this.secretKey = generateAndStoreSymmetricKey(symmetricKeyFile, getProtectPassphraseWithDefault());
            }
        }
        return this.secretKey;
    }

    protected abstract String getAsymTrustStorePath() throws InternalErrorException;

    protected KeyPair getAsymKeyPair() throws InternalErrorException {
        if (this.asymKeyPair == null) {
            File asymPublicKeyFile = getAsymPublicKeyFile();
            File asymPrivateKeyFile = getAsymPrivateKeyFile();
            if (checkExists(asymPublicKeyFile, asymPrivateKeyFile)) {
                this.asymKeyPair = parseAsymKeyFiles(asymPublicKeyFile, asymPrivateKeyFile, getProtectPassphraseWithDefault());
            } else {
                this.asymKeyPair = generateAndStoreAsymKeys(asymPublicKeyFile, asymPrivateKeyFile, getProtectPassphraseWithDefault());
            }
        }
        return this.asymKeyPair;
    }

    protected KeyPair getBTCPayServerKeyPair() throws InternalErrorException {
        if (this.btcKeyPair == null) {
            File bTCPayServerPrivateKeyFile = getBTCPayServerPrivateKeyFile();
            if (bTCPayServerPrivateKeyFile.exists()) {
                this.btcKeyPair = parseBTCPayServerKeyFiles(bTCPayServerPrivateKeyFile, getProtectPassphraseWithDefault());
            } else {
                this.btcKeyPair = generateAndStoreBTCPayServerKeys(bTCPayServerPrivateKeyFile, getProtectPassphraseWithDefault());
            }
        }
        return this.btcKeyPair;
    }

    private boolean checkExists(File file, File file2) {
        if (file.exists() && file2.exists()) {
            return true;
        }
        if (!file.exists() && !file2.exists()) {
            return false;
        }
        if (!file.exists()) {
            log.warning("Warning, couldn't find public asymmetric key file: " + file.getPath() + ", regenerating both keys");
        }
        if (file2.exists()) {
            return false;
        }
        log.warning("Warning, couldn't find privateKeyFile asymmetric key file: " + file2.getPath() + ", regenerating both keys");
        return false;
    }

    private File getAsymPublicKeyFile() throws InternalErrorException {
        return new File(getDirectory("asymmetric key store", "/keys") + ASYM_PUBLIC_KEYNAME);
    }

    private File getAsymPrivateKeyFile() throws InternalErrorException {
        return new File(getDirectory("asymmetric key store", "/keys") + ASYM_PRIVATE_KEYNAME);
    }

    private File getBTCPayServerPrivateKeyFile() throws InternalErrorException {
        return new File(getDirectory("BTC Pay Server key store", "/keys") + BTCPAY_SERVER_PRIVATE_KEYNAME);
    }

    private KeyPair parseAsymKeyFiles(File file, File file2, char[] cArr) throws InternalErrorException {
        try {
            byte[] readAllBytes = Files.readAllBytes(file.toPath());
            byte[] readAllBytes2 = Files.readAllBytes(file2.toPath());
            log.info("Loading existing asymmetric key from files " + file.getPath() + " and " + file2.getPath());
            return KeySerializationHelper.deserializeAsymKeyPair(readAllBytes, readAllBytes2, cArr, getRSAKeyFactory());
        } catch (Exception e) {
            throw new InternalErrorException("Internal error parsing RSA key from files " + file.getPath() + " and " + file2.getPath() + ": " + e.getMessage(), e);
        }
    }

    private KeyPair parseBTCPayServerKeyFiles(File file, char[] cArr) throws InternalErrorException {
        try {
            KeyPair deserializeBTCPayServerKeyPair = KeySerializationHelper.deserializeBTCPayServerKeyPair(Files.readAllBytes(file.toPath()), cArr, getECKeyFactory(), BTCPAY_SERVER_ECDSA_CURVE);
            if (!$assertionsDisabled && !(deserializeBTCPayServerKeyPair.getPublic() instanceof ECPublicKey)) {
                throw new AssertionError();
            }
            log.info("Loading existing BTC Pay Server access key from file " + file.getPath() + ", SIN: " + this.btcPayServerHelper.toSIN(this.btcPayServerHelper.pubKeyInHex((ECPublicKey) deserializeBTCPayServerKeyPair.getPublic())));
            return deserializeBTCPayServerKeyPair;
        } catch (Exception e) {
            throw new InternalErrorException("Internal error parsing BTC Pay Server access key from file " + file.getPath() + ": " + e.getMessage(), e);
        }
    }

    private KeyPair generateAndStoreAsymKeys(File file, File file2, char[] cArr) throws InternalErrorException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", getProvider(null));
            keyPairGenerator.initialize(RSA_KEY_LENGTH);
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            byte[][] serializeAsymKeyPair = KeySerializationHelper.serializeAsymKeyPair(generateKeyPair, cArr);
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(serializeAsymKeyPair[0]);
            fileOutputStream.close();
            FileOutputStream fileOutputStream2 = new FileOutputStream(file2);
            fileOutputStream2.write(serializeAsymKeyPair[1]);
            fileOutputStream2.close();
            log.info("New asymmetric key generated and stored in files " + file.getPath() + " and " + file2.getPath());
            return generateKeyPair;
        } catch (IOException e) {
            throw new InternalErrorException("Internal error storing generated RSA key pair to files " + file.getPath() + " and " + file2.getPath() + " : " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new InternalErrorException("Internal error generating RSA key: " + e2.getMessage(), e2);
        }
    }

    private KeyPair generateAndStoreBTCPayServerKeys(File file, char[] cArr) throws InternalErrorException {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC", getProvider(null));
            keyPairGenerator.initialize((AlgorithmParameterSpec) ECNamedCurveTable.getParameterSpec(BTCPAY_SERVER_ECDSA_CURVE));
            KeyPair generateKeyPair = keyPairGenerator.generateKeyPair();
            byte[][] serializeBTCPayServerKeyPair = KeySerializationHelper.serializeBTCPayServerKeyPair(generateKeyPair, cArr);
            String sin = this.btcPayServerHelper.toSIN(new String(serializeBTCPayServerKeyPair[0]));
            File genPublicBTCPayServerFile = genPublicBTCPayServerFile(sin);
            FileOutputStream fileOutputStream = new FileOutputStream(genPublicBTCPayServerFile);
            fileOutputStream.write(serializeBTCPayServerKeyPair[0]);
            fileOutputStream.close();
            FileOutputStream fileOutputStream2 = new FileOutputStream(file);
            fileOutputStream2.write(serializeBTCPayServerKeyPair[1]);
            fileOutputStream2.close();
            log.info("New BTC Pay Server access key generated and stored in files " + file.getPath() + " and " + genPublicBTCPayServerFile.getPath() + ", key SIN: " + sin);
            return generateKeyPair;
        } catch (IOException e) {
            throw new InternalErrorException("Internal error storing generated BTCPay Server access token key pair to file " + file.getPath() + " : " + e.getMessage(), e);
        } catch (InvalidAlgorithmParameterException | NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new InternalErrorException("Internal error generating EC key for BTCPay Server access token: " + e2.getMessage(), e2);
        }
    }

    private File[] getAsymTrustStoreFiles() throws InternalErrorException {
        if (getAsymTrustStorePath() == null || getAsymTrustStorePath().trim().equals("")) {
            log.warning("Warning: no trust store directory configured, using own public key as trust. Should not be used in production.");
            return new File[]{getAsymPublicKeyFile()};
        }
        File file = new File(getAsymTrustStorePath());
        if (file.exists() && file.isDirectory() && file.canRead()) {
            return file.listFiles((file2, str) -> {
                return str.toLowerCase().endsWith(".pem");
            });
        }
        throw new InternalErrorException("Internal error parsing public keys in trust store directory: " + file.getPath() + " check that it exists and is readable");
    }

    private boolean hasCacheExpired(long j) {
        return j < this.clock.millis();
    }

    protected KeyFactory getRSAKeyFactory() throws InternalErrorException {
        if (this.rsaKeyFactory == null) {
            try {
                this.rsaKeyFactory = KeyFactory.getInstance("RSA", getProvider(null));
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new InternalErrorException("Internal error generating RSA key: " + e.getMessage(), e);
            }
        }
        return this.rsaKeyFactory;
    }

    protected KeyFactory getECKeyFactory() throws InternalErrorException {
        if (this.ecKeyFactory == null) {
            try {
                this.ecKeyFactory = KeyFactory.getInstance("EC", getProvider(null));
            } catch (NoSuchAlgorithmException | NoSuchProviderException e) {
                throw new InternalErrorException("Internal error generating RSA key: " + e.getMessage(), e);
            }
        }
        return this.ecKeyFactory;
    }

    protected File getSymmetricKeyFile() throws InternalErrorException {
        return new File(getDirectory("symmetric key store", "/keys") + SYMMENTRIC_FILENAME);
    }

    protected Key parseSymmetricKeyFile(File file, char[] cArr) throws InternalErrorException {
        try {
            byte[] readAllBytes = Files.readAllBytes(file.toPath());
            log.info("Loading existing symmetric key from file: " + file.getPath());
            return KeySerializationHelper.deserializeSecretKey(readAllBytes, cArr);
        } catch (IOException e) {
            throw new InternalErrorException("Internal error parsing AES key from file " + file.getPath() + ": " + e.getMessage(), e);
        }
    }

    protected Key generateAndStoreSymmetricKey(File file, char[] cArr) throws InternalErrorException {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", getProvider(null));
            keyGenerator.init(AES_KEY_LENGTH);
            SecretKey generateKey = keyGenerator.generateKey();
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            fileOutputStream.write(KeySerializationHelper.serializeSecretKey(generateKey, cArr));
            fileOutputStream.close();
            log.info("New symmetric key generated and stored in file: " + file.getPath());
            return generateKey;
        } catch (IOException e) {
            throw new InternalErrorException("Internal error storing generated AES key to file " + file.getPath() + ": " + e.getMessage(), e);
        } catch (NoSuchAlgorithmException | NoSuchProviderException e2) {
            throw new InternalErrorException("Internal error generating AES key: " + e2.getMessage(), e2);
        }
    }

    protected File genPublicBTCPayServerFile(String str) throws InternalErrorException {
        return new File(getDirectory("BTC Pay Server key store", "/keys") + BTCPAY_SERVER_PUBLIC_KEYNAME.replace("@SIN@", str));
    }

    static {
        $assertionsDisabled = !DefaultFileKeyManager.class.desiredAssertionStatus();
    }
}
