package net.jxta.impl.membership.pse;

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import jxta.security.exceptions.CryptoException;
import jxta.security.hash.Hash;
import jxta.security.impl.crypto.JxtaCryptoSuite;
import jxta.security.impl.publickey.RSAKey;
import jxta.security.impl.random.JRandom;
import jxta.security.util.URLBase64;
import net.jxta.id.ID;
import net.jxta.impl.membership.pse.PSEUtils;
import org.apache.log4j.Level;
import org.apache.log4j.Logger;

/* loaded from: input_file:activemq-ra-2.0.rar:jxta-2.0.jar:net/jxta/impl/membership/pse/PSEConfig.class */
public class PSEConfig {
    private static final transient Logger LOG;
    private static final int NUM_RND_SEED_BYTES = 128;
    private final File homeDir;
    private final File pseDir;
    private final File pseRootDir;
    private final File pseRootClientCertFile;
    private final File pseClientDir;
    private final File pseClientServiceCertFile;
    private final File psePasswordDir;
    private final File psePasswordFile;
    private final File psePassphraseFile;
    private final SecureRandom rng;
    static final int SALTSIZE = 8;
    static final int PASSES = 11;
    static Class class$net$jxta$impl$membership$pse$PSEConfig;

    public static boolean isInitialized(File file) {
        if (file != null && file.exists() && !file.isDirectory()) {
            throw new IllegalArgumentException("homeDir must be a directory");
        }
        try {
            File file2 = new File(file, "pse");
            if (!file2.exists()) {
                if (!LOG.isEnabledFor(Level.WARN)) {
                    return false;
                }
                LOG.warn(new StringBuffer().append("PSE Dir does not exist at : ").append(file2).toString());
                return false;
            }
            if (!file2.isDirectory()) {
                if (!LOG.isEnabledFor(Level.WARN)) {
                    return false;
                }
                LOG.warn(new StringBuffer().append("PSE Dir is not a directory : ").append(file2).toString());
                return false;
            }
            if (!allPCEChildrenExist(file2)) {
                return false;
            }
            if (1 != 0) {
                return true;
            }
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn("Bad Principal or password");
            return false;
        } catch (Throwable th) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn(new StringBuffer().append("Exception while checking PSE Dir in : ").append(file).toString(), th);
            return false;
        }
    }

    private static boolean allPCEChildrenExist(File file) throws SecurityException {
        File file2 = new File(file, "root");
        File file3 = new File(file, "client");
        File file4 = new File(file, "etc");
        if (!file2.exists() || !file3.exists() || !file4.exists()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn("Missing root cert dir, client dir, or password dir.");
            return false;
        }
        if (!file2.isDirectory() || !file3.isDirectory() || !file4.isDirectory()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn("root cert dir, client dir or password dir is not a directory");
            return false;
        }
        File file5 = new File(file2, "peer-root.pem");
        File file6 = new File(file3, "peer-service.pem");
        File file7 = new File(file3, "peer.phrase");
        File file8 = new File(file4, "passwd");
        if (!file5.exists() || !file5.isFile()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn(new StringBuffer().append("Missing or invalid client root file : ").append(file5).toString());
            return false;
        }
        if (!file6.exists() || !file6.isFile()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn(new StringBuffer().append("Missing or invalid client root file : ").append(file6).toString());
            return false;
        }
        if (!file7.exists() || !file7.isFile()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn(new StringBuffer().append("Missing or invalid passphrase file : ").append(file7).toString());
            return false;
        }
        if (!file8.exists() || !file8.isFile()) {
            if (!LOG.isEnabledFor(Level.WARN)) {
                return false;
            }
            LOG.warn(new StringBuffer().append("Missing or invalid password file : ").append(file8).toString());
            return false;
        }
        if (PSEUtils.verifySignedCert(file5, file6)) {
            return true;
        }
        if (!LOG.isEnabledFor(Level.WARN)) {
            return false;
        }
        LOG.warn(new StringBuffer().append("Cert signature not valid! file=").append(file6.getAbsolutePath()).toString());
        return false;
    }

    public PSEConfig(File file) {
        if (file != null && file.exists() && !file.isDirectory()) {
            throw new IllegalArgumentException("homeDir must be a directory");
        }
        this.homeDir = file;
        this.pseDir = new File(file, "pse");
        this.pseRootDir = new File(this.pseDir, "root");
        this.pseRootClientCertFile = new File(this.pseRootDir, "peer-root.pem");
        this.pseClientDir = new File(this.pseDir, "client");
        this.pseClientServiceCertFile = new File(this.pseClientDir, "peer-service.pem");
        this.psePasswordDir = new File(this.pseDir, "etc");
        this.psePasswordFile = new File(this.psePasswordDir, "passwd");
        this.psePassphraseFile = new File(this.pseClientDir, "peer.phrase");
        if (LOG.isEnabledFor(Level.INFO)) {
            LOG.info(new StringBuffer().append("PSEConfig : pse home dir = ").append(file).toString());
        }
        try {
            byte[] bArr = new byte[128];
            new JRandom().nextBytes(bArr);
            this.rng = new SecureRandom(bArr);
        } catch (CryptoException e) {
            throw new IllegalStateException("Could not create random number generator");
        }
    }

    public boolean isInitialized() {
        return isInitialized(this.homeDir);
    }

    public void initialize(String str, String str2, Certificate certificate, PrivateKey privateKey) throws IOException {
        PSEUtils.IssuerInfo genCert;
        if (null == str || 0 == str.length()) {
            throw new IllegalArgumentException("principal must be provided");
        }
        if (null == str2 || 0 == str2.length()) {
            throw new IllegalArgumentException("password must be provided");
        }
        if (null == certificate) {
            throw new IllegalArgumentException("cert must be provided");
        }
        if (null == privateKey) {
            throw new IllegalArgumentException("privkey must be provided");
        }
        removeDir(this.pseDir);
        this.pseDir.mkdirs();
        this.pseRootDir.mkdirs();
        this.pseClientDir.mkdirs();
        this.psePasswordDir.mkdirs();
        if (LOG.isEnabledFor(Level.INFO)) {
            LOG.info("Security initialization in progress.\nThis will take 10 or more seconds ...");
        }
        createPasswordFile(str2);
        if (LOG.isEnabledFor(Level.DEBUG)) {
            LOG.debug("Creating passphrase file ...");
        }
        String genPassphrase = genPassphrase();
        try {
            writePassphrase(genPassphrase, str2);
            if (null != certificate) {
                genCert = new PSEUtils.IssuerInfo();
                genCert.cert = certificate;
                genCert.subjectPkey = privateKey;
                genCert.rootKey = privateKey;
                genCert.passphrase = genPassphrase;
            } else {
                if (LOG.isEnabledFor(Level.DEBUG)) {
                    LOG.debug(new StringBuffer().append("Generating new root cert for '").append(str).append("'").toString());
                }
                genCert = PSEUtils.genCert(str, null);
                genCert.passphrase = genPassphrase;
            }
            if (LOG.isEnabledFor(Level.DEBUG)) {
                LOG.debug(new StringBuffer().append("Writing root cert for '").append(str).append("'").toString());
            }
            PSEUtils.writeCert(this.pseRootClientCertFile, genCert.cert);
            if (LOG.isEnabledFor(Level.DEBUG)) {
                LOG.debug(new StringBuffer().append("Writing private key for '").append(str).append("'").toString());
            }
            PSEUtils.appendPrivateKey(this.pseRootClientCertFile, genCert);
            if (LOG.isEnabledFor(Level.DEBUG)) {
                LOG.debug(new StringBuffer().append("Generating service cert for '").append(str).append("'").toString());
            }
            PSEUtils.genCert(this.pseClientServiceCertFile, str, genCert, genPassphrase);
        } catch (CryptoException e) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("Could not create password or passphrase file ", e);
            }
            throw new IOException(new StringBuffer().append("Could not create password or passphrase file ").append(e).toString());
        }
    }

    public void erase() throws IOException {
        if (LOG.isEnabledFor(Level.INFO)) {
            LOG.info(new StringBuffer().append("Removing PSE directory at : ").append(this.pseDir).toString());
        }
        removeDir(this.pseDir);
    }

    private static void removeDir(File file) throws IOException {
        File[] listFiles = file.listFiles();
        for (int i = 0; listFiles != null && i < listFiles.length; i++) {
            try {
                if (listFiles[i].isDirectory()) {
                    removeDir(listFiles[i]);
                } else {
                    listFiles[i].delete();
                }
            } catch (IOException e) {
                if (LOG.isEnabledFor(Level.DEBUG)) {
                    LOG.debug(new StringBuffer().append("problem working with file : ").append(listFiles[i]).toString(), e);
                }
            }
        }
        file.delete();
    }

    private boolean passwdExists() {
        try {
            if (this.psePasswordDir.exists() && this.psePasswordDir.isDirectory() && this.psePasswordFile.exists()) {
                if (this.psePasswordFile.isFile()) {
                    return true;
                }
            }
            return false;
        } catch (SecurityException e) {
            if (!LOG.isEnabledFor(Level.ERROR)) {
                return false;
            }
            LOG.error("passwdExists, exception:", e);
            return false;
        }
    }

    public boolean validPasswd(String str) {
        if (!passwdExists()) {
            return false;
        }
        try {
            String passwordEntry = getPasswordEntry();
            int indexOf = passwordEntry.indexOf(44);
            byte[] bytes = passwordEntry.substring(0, indexOf).getBytes();
            byte[] decode = URLBase64.decode(bytes, 0, bytes.length);
            String substring = passwordEntry.substring(indexOf + 1);
            String makePasswdEntry = makePasswdEntry(str, decode);
            return makePasswdEntry.substring(makePasswdEntry.indexOf(44) + 1).equals(substring);
        } catch (Exception e) {
            if (!LOG.isEnabledFor(Level.ERROR)) {
                return false;
            }
            LOG.error("validPasswd, exception:", e);
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x004b, code lost:
    
        if (null == r8) goto L12;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x004e, code lost:
    
        r8.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x0046, code lost:
    
        throw r10;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void createPasswordFile(java.lang.String r6) throws java.lang.SecurityException, java.io.IOException {
        /*
            r5 = this;
            r0 = r5
            r1 = r6
            r2 = 0
            java.lang.String r0 = r0.makePasswdEntry(r1, r2)
            r7 = r0
            r0 = 0
            r8 = r0
            java.io.FileWriter r0 = new java.io.FileWriter     // Catch: java.lang.Throwable -> L3f
            r1 = r0
            r2 = r5
            java.io.File r2 = r2.psePasswordFile     // Catch: java.lang.Throwable -> L3f
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L3f
            r8 = r0
            java.io.BufferedWriter r0 = new java.io.BufferedWriter     // Catch: java.lang.Throwable -> L3f
            r1 = r0
            r2 = r8
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L3f
            r9 = r0
            r0 = r9
            r1 = r7
            r2 = 0
            r3 = r7
            int r3 = r3.length()     // Catch: java.lang.Throwable -> L3f
            r0.write(r1, r2, r3)     // Catch: java.lang.Throwable -> L3f
            r0 = r9
            r0.newLine()     // Catch: java.lang.Throwable -> L3f
            r0 = r9
            r0.flush()     // Catch: java.lang.Throwable -> L3f
            r0 = r9
            r0.close()     // Catch: java.lang.Throwable -> L3f
            r0 = jsr -> L47
        L3c:
            goto L56
        L3f:
            r10 = move-exception
            r0 = jsr -> L47
        L44:
            r1 = r10
            throw r1
        L47:
            r11 = r0
            r0 = 0
            r1 = r8
            if (r0 == r1) goto L52
            r0 = r8
            r0.close()
        L52:
            r0 = 0
            r8 = r0
            ret r11
        L56:
            return
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jxta.impl.membership.pse.PSEConfig.createPasswordFile(java.lang.String):void");
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x0031, code lost:
    
        if (null == r5) goto L13;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0034, code lost:
    
        r5.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x002c, code lost:
    
        throw r9;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    java.lang.String getPasswordEntry() throws java.io.IOException {
        /*
            r4 = this;
            r0 = 0
            r5 = r0
            java.io.FileReader r0 = new java.io.FileReader     // Catch: java.lang.Throwable -> L25
            r1 = r0
            r2 = r4
            java.io.File r2 = r2.psePasswordFile     // Catch: java.lang.Throwable -> L25
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L25
            r5 = r0
            java.io.BufferedReader r0 = new java.io.BufferedReader     // Catch: java.lang.Throwable -> L25
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L25
            r6 = r0
            r0 = r6
            java.lang.String r0 = r0.readLine()     // Catch: java.lang.Throwable -> L25
            r7 = r0
            r0 = r7
            r8 = r0
            r0 = jsr -> L2d
        L22:
            r1 = r8
            return r1
        L25:
            r9 = move-exception
            r0 = jsr -> L2d
        L2a:
            r1 = r9
            throw r1
        L2d:
            r10 = r0
            r0 = 0
            r1 = r5
            if (r0 == r1) goto L38
            r0 = r5
            r0.close()
        L38:
            r0 = 0
            r5 = r0
            ret r10
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jxta.impl.membership.pse.PSEConfig.getPasswordEntry():java.lang.String");
    }

    String makePasswdEntry(String str, byte[] bArr) throws IOException {
        byte[] bArr2;
        if (bArr == null) {
            bArr2 = new byte[8];
            this.rng.nextBytes(bArr2);
        } else {
            bArr2 = bArr;
        }
        try {
            Hash jxtaHash = new JxtaCryptoSuite((byte) 4, (RSAKey) null, (byte) 0, (byte) 0).getJxtaHash((byte) 1);
            int digestLength = jxtaHash.getDigestLength();
            byte[] bArr3 = new byte[digestLength];
            byte[] bytes = str.getBytes();
            int length = str.length() + 8;
            byte[] bArr4 = new byte[length < digestLength ? digestLength : length];
            System.arraycopy(bArr2, 0, bArr4, 0, 8);
            System.arraycopy(bytes, 0, bArr4, 8, bytes.length);
            int i = length;
            for (int i2 = 0; i2 <= 11; i2++) {
                jxtaHash.doFinal(bArr4, 0, i, bArr3, 0);
                System.arraycopy(bArr3, 0, bArr4, 0, bArr3.length);
                i = bArr3.length;
            }
            return new StringBuffer().append(new String(URLBase64.encode(bArr2))).append(",").append(new String(URLBase64.encode(bArr3))).toString();
        } catch (CryptoException e) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("makePasswdEntry: Cannot generate encrypted password", e);
            }
            throw new IOException(new StringBuffer().append("makePasswdEntry: Cannot generate password file :").append(e.getMessage()).toString());
        }
    }

    public boolean principalIsIssuer(String str, ID id) {
        if (null == str || 0 == str.length()) {
            return false;
        }
        try {
            String name = ((X509Certificate) readRootCert(id)).getIssuerDN().getName();
            int indexOf = name.indexOf(str);
            if (indexOf == -1 || indexOf < 3 || name.substring(indexOf - 3, indexOf).compareTo("CN=") != 0) {
                return false;
            }
            int length = indexOf + str.length();
            if (name.substring(length, length + 3).compareTo("-CA") == 0) {
                return name.substring(indexOf, length).compareTo(str) == 0;
            }
            return false;
        } catch (Throwable th) {
            if (!LOG.isEnabledFor(Level.DEBUG)) {
                return false;
            }
            LOG.debug("Exception validating principal:", th);
            return false;
        }
    }

    /* JADX WARN: Code restructure failed: missing block: B:14:0x002f, code lost:
    
        if (null == r5) goto L13;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x0032, code lost:
    
        r5.close();
     */
    /* JADX WARN: Code restructure failed: missing block: B:18:0x002a, code lost:
    
        throw r8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String getPeerRootCert() throws java.io.IOException {
        /*
            r4 = this;
            r0 = 0
            r5 = r0
            java.io.FileReader r0 = new java.io.FileReader     // Catch: java.lang.Throwable -> L23
            r1 = r0
            r2 = r4
            java.io.File r2 = r2.pseRootClientCertFile     // Catch: java.lang.Throwable -> L23
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L23
            r5 = r0
            java.io.BufferedReader r0 = new java.io.BufferedReader     // Catch: java.lang.Throwable -> L23
            r1 = r0
            r2 = r5
            r1.<init>(r2)     // Catch: java.lang.Throwable -> L23
            r6 = r0
            r0 = r6
            java.lang.String r1 = "CERTIFICATE"
            java.lang.String r0 = net.jxta.impl.membership.pse.PSEUtils.loadBase64Object(r0, r1)     // Catch: java.lang.Throwable -> L23
            r7 = r0
            r0 = jsr -> L2b
        L21:
            r1 = r7
            return r1
        L23:
            r8 = move-exception
            r0 = jsr -> L2b
        L28:
            r1 = r8
            throw r1
        L2b:
            r9 = r0
            r0 = 0
            r1 = r5
            if (r0 == r1) goto L36
            r0 = r5
            r0.close()
        L36:
            r0 = 0
            r5 = r0
            ret r9
        */
        throw new UnsupportedOperationException("Method not decompiled: net.jxta.impl.membership.pse.PSEConfig.getPeerRootCert():java.lang.String");
    }

    public Certificate readRootCert(ID id) throws IOException {
        return null == id ? PSEUtils.readCert(this.pseRootClientCertFile) : PSEUtils.readCert(new File(this.pseRootDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString()));
    }

    public void writeRootCert(ID id, Certificate certificate) throws IOException {
        if (null == id) {
            PSEUtils.writeCert(this.pseRootClientCertFile, certificate);
        } else {
            PSEUtils.writeCert(new File(this.pseRootDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString()), certificate);
        }
    }

    public File getRootCertFile(ID id) {
        return null == id ? this.pseRootClientCertFile : new File(this.pseRootDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString());
    }

    public Certificate readClientCert(ID id) throws IOException {
        return null == id ? PSEUtils.readCert(this.pseRootClientCertFile) : PSEUtils.readCert(new File(this.pseClientDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString()));
    }

    public void writeClientCert(ID id, Certificate certificate) throws IOException {
        if (null == id) {
            PSEUtils.writeCert(this.pseRootClientCertFile, certificate);
        } else {
            PSEUtils.writeCert(new File(this.pseClientDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString()), certificate);
        }
    }

    public File getClientCertFile(ID id) {
        return null == id ? this.pseRootClientCertFile : new File(this.pseClientDir, new StringBuffer().append(id.getUniqueValue().toString()).append(".pem").toString());
    }

    private String genPassphrase() throws IOException {
        byte[] bArr = new byte[128];
        this.rng.nextBytes(bArr);
        try {
            Hash jxtaHash = new JxtaCryptoSuite((byte) 4, (RSAKey) null, (byte) 0, (byte) 0).getJxtaHash((byte) 1);
            byte[] bArr2 = new byte[jxtaHash.getDigestLength()];
            int i = 128;
            for (int i2 = 0; i2 < 127; i2++) {
                jxtaHash.doFinal(bArr, 0, i, bArr2, 0);
                System.arraycopy(bArr2, 0, bArr, 0, bArr2.length);
                i = bArr2.length;
            }
            return PSEUtils.base64Encode(bArr2);
        } catch (CryptoException e) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error("Suite Failure: ", e);
            }
            throw new IOException(new StringBuffer().append("Could not generate passphrase : ").append(e).toString());
        }
    }

    public String readPassphrase(String str) throws IOException {
        byte[] bArr = new byte[(int) this.psePassphraseFile.length()];
        FileInputStream fileInputStream = new FileInputStream(this.psePassphraseFile);
        new DataInputStream(fileInputStream).readFully(bArr);
        fileInputStream.close();
        try {
            BufferedReader bufferedReader = new BufferedReader(new StringReader(new String(PSEUtils.tlsCipher(bArr, str, (byte) 2))));
            byte[] loadObject = PSEUtils.loadObject(bufferedReader, "PASSPHRASE");
            bufferedReader.close();
            return new String(loadObject);
        } catch (CryptoException e) {
            if (LOG.isEnabledFor(Level.ERROR)) {
                LOG.error(new StringBuffer().append("Could not decrypt ").append(this.psePassphraseFile).toString(), e);
            }
            throw new IOException(new StringBuffer().append("Could not decrypt :").append(this.psePassphraseFile).toString());
        }
    }

    private void writePassphrase(String str, String str2) throws CryptoException, IOException {
        byte[] bytes = str.getBytes();
        StringWriter stringWriter = new StringWriter();
        BufferedWriter bufferedWriter = new BufferedWriter(stringWriter);
        PSEUtils.writeObject(bufferedWriter, "PASSPHRASE", bytes);
        bufferedWriter.close();
        byte[] tlsCipher = PSEUtils.tlsCipher(stringWriter.toString().getBytes(), str2, (byte) 1);
        FileOutputStream fileOutputStream = new FileOutputStream(this.psePassphraseFile);
        fileOutputStream.write(tlsCipher, 0, tlsCipher.length);
        fileOutputStream.close();
    }

    static Class class$(String str) {
        try {
            return Class.forName(str);
        } catch (ClassNotFoundException e) {
            throw new NoClassDefFoundError(e.getMessage());
        }
    }

    static {
        Class cls;
        if (class$net$jxta$impl$membership$pse$PSEConfig == null) {
            cls = class$("net.jxta.impl.membership.pse.PSEConfig");
            class$net$jxta$impl$membership$pse$PSEConfig = cls;
        } else {
            cls = class$net$jxta$impl$membership$pse$PSEConfig;
        }
        LOG = Logger.getLogger(cls.getName());
    }
}
