package de.sep.sesam.common.security;

import de.sep.sesam.common.ini.IniUtils;
import de.sep.sesam.common.ini.SesamIni;
import de.sep.sesam.common.util.HostUtils;
import de.sep.sesam.model.core.defaults.DefaultUserNames;
import java.io.File;
import java.io.IOException;
import java.nio.file.FileSystem;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileOwnerAttributeView;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.UserPrincipal;
import java.nio.file.attribute.UserPrincipalLookupService;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:de/sep/sesam/common/security/CertificateUtils.class */
public class CertificateUtils {
    static final /* synthetic */ boolean $assertionsDisabled;

    private static File getSystemSslPath() {
        File findIniPath;
        File file = null;
        String str = SesamIni.getInstance().get("PATHES", "gv_ro_ssl");
        if (StringUtils.isNotBlank(str)) {
            file = new File(str);
        }
        if (file == null && (findIniPath = IniUtils.findIniPath()) != null) {
            file = new File(findIniPath.getParentFile(), "ssl");
        }
        if (file != null && !file.exists()) {
            file.mkdir();
        }
        return file;
    }

    public static File getUserAuthenticationCertificatePath() {
        File file = null;
        String str = SesamIni.getInstance().get("PATHES", "gv_ro_ssl_auth");
        if (StringUtils.isNotBlank(str)) {
            file = new File(str);
        }
        return file != null ? file : getSystemSslPath();
    }

    private static File getDbAuthenticationCertificatePath() {
        File file = null;
        String str = SesamIni.getInstance().get("PATHES", "gv_ro_ssl_db");
        if (StringUtils.isNotBlank(str)) {
            file = new File(str);
        }
        return file != null ? file : getSystemSslPath();
    }

    private static File getHttpsCertificatePath() {
        File file = null;
        String str = SesamIni.getInstance().get("PATHES", "gv_ro_ssl_https");
        if (StringUtils.isNotBlank(str)) {
            file = new File(str);
        }
        return file != null ? file : getSystemSslPath();
    }

    public static File getUserAuthenticationCertificateFile() {
        File userAuthenticationCertificatePath = getUserAuthenticationCertificatePath();
        File file = userAuthenticationCertificatePath != null ? new File(userAuthenticationCertificatePath, "sesam.gui.cert") : null;
        if (file != null) {
            if (HostUtils.isWindowsHost() ? file.canWrite() : file.getParentFile() != null && file.getParentFile().canWrite()) {
                try {
                    file.renameTo(new File(userAuthenticationCertificatePath, "sesam.auth.crt"));
                    file = null;
                } catch (Exception e) {
                }
            }
        }
        if (file == null || !file.canRead()) {
            file = userAuthenticationCertificatePath != null ? new File(userAuthenticationCertificatePath, "sesam.auth.crt") : null;
        }
        return file;
    }

    public static File getSlaveAuthenticationCertificateFile() {
        File userAuthenticationCertificatePath = getUserAuthenticationCertificatePath();
        if (userAuthenticationCertificatePath != null) {
            return new File(userAuthenticationCertificatePath, "sesam.cluster.crt");
        }
        return null;
    }

    public static File getUserAuthenticationPrivateKeyFile() {
        File userAuthenticationCertificatePath = getUserAuthenticationCertificatePath();
        File file = userAuthenticationCertificatePath != null ? new File(userAuthenticationCertificatePath, "sesam.gui.key") : null;
        if (file != null) {
            if (HostUtils.isWindowsHost() ? file.canWrite() : file.getParentFile() != null && file.getParentFile().canWrite()) {
                try {
                    file.renameTo(new File(userAuthenticationCertificatePath, "sesam.auth.key"));
                    file = null;
                    new File(userAuthenticationCertificatePath, "sesam.gui.pk8").delete();
                } catch (Exception e) {
                }
            }
        }
        if (file == null || !file.canRead()) {
            file = userAuthenticationCertificatePath != null ? new File(userAuthenticationCertificatePath, "sesam.auth.key") : null;
        }
        return file;
    }

    public static File getSlaveAuthenticationPrivateKeyFile() {
        File userAuthenticationCertificatePath = getUserAuthenticationCertificatePath();
        if (userAuthenticationCertificatePath != null) {
            return new File(userAuthenticationCertificatePath, "sesam.cluster.key");
        }
        return null;
    }

    public static File getPrivateKeyFilePk8(File file) {
        if (file == null || !file.canRead()) {
            return null;
        }
        String name = file.getName();
        if (StringUtils.indexOf(name, ".") > 0) {
            name = StringUtils.substring(name, 0, StringUtils.lastIndexOf(name, "."));
        }
        return new File(file.getParentFile(), name + ".pk8");
    }

    public static File getDbAuthenticationCertificateFile() {
        File dbAuthenticationCertificatePath = getDbAuthenticationCertificatePath();
        if (dbAuthenticationCertificatePath != null) {
            return new File(dbAuthenticationCertificatePath, "sesam.db.crt");
        }
        return null;
    }

    public static File getDbAuthenticationPrivateKeyFile() {
        File dbAuthenticationCertificatePath = getDbAuthenticationCertificatePath();
        if (dbAuthenticationCertificatePath != null) {
            return new File(dbAuthenticationCertificatePath, "sesam.db.key");
        }
        return null;
    }

    public static File getHttpsCertificateFile() {
        File httpsCertificatePath = getHttpsCertificatePath();
        if (httpsCertificatePath != null) {
            return new File(httpsCertificatePath, "sesam.https.crt");
        }
        return null;
    }

    public static File getHttpsPrivateKeyFile() {
        File httpsCertificatePath = getHttpsCertificatePath();
        if (httpsCertificatePath != null) {
            return new File(httpsCertificatePath, "sesam.https.key");
        }
        return null;
    }

    public static void checkCertificateFilePermissions(File file) {
        UserPrincipal lookupPrincipalByName;
        if (file == null || !file.canRead()) {
            return;
        }
        Path path = file.toPath();
        if (!$assertionsDisabled && path == null) {
            throw new AssertionError();
        }
        if (((FileOwnerAttributeView) Files.getFileAttributeView(path, FileOwnerAttributeView.class, new LinkOption[0])) == null) {
            return;
        }
        UserPrincipal userPrincipal = null;
        try {
            userPrincipal = Files.getOwner(path, new LinkOption[0]);
        } catch (IOException e) {
        }
        if ((userPrincipal == null || !StringUtils.equalsAny(userPrincipal.getName(), System.getProperty("user.name"), DefaultUserNames.SESAM_USER)) && !(userPrincipal != null && HostUtils.isWindowsHost() && StringUtils.endsWith(userPrincipal.getName(), "\\" + System.getProperty("user.name")))) {
            return;
        }
        if (!$assertionsDisabled && userPrincipal == null) {
            throw new AssertionError();
        }
        if (!StringUtils.equals(userPrincipal.getName(), DefaultUserNames.SESAM_USER) && !StringUtils.endsWith(userPrincipal.getName(), "\\sesam")) {
            FileSystem fileSystem = path.getFileSystem();
            UserPrincipalLookupService userPrincipalLookupService = fileSystem != null ? fileSystem.getUserPrincipalLookupService() : null;
            if (userPrincipalLookupService != null) {
                try {
                    lookupPrincipalByName = userPrincipalLookupService.lookupPrincipalByName(DefaultUserNames.SESAM_USER);
                } catch (IOException e2) {
                }
            } else {
                lookupPrincipalByName = null;
            }
            UserPrincipal userPrincipal2 = lookupPrincipalByName;
            if (userPrincipal2 != null) {
                Files.setOwner(path, userPrincipal2);
                Files.getOwner(path, new LinkOption[0]);
            }
        }
        if (HostUtils.isWindowsHost()) {
            try {
                file.setExecutable(false);
                return;
            } catch (Exception e3) {
                return;
            }
        }
        if (((PosixFileAttributeView) Files.getFileAttributeView(path, PosixFileAttributeView.class, new LinkOption[0])) == null) {
            return;
        }
        Set<PosixFilePermission> set = null;
        try {
            set = Files.getPosixFilePermissions(path, new LinkOption[0]);
        } catch (IOException e4) {
        }
        if (set == null || set.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet();
        hashSet.add(PosixFilePermission.OWNER_READ);
        hashSet.add(PosixFilePermission.OWNER_WRITE);
        hashSet.add(PosixFilePermission.GROUP_READ);
        hashSet.add(PosixFilePermission.OTHERS_READ);
        if (CollectionUtils.containsAll(set, hashSet)) {
            return;
        }
        try {
            Files.setPosixFilePermissions(path, hashSet);
        } catch (IOException e5) {
        }
    }

    public static void checkPrivateKeyFilePermissions(File file) {
        UserPrincipal lookupPrincipalByName;
        if (file == null || !file.canRead()) {
            return;
        }
        Path path = file.toPath();
        if (!$assertionsDisabled && path == null) {
            throw new AssertionError();
        }
        if (((FileOwnerAttributeView) Files.getFileAttributeView(path, FileOwnerAttributeView.class, new LinkOption[0])) == null) {
            return;
        }
        UserPrincipal userPrincipal = null;
        try {
            userPrincipal = Files.getOwner(path, new LinkOption[0]);
        } catch (IOException e) {
        }
        if ((userPrincipal == null || !StringUtils.equalsAny(userPrincipal.getName(), System.getProperty("user.name"), DefaultUserNames.SESAM_USER)) && !(userPrincipal != null && HostUtils.isWindowsHost() && StringUtils.endsWith(userPrincipal.getName(), "\\" + System.getProperty("user.name")))) {
            return;
        }
        if (!$assertionsDisabled && userPrincipal == null) {
            throw new AssertionError();
        }
        if (!StringUtils.equals(userPrincipal.getName(), DefaultUserNames.SESAM_USER) && !StringUtils.endsWith(userPrincipal.getName(), "\\sesam")) {
            FileSystem fileSystem = path.getFileSystem();
            UserPrincipalLookupService userPrincipalLookupService = fileSystem != null ? fileSystem.getUserPrincipalLookupService() : null;
            if (userPrincipalLookupService != null) {
                try {
                    lookupPrincipalByName = userPrincipalLookupService.lookupPrincipalByName(DefaultUserNames.SESAM_USER);
                } catch (IOException e2) {
                }
            } else {
                lookupPrincipalByName = null;
            }
            UserPrincipal userPrincipal2 = lookupPrincipalByName;
            if (userPrincipal2 != null) {
                Files.setOwner(path, userPrincipal2);
                Files.getOwner(path, new LinkOption[0]);
            }
        }
        if (HostUtils.isWindowsHost()) {
            try {
                file.setWritable(false);
                file.setExecutable(false);
            } catch (Exception e3) {
            }
        } else {
            if (((PosixFileAttributeView) Files.getFileAttributeView(path, PosixFileAttributeView.class, new LinkOption[0])) == null) {
                return;
            }
            Set<PosixFilePermission> set = null;
            try {
                set = Files.getPosixFilePermissions(path, new LinkOption[0]);
            } catch (IOException e4) {
            }
            if (set == null || set.isEmpty()) {
                return;
            }
            if (set.size() == 1 && set.contains(PosixFilePermission.OWNER_READ)) {
                return;
            }
            HashSet hashSet = new HashSet();
            hashSet.add(PosixFilePermission.OWNER_READ);
            try {
                Files.setPosixFilePermissions(path, hashSet);
            } catch (IOException e5) {
            }
        }
    }

    public static String extractPemString(String str) {
        if (StringUtils.isBlank(str)) {
            return null;
        }
        return StringUtils.trim(StringUtils.replace(StringUtils.trim(StringUtils.trim(StringUtils.trim(StringUtils.replace(str, "\r\n", "\n")).replaceAll("[\\s\\S]*-----BEGIN\\s+.*CERTIFICATE-----", "")).replaceAll("-----END\\s+.*CERTIFICATE-----[\\s\\S]*", "")), "\n", ""));
    }

    static {
        $assertionsDisabled = !CertificateUtils.class.desiredAssertionStatus();
    }
}
