package id.onyx.obdp.server.security.encryption;

import com.google.inject.Inject;
import com.google.inject.Singleton;
import id.onyx.obdp.server.OBDPException;
import id.onyx.obdp.server.configuration.Configuration;
import id.onyx.obdp.server.security.SecurePasswordHelper;
import id.onyx.obdp.server.security.credential.Credential;
import java.io.File;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.TimeUnit;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:id/onyx/obdp/server/security/encryption/CredentialStoreServiceImpl.class */
public class CredentialStoreServiceImpl implements CredentialStoreService {
    private static final Logger LOG = LoggerFactory.getLogger(CredentialStoreServiceImpl.class);
    private SecurePasswordHelper securePasswordHelper;
    private FileBasedCredentialStore persistedCredentialStore = null;
    private InMemoryCredentialStore temporaryCredentialStore = null;

    @Inject
    public CredentialStoreServiceImpl(Configuration configuration, SecurePasswordHelper securePasswordHelper) {
        this.securePasswordHelper = securePasswordHelper;
        if (configuration != null) {
            try {
                initializeTemporaryCredentialStore(configuration.getTemporaryKeyStoreRetentionMinutes(), TimeUnit.MINUTES, configuration.isActivelyPurgeTemporaryKeyStore());
                LOG.info("Initialized the temporary credential store. KeyStore entries will be retained for {} minutes and {} be actively purged", Long.valueOf(configuration.getTemporaryKeyStoreRetentionMinutes()), configuration.isActivelyPurgeTemporaryKeyStore() ? "will" : "will not");
            } catch (OBDPException e) {
                LOG.error("Failed to initialize the temporary credential store.  Storage of temporary credentials will fail.", e);
            }
            MasterKeyServiceImpl masterKeyServiceImpl = new MasterKeyServiceImpl(configuration);
            if (masterKeyServiceImpl.isMasterKeyInitialized()) {
                try {
                    initializePersistedCredentialStore(configuration.getMasterKeyStoreLocation(), masterKeyServiceImpl);
                    LOG.info("Initialized the persistent credential store. Using KeyStore file at {}", this.persistedCredentialStore.getKeyStorePath().getAbsolutePath());
                } catch (OBDPException e2) {
                    LOG.error("Failed to initialize the persistent credential store.  Storage of persisted credentials will fail.", e2);
                }
            }
        }
    }

    public synchronized void initializeTemporaryCredentialStore(long j, TimeUnit timeUnit, boolean z) throws OBDPException {
        if (isInitialized(CredentialStoreType.TEMPORARY)) {
            throw new OBDPException("This temporary CredentialStore has already been initialized");
        }
        this.temporaryCredentialStore = new InMemoryCredentialStore(j, timeUnit, z);
        this.temporaryCredentialStore.setMasterKeyService(new MasterKeyServiceImpl(this.securePasswordHelper.createSecurePassword()));
    }

    public synchronized void initializePersistedCredentialStore(File file, MasterKeyService masterKeyService) throws OBDPException {
        if (isInitialized(CredentialStoreType.PERSISTED)) {
            throw new OBDPException("This persisted CredentialStore has already been initialized");
        }
        this.persistedCredentialStore = new FileBasedCredentialStore(file);
        this.persistedCredentialStore.setMasterKeyService(masterKeyService);
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public void setCredential(String str, String str2, Credential credential, CredentialStoreType credentialStoreType) throws OBDPException {
        validateInitialized(credentialStoreType);
        removeCredential(str, str2);
        getCredentialStore(credentialStoreType).addCredential(canonicalizeAlias(str, str2), credential);
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public Credential getCredential(String str, String str2) throws OBDPException {
        Credential credential = getCredential(str, str2, CredentialStoreType.TEMPORARY);
        if (credential == null) {
            credential = getCredential(str, str2, CredentialStoreType.PERSISTED);
        }
        return credential;
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public Credential getCredential(String str, String str2, CredentialStoreType credentialStoreType) throws OBDPException {
        if (isInitialized(credentialStoreType)) {
            return getCredentialStore(credentialStoreType).getCredential(canonicalizeAlias(str, str2));
        }
        return null;
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public void removeCredential(String str, String str2) throws OBDPException {
        removeCredential(str, str2, CredentialStoreType.PERSISTED);
        removeCredential(str, str2, CredentialStoreType.TEMPORARY);
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public void removeCredential(String str, String str2, CredentialStoreType credentialStoreType) throws OBDPException {
        if (isInitialized(credentialStoreType)) {
            getCredentialStore(credentialStoreType).removeCredential(canonicalizeAlias(str, str2));
        }
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public boolean containsCredential(String str, String str2) throws OBDPException {
        return containsCredential(str, str2, CredentialStoreType.TEMPORARY) || containsCredential(str, str2, CredentialStoreType.PERSISTED);
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public boolean containsCredential(String str, String str2, CredentialStoreType credentialStoreType) throws OBDPException {
        return isInitialized(credentialStoreType) && getCredentialStore(credentialStoreType).containsCredential(canonicalizeAlias(str, str2));
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public CredentialStoreType getCredentialStoreType(String str, String str2) throws OBDPException {
        if (containsCredential(str, str2, CredentialStoreType.TEMPORARY)) {
            return CredentialStoreType.TEMPORARY;
        }
        if (containsCredential(str, str2, CredentialStoreType.PERSISTED)) {
            return CredentialStoreType.PERSISTED;
        }
        throw new OBDPException("The alias was not found in either the persisted or temporary credential stores");
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public Map<String, CredentialStoreType> listCredentials(String str) throws OBDPException {
        if (!isInitialized()) {
            throw new OBDPException("This CredentialStoreService has not yet been initialized");
        }
        Set<String> listCredentials = isInitialized(CredentialStoreType.PERSISTED) ? this.persistedCredentialStore.listCredentials() : null;
        Set<String> listCredentials2 = isInitialized(CredentialStoreType.TEMPORARY) ? this.temporaryCredentialStore.listCredentials() : null;
        HashMap hashMap = new HashMap();
        if (listCredentials != null) {
            for (String str2 : listCredentials) {
                if (isAliasRequested(str, str2)) {
                    hashMap.put(decanonicalizeAlias(str, str2), CredentialStoreType.PERSISTED);
                }
            }
        }
        if (listCredentials2 != null) {
            for (String str3 : listCredentials2) {
                if (isAliasRequested(str, str3)) {
                    hashMap.put(decanonicalizeAlias(str, str3), CredentialStoreType.TEMPORARY);
                }
            }
        }
        return hashMap;
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public synchronized boolean isInitialized() {
        return isInitialized(CredentialStoreType.PERSISTED) || isInitialized(CredentialStoreType.TEMPORARY);
    }

    @Override // id.onyx.obdp.server.security.encryption.CredentialStoreService
    public synchronized boolean isInitialized(CredentialStoreType credentialStoreType) {
        if (CredentialStoreType.PERSISTED == credentialStoreType) {
            return this.persistedCredentialStore != null;
        }
        if (CredentialStoreType.TEMPORARY == credentialStoreType) {
            return this.temporaryCredentialStore != null;
        }
        throw new IllegalArgumentException("Invalid or unexpected credential store type specified");
    }

    public static String canonicalizeAlias(String str, String str2) {
        String str3;
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            str3 = str2;
        } else {
            String createAliasPrefix = createAliasPrefix(str);
            str3 = str2.toLowerCase().startsWith(createAliasPrefix) ? str2 : createAliasPrefix + str2;
        }
        if (str3 == null) {
            return null;
        }
        return str3.toLowerCase();
    }

    public static String decanonicalizeAlias(String str, String str2) {
        if (str == null || str.isEmpty() || str2 == null || str2.isEmpty()) {
            return str2;
        }
        String createAliasPrefix = createAliasPrefix(str);
        return str2.startsWith(createAliasPrefix) ? str2.substring(createAliasPrefix.length()) : str2;
    }

    private static String createAliasPrefix(String str) {
        return ("cluster." + str + ".").toLowerCase();
    }

    private boolean isAliasRequested(String str, String str2) {
        return str == null || str2.toLowerCase().startsWith(createAliasPrefix(str));
    }

    private CredentialStore getCredentialStore(CredentialStoreType credentialStoreType) {
        if (CredentialStoreType.PERSISTED == credentialStoreType) {
            return this.persistedCredentialStore;
        }
        if (CredentialStoreType.TEMPORARY == credentialStoreType) {
            return this.temporaryCredentialStore;
        }
        throw new IllegalArgumentException("Invalid or unexpected credential store type specified");
    }

    private void validateInitialized(CredentialStoreType credentialStoreType) throws OBDPException {
        if (!isInitialized(credentialStoreType)) {
            throw new OBDPException(String.format("The %s CredentialStore for this CredentialStoreService has not yet been initialized", credentialStoreType.name().toLowerCase()));
        }
    }
}
