package net.jxta.impl.membership.pse;

import java.beans.PropertyChangeListener;
import java.beans.PropertyChangeSupport;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.security.InvalidKeyException;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.logging.Level;
import java.util.logging.Logger;
import net.jxta.credential.AuthenticationCredential;
import net.jxta.credential.Credential;
import net.jxta.document.Advertisement;
import net.jxta.document.AdvertisementFactory;
import net.jxta.document.Element;
import net.jxta.document.MimeMediaType;
import net.jxta.document.StructuredDocument;
import net.jxta.document.StructuredDocumentFactory;
import net.jxta.document.StructuredDocumentUtils;
import net.jxta.document.XMLDocument;
import net.jxta.document.XMLElement;
import net.jxta.exception.PeerGroupException;
import net.jxta.exception.ProtocolNotSupportedException;
import net.jxta.id.ID;
import net.jxta.impl.membership.pse.PSEUtils;
import net.jxta.impl.protocol.Certificate;
import net.jxta.impl.protocol.PSEConfigAdv;
import net.jxta.logging.Logging;
import net.jxta.membership.Authenticator;
import net.jxta.membership.MembershipService;
import net.jxta.peergroup.PeerGroup;
import net.jxta.platform.ModuleSpecID;
import net.jxta.protocol.ModuleImplAdvertisement;
import net.jxta.protocol.PeerAdvertisement;
import net.jxta.service.Service;

/* loaded from: input_file:net/jxta/impl/membership/pse/PSEMembershipService.class */
public final class PSEMembershipService implements MembershipService {
    private static final transient Logger LOG = Logger.getLogger(PSEMembershipService.class.getName());
    public static final ModuleSpecID pseMembershipSpecID = (ModuleSpecID) ID.create(URI.create("urn:jxta:uuid-DeadBeefDeafBabaFeedBabe000000050306"));
    private PSEConfigAdv config;
    PeerGroup group = null;
    private ID assignedID = null;
    private ModuleImplAdvertisement implAdvertisement = null;
    private final List<PSECredential> principals = new ArrayList();
    private final List<AuthenticationCredential> authCredentials = new ArrayList();
    PSEConfig pseStore = null;
    private PSECredential defaultCredential = null;
    PSEPeerSecurityEngine peerSecurityEngine = null;
    private PSEAuthenticatorEngine authenticatorEngine = null;
    private final PropertyChangeSupport support = new PropertyChangeSupport(getInterface());

    @Override // net.jxta.membership.MembershipService
    public void addPropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        this.support.addPropertyChangeListener(propertyChangeListener);
    }

    @Override // net.jxta.membership.MembershipService
    public void addPropertyChangeListener(String str, PropertyChangeListener propertyChangeListener) {
        this.support.addPropertyChangeListener(str, propertyChangeListener);
    }

    @Override // net.jxta.membership.MembershipService
    public void removePropertyChangeListener(PropertyChangeListener propertyChangeListener) {
        this.support.removePropertyChangeListener(propertyChangeListener);
    }

    @Override // net.jxta.membership.MembershipService
    public void removePropertyChangeListener(String str, PropertyChangeListener propertyChangeListener) {
        this.support.removePropertyChangeListener(str, propertyChangeListener);
    }

    @Override // net.jxta.platform.Module
    public void init(PeerGroup peerGroup, ID id, Advertisement advertisement) throws PeerGroupException {
        this.group = peerGroup;
        this.assignedID = id;
        this.implAdvertisement = (ModuleImplAdvertisement) advertisement;
        StructuredDocument serviceParam = peerGroup.getConfigAdvertisement().getServiceParam(id);
        Object obj = null;
        if (null != serviceParam) {
            try {
                obj = AdvertisementFactory.newAdvertisement((XMLElement) serviceParam);
            } catch (NoSuchElementException e) {
            }
            if (!(obj instanceof PSEConfigAdv)) {
                throw new PeerGroupException("Provided Advertisement was not a " + PSEConfigAdv.getAdvertisementType());
            }
            this.config = (PSEConfigAdv) obj;
        } else {
            this.config = (PSEConfigAdv) AdvertisementFactory.newAdvertisement(PSEConfigAdv.getAdvertisementType());
        }
        this.peerSecurityEngine = PSESecurityEngineFactory.getDefault().getInstance(this, this.config);
        this.authenticatorEngine = PSEAuthenticatorEngineFactory.getDefault().getInstance(this, this.config);
        this.pseStore = new PSEConfig(PSEKeyStoreManagerFactory.getDefault().getInstance(this, this.config), null);
        if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) {
            StringBuilder sb = new StringBuilder("Configuring PSE Membership Service : " + id);
            sb.append("\n\tImplementation :");
            sb.append("\n\t\tModule Spec ID: " + this.implAdvertisement.getModuleSpecID());
            sb.append("\n\t\tImpl Description : " + this.implAdvertisement.getDescription());
            sb.append("\n\t\tImpl URI : " + this.implAdvertisement.getUri());
            sb.append("\n\t\tImpl Code : " + this.implAdvertisement.getCode());
            sb.append("\n\tGroup Params :");
            sb.append("\n\t\tGroup : " + peerGroup.getPeerGroupName());
            sb.append("\n\t\tGroup ID : " + peerGroup.getPeerGroupID());
            sb.append("\n\t\tPeer ID : " + peerGroup.getPeerID());
            sb.append("\n\tConfiguration :");
            sb.append("\n\t\tPSE state : " + (this.pseStore.isInitialized() ? "inited" : "new"));
            sb.append("\n\t\tPSE KeyStore location : " + (null != this.config.getKeyStoreLocation() ? this.config.getKeyStoreLocation().toString() : id.toString()));
            sb.append("\n\t\tPSE KeyStore type : " + (null != this.config.getKeyStoreType() ? this.config.getKeyStoreType() : "<default>"));
            sb.append("\n\t\tPSE KeyStore provider : " + (null != this.config.getKeyStoreProvider() ? this.config.getKeyStoreProvider() : "<default>"));
            LOG.config(sb.toString());
        }
        resign();
    }

    @Override // net.jxta.service.Service
    public Service getInterface() {
        return this;
    }

    @Override // net.jxta.service.Service
    public Advertisement getImplAdvertisement() {
        return this.implAdvertisement;
    }

    @Override // net.jxta.platform.Module
    public int startApp(String[] strArr) {
        if (!Logging.SHOW_INFO || !LOG.isLoggable(Level.INFO)) {
            return 0;
        }
        LOG.info("PSE Membmership Service started.");
        return 0;
    }

    @Override // net.jxta.platform.Module
    public void stopApp() {
        resign();
        if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
            LOG.info("PSE Membmership Service stopped.");
        }
    }

    public PeerGroup getGroup() {
        return this.group;
    }

    public ID getAssignedID() {
        return this.assignedID;
    }

    @Override // net.jxta.membership.MembershipService
    public Authenticator apply(AuthenticationCredential authenticationCredential) throws ProtocolNotSupportedException {
        boolean z;
        String method = authenticationCredential.getMethod();
        if (this.pseStore.isInitialized()) {
            X509Certificate certificate = this.config.getCertificate();
            if (null != certificate) {
                try {
                    Iterator it = Arrays.asList(this.pseStore.getTrustedCertsList()).iterator();
                    z = true;
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        ID id = (ID) it.next();
                        if (this.pseStore.isKey(id) && this.pseStore.getTrustedCertificate(id).equals(certificate)) {
                            z = false;
                            break;
                        }
                    }
                } catch (IOException e) {
                    z = false;
                } catch (KeyStoreException e2) {
                    z = false;
                }
            } else {
                z = false;
            }
        } else {
            z = true;
        }
        if ("StringAuthentication".equals(method)) {
            return z ? new StringAuthenticator(this, authenticationCredential, this.config.getCertificate(), this.config.getEncryptedPrivateKey()) : new StringAuthenticator(this, authenticationCredential);
        }
        if ("EngineAuthentication".equals(method)) {
            return this.pseStore.isInitialized() ? new EngineAuthenticator(this, authenticationCredential, this.authenticatorEngine) : new EngineAuthenticator(this, authenticationCredential, this.authenticatorEngine);
        }
        if ("DialogAuthentication".equals(method) || "InteractiveAuthentication".equals(method) || null == method) {
            return z ? new DialogAuthenticator(this, authenticationCredential, this.config.getCertificate(), this.config.getEncryptedPrivateKey()) : new DialogAuthenticator(this, authenticationCredential);
        }
        throw new ProtocolNotSupportedException("Authentication method not recognized");
    }

    @Override // net.jxta.membership.MembershipService
    public Credential getDefaultCredential() {
        return this.defaultCredential;
    }

    private void setDefaultCredential(PSECredential pSECredential) {
        PSECredential pSECredential2 = this.defaultCredential;
        synchronized (this) {
            this.defaultCredential = pSECredential;
        }
        if (Logging.SHOW_CONFIG && LOG.isLoggable(Level.CONFIG)) {
            LOG.config("New Default credential : " + pSECredential);
        }
        try {
            PeerAdvertisement peerAdvertisement = this.group.getPeerAdvertisement();
            if (null != pSECredential) {
                XMLDocument xMLDocument = (XMLDocument) StructuredDocumentFactory.newStructuredDocument(MimeMediaType.XMLUTF8, "Parm");
                Certificate certificate = new Certificate();
                certificate.setCertificates(pSECredential.getCertificateChain());
                StructuredDocumentUtils.copyElements(xMLDocument, xMLDocument, (XMLDocument) certificate.getDocument(MimeMediaType.XMLUTF8), "RootCert");
                peerAdvertisement.putServiceParam(PeerGroup.peerGroupClassID, xMLDocument);
            } else {
                peerAdvertisement.removeServiceParam(PeerGroup.peerGroupClassID);
            }
        } catch (Exception e) {
        }
        this.support.firePropertyChange(MembershipService.DEFAULT_CREDENTIAL_PROPERTY, pSECredential2, pSECredential);
    }

    @Override // net.jxta.membership.MembershipService
    public Enumeration<Credential> getCurrentCredentials() {
        return Collections.enumeration(new ArrayList(this.principals));
    }

    @Override // net.jxta.membership.MembershipService
    public Enumeration<AuthenticationCredential> getAuthCredentials() {
        return Collections.enumeration(new ArrayList(this.authCredentials));
    }

    /* JADX WARN: Finally extract failed */
    @Override // net.jxta.membership.MembershipService
    public Credential join(Authenticator authenticator) throws PeerGroupException {
        ID auth2Identity;
        if (this != authenticator.getSourceService()) {
            throw new ClassCastException("This is not my authenticator!");
        }
        if (!authenticator.isReadyForJoin()) {
            throw new PeerGroupException("Authenticator not ready to join!");
        }
        char[] cArr = null;
        char[] cArr2 = null;
        try {
            if (authenticator instanceof StringAuthenticator) {
                StringAuthenticator stringAuthenticator = (StringAuthenticator) authenticator;
                cArr = stringAuthenticator.getAuth1_KeyStorePassword();
                auth2Identity = stringAuthenticator.getAuth2Identity();
                cArr2 = stringAuthenticator.getAuth3_IdentityPassword();
            } else {
                if (!(authenticator instanceof EngineAuthenticator)) {
                    if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                        LOG.warning("I dont know how to deal with this authenticator " + authenticator);
                    }
                    throw new PeerGroupException("I dont know how to deal with this authenticator");
                }
                EngineAuthenticator engineAuthenticator = (EngineAuthenticator) authenticator;
                cArr = engineAuthenticator.getAuth1_KeyStorePassword();
                auth2Identity = engineAuthenticator.getAuth2Identity();
                cArr2 = engineAuthenticator.getAuth3_IdentityPassword();
            }
            if (null != cArr) {
                this.pseStore.setKeyStorePassword(cArr);
            }
            if (!this.pseStore.isInitialized()) {
                if (Logging.SHOW_INFO && LOG.isLoggable(Level.INFO)) {
                    LOG.info("Initializing the PSE key store.");
                }
                try {
                    this.pseStore.initialize();
                } catch (IOException e) {
                    throw new PeerGroupException("Could not initialize new PSE keystore.", e);
                } catch (KeyStoreException e2) {
                    throw new PeerGroupException("Could not initialize new PSE keystore.", e2);
                }
            }
            try {
                try {
                    if (!Arrays.asList(this.pseStore.getKeysList()).contains(auth2Identity)) {
                        X509Certificate[] certificateChain = this.config.getCertificateChain();
                        if (null == certificateChain) {
                            throw new IOException("Could not read root certificate chain");
                        }
                        PrivateKey privateKey = this.config.getPrivateKey(cArr2);
                        if (null == privateKey) {
                            throw new IOException("Could not read private key");
                        }
                        this.pseStore.setKey(auth2Identity, certificateChain, privateKey, cArr2);
                    }
                    try {
                        try {
                            X509Certificate[] trustedCertificateChain = this.pseStore.getTrustedCertificateChain(auth2Identity);
                            if (null == trustedCertificateChain) {
                                trustedCertificateChain = new X509Certificate[]{this.pseStore.getTrustedCertificate(auth2Identity)};
                                if (trustedCertificateChain[0] == null && this.authenticatorEngine != null) {
                                    trustedCertificateChain[0] = this.authenticatorEngine.getX509Certificate();
                                }
                            }
                            PSECredential pSECredential = new PSECredential(this, auth2Identity, CertificateFactory.getInstance("X.509").generateCertPath(Arrays.asList(trustedCertificateChain)), this.pseStore.getKey(auth2Identity, cArr2));
                            synchronized (this) {
                                this.principals.add(pSECredential);
                                this.authCredentials.add(authenticator.getAuthenticationCredential());
                            }
                            if (null != cArr) {
                                Arrays.fill(cArr, (char) 0);
                            }
                            if (null != cArr2) {
                                Arrays.fill(cArr2, (char) 0);
                            }
                            if (null == getDefaultCredential()) {
                                setDefaultCredential(pSECredential);
                            }
                            this.support.firePropertyChange(MembershipService.ADD_CREDENTIAL_PROPERTY, (Object) null, pSECredential);
                            return pSECredential;
                        } catch (CertificateException e3) {
                            if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                                LOG.log(Level.WARNING, "Could not create credential.", (Throwable) e3);
                            }
                            throw new PeerGroupException("Could not create credential.", e3);
                        }
                    } catch (IOException e4) {
                        if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                            LOG.log(Level.WARNING, "Could not create credential.", (Throwable) e4);
                        }
                        throw new PeerGroupException("Could not create credential.", e4);
                    } catch (KeyStoreException e5) {
                        if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                            LOG.log(Level.WARNING, "Could not create credential.", (Throwable) e5);
                        }
                        throw new PeerGroupException("Could not create credential.", e5);
                    }
                } catch (KeyStoreException e6) {
                    if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                        LOG.log(Level.WARNING, "Could not save new key pair.", (Throwable) e6);
                    }
                    throw new PeerGroupException("Could not save new key pair.", e6);
                }
            } catch (IOException e7) {
                if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
                    LOG.log(Level.WARNING, "Could not save new key pair.", (Throwable) e7);
                }
                throw new PeerGroupException("Could not save new key pair.", e7);
            }
        } catch (Throwable th) {
            if (null != cArr) {
                Arrays.fill(cArr, (char) 0);
            }
            if (null != cArr2) {
                Arrays.fill(cArr2, (char) 0);
            }
            throw th;
        }
    }

    @Override // net.jxta.membership.MembershipService
    public void resign() {
        Iterator it = Arrays.asList(this.principals.toArray()).iterator();
        synchronized (this) {
            this.principals.clear();
            this.authCredentials.clear();
        }
        setDefaultCredential(null);
        this.pseStore.setKeyStorePassword(null);
        while (it.hasNext()) {
            ((PSECredential) it.next()).setValid(false);
        }
    }

    @Override // net.jxta.membership.MembershipService
    public Credential makeCredential(Element element) {
        return new PSECredential(this, element);
    }

    public PSEConfig getPSEConfig() {
        return this.pseStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public X509Certificate[] generateServiceCertificate(ID id, PSECredential pSECredential) throws IOException, KeyStoreException, InvalidKeyException, SignatureException {
        if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
            LOG.fine("Generating new service cert for " + id);
        }
        PSEUtils.IssuerInfo generateCertificate = this.peerSecurityEngine.generateCertificate(pSECredential);
        X509Certificate[] x509CertificateArr = {generateCertificate.cert, generateCertificate.issuer};
        getPSEConfig().setKey(id, x509CertificateArr, generateCertificate.subjectPkey, null != generateCertificate.issuerPkey ? PSEUtils.base64Encode(this.peerSecurityEngine.sign(null, pSECredential, new ByteArrayInputStream(generateCertificate.issuerPkey.getEncoded())), false).toCharArray() : this.authenticatorEngine.getKeyPass(this.group));
        if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
            LOG.fine("Generated new service cert");
        }
        return x509CertificateArr;
    }

    public PSECredential getServiceCredential(ID id, PSECredential pSECredential) throws IOException, PeerGroupException, InvalidKeyException, SignatureException {
        PSECredential pSECredential2 = null;
        if (Logging.SHOW_FINE && LOG.isLoggable(Level.FINE)) {
            LOG.fine("Getting service redential for " + id);
        }
        Authenticator authenticator = null;
        if (null != this.authenticatorEngine) {
            try {
                authenticator = apply(new AuthenticationCredential(this.group, "EngineAuthentication", null));
            } catch (Exception e) {
            }
            if (null == authenticator) {
                return null;
            }
            EngineAuthenticator engineAuthenticator = (EngineAuthenticator) authenticator;
            engineAuthenticator.setAuth1_KeyStorePassword(this.authenticatorEngine.getStorePass(this.group));
            engineAuthenticator.setAuth2Identity(id);
            engineAuthenticator.setAuth3_IdentityPassword(this.authenticatorEngine.getKeyPass(this.group));
        } else {
            try {
                authenticator = apply(new AuthenticationCredential(this.group, "StringAuthentication", null));
            } catch (Exception e2) {
            }
            if (null == authenticator) {
                return null;
            }
            String base64Encode = PSEUtils.base64Encode(this.peerSecurityEngine.sign(null, pSECredential, new ByteArrayInputStream(pSECredential.getPrivateKey().getEncoded())), false);
            StringAuthenticator stringAuthenticator = (StringAuthenticator) authenticator;
            stringAuthenticator.setAuth1_KeyStorePassword((String) null);
            stringAuthenticator.setAuth2Identity(id);
            stringAuthenticator.setAuth3_IdentityPassword(base64Encode);
        }
        if (authenticator.isReadyForJoin()) {
            pSECredential2 = (PSECredential) join(authenticator);
        } else if (Logging.SHOW_WARNING && LOG.isLoggable(Level.WARNING)) {
            LOG.warning("Could not authenticate service credential");
        }
        return pSECredential2;
    }
}
