package com.adobe.granite.keystore.internal;

import com.adobe.granite.crypto.CryptoException;
import com.adobe.granite.crypto.CryptoSupport;
import com.adobe.granite.keystore.KeyStoreNotInitialisedException;
import com.adobe.granite.keystore.KeyStoreService;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.Enumeration;
import java.util.TimeZone;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.JcrUtils;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.sling.api.SlingIOException;
import org.apache.sling.api.resource.Resource;
import org.apache.sling.api.resource.ResourceResolver;
import org.apache.sling.api.resource.ResourceUtil;

/* loaded from: input_file:com/adobe/granite/keystore/internal/KeyStoreServiceImpl.class */
public class KeyStoreServiceImpl implements KeyStoreService {
    public static final String USER_KEYSTORE_FOLDER = "keystore";
    public static final String USER_KEYSTORE = "store.p12";
    public static final String TEMP_USER_KEYSTORE = "store.p12.tmp";
    public static final String TRUST_STORE_PATH = "/etc/truststore";
    public static final String TRUST_STORE = "/etc/truststore/truststore.p12";
    public static final String TEMP_TRUSTSTORE = "/etc/truststore/truststore.p12.tmp";
    public static final String JCR_PROP_KEYSTORE_PASSWORD = "keystorePassword";
    private static final char CHAR_DEFAULT = 0;
    private final CryptoSupport cryptoSupport;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/adobe/granite/keystore/internal/KeyStoreServiceImpl$KeyStoreTuple.class */
    public class KeyStoreTuple {
        final KeyStore keyStore;
        final char[] password;
        KeyStore.PasswordProtection protection;

        KeyStoreTuple(KeyStore keyStore, char[] cArr) {
            this.keyStore = keyStore;
            this.password = cArr;
        }

        KeyStore.PasswordProtection getPasswordProtection() {
            if (this.protection == null) {
                this.protection = new KeyStore.PasswordProtection(this.password);
            }
            return this.protection;
        }

        void clear() {
            KeyStoreServiceImpl.reset(this.password);
            if (this.protection != null) {
                try {
                    this.protection.destroy();
                } catch (DestroyFailedException e) {
                    throw new SecurityException(e);
                }
            }
        }
    }

    public KeyStoreServiceImpl(CryptoSupport cryptoSupport) {
        this.cryptoSupport = cryptoSupport;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyManager getKeyManager(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        KeyManager keyManager = null;
        KeyStore keyStore = getKeyStore(resourceResolver);
        try {
            User user = (User) resourceResolver.adaptTo(User.class);
            if (user != null) {
                String keyStorePathForUser = getKeyStorePathForUser(user, USER_KEYSTORE);
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                keyManagerFactory.init(keyStore, extractStorePassword(resourceResolver, keyStorePathForUser, this.cryptoSupport));
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                int length = keyManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    KeyManager keyManager2 = keyManagers[i];
                    if (keyManager2 instanceof X509KeyManager) {
                        keyManager = keyManager2;
                        break;
                    }
                    i++;
                }
            }
            return keyManager;
        } catch (SecurityException e) {
            throw e;
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore getKeyStore(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        return getKeyStore(resourceResolver, resourceResolver.getUserID());
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore getKeyStore(ResourceResolver resourceResolver, String str) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        return internalGetKeyStore(resourceResolver, str).keyStore;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public TrustManager getTrustManager(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        TrustManager trustManager = null;
        KeyStore trustStore = getTrustStore(resourceResolver);
        if (trustStore != null) {
            try {
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(trustStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                int i = 0;
                while (true) {
                    if (i >= length) {
                        break;
                    }
                    TrustManager trustManager2 = trustManagers[i];
                    if (trustManager2 instanceof X509TrustManager) {
                        trustManager = trustManager2;
                        break;
                    }
                    i++;
                }
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        }
        return trustManager;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore getTrustStore(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException {
        return internalGetTrustStore(resourceResolver).keyStore;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public void changeKeyStorePassword(ResourceResolver resourceResolver, String str, char[] cArr, char[] cArr2) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        User retrieveUser = retrieveUser(resourceResolver, str);
        String keyStorePathForUser = getKeyStorePathForUser(retrieveUser, USER_KEYSTORE);
        if (resourceResolver.getResource(keyStorePathForUser) != null) {
            char[] extractStorePassword = extractStorePassword(resourceResolver, keyStorePathForUser, this.cryptoSupport);
            try {
                try {
                    if (!Arrays.equals(cArr, extractStorePassword)) {
                        throw new SecurityException("The provided current password does not match the keystore's password.");
                    }
                    KeyStore keyStore = getKeyStore(resourceResolver, str);
                    String keyStorePathForUser2 = getKeyStorePathForUser(retrieveUser, TEMP_USER_KEYSTORE);
                    Resource createKeyStoreResource = createKeyStoreResource(resourceResolver, keyStorePathForUser2, cArr2);
                    if (createKeyStoreResource != null) {
                        ((Node) createKeyStoreResource.getParent().adaptTo(Node.class)).setProperty(JCR_PROP_KEYSTORE_PASSWORD, this.cryptoSupport.protect(new String(cArr2)));
                        GraniteKeyStore graniteKeyStore = new GraniteKeyStore(createKeyStoreResource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(cArr2)), this.cryptoSupport);
                        Enumeration<String> aliases = keyStore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            KeyStore.Entry entry = keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(cArr));
                            if (entry instanceof KeyStore.PrivateKeyEntry) {
                                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                                graniteKeyStore.setKeyEntry(nextElement, privateKeyEntry.getPrivateKey(), cArr2, privateKeyEntry.getCertificateChain());
                            } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
                                graniteKeyStore.setCertificateEntry(nextElement, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
                            }
                        }
                        Session session = (Session) resourceResolver.adaptTo(Session.class);
                        session.removeItem(keyStorePathForUser);
                        session.save();
                        session.move(keyStorePathForUser2, keyStorePathForUser);
                        session.save();
                    }
                } catch (RepositoryException e) {
                    throw new SlingIOException(new IOException((Throwable) e));
                } catch (Exception e2) {
                    throw new SecurityException(e2);
                } catch (AccessDeniedException e3) {
                    throw new SecurityException((Throwable) e3);
                }
            } finally {
                reset(extractStorePassword);
            }
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public void changeTrustStorePassword(ResourceResolver resourceResolver, char[] cArr, char[] cArr2) throws KeyStoreNotInitialisedException {
        if (resourceResolver.getResource(TRUST_STORE) != null) {
            char[] extractStorePassword = extractStorePassword(resourceResolver, TRUST_STORE, this.cryptoSupport);
            try {
                try {
                    try {
                        if (!compareSecure(new String(cArr), new String(extractStorePassword))) {
                            throw new SecurityException("The provided current password does not match the truststore's password.");
                        }
                        KeyStore trustStore = getTrustStore(resourceResolver);
                        Resource createKeyStoreResource = createKeyStoreResource(resourceResolver, TEMP_TRUSTSTORE, cArr2);
                        if (createKeyStoreResource != null) {
                            ((Node) createKeyStoreResource.getParent().adaptTo(Node.class)).setProperty(JCR_PROP_KEYSTORE_PASSWORD, this.cryptoSupport.protect(new String(cArr2)));
                            GraniteKeyStore graniteKeyStore = new GraniteKeyStore(createKeyStoreResource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(cArr2)), this.cryptoSupport);
                            Enumeration<String> aliases = trustStore.aliases();
                            while (aliases.hasMoreElements()) {
                                String nextElement = aliases.nextElement();
                                KeyStore.Entry entry = trustStore.getEntry(nextElement, new KeyStore.PasswordProtection(cArr));
                                if (entry instanceof KeyStore.TrustedCertificateEntry) {
                                    graniteKeyStore.setCertificateEntry(nextElement, ((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate());
                                }
                            }
                            Session session = (Session) resourceResolver.adaptTo(Session.class);
                            session.removeItem(TRUST_STORE);
                            session.save();
                            session.move(TEMP_TRUSTSTORE, TRUST_STORE);
                            protectTrustStore(session);
                            session.save();
                        }
                    } catch (AccessDeniedException e) {
                        throw new SecurityException((Throwable) e);
                    }
                } catch (Exception e2) {
                    throw new SecurityException(e2);
                } catch (RepositoryException e3) {
                    throw new SlingIOException(new IOException((Throwable) e3));
                }
            } finally {
                reset(extractStorePassword);
            }
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public void addKeyStoreKeyPair(ResourceResolver resourceResolver, String str, KeyPair keyPair, String str2) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        if (resourceResolver == null || str == null || keyPair == null || str2 == null) {
            throw new IllegalArgumentException();
        }
        KeyStoreTuple internalGetKeyStore = internalGetKeyStore(resourceResolver, str);
        try {
            try {
                setKeyPair(internalGetKeyStore.keyStore, keyPair, str2, internalGetKeyStore.password);
                internalGetKeyStore.clear();
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        } catch (Throwable th) {
            internalGetKeyStore.clear();
            throw th;
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyPair getKeyStoreKeyPair(ResourceResolver resourceResolver, String str, String str2) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        if (resourceResolver == null || str == null || str2 == null) {
            throw new IllegalArgumentException();
        }
        KeyStoreTuple internalGetKeyStore = internalGetKeyStore(resourceResolver, str);
        try {
            try {
                KeyPair keyPair = getKeyPair(internalGetKeyStore.keyStore, str2, internalGetKeyStore.getPasswordProtection());
                internalGetKeyStore.clear();
                return keyPair;
            } catch (Exception e) {
                throw new SecurityException(e);
            }
        } catch (Throwable th) {
            internalGetKeyStore.clear();
            throw th;
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore createKeyStore(ResourceResolver resourceResolver, String str, char[] cArr) throws SlingIOException, SecurityException, IllegalArgumentException {
        if (resourceResolver == null) {
            throw new IllegalArgumentException("Cannot create a key store with a null resource resolver.");
        }
        if (str == null || str.length() == 0) {
            throw new IllegalArgumentException("Cannot create a key store for an empty userId.");
        }
        if (cArr == null || cArr.length == 0) {
            throw new IllegalArgumentException("Cannot create a key store with an empty password.");
        }
        try {
            Resource createKeyStoreResource = createKeyStoreResource(resourceResolver, getKeyStorePathForUser(retrieveUser(resourceResolver, str), USER_KEYSTORE), cArr);
            if (createKeyStoreResource == null) {
                throw new IOException("Cannot create key store for user " + str);
            }
            return new GraniteKeyStore(createKeyStoreResource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(cArr)), this.cryptoSupport);
        } catch (UnsupportedEncodingException e) {
            throw new SlingIOException(e);
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore createKeyStore(ResourceResolver resourceResolver, char[] cArr) throws SlingIOException, SecurityException, IllegalArgumentException {
        if (resourceResolver == null) {
            throw new IllegalArgumentException("Cannot create a key store with a null resource resolver.");
        }
        return createKeyStore(resourceResolver, resourceResolver.getUserID(), cArr);
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore createTrustStore(ResourceResolver resourceResolver, char[] cArr) throws SlingIOException, SecurityException, IllegalArgumentException {
        try {
            Resource createKeyStoreResource = createKeyStoreResource(resourceResolver, TRUST_STORE, cArr);
            if (createKeyStoreResource == null) {
                throw new IOException("Uninitialised system trust store.");
            }
            return new GraniteKeyStore(createKeyStoreResource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(cArr)), this.cryptoSupport);
        } catch (IOException e) {
            throw new SlingIOException(e);
        } catch (Exception e2) {
            throw new SecurityException(e2);
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public boolean keyStoreExists(ResourceResolver resourceResolver, String str) {
        return resourceResolver.getResource(getKeyStorePathForUser(retrieveUser(resourceResolver, str), USER_KEYSTORE)) != null;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public boolean trustStoreExists(ResourceResolver resourceResolver) {
        return resourceResolver.getResource(TRUST_STORE) != null;
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public void addKeyStoreKeyEntry(ResourceResolver resourceResolver, String str, String str2, Key key, Certificate[] certificateArr) throws SecurityException, KeyStoreNotInitialisedException {
        KeyStoreTuple keyStoreTuple = null;
        try {
            try {
                try {
                    for (Certificate certificate : certificateArr) {
                        ((X509Certificate) certificate).checkValidity();
                    }
                    keyStoreTuple = internalGetKeyStore(resourceResolver, str);
                    keyStoreTuple.keyStore.setKeyEntry(str2, key, keyStoreTuple.password, certificateArr);
                    if (keyStoreTuple != null) {
                        keyStoreTuple.clear();
                    }
                } catch (CertificateExpiredException e) {
                    throw new SecurityException(e);
                }
            } catch (KeyStoreException e2) {
                throw new SecurityException(e2);
            } catch (CertificateNotYetValidException e3) {
                throw new SecurityException(e3);
            }
        } catch (Throwable th) {
            if (keyStoreTuple != null) {
                keyStoreTuple.clear();
            }
            throw th;
        }
    }

    @Override // com.adobe.granite.keystore.KeyStoreService
    public KeyStore.Entry getKeyStoreEntry(ResourceResolver resourceResolver, String str, String str2) throws SecurityException, KeyStoreNotInitialisedException {
        KeyStoreTuple keyStoreTuple = null;
        try {
            try {
                try {
                    keyStoreTuple = internalGetKeyStore(resourceResolver, str);
                    KeyStore.Entry entry = keyStoreTuple.keyStore.getEntry(str2, keyStoreTuple.getPasswordProtection());
                    if (keyStoreTuple != null) {
                        keyStoreTuple.clear();
                    }
                    return entry;
                } catch (KeyStoreException e) {
                    throw new SecurityException(e);
                }
            } catch (NoSuchAlgorithmException e2) {
                throw new SecurityException(e2);
            } catch (UnrecoverableEntryException e3) {
                throw new SecurityException(e3);
            }
        } catch (Throwable th) {
            if (keyStoreTuple != null) {
                keyStoreTuple.clear();
            }
            throw th;
        }
    }

    public static final void protectTrustStore(Session session) throws RepositoryException {
        AccessControlUtils.denyAllToEveryone(session, TRUST_STORE_PATH);
        AccessControlUtils.addAccessControlEntry(session, TRUST_STORE_PATH, AccessControlUtils.getEveryonePrincipal(session), new String[]{"{http://www.jcp.org/jcr/1.0}read"}, true);
    }

    private KeyStoreTuple internalGetKeyStore(ResourceResolver resourceResolver, String str) throws SlingIOException, SecurityException, KeyStoreNotInitialisedException {
        if (resourceResolver == null) {
            throw new IllegalArgumentException("The resource resolver cannot be null");
        }
        if (str == null) {
            throw new IllegalArgumentException("The userId cannot be null");
        }
        String keyStorePathForUser = getKeyStorePathForUser(retrieveUser(resourceResolver, str), USER_KEYSTORE);
        try {
            Resource resource = resourceResolver.getResource(keyStorePathForUser);
            if (resource == null) {
                throw new KeyStoreNotInitialisedException("Uninitialised key store for user " + str);
            }
            char[] extractStorePassword = extractStorePassword(resourceResolver, keyStorePathForUser, this.cryptoSupport);
            return new KeyStoreTuple(new GraniteKeyStore(resource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(extractStorePassword)), this.cryptoSupport), extractStorePassword);
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        } catch (CryptoException e2) {
            throw new SecurityException((Throwable) e2);
        } catch (UnsupportedEncodingException e3) {
            throw new SlingIOException(e3);
        } catch (IOException e4) {
            throw new SlingIOException(e4);
        } catch (NoSuchAlgorithmException e5) {
            throw new SecurityException(e5);
        } catch (NoSuchProviderException e6) {
            throw new SecurityException(e6);
        } catch (CertificateException e7) {
            throw new SecurityException(e7);
        }
    }

    private KeyStoreTuple internalGetTrustStore(ResourceResolver resourceResolver) throws SlingIOException, SecurityException, IllegalArgumentException, KeyStoreNotInitialisedException {
        if (resourceResolver == null) {
            throw new IllegalArgumentException("The resource resolver cannot be null.");
        }
        try {
            Resource resource = resourceResolver.getResource(TRUST_STORE);
            if (resource == null) {
                throw new KeyStoreNotInitialisedException("Uninitialised system trust store.");
            }
            char[] extractStorePassword = extractStorePassword(resourceResolver, TRUST_STORE, this.cryptoSupport);
            return new KeyStoreTuple(new GraniteKeyStore(resource, KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME), this.cryptoSupport.protect(new String(extractStorePassword)), this.cryptoSupport), extractStorePassword);
        } catch (IOException e) {
            throw new SlingIOException(e);
        } catch (KeyStoreException e2) {
            throw new SecurityException(e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new SecurityException(e3);
        } catch (NoSuchProviderException e4) {
            throw new SecurityException(e4);
        } catch (CertificateException e5) {
            throw new SecurityException(e5);
        } catch (CryptoException e6) {
            throw new SecurityException((Throwable) e6);
        }
    }

    private Resource createKeyStoreResource(ResourceResolver resourceResolver, String str, char[] cArr) throws SecurityException, SlingIOException {
        try {
            Resource resource = resourceResolver.getResource(str);
            if (resource != null) {
                return resource;
            }
            String substring = str.substring(0, str.lastIndexOf(47));
            String substring2 = str.substring(str.lastIndexOf(47) + 1, str.length());
            Session session = (Session) resourceResolver.adaptTo(Session.class);
            Resource firstAccessibleResource = getFirstAccessibleResource(resourceResolver, substring);
            if (firstAccessibleResource == null) {
                return null;
            }
            String path = firstAccessibleResource.getPath();
            Node orCreateByPath = !substring.equals(path) ? JcrUtils.getOrCreateByPath((Node) firstAccessibleResource.adaptTo(Node.class), substring.substring(path.length() + 1, substring.length()), false, "sling:Folder", "sling:Folder", false) : (Node) firstAccessibleResource.adaptTo(Node.class);
            Node orAddNode = JcrUtils.getOrAddNode(JcrUtils.getOrAddNode(orCreateByPath, substring2, "nt:file"), "jcr:content", "nt:resource");
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            KeyStore keyStore = KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME);
            keyStore.load(null, null);
            keyStore.store(byteArrayOutputStream, cArr);
            orAddNode.setProperty("jcr:data", session.getValueFactory().createBinary(new ByteArrayInputStream(byteArrayOutputStream.toByteArray())));
            if (TRUST_STORE.equals(str)) {
                protectTrustStore(session);
            }
            orCreateByPath.setProperty(JCR_PROP_KEYSTORE_PASSWORD, this.cryptoSupport.protect(new String(cArr)));
            session.save();
            return resourceResolver.getResource(str);
        } catch (Exception e) {
            throw new SecurityException(e);
        } catch (AccessDeniedException e2) {
            throw new SecurityException((Throwable) e2);
        } catch (RepositoryException e3) {
            throw new SlingIOException(new IOException((Throwable) e3));
        } catch (IOException e4) {
            throw new SlingIOException(e4);
        }
    }

    private Resource getFirstAccessibleResource(ResourceResolver resourceResolver, String str) {
        Resource resource = null;
        while (resource == null && !"/".equals(str)) {
            resource = resourceResolver.getResource(str);
            str = ResourceUtil.getParent(str);
        }
        if (resource == null && "/".equals(str)) {
            resource = resourceResolver.getResource("/");
        }
        return resource;
    }

    private static String getKeyStorePathForUser(User user, String str) throws SlingIOException {
        try {
            return user.getPath() + "/" + USER_KEYSTORE_FOLDER + "/" + str;
        } catch (RepositoryException e) {
            throw new SlingIOException(new IOException((Throwable) e));
        }
    }

    private static char[] extractStorePassword(ResourceResolver resourceResolver, String str, CryptoSupport cryptoSupport) throws SecurityException {
        Resource resource = resourceResolver.getResource(str);
        if (resource == null) {
            return null;
        }
        try {
            Property property = ((Node) resource.getParent().adaptTo(Node.class)).getProperty(JCR_PROP_KEYSTORE_PASSWORD);
            if (property != null) {
                return cryptoSupport.unprotect(property.getString()).toCharArray();
            }
            throw new SecurityException("Missing 'keystorePassword' property on " + ResourceUtil.getParent(str));
        } catch (CryptoException e) {
            throw new SecurityException((Throwable) e);
        } catch (RepositoryException e2) {
            throw new SecurityException((Throwable) e2);
        }
    }

    private static User retrieveUser(ResourceResolver resourceResolver, String str) throws IllegalArgumentException, SlingIOException {
        UserManager userManager = (UserManager) resourceResolver.adaptTo(UserManager.class);
        if (userManager == null) {
            throw new IllegalArgumentException("Cannot obtain a UserManager for the given resource resolver.");
        }
        try {
            User authorizable = userManager.getAuthorizable(str);
            if (authorizable == null || authorizable.isGroup()) {
                throw new IllegalArgumentException("The provided userId does not identify an existing user.");
            }
            return authorizable;
        } catch (RepositoryException e) {
            throw new SlingIOException(new IOException((Throwable) e));
        }
    }

    protected KeyPair getKeyPair(KeyStore keyStore, String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, UnrecoverableEntryException, NoSuchAlgorithmException {
        if (!keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
            return null;
        }
        KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, protectionParameter);
        return new KeyPair(privateKeyEntry.getCertificate().getPublicKey(), privateKeyEntry.getPrivateKey());
    }

    protected void setKeyPair(KeyStore keyStore, KeyPair keyPair, String str, char[] cArr) throws CryptoException, KeyStoreException {
        X500Principal principal = getPrincipal(str);
        Date date = new Date();
        Calendar utcCalendar = getUtcCalendar(date);
        Calendar utcCalendar2 = getUtcCalendar(date);
        utcCalendar2.add(1, 10);
        keyStore.setKeyEntry(str, keyPair.getPrivate(), cArr, new Certificate[]{this.cryptoSupport.sign((Certificate) null, keyPair, principal, utcCalendar.getTimeInMillis(), utcCalendar2.getTimeInMillis())});
    }

    /* JADX WARN: Multi-variable type inference failed */
    boolean compareSecure(String str, String str2) {
        if (str == null || str2 == null) {
            return str == null && str2 == null;
        }
        int length = str.length();
        if (length != str2.length()) {
            return false;
        }
        if (length == 0) {
            return true;
        }
        Object[] objArr = false;
        for (int i = 0; i < length; i++) {
            objArr = (objArr == true ? 1 : 0) | (str.charAt(i) ^ str2.charAt(i)) ? 1 : 0;
        }
        return objArr == false;
    }

    private X500Principal getPrincipal(String str) {
        return new X500Principal(String.format("O=INTERNAL,CN=%s", str));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void reset(char[] cArr) {
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
    }

    private Calendar getUtcCalendar(Date date) {
        Calendar calendar = Calendar.getInstance(TimeZone.getTimeZone("UTC"));
        calendar.setTime(date);
        return calendar;
    }
}
