package com.liferay.lcs.client.internal.advisor;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.liferay.lcs.activation.LCSClusterEntryTokenContentAdvisor;
import com.liferay.lcs.client.advisor.LCSClusterEntryTokenAdvisor;
import com.liferay.lcs.client.configuration.LCSConfiguration;
import com.liferay.lcs.client.configuration.LCSConfigurationProvider;
import com.liferay.lcs.client.event.LCSEvent;
import com.liferay.lcs.client.event.LCSEventListener;
import com.liferay.lcs.client.exception.LCSClusterEntryTokenDecryptException;
import com.liferay.lcs.client.exception.MissingLCSClusterEntryTokenException;
import com.liferay.lcs.client.exception.MultipleLCSClusterEntryTokenException;
import com.liferay.lcs.client.internal.event.LCSEventManager;
import com.liferay.lcs.client.internal.exception.LCSKeystoreException;
import com.liferay.lcs.client.platform.portal.LCSClusterEntryToken;
import com.liferay.lcs.security.KeyStoreAdvisor;
import com.liferay.lcs.security.KeyStoreFactory;
import com.liferay.petra.encryptor.Encryptor;
import com.liferay.petra.encryptor.EncryptorException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.util.ArrayUtil;
import com.liferay.portal.kernel.util.FileUtil;
import com.liferay.portal.kernel.util.PropsUtil;
import com.liferay.portal.kernel.util.StringBundler;
import java.io.File;
import java.io.FilenameFilter;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.security.cert.Certificate;
import javax.crypto.spec.SecretKeySpec;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(service = {LCSClusterEntryTokenAdvisor.class})
/* loaded from: input_file:com/liferay/lcs/client/internal/advisor/LCSClusterEntryTokenAdvisorImpl.class */
public class LCSClusterEntryTokenAdvisorImpl implements LCSClusterEntryTokenAdvisor, LCSEventListener {
    private static final Log _log = LogFactoryUtil.getLog(LCSClusterEntryTokenAdvisorImpl.class);
    private String _keyName;
    private String _keyStorePath;
    private String _keyStoreType;
    private String _lcsAccessSecret;
    private String _lcsAccessToken;
    private long _lcsClusterEntryId;
    private long _lcsClusterEntryTokenId;

    @Reference
    private LCSConfigurationProvider _lcsConfigurationProvider;

    @Reference
    private LCSEventManager _lcsEventManager;
    private String _portalPropertiesBlacklist;

    public LCSClusterEntryTokenAdvisorImpl() {
    }

    public LCSClusterEntryTokenAdvisorImpl(LCSConfigurationProvider lCSConfigurationProvider, LCSEventManager lCSEventManager) {
        this._lcsConfigurationProvider = lCSConfigurationProvider;
        this._lcsEventManager = lCSEventManager;
        _initLCSEventManager();
    }

    @Activate
    public void activate() {
        LCSConfiguration lCSConfiguration = this._lcsConfigurationProvider.getLCSConfiguration();
        this._keyName = lCSConfiguration.digitalSignatureKeyName();
        this._keyStorePath = lCSConfiguration.digitalSignatureKeyStorePath();
        this._keyStoreType = lCSConfiguration.digitalSignatureKeyStoreType();
        _initLCSEventManager();
    }

    public String getLCSAccessSecret() {
        return this._lcsAccessSecret;
    }

    public String getLCSAccessToken() {
        return this._lcsAccessToken;
    }

    public long getLcsClusterEntryId() {
        return this._lcsClusterEntryId;
    }

    public long getLcsClusterEntryTokenId() {
        return this._lcsClusterEntryTokenId;
    }

    public String getPortalPropertiesBlacklist() {
        return this._portalPropertiesBlacklist;
    }

    public void onLCSEvent(LCSEvent lCSEvent) {
        if (lCSEvent == LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_CHECK_TOKEN_CORRUPTED || lCSEvent == LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_ENVIRONMENT_MISMATCH || lCSEvent == LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALID || lCSEvent == LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALID_USER_CREDENTIALS || lCSEvent == LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALIDATED || lCSEvent == LCSEvent.LCS_CLUSTER_NODE_UNREGISTERED) {
            _deleteLCSCLusterEntryTokenFile();
        }
    }

    public LCSClusterEntryToken processLCSClusterEntryToken() throws IOException, LCSClusterEntryTokenDecryptException, MissingLCSClusterEntryTokenException, MultipleLCSClusterEntryTokenException {
        LCSClusterEntryToken _processLCSClusterEntryTokenFile = _processLCSClusterEntryTokenFile(610);
        LCSClusterEntryTokenContentAdvisor lCSClusterEntryTokenContentAdvisor = new LCSClusterEntryTokenContentAdvisor(_processLCSClusterEntryTokenFile.getContent());
        this._lcsAccessSecret = lCSClusterEntryTokenContentAdvisor.getAccessSecret();
        this._lcsAccessToken = lCSClusterEntryTokenContentAdvisor.getAccessToken();
        this._lcsClusterEntryId = _processLCSClusterEntryTokenFile.getLcsClusterEntryId();
        this._lcsClusterEntryTokenId = _processLCSClusterEntryTokenFile.getLcsClusterEntryTokenId();
        this._portalPropertiesBlacklist = lCSClusterEntryTokenContentAdvisor.getPortalPropertiesBlacklist();
        return _processLCSClusterEntryTokenFile;
    }

    protected String decrypt(byte[] bArr, int i) throws EncryptorException {
        byte[] decryptUnencodedAsBytes;
        KeyStore _getLCSKeystore = _getLCSKeystore();
        PublicKey publicKey = _getCertificate(_getLCSKeystore, this._keyName).getPublicKey();
        byte[] subset = ArrayUtil.subset(bArr, 0, 256);
        try {
            if (_log.isDebugEnabled()) {
                _log.debug("Decrypting environment token with default key " + this._keyName);
            }
            decryptUnencodedAsBytes = Encryptor.decryptUnencodedAsBytes(publicKey, subset);
        } catch (EncryptorException e) {
            try {
                this._keyName = new KeyStoreAdvisor().getKeyAlias(i, this._keyName, _getLCSKeystore);
                if (_log.isDebugEnabled()) {
                    _log.debug("Decrypting environment token with key " + this._keyName);
                }
                decryptUnencodedAsBytes = Encryptor.decryptUnencodedAsBytes(_getCertificate(_getLCSKeystore, this._keyName).getPublicKey(), subset);
            } catch (Exception e2) {
                throw new LCSKeystoreException("Unable to resolve key store certificate entry for LCS portlet build number " + i, e2);
            }
        }
        return Encryptor.decryptUnencodedAsString(new SecretKeySpec(decryptUnencodedAsBytes, "AES"), ArrayUtil.subset(bArr, 256, bArr.length));
    }

    protected String getLCSClusterEntryTokenFileName() throws MissingLCSClusterEntryTokenException, MultipleLCSClusterEntryTokenException {
        StringBundler stringBundler = new StringBundler(5);
        stringBundler.append(_getLiferayHome());
        stringBundler.append(File.separatorChar);
        stringBundler.append("data");
        String[] list = new File(stringBundler.toString()).list(new FilenameFilter() { // from class: com.liferay.lcs.client.internal.advisor.LCSClusterEntryTokenAdvisorImpl.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file, String str) {
                return str.startsWith("lcs-aatf");
            }
        });
        if (list.length == 0) {
            throw new MissingLCSClusterEntryTokenException("The environment token file is missing. Please download a token file from LCS and place it in " + stringBundler.toString());
        }
        if (list.length > 1) {
            throw new MultipleLCSClusterEntryTokenException("There are multiple environment token files. Only one is allowed.");
        }
        stringBundler.append(File.separatorChar);
        stringBundler.append(list[0]);
        return stringBundler.toString();
    }

    private void _deleteLCSCLusterEntryTokenFile() {
        _resetAttributes();
        if (_log.isDebugEnabled()) {
            _log.debug("Deleting environment token file");
        }
        try {
            FileUtil.delete(getLCSClusterEntryTokenFileName());
            if (_log.isWarnEnabled()) {
                _log.warn("Deleted environment token file");
            }
        } catch (MultipleLCSClusterEntryTokenException e) {
            _log.error(e.getMessage());
        } catch (MissingLCSClusterEntryTokenException e2) {
            _log.error(e2.getMessage());
        }
    }

    private Certificate _getCertificate(KeyStore keyStore, String str) {
        try {
            return keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new LCSKeystoreException("Unable to locate LCS certificate " + str, e);
        }
    }

    private KeyStore _getLCSKeystore() {
        try {
            return KeyStoreFactory.getInstance(this._keyStorePath, this._keyStoreType, "_k3y#5t0r3-p45S");
        } catch (Exception e) {
            throw new LCSKeystoreException("Unable to instantiate LCS keystore", e);
        }
    }

    private String _getLiferayHome() {
        String str = PropsUtil.get("liferay.home");
        return str.endsWith(File.separator) ? str.substring(0, str.length() - 1) : str;
    }

    private void _initLCSEventManager() {
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_CHECK_TOKEN_CORRUPTED, this);
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_ENVIRONMENT_MISMATCH, this);
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALID, this);
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALID_USER_CREDENTIALS, this);
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_ENTRY_TOKEN_INVALIDATED, this);
        this._lcsEventManager.subscribe(LCSEvent.LCS_CLUSTER_NODE_UNREGISTERED, this);
    }

    private LCSClusterEntryToken _processLCSClusterEntryTokenFile(int i) throws IOException, LCSClusterEntryTokenDecryptException, MissingLCSClusterEntryTokenException, MultipleLCSClusterEntryTokenException {
        if (_log.isDebugEnabled()) {
            _log.debug("Processing the environment token file");
        }
        try {
            return (LCSClusterEntryToken) new ObjectMapper().readValue(decrypt(FileUtil.getBytes(new File(getLCSClusterEntryTokenFileName())), i), LCSClusterEntryToken.class);
        } catch (EncryptorException e) {
            throw new LCSClusterEntryTokenDecryptException("Unable to decrypt environment token file. Please regenerate, download, and install a new token.", e);
        }
    }

    private void _resetAttributes() {
        if (_log.isDebugEnabled()) {
            _log.debug("Resetting the environment token attributes");
        }
        this._portalPropertiesBlacklist = null;
        this._lcsAccessToken = null;
        this._lcsAccessSecret = null;
        this._lcsClusterEntryTokenId = 0L;
        this._lcsClusterEntryId = 0L;
    }
}
