package com.terracotta.management.keychain;

import com.terracotta.management.keychain.crypto.AesEnigmaMachine;
import com.terracotta.management.keychain.crypto.EnigmaMachine;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.RandomAccessFile;
import java.net.URL;
import java.nio.channels.FileLock;
import java.util.HashMap;
import java.util.Map;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantReadWriteLock;

/* loaded from: input_file:WEB-INF/lib/security-keychain-1.0.6.jar:com/terracotta/management/keychain/FileStoreKeyChain.class */
public class FileStoreKeyChain implements KeyChain {
    private final EnigmaMachine enigmaMachine;
    private final File file;
    private final Lock readLock;
    private final Lock writeLock;
    private volatile Map<KeyName, byte[]> store;
    private byte[] masterKey;

    public static FileStoreKeyChain createNewKeyStore(EnigmaMachine enigmaMachine, File file) throws IOException {
        return createNewKeyStore(enigmaMachine, file, null);
    }

    public static FileStoreKeyChain createNewKeyStore(EnigmaMachine enigmaMachine, File file, byte[] bArr) throws IOException {
        if (file.getParentFile() != null && !file.getParentFile().mkdirs() && !file.getParentFile().exists()) {
            throw new IOException("Couldn't create the parent directory/ies: " + file.getParentFile().getAbsolutePath());
        }
        if (!file.createNewFile()) {
            throw new IllegalStateException("File exists already!");
        }
        FileStoreKeyChain fileStoreKeyChain = new FileStoreKeyChain(enigmaMachine, file);
        if (bArr != null) {
            fileStoreKeyChain.masterKey = bArr;
            fileStoreKeyChain.writeStoreToFile();
            fileStoreKeyChain.lock();
        }
        return fileStoreKeyChain;
    }

    public FileStoreKeyChain(URL url) {
        this(new AesEnigmaMachine(), new File(url.getFile()));
    }

    public FileStoreKeyChain(EnigmaMachine enigmaMachine, File file) {
        ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
        this.readLock = reentrantReadWriteLock.readLock();
        this.writeLock = reentrantReadWriteLock.writeLock();
        this.enigmaMachine = enigmaMachine;
        if (!file.exists() || !file.canRead() || !file.isFile()) {
            throw new IllegalArgumentException(file + " doesn't point to a valid file");
        }
        this.file = file;
    }

    @Override // com.terracotta.management.keychain.KeyChain
    public byte[] getPassword(byte[] bArr, KeyName keyName) {
        this.readLock.lock();
        try {
            verifyUnlocked();
            byte[] bArr2 = this.store.get(keyName);
            return bArr2 != null ? this.enigmaMachine.decrypt(bArr, bArr2) : null;
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // com.terracotta.management.keychain.KeyChain
    public boolean storePassword(byte[] bArr, KeyName keyName, byte[] bArr2) {
        this.writeLock.lock();
        try {
            try {
                verifyUnlocked();
                byte[] put = this.store.put(keyName, this.enigmaMachine.encrypt(bArr, bArr2));
                writeStoreToFile();
                return put == null;
            } catch (IOException e) {
                resetInMemoryData();
                throw new RuntimeException("Couldn't write to file " + this.file, e);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // com.terracotta.management.keychain.KeyChain
    public boolean removePassword(KeyName keyName) {
        this.writeLock.lock();
        try {
            try {
                verifyUnlocked();
                boolean z = this.store.remove(keyName) != null;
                writeStoreToFile();
                this.writeLock.unlock();
                return z;
            } catch (IOException e) {
                resetInMemoryData();
                throw new RuntimeException("Couldn't write to file " + this.file, e);
            }
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    private void resetInMemoryData() {
        byte[] bArr = this.masterKey;
        lock();
        unlock(bArr);
    }

    @Override // com.terracotta.management.keychain.KeyChain
    public void lock() {
        this.writeLock.lock();
        try {
            this.masterKey = null;
            this.store = null;
            this.writeLock.unlock();
        } catch (Throwable th) {
            this.writeLock.unlock();
            throw th;
        }
    }

    @Override // com.terracotta.management.keychain.KeyChain
    public void unlock(byte[] bArr) {
        this.writeLock.lock();
        try {
            try {
                this.masterKey = bArr;
                if (this.file.length() > 0) {
                    this.store = readStoreFromFile();
                    if (this.store == null) {
                        this.store = new HashMap();
                    }
                } else {
                    this.store = new HashMap();
                }
            } catch (Exception e) {
                throw new RuntimeException("Couldn't read from file " + this.file, e);
            }
        } finally {
            this.writeLock.unlock();
        }
    }

    private Map<KeyName, byte[]> readStoreFromFile() throws ClassNotFoundException, IOException {
        RandomAccessFile randomAccessFile = new RandomAccessFile(this.file, "rw");
        try {
            FileLock lock = randomAccessFile.getChannel().lock();
            try {
                byte[] bArr = new byte[(int) randomAccessFile.length()];
                randomAccessFile.readFully(bArr);
                lock.release();
                return deserializeStore(this.enigmaMachine.decrypt(this.masterKey, bArr));
            } catch (Throwable th) {
                lock.release();
                throw th;
            }
        } finally {
            randomAccessFile.close();
        }
    }

    private Map<KeyName, byte[]> deserializeStore(byte[] bArr) throws IOException, ClassNotFoundException {
        ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(bArr));
        try {
            Map<KeyName, byte[]> map = (Map) objectInputStream.readObject();
            objectInputStream.close();
            return map;
        } catch (Throwable th) {
            objectInputStream.close();
            throw th;
        }
    }

    private void writeStoreToFile() throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(this.file);
        try {
            FileLock lock = fileOutputStream.getChannel().lock();
            try {
                fileOutputStream.write(this.enigmaMachine.encrypt(this.masterKey, serializeStore()));
                lock.release();
            } catch (Throwable th) {
                lock.release();
                throw th;
            }
        } finally {
            fileOutputStream.close();
        }
    }

    private byte[] serializeStore() throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        try {
            objectOutputStream.writeObject(this.store);
            objectOutputStream.close();
            return byteArrayOutputStream.toByteArray();
        } catch (Throwable th) {
            objectOutputStream.close();
            throw th;
        }
    }

    private void verifyUnlocked() {
        if (this.store == null || this.masterKey == null) {
            throw new IllegalStateException("Store is still locked! You need to unlock it first...");
        }
    }
}
