package org.alfresco.encryption;

import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collection;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESedeKeySpec;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.alfresco.encryption.EncryptionKeysRegistry;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.util.PropertyCheck;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.extensions.config.WebFrameworkConfigElement;

/* loaded from: input_file:WEB-INF/lib/alfresco-core-17.179.jar:org/alfresco/encryption/AlfrescoKeyStoreImpl.class */
public class AlfrescoKeyStoreImpl implements AlfrescoKeyStore {
    private static final Log logger = LogFactory.getLog(AlfrescoKeyStoreImpl.class);
    protected KeyStoreParameters keyStoreParameters;
    protected KeyStoreParameters backupKeyStoreParameters;
    protected KeyResourceLoader keyResourceLoader;
    protected EncryptionKeysRegistry encryptionKeysRegistry;
    protected KeyMap keys;
    protected KeyMap backupKeys;
    protected final ReentrantReadWriteLock.WriteLock writeLock;
    protected final ReentrantReadWriteLock.ReadLock readLock;
    private Set<String> keysToValidate;
    protected boolean validateKeyChanges;

    /* loaded from: input_file:WEB-INF/lib/alfresco-core-17.179.jar:org/alfresco/encryption/AlfrescoKeyStoreImpl$KeyInfoManager.class */
    public static class KeyInfoManager {
        private KeyResourceLoader keyResourceLoader;
        private KeyStoreParameters keyStoreParameters;
        private Properties keyProps;
        private String keyStorePassword = null;
        private Map<String, KeyInformation> keyInfo = new HashMap(2);

        KeyInfoManager(Map<String, String> map, KeyResourceLoader keyResourceLoader) {
            this.keyResourceLoader = keyResourceLoader;
            for (Map.Entry<String, String> entry : map.entrySet()) {
                this.keyInfo.put(entry.getKey(), new KeyInformation(entry.getKey(), null, entry.getValue(), null));
            }
        }

        KeyInfoManager(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader) throws IOException, FileNotFoundException {
            this.keyResourceLoader = keyResourceLoader;
            this.keyStoreParameters = keyStoreParameters;
            loadKeyMetaData();
        }

        public Map<String, KeyInformation> getKeyInfo() {
            return this.keyInfo;
        }

        protected void loadKeyMetaData() throws IOException, FileNotFoundException {
            if (this.keyStoreParameters.getId() != null && (this.keyStoreParameters.getKeyMetaDataFileLocation() == null || this.keyStoreParameters.getKeyMetaDataFileLocation().isEmpty())) {
                Properties properties = System.getProperties();
                this.keyStorePassword = properties.getProperty(this.keyStoreParameters.getId() + ".password");
                String property = properties.getProperty(this.keyStoreParameters.getId() + ".aliases");
                if (property == null || property.isEmpty()) {
                    AlfrescoKeyStoreImpl.logger.warn("No aliases were specified for " + this.keyStoreParameters.getId() + " keystore");
                    return;
                }
                StringTokenizer stringTokenizer = new StringTokenizer(property, ",");
                while (stringTokenizer.hasMoreTokens()) {
                    String nextToken = stringTokenizer.nextToken();
                    this.keyInfo.put(nextToken, loadKeyInformation(properties, nextToken, this.keyStoreParameters.getId() + "."));
                }
                return;
            }
            AlfrescoKeyStoreImpl.logger.warn("Storing passwords (" + this.keyStoreParameters.getKeyMetaDataFileLocation() + ") on the file system is not following best security practices. Please refer to documentation and use JVM properties instead");
            this.keyProps = this.keyResourceLoader.loadKeyMetaData(this.keyStoreParameters.getKeyMetaDataFileLocation());
            if (this.keyProps != null) {
                String property2 = this.keyProps.getProperty("aliases");
                if (property2 == null) {
                    throw new AlfrescoRuntimeException("Passwords file must contain an aliases key");
                }
                this.keyStorePassword = this.keyProps.getProperty(AlfrescoKeyStore.KEY_KEYSTORE_PASSWORD);
                StringTokenizer stringTokenizer2 = new StringTokenizer(property2, ",");
                while (stringTokenizer2.hasMoreTokens()) {
                    String nextToken2 = stringTokenizer2.nextToken();
                    this.keyInfo.put(nextToken2, loadKeyInformation(this.keyProps, nextToken2, ""));
                }
            }
        }

        public void clear() {
            this.keyStorePassword = null;
            if (this.keyProps != null) {
                this.keyProps.clear();
            }
        }

        public void removeKeyInformation(String str) {
            this.keyProps.remove(str);
        }

        protected KeyInformation loadKeyInformation(Properties properties, String str, String str2) {
            String property = properties.getProperty(str2 + str + ".password");
            String property2 = properties.getProperty(str2 + str + ".keyData");
            String property3 = properties.getProperty(str2 + str + ".algorithm");
            byte[] bArr = null;
            if (property2 != null && !property2.equals("")) {
                bArr = Base64.decodeBase64(property2);
            }
            return new KeyInformation(str, bArr, property, property3);
        }

        public String getKeyStorePassword() {
            return this.keyStorePassword;
        }

        public void clearKeyStorePassword() {
            this.keyStorePassword = null;
        }

        public KeyInformation getKeyInformation(String str) {
            return this.keyInfo.get(str);
        }
    }

    /* loaded from: input_file:WEB-INF/lib/alfresco-core-17.179.jar:org/alfresco/encryption/AlfrescoKeyStoreImpl$KeyInformation.class */
    public static class KeyInformation {
        protected String alias;
        protected byte[] keyData;
        protected String password;
        protected String keyAlgorithm;

        public KeyInformation(String str, byte[] bArr, String str2, String str3) {
            this.alias = str;
            this.keyData = bArr;
            this.password = str2;
            this.keyAlgorithm = str3;
        }

        public String getAlias() {
            return this.alias;
        }

        public byte[] getKeyData() {
            return this.keyData;
        }

        public String getPassword() {
            return this.password;
        }

        public String getKeyAlgorithm() {
            return this.keyAlgorithm;
        }
    }

    public AlfrescoKeyStoreImpl() {
        this.validateKeyChanges = false;
        ReentrantReadWriteLock reentrantReadWriteLock = new ReentrantReadWriteLock();
        this.writeLock = reentrantReadWriteLock.writeLock();
        this.readLock = reentrantReadWriteLock.readLock();
        this.keys = new KeyMap();
        this.backupKeys = new KeyMap();
    }

    public AlfrescoKeyStoreImpl(KeyStoreParameters keyStoreParameters, KeyResourceLoader keyResourceLoader) {
        this();
        this.keyResourceLoader = keyResourceLoader;
        this.keyStoreParameters = keyStoreParameters;
        safeInit();
    }

    public void init() {
        this.writeLock.lock();
        try {
            safeInit();
        } finally {
            this.writeLock.unlock();
        }
    }

    public void setEncryptionKeysRegistry(EncryptionKeysRegistry encryptionKeysRegistry) {
        this.encryptionKeysRegistry = encryptionKeysRegistry;
    }

    public void setValidateKeyChanges(boolean z) {
        this.validateKeyChanges = z;
    }

    public void setKeysToValidate(Set<String> set) {
        this.keysToValidate = set;
    }

    public void setKeyStoreParameters(KeyStoreParameters keyStoreParameters) {
        this.keyStoreParameters = keyStoreParameters;
    }

    public void setBackupKeyStoreParameters(KeyStoreParameters keyStoreParameters) {
        this.backupKeyStoreParameters = keyStoreParameters;
    }

    public void setKeyResourceLoader(KeyResourceLoader keyResourceLoader) {
        this.keyResourceLoader = keyResourceLoader;
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public KeyStoreParameters getKeyStoreParameters() {
        return this.keyStoreParameters;
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public KeyStoreParameters getBackupKeyStoreParameters() {
        return this.backupKeyStoreParameters;
    }

    public KeyResourceLoader getKeyResourceLoader() {
        return this.keyResourceLoader;
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public String getName() {
        return this.keyStoreParameters.getName();
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public void validateKeys() throws InvalidKeystoreException, MissingKeyException {
        validateKeys(this.keys, this.backupKeys);
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public boolean exists() {
        return keyStoreExists(getKeyStoreParameters().getLocation());
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public void reload() throws InvalidKeystoreException, MissingKeyException {
        KeyMap loadKeyStore = loadKeyStore(getKeyStoreParameters());
        KeyMap loadKeyStore2 = loadKeyStore(getBackupKeyStoreParameters());
        validateKeys(loadKeyStore, loadKeyStore2);
        this.writeLock.lock();
        try {
            this.keys = loadKeyStore;
            this.backupKeys = loadKeyStore2;
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public Set<String> getKeyAliases() {
        return new HashSet(this.keys.getKeyAliases());
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public void backup() {
        this.writeLock.lock();
        try {
            for (String str : this.keys.getKeyAliases()) {
                this.backupKeys.setKey(str, this.keys.getKey(str));
            }
            createKeyStore(this.backupKeyStoreParameters, this.backupKeys);
        } finally {
            this.writeLock.unlock();
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public void create() {
        createKeyStore(this.keyStoreParameters, this.keys);
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public Key getKey(String str) {
        this.readLock.lock();
        try {
            return this.keys.getCachedKey(str).getKey();
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public long getKeyTimestamp(String str) {
        this.readLock.lock();
        try {
            long timestamp = this.keys.getCachedKey(str).getTimestamp();
            this.readLock.unlock();
            return timestamp;
        } catch (Throwable th) {
            this.readLock.unlock();
            throw th;
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public Key getBackupKey(String str) {
        this.readLock.lock();
        try {
            return this.backupKeys.getCachedKey(str).getKey();
        } finally {
            this.readLock.unlock();
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public KeyManager[] createKeyManagers() {
        AlfrescoRuntimeException alfrescoRuntimeException;
        KeyInfoManager keyInfoManager = null;
        try {
            try {
                keyInfoManager = getKeyInfoManager(getKeyStoreParameters());
                KeyStore loadKeyStore = loadKeyStore(this.keyStoreParameters, keyInfoManager);
                logger.debug("Initializing key managers");
                KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
                String keyStorePassword = keyInfoManager.getKeyStorePassword();
                keyManagerFactory.init(loadKeyStore, keyStorePassword != null ? keyStorePassword.toCharArray() : null);
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                if (keyInfoManager != null) {
                    keyInfoManager.clear();
                }
                return keyManagers;
            } finally {
            }
        } catch (Throwable th) {
            if (keyInfoManager != null) {
                keyInfoManager.clear();
            }
            throw th;
        }
    }

    @Override // org.alfresco.encryption.AlfrescoKeyStore
    public TrustManager[] createTrustManagers() {
        AlfrescoRuntimeException alfrescoRuntimeException;
        KeyInfoManager keyInfoManager = null;
        try {
            try {
                keyInfoManager = getKeyInfoManager(getKeyStoreParameters());
                KeyStore loadKeyStore = loadKeyStore(getKeyStoreParameters(), keyInfoManager);
                logger.debug("Initializing trust managers");
                TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
                trustManagerFactory.init(loadKeyStore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                if (keyInfoManager != null) {
                    keyInfoManager.clear();
                }
                return trustManagers;
            } finally {
            }
        } catch (Throwable th) {
            if (keyInfoManager != null) {
                keyInfoManager.clear();
            }
            throw th;
        }
    }

    protected InputStream getKeyStoreStream(String str) throws FileNotFoundException {
        if (str == null) {
            return null;
        }
        return this.keyResourceLoader.getKeyStore(str);
    }

    protected OutputStream getKeyStoreOutStream() throws FileNotFoundException {
        return new FileOutputStream(getKeyStoreParameters().getLocation());
    }

    protected KeyInfoManager getKeyInfoManager(KeyStoreParameters keyStoreParameters) throws IOException {
        return new KeyInfoManager(keyStoreParameters, this.keyResourceLoader);
    }

    @Deprecated
    protected KeyInfoManager getKeyInfoManager(String str) throws IOException {
        KeyStoreParameters keyStoreParameters = new KeyStoreParameters();
        keyStoreParameters.setKeyMetaDataFileLocation(str);
        return new KeyInfoManager(keyStoreParameters, this.keyResourceLoader);
    }

    protected KeyMap cacheKeys(KeyStore keyStore, KeyInfoManager keyInfoManager) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        KeyMap keyMap = new KeyMap();
        Iterator<Map.Entry<String, KeyInformation>> it = keyInfoManager.getKeyInfo().entrySet().iterator();
        while (it.hasNext()) {
            String key = it.next().getKey();
            KeyInformation keyInformation = keyInfoManager.getKeyInformation(key);
            String password = keyInformation != null ? keyInformation.getPassword() : null;
            Key key2 = keyStore.getKey(key, password == null ? null : password.toCharArray());
            if (key2 != null) {
                keyMap.setKey(key, key2);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("Retrieved key from keystore: \n   Location: " + getKeyStoreParameters().getLocation() + "\n   Provider: " + getKeyStoreParameters().getProvider() + "\n   Type:     " + getKeyStoreParameters().getType() + "\n   Alias:    " + key + "\n   Password?: " + (password != null));
                Certificate[] certificateChain = keyStore.getCertificateChain(key);
                if (certificateChain != null) {
                    logger.debug("Certificate chain '" + key + "':");
                    for (int i = 0; i < certificateChain.length; i++) {
                        if (certificateChain[i] instanceof X509Certificate) {
                            X509Certificate x509Certificate = (X509Certificate) certificateChain[i];
                            logger.debug(" Certificate " + (i + 1) + ":");
                            logger.debug("  Subject DN: " + x509Certificate.getSubjectDN());
                            logger.debug("  Signature Algorithm: " + x509Certificate.getSigAlgName());
                            logger.debug("  Valid from: " + x509Certificate.getNotBefore());
                            logger.debug("  Valid until: " + x509Certificate.getNotAfter());
                            logger.debug("  Issuer: " + x509Certificate.getIssuerDN());
                        }
                    }
                }
            }
        }
        return keyMap;
    }

    protected KeyStore initialiseKeyStore(String str, String str2) {
        KeyStore keyStore;
        if (str2 != null) {
            try {
                if (!str2.equals("")) {
                    keyStore = KeyStore.getInstance(str, str2);
                    keyStore.load(null, null);
                    return keyStore;
                }
            } catch (Throwable th) {
                throw new AlfrescoRuntimeException("Unable to intialise key store", th);
            }
        }
        keyStore = KeyStore.getInstance(str);
        keyStore.load(null, null);
        return keyStore;
    }

    protected KeyStore loadKeyStore(KeyStoreParameters keyStoreParameters, KeyInfoManager keyInfoManager) {
        try {
            try {
                KeyStore initialiseKeyStore = initialiseKeyStore(keyStoreParameters.getType(), keyStoreParameters.getProvider());
                InputStream keyStoreStream = getKeyStoreStream(keyStoreParameters.getLocation());
                if (keyStoreStream != null) {
                    try {
                        String keyStorePassword = keyInfoManager.getKeyStorePassword();
                        initialiseKeyStore.load(keyStoreStream, keyStorePassword == null ? null : keyStorePassword.toCharArray());
                    } finally {
                        try {
                            keyStoreStream.close();
                        } catch (Throwable th) {
                        }
                    }
                } else {
                    logger.warn("Keystore file doesn't exist: " + keyStoreParameters.getLocation());
                }
                return initialiseKeyStore;
            } catch (Throwable th2) {
                throw new AlfrescoRuntimeException("Unable to load key store: " + keyStoreParameters.getLocation(), th2);
            }
        } finally {
        }
    }

    private void safeInit() {
        PropertyCheck.mandatory(this, WebFrameworkConfigElement.DOJO_PACKAGE_LOCATION, getKeyStoreParameters().getLocation());
        if (getKeyStoreParameters().getType() == null) {
            this.keyStoreParameters.setType(KeyStore.getDefaultType());
        }
        this.writeLock.lock();
        try {
            this.keys = loadKeyStore(this.keyStoreParameters);
            this.backupKeys = loadKeyStore(this.backupKeyStoreParameters);
        } finally {
            this.writeLock.unlock();
        }
    }

    private KeyMap loadKeyStore(KeyStoreParameters keyStoreParameters) {
        AlfrescoRuntimeException alfrescoRuntimeException;
        AlfrescoRuntimeException alfrescoRuntimeException2;
        InputStream inputStream = null;
        KeyInfoManager keyInfoManager = null;
        if (keyStoreParameters == null) {
            return new KeyMap();
        }
        try {
            try {
                keyInfoManager = getKeyInfoManager(keyStoreParameters);
                KeyStore loadKeyStore = loadKeyStore(keyStoreParameters, keyInfoManager);
                if (keyInfoManager != null) {
                    keyInfoManager.clearKeyStorePassword();
                }
                if (0 != 0) {
                    try {
                        inputStream.close();
                    } catch (Throwable th) {
                    }
                }
                try {
                    try {
                        KeyMap cacheKeys = cacheKeys(loadKeyStore, keyInfoManager);
                        if (logger.isDebugEnabled()) {
                            logger.debug("Initialized keystore: \n   Location: " + getKeyStoreParameters().getLocation() + "\n   Provider: " + getKeyStoreParameters().getProvider() + "\n   Type:     " + getKeyStoreParameters().getType() + "\n" + cacheKeys.numKeys() + " keys found");
                        }
                        return cacheKeys;
                    } finally {
                    }
                } finally {
                    keyInfoManager.clear();
                }
            } finally {
            }
        } catch (Throwable th2) {
            if (keyInfoManager != null) {
                keyInfoManager.clearKeyStorePassword();
            }
            if (0 != 0) {
                try {
                    inputStream.close();
                } catch (Throwable th3) {
                }
            }
            throw th2;
        }
    }

    protected void createKey(String str) {
        KeyInfoManager keyInfoManager = null;
        try {
            try {
                keyInfoManager = getKeyInfoManager(getKeyStoreParameters());
                Key secretKey = getSecretKey(keyInfoManager.getKeyInformation(str));
                this.encryptionKeysRegistry.registerKey(str, secretKey);
                this.keys.setKey(str, secretKey);
                KeyStore loadKeyStore = loadKeyStore(getKeyStoreParameters(), keyInfoManager);
                loadKeyStore.setKeyEntry(str, secretKey, keyInfoManager.getKeyInformation(str).getPassword().toCharArray(), null);
                OutputStream keyStoreOutStream = getKeyStoreOutStream();
                loadKeyStore.store(keyStoreOutStream, keyInfoManager.getKeyStorePassword().toCharArray());
                keyStoreOutStream.close();
                logger.info("Created key: " + str + "\n in key store: \n   Location: " + getKeyStoreParameters().getLocation() + "\n   Provider: " + getKeyStoreParameters().getProvider() + "\n   Type:     " + getKeyStoreParameters().getType());
                if (keyInfoManager != null) {
                    keyInfoManager.clear();
                }
            } catch (Throwable th) {
                throw new AlfrescoRuntimeException("Failed to create key: " + str + "\n in key store: \n   Location: " + getKeyStoreParameters().getLocation() + "\n   Provider: " + getKeyStoreParameters().getProvider() + "\n   Type:     " + getKeyStoreParameters().getType(), th);
            }
        } catch (Throwable th2) {
            if (keyInfoManager != null) {
                keyInfoManager.clear();
            }
            throw th2;
        }
    }

    protected void createKeyStore(KeyStoreParameters keyStoreParameters, KeyMap keyMap) {
        KeyInfoManager keyInfoManager = null;
        try {
            try {
                if (keyStoreExists(keyStoreParameters.getLocation())) {
                    logger.warn("Can't create key store " + keyStoreParameters.getLocation() + ", already exists.");
                } else {
                    keyInfoManager = getKeyInfoManager(keyStoreParameters);
                    KeyStore initialiseKeyStore = initialiseKeyStore(keyStoreParameters.getType(), keyStoreParameters.getProvider());
                    String keyStorePassword = keyInfoManager.getKeyStorePassword();
                    if (keyStorePassword == null) {
                        throw new AlfrescoRuntimeException("Key store password is null for keystore at location " + getKeyStoreParameters().getLocation() + ". Either specify it as a JVM property or in key store meta data location.");
                    }
                    for (String str : keyMap.getKeyAliases()) {
                        KeyInformation keyInformation = keyInfoManager.getKeyInformation(str);
                        Key key = keyMap.getKey(str);
                        if (key == null) {
                            logger.warn("Key with alias " + str + " is null when creating keystore at location " + keyStoreParameters.getLocation());
                        } else {
                            initialiseKeyStore.setKeyEntry(str, key, keyInformation.getPassword().toCharArray(), null);
                        }
                    }
                    OutputStream keyStoreOutStream = getKeyStoreOutStream();
                    initialiseKeyStore.store(keyStoreOutStream, keyStorePassword.toCharArray());
                    keyStoreOutStream.close();
                }
                if (keyInfoManager != null) {
                    keyInfoManager.clear();
                }
            } catch (Throwable th) {
                throw new AlfrescoRuntimeException("Failed to create keystore: \n   Location: " + keyStoreParameters.getLocation() + "\n   Provider: " + keyStoreParameters.getProvider() + "\n   Type:     " + keyStoreParameters.getType(), th);
            }
        } catch (Throwable th2) {
            if (0 != 0) {
                keyInfoManager.clear();
            }
            throw th2;
        }
    }

    private byte[] generateKeyData() {
        try {
            byte[] bArr = new byte[24];
            SecureRandom.getInstance("SHA1PRNG").nextBytes(bArr);
            return bArr;
        } catch (Exception e) {
            throw new RuntimeException("Unable to generate secret key", e);
        }
    }

    protected Key getSecretKey(KeyInformation keyInformation) throws AlfrescoRuntimeException, NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
        if (keyInformation == null) {
            throw new AlfrescoRuntimeException("Unable to get secret key: no key information is provided");
        }
        byte[] keyData = keyInformation.getKeyData();
        if (keyData == null) {
            if (!keyInformation.getKeyAlgorithm().equals("DESede")) {
                throw new AlfrescoRuntimeException("Unable to generate secret key: key algorithm is not DESede and no keyData provided");
            }
            keyData = generateKeyData();
        }
        return SecretKeyFactory.getInstance(keyInformation.getKeyAlgorithm()).generateSecret(new DESedeKeySpec(keyData));
    }

    void importPrivateKey(String str, String str2, InputStream inputStream, InputStream inputStream2) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException, CertificateException, KeyStoreException {
        KeyInfoManager keyInfoManager = null;
        this.writeLock.lock();
        try {
            keyInfoManager = getKeyInfoManager(getKeyStoreParameters());
            KeyStore loadKeyStore = loadKeyStore(getKeyStoreParameters(), keyInfoManager);
            byte[] bArr = new byte[inputStream.available()];
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            inputStream.read(bArr, 0, inputStream.available());
            inputStream.close();
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
            Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(inputStream2);
            Certificate[] certificateArr = new Certificate[generateCertificates.toArray().length];
            loadKeyStore.setKeyEntry(str, generatePrivate, str2.toCharArray(), (Certificate[]) generateCertificates.toArray(new Certificate[0]));
            if (logger.isDebugEnabled()) {
                logger.debug("Key and certificate stored.");
                logger.debug("Alias:" + str);
            }
            OutputStream keyStoreOutStream = getKeyStoreOutStream();
            loadKeyStore.store(keyStoreOutStream, str2.toCharArray());
            keyStoreOutStream.close();
            if (keyInfoManager != null) {
                keyInfoManager.clear();
            }
            this.writeLock.unlock();
        } catch (Throwable th) {
            if (keyInfoManager != null) {
                keyInfoManager.clear();
            }
            this.writeLock.unlock();
            throw th;
        }
    }

    public boolean backupExists() {
        return keyStoreExists(getBackupKeyStoreParameters().getLocation());
    }

    protected boolean keyStoreExists(String str) {
        try {
            InputStream keyStoreStream = getKeyStoreStream(str);
            if (keyStoreStream == null) {
                return false;
            }
            try {
                keyStoreStream.close();
                return true;
            } catch (Throwable th) {
                return true;
            }
        } catch (FileNotFoundException e) {
            return false;
        }
    }

    protected void validateKeys(KeyMap keyMap, KeyMap keyMap2) throws InvalidKeystoreException, MissingKeyException {
        if (this.validateKeyChanges) {
            this.writeLock.lock();
            try {
                for (String str : this.keysToValidate) {
                    if (keyMap.getKey(str) == null) {
                        if (keyMap2.getKey(str) != null) {
                            continue;
                        } else {
                            if (this.encryptionKeysRegistry.isKeyRegistered(str)) {
                                throw new MissingKeyException(str, getKeyStoreParameters().getLocation());
                            }
                            createKey(str);
                        }
                    } else if (!this.encryptionKeysRegistry.isKeyRegistered(str)) {
                        this.encryptionKeysRegistry.registerKey(str, keyMap.getKey(str));
                    } else {
                        if (keyMap2.getKey(str) == null && this.encryptionKeysRegistry.checkKey(str, keyMap.getKey(str)) == EncryptionKeysRegistry.KEY_STATUS.CHANGED) {
                            throw new InvalidKeystoreException("The key with alias " + str + " has been changed, re-instate the previous keystore");
                        }
                        if (keyMap2.getKey(str) != null && this.encryptionKeysRegistry.isKeyRegistered(str) && this.encryptionKeysRegistry.checkKey(str, keyMap2.getKey(str)) == EncryptionKeysRegistry.KEY_STATUS.OK) {
                            this.encryptionKeysRegistry.unregisterKey(str);
                            this.encryptionKeysRegistry.registerKey(str, keyMap.getKey(str));
                        }
                    }
                }
            } finally {
                this.writeLock.unlock();
            }
        }
    }
}
