package org.xwiki.crypto.store.wiki.internal;

import com.xpn.xwiki.XWikiContext;
import com.xpn.xwiki.XWikiException;
import com.xpn.xwiki.doc.XWikiDocument;
import com.xpn.xwiki.objects.BaseObject;
import java.io.IOException;
import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton;
import org.xwiki.component.annotation.Component;
import org.xwiki.crypto.AsymmetricKeyFactory;
import org.xwiki.crypto.password.PrivateKeyPasswordBasedEncryptor;
import org.xwiki.crypto.pkix.params.CertifiedKeyPair;
import org.xwiki.crypto.pkix.params.CertifiedPublicKey;
import org.xwiki.crypto.pkix.params.x509certificate.X509CertifiedPublicKey;
import org.xwiki.crypto.store.CertificateStoreException;
import org.xwiki.crypto.store.KeyStore;
import org.xwiki.crypto.store.KeyStoreException;
import org.xwiki.crypto.store.StoreReference;
import org.xwiki.crypto.store.wiki.internal.query.CertificateObjectReference;
import org.xwiki.model.reference.LocalDocumentReference;

@Singleton
@Component
@Named("X509wiki")
/* loaded from: input_file:WEB-INF/lib/xwiki-platform-crypto-store-wiki-7.1.3.jar:org/xwiki/crypto/store/wiki/internal/X509KeyWikiStore.class */
public class X509KeyWikiStore extends AbstractX509WikiStore implements KeyStore {
    public static final String PRIVATEKEYCLASS_SPACE = "Crypto";
    public static final String PRIVATEKEYCLASS_FULLNAME = "Crypto.PrivateKeyClass";
    public static final String PRIVATEKEYCLASS_PROP_KEY = "key";

    @Inject
    private PrivateKeyPasswordBasedEncryptor encryptor;

    @Inject
    private AsymmetricKeyFactory keyFactory;
    public static final String PRIVATEKEYCLASS_NAME = "PrivateKeyClass";
    public static final LocalDocumentReference PRIVATEKEYCLASS = new LocalDocumentReference("Crypto", PRIVATEKEYCLASS_NAME);

    @Override // org.xwiki.crypto.store.KeyStore
    public void store(StoreReference storeReference, CertifiedKeyPair certifiedKeyPair) throws KeyStoreException {
        storeKeyPair(storeReference, certifiedKeyPair.getCertificate(), certifiedKeyPair.getPrivateKey().getEncoded());
    }

    @Override // org.xwiki.crypto.store.KeyStore
    public void store(StoreReference storeReference, CertifiedKeyPair certifiedKeyPair, byte[] bArr) throws KeyStoreException {
        try {
            storeKeyPair(storeReference, certifiedKeyPair.getCertificate(), this.encryptor.encrypt(bArr, certifiedKeyPair.getPrivateKey()));
        } catch (Exception e) {
            throw new KeyStoreException("Error while encrypting private key to store a key pair in [" + storeReference + "]", e);
        }
    }

    private void storeKeyPair(StoreReference storeReference, CertifiedPublicKey certifiedPublicKey, byte[] bArr) throws KeyStoreException {
        XWikiContext xWikiContext = getXWikiContext();
        try {
            XWikiDocument storeCertificate = storeCertificate(storeReference, certifiedPublicKey, xWikiContext);
            try {
                BaseObject xObject = storeCertificate.getXObject(PRIVATEKEYCLASS);
                if (xObject == null) {
                    xObject = storeCertificate.newXObject(PRIVATEKEYCLASS, xWikiContext);
                }
                xObject.setLargeStringValue("key", getEncoder().encode(bArr, 64));
                xWikiContext.getWiki().saveDocument(storeCertificate, xWikiContext);
            } catch (XWikiException e) {
                throw new KeyStoreException("Error while saving key pair for [" + storeCertificate.getDocumentReference() + "]", e);
            } catch (IOException e2) {
                throw new KeyStoreException("Error while preparing private key for [" + storeCertificate.getDocumentReference() + "]", e2);
            }
        } catch (CertificateStoreException e3) {
            throw new KeyStoreException("Error while preparing certificate to store a key pair in [" + storeReference + "]", e3);
        }
    }

    @Override // org.xwiki.crypto.store.KeyStore
    public CertifiedKeyPair retrieve(StoreReference storeReference) throws KeyStoreException {
        return retrieve(storeReference, (byte[]) null);
    }

    @Override // org.xwiki.crypto.store.KeyStore
    public CertifiedKeyPair retrieve(StoreReference storeReference, byte[] bArr) throws KeyStoreException {
        XWikiContext xWikiContext = getXWikiContext();
        try {
            XWikiDocument document = xWikiContext.getWiki().getDocument(getDocumentReference(storeReference), xWikiContext);
            BaseObject xObject = document.getXObject(X509CertificateWikiStore.CERTIFICATECLASS);
            BaseObject xObject2 = document.getXObject(PRIVATEKEYCLASS);
            if (xObject2 == null || xObject == null) {
                return null;
            }
            byte[] decode = getEncoder().decode(xObject.getLargeStringValue(X509CertificateWikiStore.CERTIFICATECLASS_PROP_CERTIFICATE));
            byte[] decode2 = getEncoder().decode(xObject2.getLargeStringValue("key"));
            return bArr != null ? new CertifiedKeyPair(this.encryptor.decrypt(bArr, decode2), getCertificateFactory().decode(decode)) : new CertifiedKeyPair(this.keyFactory.fromPKCS8(decode2), getCertificateFactory().decode(decode));
        } catch (Exception e) {
            throw new KeyStoreException("Failed to retrieved private key from [" + storeReference + "]");
        }
    }

    @Override // org.xwiki.crypto.store.KeyStore
    public CertifiedKeyPair retrieve(StoreReference storeReference, CertifiedPublicKey certifiedPublicKey) throws KeyStoreException {
        return retrieve(storeReference, certifiedPublicKey, null);
    }

    @Override // org.xwiki.crypto.store.KeyStore
    public CertifiedKeyPair retrieve(StoreReference storeReference, CertifiedPublicKey certifiedPublicKey, byte[] bArr) throws KeyStoreException {
        BaseObject xObject;
        if (!(certifiedPublicKey instanceof X509CertifiedPublicKey)) {
            throw new IllegalArgumentException("Certificate should be X509 certificates.");
        }
        X509CertifiedPublicKey x509CertifiedPublicKey = (X509CertifiedPublicKey) certifiedPublicKey;
        XWikiContext xWikiContext = getXWikiContext();
        try {
            CertificateObjectReference findCertificate = findCertificate(storeReference, x509CertifiedPublicKey);
            if (findCertificate == null || (xObject = getDocument(storeReference, findCertificate, xWikiContext).getXObject(PRIVATEKEYCLASS)) == null) {
                return null;
            }
            byte[] decode = getEncoder().decode(xObject.getLargeStringValue("key"));
            return bArr != null ? new CertifiedKeyPair(this.encryptor.decrypt(bArr, decode), certifiedPublicKey) : new CertifiedKeyPair(this.keyFactory.fromPKCS8(decode), certifiedPublicKey);
        } catch (Exception e) {
            throw new KeyStoreException("Failed to retrieved private key for certificate [" + x509CertifiedPublicKey.getSubject().getName() + "]");
        }
    }
}
