package com.liferay.saml.web.internal.portlet.action;

import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.model.User;
import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCActionCommand;
import com.liferay.portal.kernel.repository.model.FileEntry;
import com.liferay.portal.kernel.security.auth.PrincipalException;
import com.liferay.portal.kernel.servlet.SessionErrors;
import com.liferay.portal.kernel.theme.ThemeDisplay;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PropertiesParamUtil;
import com.liferay.portal.kernel.util.UnicodeProperties;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.runtime.certificate.CertificateEntityId;
import com.liferay.saml.runtime.certificate.CertificateTool;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.exception.CertificateKeyPasswordException;
import com.liferay.saml.runtime.exception.UnsupportedBindingException;
import com.liferay.saml.runtime.metadata.LocalEntityManager;
import com.liferay.saml.web.internal.util.SamlTempFileEntryUtil;
import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.saml.runtime.configuration.SamlKeyStoreManagerConfiguration"}, immediate = true, property = {"javax.portlet.name=com_liferay_saml_web_internal_portlet_SamlAdminPortlet", "mvc.command.name=/admin/update_certificate"}, service = {MVCActionCommand.class})
/* loaded from: input_file:com/liferay/saml/web/internal/portlet/action/UpdateCertificateMVCActionCommand.class */
public class UpdateCertificateMVCActionCommand extends BaseMVCActionCommand {
    private static final String _SHA256_PREFIX = "SHA256with";
    private static final Log _log = LogFactoryUtil.getLog(UpdateCertificateMVCActionCommand.class);

    @Reference
    private CertificateTool _certificateTool;

    @Reference
    private LocalEntityManager _localEntityManager;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    protected void authenticateCertificate(ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
        LocalEntityManager.CertificateUsage valueOf = LocalEntityManager.CertificateUsage.valueOf(ParamUtil.getString(actionRequest, "certificateUsage"));
        UnicodeProperties properties = PropertiesParamUtil.getProperties(actionRequest, "settings--");
        if (Validator.isNotNull(properties.getProperty(getCertificateUsagePropertyKey(valueOf)))) {
            this._samlProviderConfigurationHelper.updateProperties(properties);
        }
        try {
            actionRequest.setAttribute("SAML_X509_CERTIFICATE", this._localEntityManager.getLocalEntityCertificate(valueOf));
        } catch (Exception e) {
            if (_log.isDebugEnabled()) {
                _log.debug(e, e);
            }
            SessionErrors.add(actionRequest, CertificateKeyPasswordException.class);
        }
        actionResponse.setRenderParameter("mvcRenderCommandName", "/admin/update_certificate");
    }

    protected void deleteCertificate(ActionRequest actionRequest) throws Exception {
        this._localEntityManager.deleteLocalEntityCertificate(LocalEntityManager.CertificateUsage.valueOf(ParamUtil.getString(actionRequest, "certificateUsage")));
    }

    protected void doProcessAction(ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
        ThemeDisplay themeDisplay = (ThemeDisplay) actionRequest.getAttribute("LIFERAY_SHARED_THEME_DISPLAY");
        if (!themeDisplay.getPermissionChecker().isCompanyAdmin()) {
            throw new PrincipalException();
        }
        String str = ParamUtil.get(actionRequest, "cmd", "auth");
        if (str.equals("auth")) {
            authenticateCertificate(actionRequest, actionResponse);
            return;
        }
        if (str.equals("delete")) {
            deleteCertificate(actionRequest);
        } else if (str.equals("import")) {
            importCertificate(actionRequest, themeDisplay.getUser());
        } else if (str.equals("replace")) {
            replaceCertificate(actionRequest);
        }
    }

    protected String getCertificateUsagePropertyKey(LocalEntityManager.CertificateUsage certificateUsage) throws UnsupportedBindingException {
        if (certificateUsage == LocalEntityManager.CertificateUsage.SIGNING) {
            return "saml.keystore.credential.password";
        }
        if (certificateUsage == LocalEntityManager.CertificateUsage.ENCRYPTION) {
            return "saml.keystore.encryption.credential.password";
        }
        throw new UnsupportedBindingException("Unsupported certificate usage: " + certificateUsage.name());
    }

    protected void importCertificate(ActionRequest actionRequest, User user) throws Exception {
        hideDefaultSuccessMessage(actionRequest);
        String string = ParamUtil.getString(actionRequest, "selectUploadedFile");
        FileEntry tempFileEntry = SamlTempFileEntryUtil.getTempFileEntry(user, string);
        String string2 = ParamUtil.getString(actionRequest, "keyStorePassword");
        char[] charArray = string2.toCharArray();
        String parameter = actionRequest.getParameter("selectKeyStoreAlias");
        try {
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(tempFileEntry.getContentStream(), charArray);
                actionRequest.setAttribute("SAML_KEYSTORE", keyStore);
                if (Validator.isBlank(parameter)) {
                    return;
                }
                if (!keyStore.entryInstanceOf(parameter, KeyStore.PrivateKeyEntry.class)) {
                    throw new IllegalArgumentException();
                }
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry(parameter, new KeyStore.PasswordProtection(charArray));
                X509Certificate x509Certificate = (X509Certificate) privateKeyEntry.getCertificate();
                LocalEntityManager.CertificateUsage valueOf = LocalEntityManager.CertificateUsage.valueOf(ParamUtil.getString(actionRequest, "certificateUsage"));
                this._localEntityManager.storeLocalEntityCertificate(privateKeyEntry.getPrivateKey(), string2, x509Certificate, valueOf);
                UnicodeProperties unicodeProperties = new UnicodeProperties();
                unicodeProperties.setProperty(getCertificateUsagePropertyKey(valueOf), string2);
                this._samlProviderConfigurationHelper.updateProperties(unicodeProperties);
                SamlTempFileEntryUtil.deleteTempFileEntry(user, string);
                actionRequest.setAttribute("SAML_X509_CERTIFICATE", x509Certificate);
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                if (_log.isDebugEnabled()) {
                    _log.debug(e, e);
                }
                if (0 == 0) {
                    SessionErrors.add(actionRequest, "keyStoreIntegrityCheckingAlgorithmNotSupported");
                } else {
                    SessionErrors.add(actionRequest, "keyEncryptionAlgorithmNotSupported");
                }
            }
        } catch (IOException e2) {
            if (!(e2.getCause() instanceof UnrecoverableKeyException)) {
                throw new PortalException(e2);
            }
            SessionErrors.add(actionRequest, "incorrectKeyStorePassword");
        } catch (UnrecoverableEntryException e3) {
            if (_log.isDebugEnabled()) {
                _log.debug(e3, e3);
            }
            SessionErrors.add(actionRequest, "incorrectKeyPassword");
        } catch (CertificateException e4) {
            if (_log.isDebugEnabled()) {
                _log.debug(e4, e4);
            }
            SessionErrors.add(actionRequest, "certificateException");
        }
    }

    protected void replaceCertificate(ActionRequest actionRequest) throws Exception {
        UnicodeProperties properties = PropertiesParamUtil.getProperties(actionRequest, "settings--");
        LocalEntityManager.CertificateUsage valueOf = LocalEntityManager.CertificateUsage.valueOf(ParamUtil.getString(actionRequest, "certificateUsage"));
        String property = properties.getProperty(getCertificateUsagePropertyKey(valueOf));
        if (Validator.isNull(property)) {
            throw new CertificateKeyPasswordException();
        }
        int integer = ParamUtil.getInteger(actionRequest, "certificateValidityDays");
        if (integer == 0) {
            SessionErrors.add(actionRequest, "certificateValidityDays");
            return;
        }
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(6, integer);
        if (calendar2.get(1) > 9999) {
            SessionErrors.add(actionRequest, "certificateValidityDays");
            return;
        }
        String string = ParamUtil.getString(actionRequest, "certificateKeyAlgorithm");
        KeyPair generateKeyPair = this._certificateTool.generateKeyPair(string, ParamUtil.getInteger(actionRequest, "certificateKeyLength"));
        CertificateEntityId certificateEntityId = new CertificateEntityId(ParamUtil.getString(actionRequest, "certificateCommonName"), ParamUtil.getString(actionRequest, "certificateOrganization"), ParamUtil.getString(actionRequest, "certificateOrganizationUnit"), ParamUtil.getString(actionRequest, "certificateLocality"), ParamUtil.getString(actionRequest, "certificateState"), ParamUtil.getString(actionRequest, "certificateCountry"));
        X509Certificate generateCertificate = this._certificateTool.generateCertificate(generateKeyPair, certificateEntityId, certificateEntityId, calendar.getTime(), calendar2.getTime(), _SHA256_PREFIX + string);
        this._localEntityManager.storeLocalEntityCertificate(generateKeyPair.getPrivate(), property, generateCertificate, valueOf);
        this._samlProviderConfigurationHelper.updateProperties(properties);
        actionRequest.setAttribute("SAML_X509_CERTIFICATE", generateCertificate);
    }
}
