package de.rcenvironment.core.configuration.internal;

import de.rcenvironment.core.configuration.ConfigurationService;
import de.rcenvironment.core.configuration.SecureStorageSection;
import de.rcenvironment.core.configuration.SecureStorageService;
import de.rcenvironment.core.utils.common.StringUtils;
import de.rcenvironment.toolkit.utils.common.IdGenerator;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.nio.file.CopyOption;
import java.nio.file.Files;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.io.FileUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.eclipse.equinox.security.storage.ISecurePreferences;
import org.eclipse.equinox.security.storage.SecurePreferencesFactory;
import org.eclipse.equinox.security.storage.StorageException;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component
/* loaded from: input_file:de/rcenvironment/core/configuration/internal/SecureStorageServiceImpl.class */
public final class SecureStorageServiceImpl implements SecureStorageService {
    protected static final String SECURE_SETTINGS_FILE_NAME = "settings.secure.dat";
    protected static final String SECURE_SETTINGS_BACKUP_FILE_NAME = "settings.secure.bak";
    protected static final String KEY_FILE_NAME = "secure_storage_key";
    protected static final String PASSWORD_OVERRIDE_PROPERTY = "rce.overrideSecureStoragePassword";
    private static final int EXPECTED_KEY_LENGTH = 64;
    private ConfigurationService configurationService;
    private File secureStorageFile;
    private File secureStorageBackupFile;
    private ISecurePreferences rootNode;
    private final Log log = LogFactory.getLog(getClass());

    @Activate
    protected void activate() throws IOException {
        String determineStorePassword = determineStorePassword();
        File configurablePath = this.configurationService.getConfigurablePath(ConfigurationService.ConfigurablePathId.PROFILE_INTERNAL_DATA);
        this.secureStorageFile = new File(configurablePath, SECURE_SETTINGS_FILE_NAME);
        this.secureStorageBackupFile = new File(configurablePath, SECURE_SETTINGS_BACKUP_FILE_NAME);
        if (this.secureStorageFile.isFile()) {
            if (this.secureStorageBackupFile.isFile()) {
                Files.delete(this.secureStorageBackupFile.toPath());
            }
            Files.copy(this.secureStorageFile.toPath(), this.secureStorageBackupFile.toPath(), new CopyOption[0]);
        }
        this.rootNode = openSecurePreferencesStoreWithPassword(determineStorePassword);
        try {
            this.rootNode.put("writeTest", "RCE Secure Storage", false);
            this.rootNode.flush();
            checkExistingEntriesRecursively(this.rootNode);
            this.log.debug("Secure Storage initialized");
        } catch (StorageException unused) {
            throw new IOException("Test write to Secure Storage failed - aborting startup");
        }
    }

    private void checkExistingEntriesRecursively(ISecurePreferences iSecurePreferences) {
        String name = iSecurePreferences.name();
        if (name == null) {
            name = "<root>";
        }
        for (String str : iSecurePreferences.keys()) {
            try {
                iSecurePreferences.get(str, (String) null);
                this.log.debug(StringUtils.format("Successfully tested decryption of existing entry %s/%s", new Object[]{name, str}));
            } catch (StorageException e) {
                this.log.warn(StringUtils.format((e.getMessage() == null || !e.getMessage().contains("bad key")) ? "Failed to decrypt existing Secure Storage entry %s/%s due to an unknown error. You can open the Secure Storage file %s (while RCE is not running) and delete the line beginning with this entry to remove this warning." : "Failed to decrypt existing Secure Storage entry %s/%s as it was written with a different Secure Storage login/password. You can open the Secure Storage file %s (while RCE is not running) and delete the line starting with this entry to remove this warning.", new Object[]{name, str, this.secureStorageFile.getAbsolutePath()}));
            }
        }
        for (String str2 : iSecurePreferences.childrenNames()) {
            checkExistingEntriesRecursively(iSecurePreferences.node(str2));
        }
    }

    @Reference
    protected void bindConfigurationService(ConfigurationService configurationService) {
        this.configurationService = configurationService;
    }

    @Override // de.rcenvironment.core.configuration.SecureStorageService
    public SecureStorageSection getSecureStorageSection(String str) throws IOException {
        return new SecureStorageSectionSecurePreferencesImpl(str, this.rootNode.node(str));
    }

    private String determineStorePassword() throws IOException {
        String property = System.getProperty(PASSWORD_OVERRIDE_PROPERTY);
        if (property == null) {
            property = System.getenv(PASSWORD_OVERRIDE_PROPERTY);
        }
        if (property != null) {
            String trim = property.trim();
            if (!trim.isEmpty()) {
                return trim;
            }
        }
        return readOrGenerateAutomaticPassword();
    }

    private String readOrGenerateAutomaticPassword() throws IOException {
        File file = new File(this.configurationService.getConfigurablePath(ConfigurationService.ConfigurablePathId.SHARED_USER_SETTINGS_ROOT), KEY_FILE_NAME);
        if (!file.exists()) {
            String secureRandomHexString = IdGenerator.secureRandomHexString(EXPECTED_KEY_LENGTH);
            FileUtils.writeStringToFile(file, secureRandomHexString);
            this.log.debug("Generated a new cross-profile keyfile");
            return secureRandomHexString;
        }
        String trim = FileUtils.readFileToString(file).trim();
        if (trim.length() != EXPECTED_KEY_LENGTH) {
            throw new IOException("Unexpected content in key file " + file.getAbsolutePath() + ": expected an auto-generated password of " + EXPECTED_KEY_LENGTH + " characters");
        }
        this.log.debug("Reusing existing cross-profile keyfile");
        return trim;
    }

    private ISecurePreferences openSecurePreferencesStoreWithPassword(String str) throws IOException {
        HashMap hashMap = new HashMap();
        hashMap.put("org.eclipse.equinox.security.storage.defaultPassword", new PBEKeySpec(str.toCharArray()));
        hashMap.put("org.eclipse.equinox.security.storage.promptUser", false);
        return openSecurePreferencesStoreInternal(hashMap);
    }

    private ISecurePreferences openSecurePreferencesStoreInternal(Map<String, Object> map) throws IOException {
        try {
            ISecurePreferences open = SecurePreferencesFactory.open(this.secureStorageFile.toURL(), map);
            if (open == null) {
                throw new IOException("Failed to open/unlock the Secure Storage: received a null reference");
            }
            return open;
        } catch (MalformedURLException e) {
            throw new IOException("Failed to open/unlock the Secure Storage", e);
        }
    }
}
