package org.apache.taverna.security.credentialmanager.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.net.Authenticator;
import java.net.Socket;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import javax.crypto.spec.SecretKeySpec;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509ExtendedKeyManager;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.apache.commons.io.FileUtils;
import org.apache.log4j.Logger;
import org.apache.taverna.configuration.app.ApplicationConfiguration;
import org.apache.taverna.lang.observer.MultiCaster;
import org.apache.taverna.lang.observer.Observable;
import org.apache.taverna.lang.observer.Observer;
import org.apache.taverna.security.credentialmanager.CMException;
import org.apache.taverna.security.credentialmanager.CredentialManager;
import org.apache.taverna.security.credentialmanager.DistinguishedNameParser;
import org.apache.taverna.security.credentialmanager.JavaTruststorePasswordProvider;
import org.apache.taverna.security.credentialmanager.KeystoreChangedEvent;
import org.apache.taverna.security.credentialmanager.MasterPasswordProvider;
import org.apache.taverna.security.credentialmanager.ParsedDistinguishedName;
import org.apache.taverna.security.credentialmanager.ServiceUsernameAndPasswordProvider;
import org.apache.taverna.security.credentialmanager.TrustConfirmationProvider;
import org.apache.taverna.security.credentialmanager.UsernamePassword;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl.class */
public class CredentialManagerImpl implements CredentialManager, Observable<KeystoreChangedEvent> {
    public static final String OLD_TRUSTSTORE_PASSWORD = "Tu/Ap%2_$dJt6*+Rca9v";
    public static final String OLD_T2TRUSTSTORE_FILE = "t2truststore.jks";
    private String masterPassword;
    private KeyStore keystore;
    private KeyStore truststore;
    private static SSLSocketFactory tavernaSSLSocketFactory;
    private List<MasterPasswordProvider> masterPasswordProviders;
    private List<JavaTruststorePasswordProvider> javaTruststorePasswordProviders;
    private List<ServiceUsernameAndPasswordProvider> serviceUsernameAndPasswordProviders;
    private List<TrustConfirmationProvider> trustConfirmationProviders;
    private ApplicationConfiguration applicationConfiguration;
    private File certificatesRevokedIndicatorFile;
    private static final boolean REALLY_DISABLED = false;
    public static List<String> defaultTrustStorePasswords = Arrays.asList(System.getProperty("javax.net.ssl.trustStorePassword", ""), "changeit", "changeme", "");
    private static Logger logger = Logger.getLogger(CredentialManagerImpl.class);
    private MultiCaster<KeystoreChangedEvent> multiCaster = new MultiCaster<>(this);
    private File credentialManagerDirectory = null;
    private File keystoreFile = null;
    private File truststoreFile = null;
    private boolean isInitialized = false;
    private KeystoreChangedObserver keystoresChangedObserver = new KeystoreChangedObserver();
    private List<URI> cachedServiceURIsList = null;
    private HashMap<URI, URI> cachedServiceURIsMap = null;
    private ClearCachedServiceURIsObserver clearCachedServiceURIsObserver = new ClearCachedServiceURIsObserver();
    private DistinguishedNameParser dnParser = new DistinguishedNameParserImpl();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.apache.taverna.security.credentialmanager.impl.CredentialManagerImpl$1, reason: invalid class name */
    /* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType = new int[CredentialManager.KeystoreType.values().length];

        static {
            try {
                $SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[CredentialManager.KeystoreType.KEYSTORE.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[CredentialManager.KeystoreType.TRUSTSTORE.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl$ClearCachedServiceURIsObserver.class */
    public class ClearCachedServiceURIsObserver implements Observer<KeystoreChangedEvent> {
        public ClearCachedServiceURIsObserver() {
        }

        public void notify(Observable<KeystoreChangedEvent> observable, KeystoreChangedEvent keystoreChangedEvent) throws Exception {
            CredentialManagerImpl.this.initialize();
            if (keystoreChangedEvent.keystoreType.equals(CredentialManager.KeystoreType.KEYSTORE)) {
                synchronized (CredentialManagerImpl.this.keystore) {
                    CredentialManagerImpl.this.cachedServiceURIsMap = null;
                    CredentialManagerImpl.this.cachedServiceURIsList = null;
                }
            }
        }

        public /* bridge */ /* synthetic */ void notify(Observable observable, Object obj) throws Exception {
            notify((Observable<KeystoreChangedEvent>) observable, (KeystoreChangedEvent) obj);
        }
    }

    /* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl$KeystoreChangedObserver.class */
    public class KeystoreChangedObserver implements Observer<KeystoreChangedEvent> {
        public KeystoreChangedObserver() {
        }

        public void notify(Observable<KeystoreChangedEvent> observable, KeystoreChangedEvent keystoreChangedEvent) throws Exception {
            HttpsURLConnection.setDefaultSSLSocketFactory(CredentialManagerImpl.this.createSSLSocketFactory());
        }

        public /* bridge */ /* synthetic */ void notify(Observable observable, Object obj) throws Exception {
            notify((Observable<KeystoreChangedEvent>) observable, (KeystoreChangedEvent) obj);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl$TavernaKeyManager.class */
    public class TavernaKeyManager extends X509ExtendedKeyManager {
        private X509KeyManager sunJSSEX509KeyManager;

        private TavernaKeyManager() {
            this.sunJSSEX509KeyManager = null;
        }

        private void init() throws Exception {
            CredentialManagerImpl.logger.debug("inside TavernaKeyManager.init()");
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509", "SunJSSE");
            if (!CredentialManagerImpl.this.isInitialized) {
                try {
                    CredentialManagerImpl.logger.debug("Credential Manager has not been instantiated yet");
                    CredentialManagerImpl.this.initialize();
                    CredentialManagerImpl.logger.debug("Credential Manager instantiated");
                } catch (CMException e) {
                    throw new Exception("Could not initialize Taverna's KeyManager for SSLSocketFactory: failed to initialise Credential Manager.");
                }
            }
            synchronized (CredentialManagerImpl.this.keystore) {
                CredentialManagerImpl.logger.debug("Reinitialising the KeyManager.");
                keyManagerFactory.init(CredentialManagerImpl.this.keystore, CredentialManagerImpl.this.masterPassword.toCharArray());
                KeyManager[] keyManagers = keyManagerFactory.getKeyManagers();
                int length = keyManagers.length;
                for (int i = CredentialManagerImpl.REALLY_DISABLED; i < length; i++) {
                    KeyManager keyManager = keyManagers[i];
                    if (keyManager instanceof X509KeyManager) {
                        this.sunJSSEX509KeyManager = (X509KeyManager) keyManager;
                    }
                }
                throw new Exception("Could not initialize Taverna's KeyManager for SSLSocketFactory: could not find a SunJSSE X509 KeyManager.");
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseClientAlias(String[] strArr, Principal[] principalArr, Socket socket) {
            CredentialManagerImpl.logger.info("inside chooseClientAlias()");
            try {
                if (this.sunJSSEX509KeyManager == null) {
                    init();
                }
                return this.sunJSSEX509KeyManager.chooseClientAlias(strArr, principalArr, socket);
            } catch (Exception e) {
                CredentialManagerImpl.logger.error(e);
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String chooseServerAlias(String str, Principal[] principalArr, Socket socket) {
            return null;
        }

        @Override // javax.net.ssl.X509KeyManager
        public X509Certificate[] getCertificateChain(String str) {
            CredentialManagerImpl.logger.debug("inside getCertificateChain()");
            try {
                if (this.sunJSSEX509KeyManager == null) {
                    init();
                }
                return this.sunJSSEX509KeyManager.getCertificateChain(str);
            } catch (Exception e) {
                CredentialManagerImpl.logger.error(e);
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getClientAliases(String str, Principal[] principalArr) {
            CredentialManagerImpl.logger.debug("inside getClientAliases()");
            try {
                if (this.sunJSSEX509KeyManager == null) {
                    init();
                }
                return this.sunJSSEX509KeyManager.getClientAliases(str, principalArr);
            } catch (Exception e) {
                CredentialManagerImpl.logger.error(e);
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public PrivateKey getPrivateKey(String str) {
            CredentialManagerImpl.logger.debug("inside getPrivateKey()");
            try {
                if (this.sunJSSEX509KeyManager == null) {
                    init();
                }
                return this.sunJSSEX509KeyManager.getPrivateKey(str);
            } catch (Exception e) {
                CredentialManagerImpl.logger.error(e);
                return null;
            }
        }

        @Override // javax.net.ssl.X509KeyManager
        public String[] getServerAliases(String str, Principal[] principalArr) {
            return null;
        }

        /* synthetic */ TavernaKeyManager(CredentialManagerImpl credentialManagerImpl, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/taverna/security/credentialmanager/impl/CredentialManagerImpl$TavernaTrustManager.class */
    public class TavernaTrustManager implements X509TrustManager {
        private X509TrustManager sunJSSEX509TrustManager;

        private TavernaTrustManager() {
            this.sunJSSEX509TrustManager = null;
        }

        private void init() throws Exception {
            CredentialManagerImpl.logger.debug("inside TavernaTrustManager.init()");
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance("SunX509", "SunJSSE");
            if (!CredentialManagerImpl.this.isInitialized) {
                CredentialManagerImpl.logger.debug("inside TavernaTrustManager.init() - Credential Manager has not been instantiated yet.");
                try {
                    CredentialManagerImpl.this.initialize();
                    CredentialManagerImpl.logger.debug("inside Taverna TrustManager.init() - Credential Manager instantiated.");
                } catch (CMException e) {
                    throw new Exception("Could not initialize Taverna's TrustManager for SSLSocketFactory: failed to initialise Credential Manager.");
                }
            }
            synchronized (CredentialManagerImpl.this.truststore) {
                CredentialManagerImpl.logger.debug("inside TavernaTrustManager.init() - Reinitialising the TrustManager.");
                SSLSocketFactory.getDefault();
                trustManagerFactory.init(CredentialManagerImpl.this.truststore);
                TrustManager[] trustManagers = trustManagerFactory.getTrustManagers();
                int length = trustManagers.length;
                for (int i = CredentialManagerImpl.REALLY_DISABLED; i < length; i++) {
                    TrustManager trustManager = trustManagers[i];
                    if (trustManager instanceof X509TrustManager) {
                        this.sunJSSEX509TrustManager = (X509TrustManager) trustManager;
                    }
                }
                throw new Exception("Could not initialize Taverna's TrustManager for SSLSocketFactory.");
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
        }

        @Override // javax.net.ssl.X509TrustManager
        public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) throws CertificateException {
            try {
                if (this.sunJSSEX509TrustManager == null) {
                    init();
                }
                try {
                    this.sunJSSEX509TrustManager.checkServerTrusted(x509CertificateArr, str);
                } catch (CertificateException e) {
                    if (!CredentialManagerImpl.this.shouldTrust(x509CertificateArr)) {
                        throw e;
                    }
                }
            } catch (Exception e2) {
                CredentialManagerImpl.logger.error(e2);
                throw new CertificateException(e2);
            }
        }

        @Override // javax.net.ssl.X509TrustManager
        public X509Certificate[] getAcceptedIssuers() {
            try {
                if (this.sunJSSEX509TrustManager == null) {
                    init();
                }
                return this.sunJSSEX509TrustManager.getAcceptedIssuers();
            } catch (Exception e) {
                CredentialManagerImpl.logger.error(e);
                return null;
            }
        }

        /* synthetic */ TavernaTrustManager(CredentialManagerImpl credentialManagerImpl, AnonymousClass1 anonymousClass1) {
            this();
        }
    }

    private static List<URL> getSpecialTrustedCertificates() {
        return new ArrayList();
    }

    public void installAuthenticator() {
        Authenticator.setDefault(new CredentialManagerAuthenticator(this));
    }

    public void deleteRevokedCertificates() {
        if (this.truststore != null) {
            if (this.certificatesRevokedIndicatorFile == null) {
                this.certificatesRevokedIndicatorFile = new File(this.credentialManagerDirectory, "certificates_revoked");
            }
            if (!this.certificatesRevokedIndicatorFile.exists()) {
                for (URL url : new ArrayList()) {
                    try {
                        InputStream openStream = url.openStream();
                        Throwable th = REALLY_DISABLED;
                        try {
                            try {
                                String certificateAlias = this.truststore.getCertificateAlias(((Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(openStream).toArray(new Certificate[REALLY_DISABLED]))[REALLY_DISABLED]);
                                if (certificateAlias != null) {
                                    this.truststore.deleteEntry(certificateAlias);
                                    logger.warn("Deleting revoked/unnecessary certificate " + certificateAlias);
                                }
                                if (openStream != null) {
                                    if (th != null) {
                                        try {
                                            openStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        openStream.close();
                                    }
                                }
                            } catch (Throwable th3) {
                                th = th3;
                                throw th3;
                                break;
                            }
                        } catch (Throwable th4) {
                            if (openStream != null) {
                                if (th != null) {
                                    try {
                                        openStream.close();
                                    } catch (Throwable th5) {
                                        th.addSuppressed(th5);
                                    }
                                } else {
                                    openStream.close();
                                }
                            }
                            throw th4;
                            break;
                        }
                    } catch (Exception e) {
                        logger.info("Can't delete revoked certificate " + url, e);
                    }
                }
                try {
                    FileUtils.touch(this.certificatesRevokedIndicatorFile);
                } catch (IOException e2) {
                    logger.error("Failed to touch " + this.certificatesRevokedIndicatorFile.getAbsolutePath(), e2);
                }
            }
            try {
                this.truststore.store(new FileOutputStream(this.truststoreFile), this.masterPassword.toCharArray());
            } catch (Exception e3) {
                logger.error("Failed to save Truststore after deleting revoked certificates.", e3);
            }
        }
    }

    public CredentialManagerImpl() throws CMException {
        Security.addProvider(new BouncyCastleProvider());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initialize() throws CMException {
        if (this.isInitialized) {
            return;
        }
        this.masterPassword = getMasterPassword();
        addObserver(this.clearCachedServiceURIsObserver);
        addObserver(this.keystoresChangedObserver);
        try {
            loadKeystore();
            logger.info("loaded the Keystore");
            try {
                loadTruststore();
                logger.info("loaded the Truststore");
                this.isInitialized = true;
            } catch (CMException e) {
                this.isInitialized = false;
                this.masterPassword = null;
                throw e;
            }
        } catch (CMException e2) {
            this.isInitialized = false;
            this.masterPassword = null;
            throw e2;
        }
    }

    private String getMasterPassword() throws CMException {
        if (this.masterPassword != null) {
            return this.masterPassword;
        }
        if (this.keystoreFile == null) {
            loadDefaultSecurityFiles();
        }
        boolean z = !this.keystoreFile.exists();
        Iterator<MasterPasswordProvider> it = this.masterPasswordProviders.iterator();
        while (it.hasNext()) {
            String masterPassword = it.next().getMasterPassword(z);
            if (masterPassword != null) {
                return masterPassword;
            }
        }
        String str = "Failed to obtain master password from providers: " + this.masterPasswordProviders;
        logger.error(str);
        throw new CMException(str);
    }

    private void loadKeystore() throws CMException {
        if (this.keystore == null) {
            try {
                this.keystore = KeyStore.getInstance("UBER", "BC");
                if (this.keystoreFile.exists()) {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(this.keystoreFile);
                        Throwable th = null;
                        try {
                            this.keystore.load(fileInputStream, this.masterPassword.toCharArray());
                            if (fileInputStream != null) {
                                if (REALLY_DISABLED != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        this.keystore = null;
                        this.masterPassword = null;
                        String str = "Failed to load Taverna's Keystore from " + this.keystoreFile.getAbsolutePath() + ". Possible reason: incorrect password or corrupted file.";
                        logger.error(str, e);
                        throw new CMException(str, e);
                    }
                } else {
                    try {
                        FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreFile);
                        Throwable th3 = null;
                        try {
                            this.keystore.load(null, null);
                            this.keystore.store(fileOutputStream, this.masterPassword.toCharArray());
                            if (fileOutputStream != null) {
                                if (REALLY_DISABLED != 0) {
                                    try {
                                        fileOutputStream.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    fileOutputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Exception e2) {
                        throw new CMException("Failed to generate a new empty Keystore.", e2);
                    }
                }
                System.clearProperty("javax.net.ssl.keyStoreType");
                System.clearProperty("javax.net.ssl.keyStoreProvider");
                System.clearProperty("javax.net.ssl.keyStore");
                System.clearProperty("javax.net.ssl.keyStorePassword");
            } catch (Exception e3) {
                throw new CMException("Failed to instantiate Taverna's Keystore.", e3);
            }
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v127, types: [java.io.PrintStream] */
    /* JADX WARN: Type inference failed for: r0v128, types: [java.io.PrintStream] */
    /* JADX WARN: Type inference failed for: r0v53 */
    /* JADX WARN: Type inference failed for: r0v55 */
    /* JADX WARN: Type inference failed for: r0v57, types: [java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r0v58, types: [java.io.FileOutputStream] */
    /* JADX WARN: Type inference failed for: r11v5, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r12v6, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r12v7, types: [java.lang.String] */
    /* JADX WARN: Type inference failed for: r1v39, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r1v41, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r1v47, types: [java.lang.StringBuilder] */
    /* JADX WARN: Type inference failed for: r2v43, types: [java.lang.Object[]] */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.apache.taverna.security.credentialmanager.impl.CredentialManagerImpl] */
    private void loadTruststore() throws CMException {
        InputStream openStream;
        Throwable th;
        ?? next;
        if (this.truststore == null) {
            try {
                this.truststore = KeyStore.getInstance("UBER", "BC");
                if (this.truststoreFile.exists()) {
                    try {
                        FileInputStream fileInputStream = new FileInputStream(this.truststoreFile);
                        Throwable th2 = null;
                        try {
                            this.truststore.load(fileInputStream, this.masterPassword.toCharArray());
                            deleteRevokedCertificates();
                            if (fileInputStream != null) {
                                if (REALLY_DISABLED != 0) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th3) {
                                        th2.addSuppressed(th3);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        this.truststore = null;
                        this.masterPassword = null;
                        String str = "Failed to load Taverna's Truststore from " + this.truststoreFile.getAbsolutePath() + ". Possible reason: incorrect password or corrupted file.";
                        logger.error(str, e);
                        throw new CMException(str, e);
                    }
                } else {
                    File file = new File(System.getProperty("java.home"), "lib/security/cacerts");
                    try {
                        KeyStore keyStore = KeyStore.getInstance("JKS");
                        boolean z = REALLY_DISABLED;
                        Iterator<String> it = defaultTrustStorePasswords.iterator();
                        while (it.hasNext()) {
                            next = it.next();
                            logger.info("Trying to load Java truststore using password: " + next);
                            try {
                                FileInputStream fileInputStream2 = new FileInputStream(file);
                                Throwable th4 = REALLY_DISABLED;
                                try {
                                    try {
                                        keyStore.load(fileInputStream2, next.toCharArray());
                                        z = true;
                                        if (fileInputStream2 != null) {
                                            if (th4 != null) {
                                                try {
                                                    fileInputStream2.close();
                                                } catch (Throwable th5) {
                                                    th4.addSuppressed(th5);
                                                }
                                            } else {
                                                fileInputStream2.close();
                                            }
                                        }
                                        break;
                                    } catch (Throwable th6) {
                                        th4 = th6;
                                        throw th6;
                                        break;
                                    }
                                } finally {
                                }
                            } catch (IOException e2) {
                                logger.info(String.format("Failed to load the Java truststore to copy over certificates using default password: %s from %s", new Object[]{next, file}));
                            } catch (NoSuchAlgorithmException e3) {
                                logger.error("Unknown encryption algorithm while loading Java truststore from " + file, e3);
                            } catch (CertificateException e4) {
                                logger.error("Certificate error while loading Java truststore from " + file, e4);
                            }
                        }
                        Iterator<String> it2 = it;
                        Throwable th7 = next;
                        if (!z) {
                            it2 = it;
                            th7 = next;
                            if (!loadJavaTruststoreUsingPasswordProviders(keyStore, file)) {
                                ?? r11 = "Credential manager failed to load certificates from Java's truststore.";
                                ?? r12 = "Try using the system property -Djavax.net.ssl.trustStorePassword=TheTrustStorePassword";
                                logger.error(r11 + " " + r12);
                                System.err.println(r11);
                                System.err.println(r12);
                                it2 = r11;
                                th7 = r12;
                            }
                        }
                        try {
                            try {
                                FileOutputStream fileOutputStream = new FileOutputStream(this.truststoreFile);
                                Throwable th8 = null;
                                this.truststore.load(null, null);
                                if (z) {
                                    Enumeration<String> aliases = keyStore.aliases();
                                    while (aliases.hasMoreElements()) {
                                        Certificate certificate = keyStore.getCertificate(aliases.nextElement());
                                        if (certificate instanceof X509Certificate) {
                                            this.truststore.setCertificateEntry(createTrustedCertificateAlias((X509Certificate) certificate), certificate);
                                        }
                                    }
                                }
                                logger.info("Loading certificates of trusted CAs so as to establish trust into our services such as BioCatalogue, BiodiversityCatalogue, heater, etc.");
                                CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
                                Iterator<URL> it3 = getSpecialTrustedCertificates().iterator();
                                while (it3.hasNext()) {
                                    try {
                                        openStream = it3.next().openStream();
                                        th = REALLY_DISABLED;
                                    } catch (Exception e5) {
                                        logger.error("Failed to insert trusted certificate entry in the Truststore", e5);
                                    }
                                    try {
                                        try {
                                            for (Certificate certificate2 : certificateFactory.generateCertificates(openStream)) {
                                                this.truststore.setCertificateEntry(createTrustedCertificateAlias((X509Certificate) certificate2), certificate2);
                                            }
                                            if (openStream != null) {
                                                if (th != null) {
                                                    try {
                                                        openStream.close();
                                                    } catch (Throwable th9) {
                                                        th.addSuppressed(th9);
                                                    }
                                                } else {
                                                    openStream.close();
                                                }
                                            }
                                        } catch (Throwable th10) {
                                            th = th10;
                                            throw th10;
                                        }
                                    } catch (Throwable th11) {
                                        if (openStream != null) {
                                            if (th != null) {
                                                try {
                                                    openStream.close();
                                                } catch (Throwable th12) {
                                                    th.addSuppressed(th12);
                                                }
                                            } else {
                                                openStream.close();
                                            }
                                        }
                                        throw th11;
                                    }
                                }
                                this.truststore.store(fileOutputStream, this.masterPassword.toCharArray());
                                if (fileOutputStream != null) {
                                    if (REALLY_DISABLED != 0) {
                                        try {
                                            fileOutputStream.close();
                                        } catch (Throwable th13) {
                                            th8.addSuppressed(th13);
                                        }
                                    } else {
                                        fileOutputStream.close();
                                    }
                                }
                            } catch (Exception e6) {
                                this.truststore = null;
                                throw new CMException("Failed to generate new empty Taverna's Truststore", e6);
                            }
                        } catch (Throwable th14) {
                            if (it2 != false) {
                                if (th7 == true) {
                                    try {
                                        it2.close();
                                    } catch (Throwable th15) {
                                        th7.addSuppressed(th15);
                                    }
                                } else {
                                    it2.close();
                                }
                            }
                            throw th14;
                        }
                    } catch (Exception e7) {
                        throw new CMException("Failed to instantiate a 'JKS'-type keystore for reading Java's truststore.", e7);
                    }
                }
                System.clearProperty("javax.net.ssl.trustStoreType");
                System.clearProperty("javax.net.ssl.trustStoreProvider");
                System.clearProperty("javax.net.ssl.trustStore");
                System.clearProperty("javax.net.ssl.trustStorePassword");
            } catch (Exception e8) {
                throw new CMException("Failed to instantiate Taverna's Truststore", e8);
            }
        }
    }

    private boolean loadJavaTruststoreUsingPasswordProviders(KeyStore keyStore, File file) {
        for (JavaTruststorePasswordProvider javaTruststorePasswordProvider : this.javaTruststorePasswordProviders) {
            String javaTruststorePassword = javaTruststorePasswordProvider.getJavaTruststorePassword();
            if (javaTruststorePassword != null) {
                try {
                    FileInputStream fileInputStream = new FileInputStream(file);
                    Throwable th = REALLY_DISABLED;
                    try {
                        try {
                            keyStore.load(fileInputStream, javaTruststorePassword.toCharArray());
                            if (fileInputStream != null) {
                                if (th != null) {
                                    try {
                                        fileInputStream.close();
                                    } catch (Throwable th2) {
                                        th.addSuppressed(th2);
                                    }
                                } else {
                                    fileInputStream.close();
                                }
                            }
                            return true;
                        } finally {
                        }
                    } finally {
                    }
                } catch (Exception e) {
                    logger.warn("Failed to load the Java truststore to copy over certificates using user-provided password from password provider " + javaTruststorePasswordProvider, e);
                    return false;
                }
            }
        }
        logger.error("No Java truststore password provider could unlock Java's truststore. Creating a new empty Truststore for Taverna.");
        return false;
    }

    @Deprecated
    public String[] getUsernameAndPasswordForService(String str) throws CMException {
        initialize();
        UsernamePassword usernameAndPasswordForService = getUsernameAndPasswordForService(URI.create(str), false, null);
        if (usernameAndPasswordForService == null) {
            return null;
        }
        String[] strArr = {usernameAndPasswordForService.getUsername(), String.valueOf(usernameAndPasswordForService.getPassword())};
        usernameAndPasswordForService.resetPassword();
        return strArr;
    }

    public UsernamePassword getUsernameAndPasswordForService(URI uri, boolean z, String str) throws CMException {
        initialize();
        synchronized (this.keystore) {
            LinkedHashSet<URI> possibleServiceURIsToLookup = getPossibleServiceURIsToLookup(uri, z);
            Map<URI, URI> fragmentMappedURIsForAllUsernameAndPasswordPairs = getFragmentMappedURIsForAllUsernameAndPasswordPairs();
            try {
                Iterator<URI> it = possibleServiceURIsToLookup.iterator();
                while (it.hasNext()) {
                    URI next = it.next();
                    URI uri2 = fragmentMappedURIsForAllUsernameAndPasswordPairs.get(next);
                    if (uri2 != null) {
                        String str2 = "password#" + uri2.toASCIIString();
                        SecretKeySpec secretKeySpec = (SecretKeySpec) this.keystore.getKey(str2, this.masterPassword.toCharArray());
                        if (secretKeySpec != null) {
                            String str3 = new String(secretKeySpec.getEncoded(), "UTF-8");
                            int indexOf = str3.indexOf(REALLY_DISABLED);
                            if (indexOf < 0) {
                                throw new CMException("Invalid credentials stored for " + next);
                            }
                            String substring = str3.substring(REALLY_DISABLED, indexOf);
                            String substring2 = str3.substring(indexOf + 1);
                            UsernamePassword usernamePassword = new UsernamePassword();
                            usernamePassword.setUsername(substring);
                            usernamePassword.setPassword(substring2.toCharArray());
                            return usernamePassword;
                        }
                        logger.warn("Could not find alias " + str2 + " for known uri " + next + ", just deleted?");
                    }
                }
                Iterator<ServiceUsernameAndPasswordProvider> it2 = this.serviceUsernameAndPasswordProviders.iterator();
                while (it2.hasNext()) {
                    UsernamePassword serviceUsernameAndPassword = it2.next().getServiceUsernameAndPassword(uri, str);
                    if (serviceUsernameAndPassword != null) {
                        if (serviceUsernameAndPassword.isShouldSave()) {
                            URI uri3 = uri;
                            if (z) {
                                uri3 = normalizeServiceURI(uri);
                            }
                            addUsernameAndPasswordForService(serviceUsernameAndPassword, uri3);
                        }
                        return serviceUsernameAndPassword;
                    }
                }
                return null;
            } catch (Exception e) {
                String str4 = "Failed to get the username and password pair for service " + uri + " from the Keystore";
                logger.error(str4, e);
                throw new CMException(str4, e);
            }
        }
    }

    protected Map<URI, URI> getFragmentMappedURIsForAllUsernameAndPasswordPairs() throws CMException {
        HashMap<URI, URI> hashMap;
        synchronized (Security.class) {
            if (this.cachedServiceURIsMap == null) {
                HashMap<URI, URI> hashMap2 = new HashMap<>();
                for (URI uri : getServiceURIsForAllUsernameAndPasswordPairs()) {
                    hashMap2.put(uri, uri);
                    if (uri.getFragment() != null) {
                        try {
                            URI fragmentForURI = this.dnParser.setFragmentForURI(uri, (String) null);
                            if (!hashMap2.containsKey(fragmentForURI)) {
                                hashMap2.put(fragmentForURI, uri);
                            } else if (hashMap2.get(fragmentForURI).getFragment() != null) {
                                hashMap2.remove(fragmentForURI);
                            }
                        } catch (URISyntaxException e) {
                            logger.warn("Could not reset fragment for service URI " + uri);
                        }
                    }
                }
                this.cachedServiceURIsMap = hashMap2;
            }
            hashMap = this.cachedServiceURIsMap;
        }
        return hashMap;
    }

    protected LinkedHashSet<URI> getPossibleServiceURIsToLookup(URI uri, boolean z) {
        try {
            uri = this.dnParser.setUserInfoForURI(uri.normalize(), (String) null);
        } catch (URISyntaxException e) {
            logger.warn("Could not strip userinfo from " + uri, e);
        }
        LinkedHashSet<URI> linkedHashSet = new LinkedHashSet<>();
        linkedHashSet.add(uri);
        if (!z || !uri.isAbsolute()) {
            return linkedHashSet;
        }
        String rawFragment = uri.getRawFragment();
        if (rawFragment == null) {
            rawFragment = "";
        }
        URI resolve = uri.resolve(uri.getRawPath());
        addFragmentedURI(linkedHashSet, resolve, rawFragment);
        URI resolve2 = resolve.resolve(".");
        addFragmentedURI(linkedHashSet, resolve2, rawFragment);
        URI uri2 = REALLY_DISABLED;
        URI resolve3 = resolve2.resolve("/");
        while (!resolve2.equals(uri2) && !resolve2.equals(resolve3) && resolve2.getPath().length() > 0) {
            uri2 = resolve2;
            resolve2 = resolve2.resolve("..");
            addFragmentedURI(linkedHashSet, resolve2, rawFragment);
        }
        addFragmentedURI(linkedHashSet, resolve3, rawFragment);
        if (rawFragment.length() > 0) {
            Iterator it = new ArrayList(linkedHashSet).iterator();
            while (it.hasNext()) {
                URI uri3 = (URI) it.next();
                try {
                    linkedHashSet.add(this.dnParser.setFragmentForURI(uri3, (String) null));
                } catch (URISyntaxException e2) {
                    logger.warn("Could not non-fragment URI " + uri3);
                }
            }
        }
        return linkedHashSet;
    }

    public void addFragmentedURI(LinkedHashSet<URI> linkedHashSet, URI uri, String str) {
        if (str != null && str.length() > 0) {
            uri = uri.resolve("#" + str);
        }
        linkedHashSet.add(uri);
    }

    @Deprecated
    public ArrayList<String> getServiceURLsforAllUsernameAndPasswordPairs() throws CMException {
        initialize();
        List<URI> serviceURIsForAllUsernameAndPasswordPairs = getServiceURIsForAllUsernameAndPasswordPairs();
        ArrayList<String> arrayList = new ArrayList<>();
        Iterator<URI> it = serviceURIsForAllUsernameAndPasswordPairs.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().toASCIIString());
        }
        return arrayList;
    }

    public String addUsernameAndPasswordForService(UsernamePassword usernamePassword, URI uri) throws CMException {
        initialize();
        return saveUsernameAndPasswordForService(usernamePassword.getUsername(), String.valueOf(usernamePassword.getPassword()), uri.toASCIIString());
    }

    @Deprecated
    public String saveUsernameAndPasswordForService(String str, String str2, String str3) throws CMException {
        String str4;
        initialize();
        synchronized (this.keystore) {
            str4 = "password#" + str3;
            try {
                try {
                    this.keystore.setKeyEntry(str4, new SecretKeySpec((str + (char) 0 + str2).getBytes("UTF-8"), "DUMMY"), this.masterPassword.toCharArray(), null);
                    saveKeystore(CredentialManager.KeystoreType.KEYSTORE);
                    this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.KEYSTORE));
                } catch (Exception e) {
                    String str5 = "Failed to insert username and password pair for service " + str3 + " in the Keystore";
                    logger.error(str5, e);
                    throw new CMException(str5, e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException("Could not find encoding UTF-8");
            }
        }
        return str4;
    }

    public void deleteUsernameAndPasswordForService(URI uri) throws CMException {
        initialize();
        deleteUsernameAndPasswordForService(uri.toASCIIString());
    }

    @Deprecated
    public void deleteUsernameAndPasswordForService(String str) throws CMException {
        initialize();
        synchronized (this.keystore) {
            deleteEntry(CredentialManager.KeystoreType.KEYSTORE, "password#" + str);
            saveKeystore(CredentialManager.KeystoreType.KEYSTORE);
            this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.KEYSTORE));
        }
    }

    public String addKeyPair(Key key, Certificate[] certificateArr) throws CMException {
        String str;
        initialize();
        synchronized (this.keystore) {
            str = "keypair#" + this.dnParser.parseDN(((X509Certificate) certificateArr[REALLY_DISABLED]).getSubjectX500Principal().getName("RFC2253")).getCN() + "#" + this.dnParser.parseDN(((X509Certificate) certificateArr[REALLY_DISABLED]).getIssuerX500Principal().getName("RFC2253")).getCN() + "#" + new BigInteger(1, ((X509Certificate) certificateArr[REALLY_DISABLED]).getSerialNumber().toByteArray()).toString(16).toUpperCase();
            try {
                this.keystore.setKeyEntry(str, key, this.masterPassword.toCharArray(), certificateArr);
                saveKeystore(CredentialManager.KeystoreType.KEYSTORE);
                this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.KEYSTORE));
                logger.debug("updating SSLSocketFactory after inserting a key pair");
            } catch (Exception e) {
                throw new CMException("failed to insert the key pair entry in the Keystore", e);
            }
        }
        return str;
    }

    public boolean hasKeyPair(Key key, Certificate[] certificateArr) throws CMException {
        return hasEntryWithAlias(CredentialManager.KeystoreType.KEYSTORE, createKeyPairAlias(key, certificateArr));
    }

    public void deleteKeyPair(String str) throws CMException {
        initialize();
        synchronized (this.keystore) {
            deleteEntry(CredentialManager.KeystoreType.KEYSTORE, str);
            saveKeystore(CredentialManager.KeystoreType.KEYSTORE);
            this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.KEYSTORE));
            logger.info("updating SSLSocketFactory after deleting a keypair");
        }
    }

    public void deleteKeyPair(Key key, Certificate[] certificateArr) throws CMException {
        deleteKeyPair(createKeyPairAlias(key, certificateArr));
    }

    public void exportKeyPair(String str, Path path, String str2) throws CMException {
        initialize();
        synchronized (this.keystore) {
            try {
                PrivateKey privateKey = (PrivateKey) this.keystore.getKey(str, this.masterPassword.toCharArray());
                Certificate[] keyPairsCertificateChain = getKeyPairsCertificateChain(str);
                KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                keyStore.load(null, null);
                keyStore.setKeyEntry(this.dnParser.parseDN(((X509Certificate) keyPairsCertificateChain[REALLY_DISABLED]).getSubjectX500Principal().getName("RFC2253")).getCN() + "'s " + this.dnParser.parseDN(((X509Certificate) keyPairsCertificateChain[REALLY_DISABLED]).getIssuerX500Principal().getName("RFC2253")).getCN() + " ID", privateKey, new char[REALLY_DISABLED], keyPairsCertificateChain);
                OutputStream newOutputStream = Files.newOutputStream(path, new OpenOption[REALLY_DISABLED]);
                Throwable th = REALLY_DISABLED;
                try {
                    try {
                        keyStore.store(newOutputStream, str2.toCharArray());
                        if (newOutputStream != null) {
                            if (th != null) {
                                try {
                                    newOutputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                newOutputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (newOutputStream != null) {
                        if (th != null) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    throw th3;
                }
            } catch (Exception e) {
                logger.error("Failed to export the key pair from the Keystore", e);
                throw new CMException("Failed to export the key pair from the Keystore", e);
            }
        }
    }

    public Certificate getCertificate(CredentialManager.KeystoreType keystoreType, String str) throws CMException {
        Certificate certificate;
        Certificate certificate2;
        initialize();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[keystoreType.ordinal()]) {
                case 1:
                    synchronized (this.keystore) {
                        certificate2 = this.keystore.getCertificate(str);
                    }
                    return certificate2;
                case 2:
                    synchronized (this.truststore) {
                        certificate = this.truststore.getCertificate(str);
                    }
                    return certificate;
                default:
                    return null;
            }
        } catch (Exception e) {
            String str2 = "Failed to fetch certificate from the " + keystoreType;
            logger.error(str2, e);
            throw new CMException(str2, e);
        }
        String str22 = "Failed to fetch certificate from the " + keystoreType;
        logger.error(str22, e);
        throw new CMException(str22, e);
    }

    public Certificate[] getKeyPairsCertificateChain(String str) throws CMException {
        Certificate[] certificateChain;
        initialize();
        try {
            synchronized (this.keystore) {
                certificateChain = this.keystore.getCertificateChain(str);
            }
            return certificateChain;
        } catch (Exception e) {
            logger.error("Failed to fetch certificate chain for the keypair from the Keystore", e);
            throw new CMException("Failed to fetch certificate chain for the keypair from the Keystore", e);
        }
    }

    public Key getKeyPairsPrivateKey(String str) throws CMException {
        Key key;
        initialize();
        try {
            synchronized (this.keystore) {
                key = this.keystore.getKey(str, this.masterPassword.toCharArray());
            }
            return key;
        } catch (Exception e) {
            logger.error("Failed to fetch private key for the keypair from the Keystore", e);
            throw new CMException("Failed to fetch private key for the keypair from the Keystore", e);
        }
    }

    public String addTrustedCertificate(X509Certificate x509Certificate) throws CMException {
        String createTrustedCertificateAlias;
        initialize();
        synchronized (this.truststore) {
            createTrustedCertificateAlias = createTrustedCertificateAlias(x509Certificate);
            try {
                this.truststore.setCertificateEntry(createTrustedCertificateAlias, x509Certificate);
                saveKeystore(CredentialManager.KeystoreType.TRUSTSTORE);
                this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.TRUSTSTORE));
                logger.debug("Updating SSLSocketFactory after inserting a trusted certificate");
            } catch (Exception e) {
                throw new CMException("failed to insert trusted certificate entry in the Truststore", e);
            }
        }
        return createTrustedCertificateAlias;
    }

    public String createKeyPairAlias(Key key, Certificate[] certificateArr) {
        return "keypair#" + this.dnParser.parseDN(((X509Certificate) certificateArr[REALLY_DISABLED]).getSubjectX500Principal().getName("RFC2253")).getCN() + "#" + this.dnParser.parseDN(((X509Certificate) certificateArr[REALLY_DISABLED]).getIssuerX500Principal().getName("RFC2253")).getCN() + "#" + new BigInteger(1, ((X509Certificate) certificateArr[REALLY_DISABLED]).getSerialNumber().toByteArray()).toString(16).toUpperCase();
    }

    public String createTrustedCertificateAlias(X509Certificate x509Certificate) {
        ParsedDistinguishedName parseDN = this.dnParser.parseDN(x509Certificate.getSubjectX500Principal().getName("RFC2253"));
        String cn = parseDN.getCN();
        String ou = parseDN.getOU();
        String o = parseDN.getO();
        String str = !cn.equals("none") ? cn : !ou.equals("none") ? ou : !o.equals("none") ? o : "<Not Part of Certificate>";
        String upperCase = new BigInteger(1, x509Certificate.getSerialNumber().toByteArray()).toString(16).toUpperCase();
        ParsedDistinguishedName parseDN2 = this.dnParser.parseDN(x509Certificate.getIssuerX500Principal().getName("RFC2253"));
        String cn2 = parseDN2.getCN();
        String ou2 = parseDN2.getOU();
        String o2 = parseDN2.getO();
        return "trustedcert#" + str + "#" + (!cn2.equals("none") ? cn2 : !ou2.equals("none") ? ou2 : !o2.equals("none") ? o2 : "<Not Part of Certificate>") + "#" + upperCase;
    }

    public boolean hasTrustedCertificate(Certificate certificate) throws CMException {
        return hasEntryWithAlias(CredentialManager.KeystoreType.TRUSTSTORE, createTrustedCertificateAlias((X509Certificate) certificate));
    }

    public void deleteTrustedCertificate(String str) throws CMException {
        initialize();
        synchronized (this.truststore) {
            deleteEntry(CredentialManager.KeystoreType.TRUSTSTORE, str);
            saveKeystore(CredentialManager.KeystoreType.TRUSTSTORE);
            this.multiCaster.notify(new KeystoreChangedEvent(CredentialManager.KeystoreType.TRUSTSTORE));
            logger.info("Updating SSLSocketFactory after deleting a trusted certificate");
        }
    }

    public void deleteTrustedCertificate(X509Certificate x509Certificate) throws CMException {
        deleteTrustedCertificate(createTrustedCertificateAlias(x509Certificate));
    }

    public boolean isKeyEntry(String str) throws CMException {
        boolean isKeyEntry;
        initialize();
        try {
            synchronized (this.keystore) {
                isKeyEntry = this.keystore.isKeyEntry(str);
            }
            return isKeyEntry;
        } catch (Exception e) {
            logger.error("failed to access the key entry in the Keystore", e);
            throw new CMException("failed to access the key entry in the Keystore", e);
        }
    }

    private void deleteEntry(CredentialManager.KeystoreType keystoreType, String str) throws CMException {
        initialize();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[keystoreType.ordinal()]) {
                case 1:
                    synchronized (this.keystore) {
                        if (this.keystore.containsAlias(str)) {
                            this.keystore.deleteEntry(str);
                        }
                    }
                    return;
                case 2:
                    synchronized (this.truststore) {
                        if (this.truststore.containsAlias(str)) {
                            this.truststore.deleteEntry(str);
                        }
                    }
                    return;
                default:
                    return;
            }
        } catch (Exception e) {
            String str2 = "failed to delete the entry with alias " + str + " from the " + keystoreType;
            logger.error(str2, e);
            throw new CMException(str2, e);
        }
        String str22 = "failed to delete the entry with alias " + str + " from the " + keystoreType;
        logger.error(str22, e);
        throw new CMException(str22, e);
    }

    public boolean hasEntryWithAlias(CredentialManager.KeystoreType keystoreType, String str) throws CMException {
        boolean containsAlias;
        boolean containsAlias2;
        initialize();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[keystoreType.ordinal()]) {
                case 1:
                    synchronized (this.keystore) {
                        containsAlias2 = this.keystore.containsAlias(str);
                    }
                    return containsAlias2;
                case 2:
                    synchronized (this.truststore) {
                        containsAlias = this.truststore.containsAlias(str);
                    }
                    return containsAlias;
                default:
                    return false;
            }
        } catch (Exception e) {
            String str2 = "failed to access the " + keystoreType + " to check if an alias exists";
            logger.error(str2, e);
            throw new CMException(str2, e);
        }
        String str22 = "failed to access the " + keystoreType + " to check if an alias exists";
        logger.error(str22, e);
        throw new CMException(str22, e);
    }

    public ArrayList<String> getAliases(CredentialManager.KeystoreType keystoreType) throws CMException {
        ArrayList<String> list;
        ArrayList<String> list2;
        initialize();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[keystoreType.ordinal()]) {
                case 1:
                    synchronized (this.keystore) {
                        list2 = Collections.list(this.keystore.aliases());
                    }
                    return list2;
                case 2:
                    synchronized (this.truststore) {
                        list = Collections.list(this.truststore.aliases());
                    }
                    return list;
                default:
                    return null;
            }
        } catch (Exception e) {
            String str = "failed to access the " + keystoreType + " to get the aliases";
            logger.error(str, e);
            throw new CMException(str, e);
        }
        String str2 = "failed to access the " + keystoreType + " to get the aliases";
        logger.error(str2, e);
        throw new CMException(str2, e);
    }

    public List<URI> getServiceURIsForAllUsernameAndPasswordPairs() throws CMException {
        List<URI> list;
        initialize();
        synchronized (this.keystore) {
            if (this.cachedServiceURIsList == null) {
                ArrayList arrayList = new ArrayList();
                Iterator<String> it = getAliases(CredentialManager.KeystoreType.KEYSTORE).iterator();
                while (it.hasNext()) {
                    String next = it.next();
                    if (next.startsWith("password#")) {
                        String[] split = next.split("#", 2);
                        if (split.length != 2) {
                            logger.warn("Invalid alias " + next);
                        } else {
                            arrayList.add(URI.create(split[1]));
                        }
                    }
                }
                this.cachedServiceURIsList = arrayList;
            }
            list = this.cachedServiceURIsList;
        }
        return list;
    }

    public KeyStore loadPKCS12Keystore(Path path, String str) throws CMException {
        try {
            InputStream newInputStream = Files.newInputStream(path, new OpenOption[REALLY_DISABLED]);
            Throwable th = null;
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12", "BC");
                keyStore.load(newInputStream, str.toCharArray());
                if (newInputStream != null) {
                    if (REALLY_DISABLED != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                return keyStore;
            } finally {
            }
        } catch (Exception e) {
            logger.error("failed to open a PKCS12-type keystore", e);
            throw new CMException("failed to open a PKCS12-type keystore", e);
        }
    }

    public void addObserver(Observer<KeystoreChangedEvent> observer) {
        this.multiCaster.addObserver(observer);
    }

    public List<Observer<KeystoreChangedEvent>> getObservers() {
        return this.multiCaster.getObservers();
    }

    public void removeObserver(Observer<KeystoreChangedEvent> observer) {
        this.multiCaster.removeObserver(observer);
    }

    private void saveKeystore(CredentialManager.KeystoreType keystoreType) throws CMException {
        FileOutputStream fileOutputStream;
        initialize();
        try {
            switch (AnonymousClass1.$SwitchMap$org$apache$taverna$security$credentialmanager$CredentialManager$KeystoreType[keystoreType.ordinal()]) {
                case 1:
                    synchronized (this.keystore) {
                        fileOutputStream = new FileOutputStream(this.keystoreFile);
                        Throwable th = REALLY_DISABLED;
                        try {
                            try {
                                this.keystore.store(fileOutputStream, this.masterPassword.toCharArray());
                                if (fileOutputStream != null) {
                                    if (th != null) {
                                        try {
                                            fileOutputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        fileOutputStream.close();
                                    }
                                }
                            } finally {
                            }
                        } finally {
                        }
                    }
                    return;
                case 2:
                    synchronized (this.truststore) {
                        fileOutputStream = new FileOutputStream(this.truststoreFile);
                        Throwable th3 = REALLY_DISABLED;
                        try {
                            try {
                                this.truststore.store(fileOutputStream, this.masterPassword.toCharArray());
                                if (fileOutputStream != null) {
                                    if (th3 != null) {
                                        try {
                                            fileOutputStream.close();
                                        } catch (Throwable th4) {
                                            th3.addSuppressed(th4);
                                        }
                                    } else {
                                        fileOutputStream.close();
                                    }
                                }
                            } finally {
                            }
                        } finally {
                        }
                    }
                    return;
                default:
                    return;
            }
        } catch (Exception e) {
            String str = "failed to save the " + keystoreType;
            logger.error(str, e);
            throw new CMException(str, e);
        }
        String str2 = "failed to save the " + keystoreType;
        logger.error(str2, e);
        throw new CMException(str2, e);
    }

    public boolean confirmMasterPassword(String str) throws CMException {
        initialize();
        return this.masterPassword != null && this.masterPassword.equals(str);
    }

    public void changeMasterPassword(String str) throws CMException {
        initialize();
        String str2 = this.masterPassword;
        KeyStore keyStore = this.keystore;
        KeyStore keyStore2 = this.truststore;
        try {
            synchronized (this.keystore) {
                try {
                    KeyStore keyStore3 = KeyStore.getInstance("UBER", "BC");
                    try {
                        keyStore3.load(null, null);
                        Enumeration<String> aliases = this.keystore.aliases();
                        while (aliases.hasMoreElements()) {
                            String nextElement = aliases.nextElement();
                            keyStore3.setEntry(nextElement, this.keystore.getEntry(nextElement, new KeyStore.PasswordProtection(this.masterPassword.toCharArray())), new KeyStore.PasswordProtection(str.toCharArray()));
                        }
                        FileOutputStream fileOutputStream = new FileOutputStream(this.keystoreFile);
                        Throwable th = REALLY_DISABLED;
                        try {
                            try {
                                keyStore3.store(fileOutputStream, str.toCharArray());
                                if (fileOutputStream != null) {
                                    if (th != null) {
                                        try {
                                            fileOutputStream.close();
                                        } catch (Throwable th2) {
                                            th.addSuppressed(th2);
                                        }
                                    } else {
                                        fileOutputStream.close();
                                    }
                                }
                                this.keystore = keyStore3;
                            } finally {
                            }
                        } catch (Throwable th3) {
                            if (fileOutputStream != null) {
                                if (th != null) {
                                    try {
                                        fileOutputStream.close();
                                    } catch (Throwable th4) {
                                        th.addSuppressed(th4);
                                    }
                                } else {
                                    fileOutputStream.close();
                                }
                            }
                            throw th3;
                        }
                    } catch (Exception e) {
                        throw new CMException("Failed to create a new empty Keystore to copy over the entries from the current one.", e);
                    }
                } catch (Exception e2) {
                    throw new CMException("Failed to instantiate a new Bouncy Castle Keystore when changing master password.", e2);
                }
            }
            synchronized (this.truststore) {
                FileOutputStream fileOutputStream2 = new FileOutputStream(this.truststoreFile);
                Throwable th5 = null;
                try {
                    this.truststore.store(fileOutputStream2, str.toCharArray());
                    if (fileOutputStream2 != null) {
                        if (REALLY_DISABLED != 0) {
                            try {
                                fileOutputStream2.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            fileOutputStream2.close();
                        }
                    }
                } catch (Throwable th7) {
                    if (fileOutputStream2 != null) {
                        if (REALLY_DISABLED != 0) {
                            try {
                                fileOutputStream2.close();
                            } catch (Throwable th8) {
                                th5.addSuppressed(th8);
                            }
                        } else {
                            fileOutputStream2.close();
                        }
                    }
                    throw th7;
                }
            }
            this.masterPassword = str;
        } catch (Exception e3) {
            this.keystore = keyStore;
            this.truststore = keyStore2;
            this.masterPassword = str2;
            saveKeystore(CredentialManager.KeystoreType.KEYSTORE);
            saveKeystore(CredentialManager.KeystoreType.TRUSTSTORE);
            logger.error("Failed to change maaster password - reverting to the old one", e3);
            throw new CMException("Failed to change maaster password - reverting to the old one");
        }
    }

    public void initializeSSL() throws CMException {
        if (tavernaSSLSocketFactory == null) {
            HttpsURLConnection.setDefaultSSLSocketFactory(createSSLSocketFactory());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public SSLSocketFactory createSSLSocketFactory() throws CMException {
        try {
            SSLContext sSLContext = SSLContext.getInstance("SSLv3");
            try {
                try {
                    try {
                        sSLContext.init(new KeyManager[]{new TavernaKeyManager(this, null)}, new TrustManager[]{new TavernaTrustManager(this, null)}, new SecureRandom());
                        SSLContext.setDefault(sSLContext);
                        tavernaSSLSocketFactory = sSLContext.getSocketFactory();
                        return tavernaSSLSocketFactory;
                    } catch (KeyManagementException e) {
                        throw new CMException("Failed to initiate the SSL socet factory", e);
                    }
                } catch (Exception e2) {
                    throw new CMException("Failed to create SSL socket factory: could not initiate SSL Trust Manager", e2);
                }
            } catch (Exception e3) {
                throw new CMException("Failed to create SSL socket factory: could not initiate SSL Key Manager", e3);
            }
        } catch (NoSuchAlgorithmException e4) {
            throw new CMException("Failed to create SSL socket factory: the SSL algorithm was not available from any crypto provider", e4);
        }
    }

    public SSLSocketFactory getTavernaSSLSocketFactory() throws CMException {
        return tavernaSSLSocketFactory == null ? createSSLSocketFactory() : tavernaSSLSocketFactory;
    }

    public Authenticator getAuthenticator() {
        return new CredentialManagerAuthenticator(this);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public boolean shouldTrust(X509Certificate[] x509CertificateArr) throws IllegalArgumentException {
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            throw new IllegalArgumentException("At least one certificate needed in chain");
        }
        try {
            if (this.truststore.containsAlias(createTrustedCertificateAlias(x509CertificateArr[REALLY_DISABLED]))) {
                return true;
            }
        } catch (KeyStoreException e) {
        }
        String name = x509CertificateArr[REALLY_DISABLED].getSubjectX500Principal().getName();
        for (TrustConfirmationProvider trustConfirmationProvider : this.trustConfirmationProviders) {
            Boolean shouldTrustCertificate = trustConfirmationProvider.shouldTrustCertificate(x509CertificateArr);
            if (shouldTrustCertificate != null) {
                try {
                    if (shouldTrustCertificate.booleanValue()) {
                        addTrustedCertificate(x509CertificateArr[REALLY_DISABLED]);
                        logger.info("Stored trusted certificate " + name);
                    }
                } catch (CMException e2) {
                    logger.error("Credential Manager failed to save trusted certificate " + name, e2);
                }
                if (logger.isDebugEnabled()) {
                    if (shouldTrustCertificate.booleanValue()) {
                        logger.debug("Trusting " + name + " according to " + trustConfirmationProvider);
                    } else {
                        logger.debug("Not trusting " + name + " according to " + trustConfirmationProvider);
                    }
                }
                return shouldTrustCertificate.booleanValue();
            }
        }
        logger.warn("No TrustConfirmationProvider instances could confirm or deny the trust in " + name);
        return false;
    }

    public URI normalizeServiceURI(URI uri) {
        try {
            return this.dnParser.setFragmentForURI(this.dnParser.setUserInfoForURI(uri, (String) null).normalize().resolve("."), uri.getFragment());
        } catch (URISyntaxException e) {
            return uri;
        }
    }

    public boolean resetAuthCache() {
        try {
            Class.forName("sun.net.www.protocol.http.AuthCacheValue").getMethod("setAuthCache", Class.forName("sun.net.www.protocol.http.AuthCache")).invoke(null, Class.forName("sun.net.www.protocol.http.AuthCacheImpl").newInstance());
            return true;
        } catch (Exception e) {
            logger.warn("Could not reset authcache, non-Sun JVM or internal Sun classes changed", e);
            return false;
        }
    }

    public boolean hasUsernamePasswordForService(URI uri) throws CMException {
        Map<URI, URI> fragmentMappedURIsForAllUsernameAndPasswordPairs = getFragmentMappedURIsForAllUsernameAndPasswordPairs();
        Iterator<URI> it = getPossibleServiceURIsToLookup(uri, true).iterator();
        while (it.hasNext()) {
            if (fragmentMappedURIsForAllUsernameAndPasswordPairs.containsKey(it.next())) {
                return true;
            }
        }
        return false;
    }

    private void loadDefaultSecurityFiles() {
        if (this.credentialManagerDirectory == null) {
            this.credentialManagerDirectory = this.dnParser.getCredentialManagerDefaultDirectory(this.applicationConfiguration).toFile();
        }
        if (this.keystoreFile == null) {
            this.keystoreFile = new File(this.credentialManagerDirectory, "taverna-keystore.ubr");
        }
        if (this.truststoreFile == null) {
            this.truststoreFile = new File(this.credentialManagerDirectory, "taverna-truststore.ubr");
        }
    }

    public void setConfigurationDirectoryPath(Path path) throws CMException {
        File file = path.toFile();
        if (file == null) {
            throw new CMException("Credential Manager's configuration directory cannot be null.");
        }
        try {
            if (!file.exists()) {
                file.mkdir();
            }
            this.keystoreFile = new File(file, "taverna-keystore.ubr");
            this.truststoreFile = new File(file, "taverna-truststore.ubr");
            if (this.isInitialized) {
                this.masterPassword = null;
                this.keystore = null;
                this.truststore = null;
                this.isInitialized = false;
            }
        } catch (Exception e) {
            throw new CMException("Failed to open Credential Manager's directory " + file + " to load the security files: " + e.getMessage(), e);
        }
    }

    public void setMasterPasswordProviders(List<MasterPasswordProvider> list) {
        this.masterPasswordProviders = list;
    }

    public List<MasterPasswordProvider> getMasterPasswordProviders() {
        return this.masterPasswordProviders;
    }

    public void setJavaTruststorePasswordProviders(List<JavaTruststorePasswordProvider> list) {
        this.javaTruststorePasswordProviders = list;
    }

    public List<JavaTruststorePasswordProvider> getJavaTruststorePasswordProviders() {
        return this.javaTruststorePasswordProviders;
    }

    public void setServiceUsernameAndPasswordProviders(List<ServiceUsernameAndPasswordProvider> list) {
        this.serviceUsernameAndPasswordProviders = list;
    }

    public List<ServiceUsernameAndPasswordProvider> getServiceUsernameAndPasswordProviders() {
        return this.serviceUsernameAndPasswordProviders;
    }

    public void setTrustConfirmationProviders(List<TrustConfirmationProvider> list) {
        this.trustConfirmationProviders = list;
    }

    public List<TrustConfirmationProvider> getTrustConfirmationProviders() {
        return this.trustConfirmationProviders;
    }

    public void setApplicationConfiguration(ApplicationConfiguration applicationConfiguration) {
        this.applicationConfiguration = applicationConfiguration;
    }
}
