package net.e6tech.elements.security.vault;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.spec.RSAPrivateKeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.text.SimpleDateFormat;
import java.time.ZonedDateTime;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.Random;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.security.auth.login.LoginException;
import net.e6tech.elements.common.logging.Logger;
import net.e6tech.elements.security.AsymmetricCipher;
import net.e6tech.elements.security.Hex;
import net.e6tech.elements.security.RNG;
import net.e6tech.elements.security.SymmetricCipher;

/* loaded from: input_file:net/e6tech/elements/security/vault/VaultManager.class */
public class VaultManager {
    private static Logger logger = Logger.getLogger();
    public static final String KEY_VAULT = "key-vault";
    public static final String USER_VAULT = "user-vault";
    public static final String DATA_VAULT = "data-vault";
    public static final String LOCAL_VAULT = "local-vault";
    private AsymmetricCipher asymmetricCipher;
    private VaultStore userLocalStore;
    private VaultStore keyDataStore;
    private long authorizationDuration = 900000;
    private boolean userLocalOpened = false;
    private boolean keyDataOpened = false;
    private PasswordProtected pwd = new PasswordProtected();
    private KeyProtected keyEncryption = new KeyProtected();
    private VaultManagerState state = new VaultManagerState();
    private Random random = new Random();
    private SymmetricCipher symmetricCipher = SymmetricCipher.getInstance("AES");

    public VaultManager() {
        this.symmetricCipher.setBase64(false);
        this.asymmetricCipher = AsymmetricCipher.getInstance("RSA");
        this.keyDataStore = new FileStore();
        this.userLocalStore = this.keyDataStore;
        this.userLocalStore.manage(USER_VAULT, LOCAL_VAULT);
        this.keyDataStore.manage(KEY_VAULT, DATA_VAULT);
    }

    public long getAuthorizationDuration() {
        return this.authorizationDuration;
    }

    public void setAuthorizationDuration(long j) {
        this.authorizationDuration = j;
    }

    public VaultStore getKeyDataStore() {
        return this.keyDataStore;
    }

    public void setKeyDataStore(VaultStore vaultStore) {
        this.keyDataStore = vaultStore;
    }

    public VaultStore getUserLocalStore() {
        return this.userLocalStore;
    }

    public void setUserLocalStore(VaultStore vaultStore) {
        this.userLocalStore = vaultStore;
    }

    public SymmetricCipher getSymmetricCipher() {
        return this.symmetricCipher;
    }

    public AsymmetricCipher getAsymmetricCipher() {
        return this.asymmetricCipher;
    }

    private ClearText generateInternalKeyPair(String str) throws GeneralSecurityException {
        KeyPair generateKeySpec = this.asymmetricCipher.generateKeySpec();
        KeyFactory keyFactory = this.asymmetricCipher.getKeyFactory();
        RSAPublicKeySpec rSAPublicKeySpec = (RSAPublicKeySpec) keyFactory.getKeySpec(generateKeySpec.getPublic(), RSAPublicKeySpec.class);
        RSAPrivateKeySpec rSAPrivateKeySpec = (RSAPrivateKeySpec) keyFactory.getKeySpec(generateKeySpec.getPrivate(), RSAPrivateKeySpec.class);
        ClearText clearText = new ClearText();
        clearText.alias(str);
        try {
            clearText.setBytes((rSAPrivateKeySpec.getModulus().toString(16) + "$" + rSAPrivateKeySpec.getPrivateExponent().toString(16)).getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
        }
        clearText.setProperty(Constants.TYPE, Constants.KEY_PAIR_TYPE);
        clearText.setProperty(Constants.ALGORITHM, this.asymmetricCipher.getAlgorithm());
        clearText.setProperty(ClearText.PUBLIC_KEY_MOD, rSAPublicKeySpec.getModulus().toString(16));
        clearText.setProperty(ClearText.PUBLIC_KEY_EXP, rSAPublicKeySpec.getPublicExponent().toString(16));
        clearText.protect();
        return clearText;
    }

    private ClearText generateSignature() throws GeneralSecurityException {
        ClearText clearText = new ClearText();
        byte[] generateSeed = RNG.generateSeed(16);
        clearText.setBytes(generateSeed);
        clearText.alias("signature");
        clearText.setProperty("signature", Hex.toString(generateSeed));
        clearText.setProperty(Constants.TYPE, "signature");
        clearText.setProperty(Constants.SIGNATURE_FORMAT, "1.0");
        clearText.protect();
        return clearText;
    }

    private ClearText getPassphrase() throws GeneralSecurityException {
        return this.pwd.unsealUserOrPassphrase(getLocal("passphrase", null), this.state.getPassword());
    }

    private ClearText getPassphrase(Secret secret) throws GeneralSecurityException {
        String[] split = secret.getSecret().split("\\$");
        return this.pwd.unsealUserOrPassphrase(split.length >= 5 ? getLocal("passphrase", split[4]) : getLocal("passphrase", null), this.state.getPassword());
    }

    private ClearText generatePassphrase(char[] cArr) throws GeneralSecurityException {
        ClearText clearText = new ClearText();
        try {
            clearText.setBytes(new String(cArr).getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
        }
        clearText.alias("passphrase");
        clearText.setProperty(Constants.TYPE, "passphrase");
        clearText.protect();
        return clearText;
    }

    private ClearText generateInternalKey(String str) throws GeneralSecurityException {
        SecretKey generateKeySpec = this.symmetricCipher.generateKeySpec();
        ClearText clearText = new ClearText();
        clearText.setBytes(generateKeySpec.getEncoded());
        clearText.alias(str);
        clearText.setProperty(Constants.TYPE, Constants.KEY_TYPE);
        clearText.setProperty(Constants.ALGORITHM, "AES");
        clearText.protect();
        return clearText;
    }

    private ZonedDateTime setCreationTimeVersion(ClearText clearText) {
        ZonedDateTime now = ZonedDateTime.now();
        String format = now.format(DateTimeFormatter.ISO_ZONED_DATE_TIME);
        if (clearText.version() == null) {
            clearText.setProperty(Constants.CREATION_DATE_TIME, format);
            clearText.setProperty(Constants.CREATION_TIME, "" + now.toInstant().toEpochMilli());
            clearText.version("" + now.toInstant().toEpochMilli());
        }
        return now;
    }

    public RSAPublicKeySpec getPublicKey() throws GeneralSecurityException {
        return (RSAPublicKeySpec) this.asymmetricCipher.getKeyFactory().getKeySpec(getKey(Constants.ASYMMETRIC_KEY_ALIAS, null).asKeyPair().getPublic(), RSAPublicKeySpec.class);
    }

    public boolean validateUser(String str, char[] cArr) {
        if (str == null || cArr == null) {
            return false;
        }
        try {
            ClearText user = getUser(new Credential(str, cArr));
            if (user == null) {
                return false;
            }
            return user.getProperty(Constants.TYPE).equals(Constants.USER_TYPE);
        } catch (Throwable th) {
            return false;
        }
    }

    public String authorize(Credential credential) throws GeneralSecurityException {
        checkAccess(credential);
        try {
            return _encrypt(Constants.AUTHORIZATION_KEY_ALIAS, ("" + System.currentTimeMillis() + "-" + this.random.nextInt(1000000)).getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    public String renew(String str) throws GeneralSecurityException {
        checkToken(str);
        try {
            return _encrypt(Constants.AUTHORIZATION_KEY_ALIAS, ("" + System.currentTimeMillis() + "-" + this.random.nextInt(1000000)).getBytes("UTF-8"));
        } catch (UnsupportedEncodingException e) {
            return null;
        }
    }

    private void checkToken(String str) throws GeneralSecurityException {
        if (str == null) {
            throw new LoginException();
        }
        try {
            String str2 = new String(_decrypt(str), "UTF-8");
            int indexOf = str2.indexOf("-");
            if (indexOf < 0) {
                throw new LoginException("Invalid toke format");
            }
            long parseLong = Long.parseLong(str2.substring(0, indexOf));
            if (System.currentTimeMillis() - parseLong > this.authorizationDuration) {
                Date date = new Date(parseLong);
                SimpleDateFormat simpleDateFormat = new SimpleDateFormat("yyyyMMdd HHmmss");
                throw new LoginException("Token issued on " + simpleDateFormat.format(date) + " expired.  Current time is " + simpleDateFormat.format(new Date()));
            }
        } catch (UnsupportedEncodingException e) {
            throw new LoginException();
        }
    }

    public void addKeyPair(String str, DualEntry dualEntry) throws GeneralSecurityException {
        checkAccess(dualEntry);
        addData(generateInternalKeyPair(str));
    }

    public void addSecretData(String str, ClearText clearText, DualEntry dualEntry) throws GeneralSecurityException {
        checkAccess(dualEntry);
        clearText.alias(str);
        clearText.setProperty(Constants.TYPE, Constants.SECRET_TYPE);
        clearText.setProtectedProperty(Constants.TYPE, Constants.SECRET_TYPE);
        addData(clearText);
    }

    public ClearText getSecretData(String str, String str2) throws GeneralSecurityException {
        return getSecretData(str, str2, (String) null);
    }

    public ClearText getSecretData(String str, String str2, String str3) throws GeneralSecurityException {
        checkToken(str);
        Secret data = getData(str2, str3);
        if (data == null) {
            return null;
        }
        String[] encryptedComponents = encryptedComponents(data.getSecret());
        return this.keyEncryption.unseal(data, getKey(encryptedComponents[2], encryptedComponents[3]));
    }

    public ClearText getSecretData(Credential credential, String str) throws GeneralSecurityException {
        return getSecretData(credential, str, (String) null);
    }

    public ClearText getSecretData(Credential credential, String str, String str2) throws GeneralSecurityException {
        checkAccess(credential);
        Secret data = getData(str, str2);
        if (data == null) {
            return null;
        }
        String[] encryptedComponents = encryptedComponents(data.getSecret());
        return this.keyEncryption.unseal(data, getKey(encryptedComponents[2], encryptedComponents[3]));
    }

    private String[] encryptedComponents(String str) {
        String[] split = str.split("\\$");
        if (split.length != 4) {
            throw new IllegalStateException("Invalid encryption format");
        }
        return split;
    }

    public String generateKey(DualEntry dualEntry) throws GeneralSecurityException {
        byte[] encoded = this.symmetricCipher.generateKeySpec().getEncoded();
        checkAccess(dualEntry);
        return _encrypt(Constants.MASTER_KEY_ALIAS, encoded);
    }

    public String encrypt(String str, String str2, byte[] bArr, String str3) throws GeneralSecurityException {
        checkToken(str);
        return this.symmetricCipher.encrypt(this.symmetricCipher.getKeySpec(_decrypt(str2)), bArr, str3);
    }

    public byte[] decrypt(String str, String str2, String str3, String str4) throws GeneralSecurityException {
        checkToken(str);
        return this.symmetricCipher.decrypt(this.symmetricCipher.getKeySpec(_decrypt(str2)), str3, str4);
    }

    public byte[] decrypt(String str, String str2) throws GeneralSecurityException {
        checkToken(str);
        return _decrypt(str2);
    }

    public String encryptPublic(byte[] bArr) throws GeneralSecurityException {
        return this.asymmetricCipher.encrypt(getKey(Constants.ASYMMETRIC_KEY_ALIAS, null).asKeyPair().getPublic(), bArr);
    }

    public byte[] decryptPrivate(String str) throws GeneralSecurityException {
        return this.asymmetricCipher.decrypt(getKey(Constants.ASYMMETRIC_KEY_ALIAS, null).asKeyPair().getPrivate(), str);
    }

    private ClearText getUser(Credential credential) throws GeneralSecurityException {
        Secret user = getUser(credential.getUser(), null);
        if (user == null) {
            return null;
        }
        return this.pwd.unsealUserOrPassphrase(user, credential.getPassword());
    }

    private void newUser(byte[] bArr, Credential credential, String str) throws GeneralSecurityException {
        if (getUser(credential.getUser(), null) != null) {
            throw new GeneralSecurityException("User exists: " + credential.getUser());
        }
        ClearText clearText = new ClearText();
        clearText.alias(credential.getUser());
        clearText.setBytes(bArr);
        clearText.setProperty(Constants.USERNAME, credential.getUser());
        clearText.setProperty(Constants.GUARDIAN, str);
        clearText.setProperty(Constants.TYPE, Constants.USER_TYPE);
        setCreationTimeVersion(clearText);
        clearText.protect();
        addUser(this.pwd.sealUser(clearText, credential.getPassword()));
    }

    public void addUser(Credential credential, Credential credential2) throws GeneralSecurityException {
        checkAccess(credential2);
        ClearText user = getUser(credential2);
        newUser(user.getBytes(), credential, user.getProperty(Constants.GUARDIAN));
    }

    public void changePassword(String str, char[] cArr, char[] cArr2) throws GeneralSecurityException {
        Iterator<Long> it = this.userLocalStore.getVault(USER_VAULT).versions(str).iterator();
        while (it.hasNext()) {
            addUser(this.pwd.sealUser(this.pwd.unsealUserOrPassphrase(getUser(str, "" + it.next()), cArr), cArr2));
        }
    }

    public void passphraseLock(String str, ClearText clearText, DualEntry dualEntry) throws GeneralSecurityException {
        ClearText unsealUserOrPassphrase;
        clearText.alias(str);
        if (str.equals("passphrase")) {
            unsealUserOrPassphrase = generatePassphrase(getPassphrase(dualEntry));
            unsealUserOrPassphrase.version("0");
        } else {
            unsealUserOrPassphrase = this.pwd.unsealUserOrPassphrase(getLocal("passphrase", null), getPassphrase(dualEntry));
        }
        addLocal(clearText, unsealUserOrPassphrase);
    }

    public ClearText passphraseUnlock(String str, Credential credential) throws GeneralSecurityException {
        checkAccess(credential);
        Secret local = getLocal(str, null);
        if (local == null) {
            return null;
        }
        return this.pwd.unseal(local, getPassphrase());
    }

    public ClearText passphraseUnlock(String str, String str2) throws GeneralSecurityException {
        checkToken(str);
        Secret local = getLocal(str2, null);
        if (local == null) {
            return null;
        }
        return this.pwd.unseal(local, getPassphrase());
    }

    public void newMasterKey(DualEntry dualEntry) throws GeneralSecurityException {
        addKey(generateInternalKey(Constants.MASTER_KEY_ALIAS));
    }

    private void checkAccess(Credential credential) throws GeneralSecurityException {
        ClearText user = getUser(credential);
        if (!user.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_1) || !user.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_2)) {
            new GeneralSecurityException("User " + user.getProperty(Constants.USERNAME) + " is not a guardian");
        }
        if (user.getProperty(Constants.GUARDIAN).equals(user.getProtectedProperty(Constants.GUARDIAN))) {
            new GeneralSecurityException("User " + user.getProperty(Constants.USERNAME) + " guardian property has been tempered");
        }
    }

    private void checkAccess(DualEntry dualEntry) throws GeneralSecurityException {
        ClearText user = getUser(dualEntry.getUser1());
        ClearText user2 = getUser(dualEntry.getUser2());
        if (user == null) {
            throw new GeneralSecurityException("Bad user name " + dualEntry.getUser1());
        }
        if (user2 == null) {
            throw new GeneralSecurityException("Bad user name " + dualEntry.getUser2());
        }
        if (user.getProperty(Constants.GUARDIAN) == null || !(user.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_1) || user.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_2))) {
            throw new RuntimeException("User " + user.getProperty(Constants.USERNAME) + " is not a guardian");
        }
        if (user2.getProperty(Constants.GUARDIAN) == null || !(user2.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_1) || user2.getProperty(Constants.GUARDIAN).equals(Constants.GROUP_2))) {
            throw new GeneralSecurityException("User " + user2.getProperty(Constants.USERNAME) + " is not a guardian");
        }
        if (user.getProperty(Constants.GUARDIAN).equals(user2.getProperty(Constants.GUARDIAN))) {
            throw new RuntimeException("User1 " + user.getProperty(Constants.USERNAME) + " and user 2 " + user2.getProperty(Constants.USERNAME) + " cannot be in the same group");
        }
        if (user.getProperty(Constants.GUARDIAN).equals(user.getProtectedProperty(Constants.GUARDIAN))) {
            new GeneralSecurityException("User " + user.getProperty(Constants.USERNAME) + " guardian property has been tempered");
        }
        if (user2.getProperty(Constants.GUARDIAN).equals(user2.getProtectedProperty(Constants.GUARDIAN))) {
            new GeneralSecurityException("User " + user2.getProperty(Constants.USERNAME) + " guardian property has been tempered");
        }
    }

    private char[] getPassphrase(DualEntry dualEntry) throws GeneralSecurityException {
        ClearText user = getUser(dualEntry.getUser1());
        ClearText user2 = getUser(dualEntry.getUser2());
        checkAccess(dualEntry);
        byte[] bytes = user.getBytes();
        byte[] bytes2 = user2.getBytes();
        byte[] bArr = new byte[bytes.length];
        for (int i = 0; i < bytes.length; i++) {
            bArr[i] = (byte) ((bytes[i] ^ bytes2[i]) & 255);
        }
        return Hex.toString(bArr).toCharArray();
    }

    public void changePassphrase(DualEntry dualEntry) throws GeneralSecurityException, IOException {
        GeneralSecurityException generalSecurityException;
        checkAccess(dualEntry);
        VaultManagerState m13clone = this.state.m13clone();
        String version = this.state.getSignature().version();
        this.userLocalStore.backup(version);
        this.keyDataStore.backup(version);
        try {
            byte[] generateSeed = RNG.generateSeed(16);
            byte[] generateSeed2 = RNG.generateSeed(16);
            ClearText user = getUser(dualEntry.getUser1());
            ClearText user2 = getUser(dualEntry.getUser2());
            user.setBytes(generateSeed);
            user2.setBytes(generateSeed2);
            addUser(this.pwd.sealUser(user, dualEntry.getUser1().getPassword()));
            addUser(this.pwd.sealUser(user2, dualEntry.getUser2().getPassword()));
            ClearText generatePassphrase = generatePassphrase(getPassphrase(dualEntry));
            passphraseLock("passphrase", generatePassphrase, dualEntry);
            Vault vault = this.userLocalStore.getVault(LOCAL_VAULT);
            vault.removeSecret("signature", null);
            for (String str : vault.aliases()) {
                Iterator<Long> it = vault.versions(str).iterator();
                while (it.hasNext()) {
                    addLocal(this.pwd.unseal(getLocal(str, "" + it.next()), generatePassphrase), generatePassphrase);
                }
            }
            Vault vault2 = this.keyDataStore.getVault(KEY_VAULT);
            for (String str2 : vault2.aliases()) {
                Iterator<Long> it2 = vault2.versions(str2).iterator();
                while (it2.hasNext()) {
                    vault2.addSecret(this.pwd.seal(getKey(str2, "" + it2.next()), generatePassphrase));
                }
            }
            this.keyDataStore.getVault(DATA_VAULT).removeSecret("signature", null);
            for (String str3 : listUsers()) {
                if (!dualEntry.getUser1().getUser().equals(str3) && !dualEntry.getUser2().getUser().equals(str3)) {
                    removeUser(str3, null);
                }
            }
            ClearText generateSignature = generateSignature();
            addLocal(generateSignature, generatePassphrase);
            this.state.getCachedKeys().clear();
            this.state.setPassword(new String(generatePassphrase.getBytes(), "UTF-8").toCharArray());
            addData(generateSignature);
            this.state.setSignature(generateSignature);
            try {
                this.userLocalStore.save();
                try {
                    this.keyDataStore.save();
                } finally {
                }
            } finally {
            }
        } catch (Throwable th) {
            this.state = m13clone;
            this.userLocalStore.restore(version);
            this.keyDataStore.restore(version);
            throw new GeneralSecurityException(th);
        }
    }

    private void restore(String str) throws IOException {
        this.userLocalStore.restore(str);
        this.keyDataStore.restore(str);
    }

    private String _encrypt(String str, byte[] bArr) throws GeneralSecurityException {
        ClearText key = getKey(str, null);
        String generateIV = this.symmetricCipher.generateIV();
        return generateIV + "$" + this.symmetricCipher.encrypt(key.asSecretKey(), bArr, generateIV) + "$" + str + "$" + key.version();
    }

    public byte[] _decrypt(String str) throws GeneralSecurityException {
        String[] encryptedComponents = encryptedComponents(str);
        return this.symmetricCipher.decrypt(getKey(encryptedComponents[2], encryptedComponents[3]).asSecretKey(), encryptedComponents[1], encryptedComponents[0]);
    }

    public void save() throws IOException {
        this.userLocalStore.save();
        this.keyDataStore.save();
    }

    public void close() throws IOException {
        this.userLocalStore.close();
        this.keyDataStore.close();
    }

    public void open(DualEntry dualEntry) throws GeneralSecurityException, IOException {
        if (this.userLocalOpened) {
            return;
        }
        this.userLocalStore.open();
        this.userLocalOpened = true;
        boolean z = false;
        try {
            if (this.userLocalStore.getVault(USER_VAULT).size() == 0) {
                byte[] generateSeed = RNG.generateSeed(16);
                byte[] generateSeed2 = RNG.generateSeed(16);
                newUser(generateSeed, dualEntry.getUser1(), Constants.GROUP_1);
                newUser(generateSeed2, dualEntry.getUser2(), Constants.GROUP_2);
                try {
                    this.state.setPassword(getPassphrase(dualEntry));
                    passphraseLock("passphrase", generatePassphrase(getPassphrase(dualEntry)), dualEntry);
                    passphraseLock("signature", generateSignature(), dualEntry);
                    z = true;
                } catch (GeneralSecurityException e) {
                    throw new GeneralSecurityException("Bad user name or password to unlock the vault");
                }
            }
            if (z) {
                try {
                    this.userLocalStore.save();
                } catch (IOException e2) {
                    throw new RuntimeException(e2);
                }
            }
            try {
                this.state.setPassword(getPassphrase(dualEntry));
                this.state.setSignature(passphraseUnlock("signature", dualEntry.getUser1()));
            } catch (GeneralSecurityException e3) {
                throw new GeneralSecurityException("Bad user name or password to unlock the vault");
            }
        } catch (GeneralSecurityException e4) {
            throw e4;
        } catch (Exception e5) {
            throw new RuntimeException(e5);
        }
    }

    private void openKeyData() throws GeneralSecurityException {
        boolean initKeys;
        if (this.keyDataOpened) {
            return;
        }
        if (!this.userLocalOpened) {
            throw new GeneralSecurityException("user local store is not open.  Please call open() first");
        }
        try {
            this.keyDataStore.open();
            this.keyDataOpened = true;
            Secret data = getData("signature", null);
            if (data == null) {
                initKeys();
                addData(this.state.getSignature());
                initKeys = true;
            } else {
                String property = this.state.getSignature().getProperty(Constants.SIGNATURE_FORMAT);
                String property2 = data.getProperty(Constants.SIGNATURE_FORMAT);
                boolean z = false;
                if (property != null) {
                    if (!property.equals(property2) || !this.state.getSignature().getProperty("signature").equals(data.getProperty("signature"))) {
                        z = true;
                    }
                } else if (property2 != null) {
                    z = true;
                }
                if (z) {
                    try {
                        logger.warn("Restoring key data store to version " + this.state.getSignature().version());
                        this.keyDataStore.restore(this.state.getSignature().version());
                        data = getData("signature", null);
                    } catch (IOException e) {
                        throw new GeneralSecurityException("Property signature do not match.  Local store vault signature does not match key store signature");
                    }
                }
                initKeys = initKeys();
                String[] encryptedComponents = encryptedComponents(data.getSecret());
                if (!Arrays.equals(this.state.getSignature().getBytes(), this.keyEncryption.unseal(data, getKey(encryptedComponents[2], encryptedComponents[3])).getBytes())) {
                    try {
                        logger.warn("Restoring key data store to version " + this.state.getSignature().version());
                        this.keyDataStore.restore(this.state.getSignature().version());
                    } catch (IOException e2) {
                        throw new GeneralSecurityException("Local store vault signature does not match key store signature");
                    }
                }
            }
            if (initKeys) {
                try {
                    this.keyDataStore.save();
                } catch (IOException e3) {
                    throw new RuntimeException(e3);
                }
            }
        } catch (IOException e4) {
            throw new GeneralSecurityException(e4);
        }
    }

    private boolean initKeys() throws GeneralSecurityException {
        boolean z = false;
        if (getKey(Constants.MASTER_KEY_ALIAS, null) == null) {
            addKey(generateInternalKey(Constants.MASTER_KEY_ALIAS));
            z = true;
        }
        if (getKey(Constants.AUTHORIZATION_KEY_ALIAS, null) == null) {
            addKey(generateInternalKey(Constants.AUTHORIZATION_KEY_ALIAS));
            z = true;
        }
        if (getKey(Constants.ASYMMETRIC_KEY_ALIAS, null) == null) {
            addKey(generateInternalKeyPair(Constants.ASYMMETRIC_KEY_ALIAS));
            z = true;
        }
        return z;
    }

    private ClearText getKey(String str, String str2) throws GeneralSecurityException {
        openKeyData();
        if (str2 != null) {
            ClearText clearText = this.state.getCachedKeys().get(str + ":" + str2);
            if (clearText != null) {
                return clearText;
            }
        }
        Secret secret = this.keyDataStore.getVault(KEY_VAULT).getSecret(str, str2);
        if (secret == null) {
            return null;
        }
        ClearText unseal = this.pwd.unseal(secret, getPassphrase(secret));
        this.state.getCachedKeys().put(unseal.alias() + ":" + unseal.version(), unseal);
        return unseal;
    }

    private void addKey(ClearText clearText) throws GeneralSecurityException {
        openKeyData();
        setCreationTimeVersion(clearText);
        this.keyDataStore.getVault(KEY_VAULT).addSecret(this.pwd.seal(clearText, getPassphrase()));
        this.state.getCachedKeys().put(clearText.alias() + ":" + clearText.version(), clearText);
    }

    private void addData(ClearText clearText) throws GeneralSecurityException {
        openKeyData();
        setCreationTimeVersion(clearText);
        this.keyDataStore.getVault(DATA_VAULT).addSecret(this.keyEncryption.seal(clearText.alias(), clearText, getKey(Constants.MASTER_KEY_ALIAS, null)));
    }

    private Secret getData(String str, String str2) throws GeneralSecurityException {
        openKeyData();
        return this.keyDataStore.getVault(DATA_VAULT).getSecret(str, str2);
    }

    private void addUser(Secret secret) throws GeneralSecurityException {
        if (!this.userLocalOpened) {
            throw new GeneralSecurityException("user local store is not open.  Please call open() first");
        }
        this.userLocalStore.getVault(USER_VAULT).addSecret(secret);
    }

    private Secret getUser(String str, String str2) throws GeneralSecurityException {
        if (this.userLocalOpened) {
            return this.userLocalStore.getVault(USER_VAULT).getSecret(str, str2);
        }
        throw new GeneralSecurityException("user local store is not open.  Please call open() first");
    }

    private void removeUser(String str, String str2) throws GeneralSecurityException {
        if (!this.userLocalOpened) {
            throw new GeneralSecurityException("user local store is not open.  Please call open() first");
        }
        this.userLocalStore.getVault(USER_VAULT).removeSecret(str, str2);
    }

    public Set<String> listUsers() throws GeneralSecurityException {
        if (this.userLocalOpened) {
            return this.userLocalStore.getVault(USER_VAULT).aliases();
        }
        throw new GeneralSecurityException("user local store is not open.  Please call open() first");
    }

    private void addLocal(ClearText clearText, ClearText clearText2) throws GeneralSecurityException {
        if (!this.userLocalOpened) {
            throw new GeneralSecurityException("user local store is not open.  Please call open() first");
        }
        setCreationTimeVersion(clearText);
        this.userLocalStore.getVault(LOCAL_VAULT).addSecret(this.pwd.seal(clearText, clearText2));
    }

    private Secret getLocal(String str, String str2) throws GeneralSecurityException {
        if (this.userLocalOpened) {
            return this.userLocalStore.getVault(LOCAL_VAULT).getSecret(str, str2);
        }
        throw new GeneralSecurityException("user local store is not open.  Please call open() first");
    }
}
