package com.gitlab.vincenthung.commons.security.keystore.factory;

import com.gitlab.vincenthung.commons.security.keystore.CertificateType;
import com.gitlab.vincenthung.commons.security.keystore.KeyStoreType;
import com.gitlab.vincenthung.commons.security.util.CertificateUtils;
import com.gitlab.vincenthung.commons.security.util.PrivateKeyUtils;
import java.io.Closeable;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;

/* loaded from: input_file:BOOT-INF/lib/security-utils-1.2.1.jar:com/gitlab/vincenthung/commons/security/keystore/factory/KeyStoreFactory.class */
public class KeyStoreFactory {
    protected static final Logger LOGGER = Logger.getLogger(KeyStoreFactory.class.getName());
    public static final KeyStoreType DEFAULT_KEY_STORE_TYPE = KeyStoreType.JKS;
    public static final String DEFAULT_PRIVATE_KEY_TYPE = "RSA";
    private KeyStore keyStore;
    private String keyStoreType;
    private char[] keyStorePassword;
    private URL outputUrl;

    protected KeyStoreFactory(KeyStore keyStore, char[] cArr, String str, URL url) {
        this.keyStore = keyStore;
        this.keyStorePassword = cArr;
        this.keyStoreType = str;
        this.outputUrl = url;
    }

    public static KeyStoreFactory init(URL url, char[] cArr, String str) throws KeyStoreFactoryException {
        if (str == null || str.length() == 0) {
            str = DEFAULT_KEY_STORE_TYPE.getType();
        }
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            InputStream inputStream = null;
            try {
                if (url != null) {
                    try {
                        inputStream = url.openStream();
                    } catch (IOException e) {
                        throw KeyStoreFactoryException.urlOpenStreamError(url, e);
                    } catch (NoSuchAlgorithmException | CertificateException e2) {
                        throw new KeyStoreFactoryException("Unable to load the keystore with URL - [{0}], password - [{1}]", new Object[]{url, String.copyValueOf(cArr)}, e2);
                    }
                }
                keyStore.load(inputStream, cArr);
                tryClose(inputStream);
                return new KeyStoreFactory(keyStore, cArr, str, url);
            } catch (Throwable th) {
                tryClose(inputStream);
                throw th;
            }
        } catch (KeyStoreException e3) {
            throw new KeyStoreFactoryException("No providers support KeyStoreSpi with type - [{0}]", new Object[]{str}, e3);
        }
    }

    public void addTrustedCertificate(URL url, String str, boolean z) throws KeyStoreFactoryException {
        try {
            InputStream openStream = url.openStream();
            try {
                addTrustedCertificate(openStream, str, z);
                if (openStream != null) {
                    openStream.close();
                }
            } finally {
            }
        } catch (KeyStoreFactoryException e) {
            throw new KeyStoreFactoryException(e.getMessage() + " of URL - [{0}]", new Object[]{url}, e.getCause());
        } catch (IOException e2) {
            throw KeyStoreFactoryException.urlOpenStreamError(url, e2);
        }
    }

    public void addTrustedCertificate(InputStream inputStream, String str, boolean z) throws KeyStoreFactoryException {
        String type = CertificateType.X509.getType();
        try {
            addTrustedCertificate(CertificateUtils.loadCertificate(inputStream, type), str, z);
        } catch (CertificateException e) {
            throw new KeyStoreFactoryException("Failed to load Certificate with type [{0}]", new Object[]{type}, e);
        }
    }

    public void addTrustedCertificate(Certificate certificate, String str, boolean z) throws KeyStoreFactoryException {
        try {
            if (this.keyStore.containsAlias(str)) {
                if (!z) {
                    throw new KeyStoreFactoryException("Found existing alias [{0}] in the keystore", str);
                }
                removeAlias(str);
            }
            try {
                this.keyStore.setCertificateEntry(str, certificate);
            } catch (KeyStoreException e) {
                throw new KeyStoreFactoryException("Exception found when importing the certificate in keystore", e);
            }
        } catch (KeyStoreException e2) {
            throw new KeyStoreFactoryException("Exception found when checking if the alias is in keystore", e2);
        }
    }

    public void addPrivateKeyWithCertificate(URL url, URL url2, String str, String str2, char[] cArr, boolean z) throws KeyStoreFactoryException {
        if (url == null || url2 == null) {
            throw new KeyStoreFactoryException("privateKeyUrl and certificatesUrl cannot be null", new Object[0]);
        }
        if (str == null || str.isEmpty()) {
            str = "RSA";
        }
        try {
            InputStream openStream = url.openStream();
            try {
                InputStream openStream2 = url2.openStream();
                try {
                    addPrivateKeyWithCertificate(openStream, openStream2, str, str2, cArr, z);
                    if (openStream2 != null) {
                        openStream2.close();
                    }
                    if (openStream != null) {
                        openStream.close();
                    }
                } catch (Throwable th) {
                    if (openStream2 != null) {
                        try {
                            openStream2.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } finally {
            }
        } catch (IOException e) {
            throw KeyStoreFactoryException.urlOpenStreamError((List<URL>) Arrays.asList(url, url2), e);
        }
    }

    public void addPrivateKeyWithCertificate(InputStream inputStream, InputStream inputStream2, String str, String str2, char[] cArr, boolean z) throws KeyStoreFactoryException {
        if (str == null || str.isEmpty()) {
            str = "RSA";
        }
        String type = CertificateType.X509.getType();
        try {
            try {
                addPrivateKeyWithCertificate(PrivateKeyUtils.loadPrivateKey(inputStream, str), CertificateUtils.loadCertificates(inputStream2, type), str2, cArr, z);
            } catch (CertificateException e) {
                throw new KeyStoreFactoryException("Unable to load certificate chain with type [{0}]", new Object[]{type}, e);
            }
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e2) {
            throw new KeyStoreFactoryException("Unable to load private key with type [{0}]", new Object[]{str}, e2);
        }
    }

    public void addPrivateKeyWithCertificate(PrivateKey privateKey, Certificate[] certificateArr, String str, char[] cArr, boolean z) throws KeyStoreFactoryException {
        try {
            if (this.keyStore.containsAlias(str)) {
                if (!z) {
                    throw new KeyStoreFactoryException("Found existing alias [{0}] in the keystore", str);
                }
                removeAlias(str);
            }
            try {
                this.keyStore.setKeyEntry(str, privateKey, cArr, certificateArr);
            } catch (KeyStoreException e) {
                throw new KeyStoreFactoryException("Exception found when importing the Private Key with certificates in keystore", e);
            }
        } catch (KeyStoreException e2) {
            throw new KeyStoreFactoryException("Exception found when checking if the alias is in keystore", e2);
        }
    }

    public Certificate getCertificate(String str) throws KeyStoreFactoryException {
        try {
            return this.keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new KeyStoreFactoryException("Exception found when getting the certificates in keystore", e);
        }
    }

    public <T> T getKeyEntry(String str, char[] cArr, Class<T> cls) throws KeyStoreFactoryException {
        KeyStore.Entry alias = getAlias(str, cArr);
        if (alias == null) {
            return null;
        }
        if (cls.isInstance(alias)) {
            return cls.cast(alias);
        }
        throw new KeyStoreFactoryException("Entry of alias [{0}] with class [{1}] is not an instance of {2}", str, alias.getClass(), cls.getSimpleName());
    }

    public KeyStore.PrivateKeyEntry getPrivateKeyEntry(String str, char[] cArr) throws KeyStoreFactoryException {
        return (KeyStore.PrivateKeyEntry) getKeyEntry(str, cArr, KeyStore.PrivateKeyEntry.class);
    }

    public KeyStore.SecretKeyEntry getSecretKeyEntry(String str, char[] cArr) throws KeyStoreFactoryException {
        return (KeyStore.SecretKeyEntry) getKeyEntry(str, cArr, KeyStore.SecretKeyEntry.class);
    }

    public KeyStore.Entry getAlias(String str, char[] cArr) throws KeyStoreFactoryException {
        try {
            if (!this.keyStore.containsAlias(str)) {
                return null;
            }
            KeyStore.PasswordProtection passwordProtection = null;
            if (cArr != null) {
                passwordProtection = new KeyStore.PasswordProtection(cArr);
            }
            try {
                return this.keyStore.getEntry(str, passwordProtection);
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                throw new KeyStoreFactoryException("Exception found when getting the Entry in keystore", e);
            } catch (UnrecoverableEntryException e2) {
                throw new KeyStoreFactoryException("Incorrect password / not supported for password protected", e2);
            }
        } catch (KeyStoreException e3) {
            throw new KeyStoreFactoryException("Exception found when checking the alias in keystore", e3);
        }
    }

    public boolean removeAlias(String str) throws KeyStoreFactoryException {
        try {
            if (!this.keyStore.containsAlias(str)) {
                return false;
            }
            this.keyStore.deleteEntry(str);
            LOGGER.log(Level.INFO, () -> {
                return "Removed existing entry with alias " + str;
            });
            return true;
        } catch (KeyStoreException e) {
            throw new KeyStoreFactoryException("Exception found when checking / removing the alias in keystore", e);
        }
    }

    public KeyManager[] getKeyManagers(char[] cArr, String str) throws KeyStoreFactoryException {
        return getKeyManagers(this.keyStore, cArr, str);
    }

    public KeyManager[] getKeyManagers(String str, char[] cArr, String str2) throws KeyStoreFactoryException {
        KeyStore.PrivateKeyEntry privateKeyEntry = getPrivateKeyEntry(str, cArr);
        KeyStoreFactory init = init(null, null, null);
        init.addPrivateKeyWithCertificate(privateKeyEntry.getPrivateKey(), privateKeyEntry.getCertificateChain(), str, cArr, true);
        return getKeyManagers(init.getKeyStore(), cArr, str2);
    }

    protected KeyManager[] getKeyManagers(KeyStore keyStore, char[] cArr, String str) throws KeyStoreFactoryException {
        if (str == null || str.isEmpty()) {
            str = KeyManagerFactory.getDefaultAlgorithm();
        }
        try {
            KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(str);
            try {
                keyManagerFactory.init(keyStore, cArr);
                return keyManagerFactory.getKeyManagers();
            } catch (KeyStoreException | NoSuchAlgorithmException e) {
                throw new KeyStoreFactoryException("Unable to init the keyManagerFactory", e);
            } catch (UnrecoverableKeyException e2) {
                throw new KeyStoreFactoryException("Incorrect password / not supported for password protected", e2);
            }
        } catch (NullPointerException | NoSuchAlgorithmException e3) {
            throw new KeyStoreFactoryException("No providers support KeyManagerFactorySpi with type - [{0}]", new Object[]{str}, e3);
        }
    }

    public void save() throws KeyStoreFactoryException {
        if (this.outputUrl == null) {
            throw new KeyStoreFactoryException("There are no corresponding KeyStore File, please call method export instead", new Object[0]);
        }
        try {
            URI uri = this.outputUrl.toURI();
            try {
                File file = new File(uri);
                File file2 = new File(file.getAbsoluteFile() + ".bak");
                File file3 = new File(file.getAbsoluteFile() + ".tmp");
                if (file3.exists() && !file3.delete()) {
                    throw new KeyStoreFactoryException("Failed to delete the KeyStore temp file [{0}]", file3.getAbsolutePath());
                }
                if (file2.exists() && !file2.renameTo(file3)) {
                    throw new KeyStoreFactoryException("Failed to move the KeyStore backup file to temp path [{0}]", file3.getAbsolutePath());
                }
                if (file.exists() && !file.renameTo(file2)) {
                    throw new KeyStoreFactoryException("Failed to move the KeyStore file to backup path [{0}]", file2.getAbsolutePath());
                }
                try {
                    export(file, false);
                    if (file3.delete()) {
                        return;
                    }
                    LOGGER.log(Level.WARNING, "Failed to remove KeyStore temp file");
                } catch (KeyStoreFactoryException e) {
                    if (file2.exists()) {
                        if (file2.renameTo(file)) {
                            LOGGER.log(Level.INFO, "Restored KeyStore from backup");
                        } else {
                            LOGGER.log(Level.WARNING, "Failed to restore KeyStore from backup");
                        }
                    }
                    if (file3.exists()) {
                        if (file3.renameTo(file2)) {
                            LOGGER.log(Level.INFO, "Restored KeyStore backup from temp");
                        } else {
                            LOGGER.log(Level.WARNING, "Failed to restore KeyStore backup from temp");
                        }
                    }
                    throw e;
                }
            } catch (IllegalArgumentException e2) {
                throw new KeyStoreFactoryException("Exception found when creating File object with URI [{0}]", new Object[]{uri}, e2);
            }
        } catch (URISyntaxException e3) {
            throw new KeyStoreFactoryException("Exception found when converting URL [{0}] to uri", new Object[]{this.outputUrl}, e3);
        }
    }

    public void export(File file, boolean z) throws KeyStoreFactoryException {
        if (file.exists()) {
            throw new KeyStoreFactoryException("Found existing file [{0}] when exporting the KeyStore", file.getAbsolutePath());
        }
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(file);
            try {
                file.getAbsoluteFile().getParentFile().mkdirs();
                this.keyStore.store(fileOutputStream, this.keyStorePassword);
                if (z) {
                    this.outputUrl = file.toURI().toURL();
                }
                fileOutputStream.close();
            } catch (Throwable th) {
                try {
                    fileOutputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (FileNotFoundException e) {
            throw new KeyStoreFactoryException("Failed to create FileOutputStream of the path [{0}]", new Object[]{file.getAbsolutePath()}, e);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new KeyStoreFactoryException("Failed to export KeyStore into file with path [{0}]", new Object[]{file.getAbsolutePath()}, e2);
        }
    }

    public TrustManager[] getTrustManagers(List<String> list) throws KeyStoreFactoryException {
        if (list == null || list.isEmpty()) {
            return new TrustManager[0];
        }
        KeyStoreFactory init = init(null, null, null);
        for (String str : list) {
            Certificate certificate = getCertificate(str);
            if (certificate != null) {
                init.addTrustedCertificate(certificate, str, true);
            }
        }
        return new TrustManager[]{init.getTrustManager()};
    }

    public X509TrustManager getTrustManager() throws KeyStoreFactoryException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            try {
                trustManagerFactory.init(this.keyStore);
                for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                    if (trustManager instanceof X509TrustManager) {
                        return (X509TrustManager) trustManager;
                    }
                }
                throw new KeyStoreFactoryException("No TrustManager of class X509TrustManager have been created", new Object[0]);
            } catch (KeyStoreException e) {
                throw new KeyStoreFactoryException("Failed to initialize TrustManagerFactory", e);
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyStoreFactoryException("No providers support TrustManagerFactorySpi with type - [{0}]", new Object[]{TrustManagerFactory.getDefaultAlgorithm()}, e2);
        }
    }

    public void changeKeyStorePassword(char[] cArr) {
        this.keyStorePassword = cArr;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public String getKeyStoreType() {
        return this.keyStoreType;
    }

    protected static void tryClose(Closeable closeable) {
        if (closeable != null) {
            try {
                closeable.close();
            } catch (IOException e) {
            }
        }
    }
}
