package com.azure.security.keyvault.jca;

import java.io.BufferedReader;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.logging.Level;
import java.util.logging.Logger;

/* loaded from: input_file:com/azure/security/keyvault/jca/KeyVaultKeyStore.class */
public final class KeyVaultKeyStore extends KeyStoreSpi {
    private static final Logger LOGGER = Logger.getLogger(KeyVaultKeyStore.class.getName());
    private List<String> aliases;
    private final HashMap<String, Certificate> certificates = new HashMap<>();
    private final HashMap<String, Key> certificateKeys = new HashMap<>();
    private final Date creationDate = new Date();
    private KeyVaultClient keyVaultClient;

    public KeyVaultKeyStore() {
        String property = System.getProperty("azure.keyvault.uri");
        String property2 = System.getProperty("azure.keyvault.aad-authentication-url");
        String property3 = System.getProperty("azure.keyvault.tenant-id");
        String property4 = System.getProperty("azure.keyvault.client-id");
        String property5 = System.getProperty("azure.keyvault.client-secret");
        String property6 = System.getProperty("azure.keyvault.managed-identity");
        if (property4 != null) {
            this.keyVaultClient = new KeyVaultClient(property, property2, property3, property4, property5);
        } else {
            this.keyVaultClient = new KeyVaultClient(property, property6);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        if (this.aliases == null) {
            this.aliases = this.keyVaultClient.getAliases();
        }
        return Collections.enumeration(this.aliases);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return engineIsCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        return super.engineEntryInstanceOf(str, cls);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Certificate certificate;
        if (this.certificates.containsKey(str)) {
            certificate = this.certificates.get(str);
        } else {
            certificate = this.keyVaultClient.getCertificate(str);
            if (certificate != null) {
                this.certificates.put(str, certificate);
                if (!this.aliases.contains(str)) {
                    this.aliases.add(str);
                }
            }
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        String str = null;
        if (certificate != null) {
            if (this.aliases == null) {
                this.aliases = this.keyVaultClient.getAliases();
            }
            Iterator<String> it = this.aliases.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (engineGetCertificate(next).equals(certificate)) {
                    str = next;
                    break;
                }
            }
        }
        return str;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr = null;
        Certificate engineGetCertificate = engineGetCertificate(str);
        if (engineGetCertificate != null) {
            certificateArr = new Certificate[]{engineGetCertificate};
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return new Date(this.creationDate.getTime());
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        return super.engineGetEntry(str, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        Key key;
        if (this.certificateKeys.containsKey(str)) {
            key = this.certificateKeys.get(str);
        } else {
            key = this.keyVaultClient.getKey(str, cArr);
            if (key != null) {
                this.certificateKeys.put(str, key);
                if (this.aliases == null) {
                    this.aliases = this.keyVaultClient.getAliases();
                }
                if (!this.aliases.contains(str)) {
                    this.aliases.add(str);
                }
            }
        }
        return key;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        if (this.aliases == null) {
            this.aliases = this.keyVaultClient.getAliases();
        }
        return this.aliases.contains(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return engineIsCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter instanceof KeyVaultLoadStoreParameter) {
            KeyVaultLoadStoreParameter keyVaultLoadStoreParameter = (KeyVaultLoadStoreParameter) loadStoreParameter;
            if (keyVaultLoadStoreParameter.getClientId() != null) {
                this.keyVaultClient = new KeyVaultClient(keyVaultLoadStoreParameter.getUri(), keyVaultLoadStoreParameter.getAadAuthenticationUrl(), keyVaultLoadStoreParameter.getTenantId(), keyVaultLoadStoreParameter.getClientId(), keyVaultLoadStoreParameter.getClientSecret());
            } else if (keyVaultLoadStoreParameter.getManagedIdentity() != null) {
                this.keyVaultClient = new KeyVaultClient(keyVaultLoadStoreParameter.getUri(), keyVaultLoadStoreParameter.getManagedIdentity());
            } else {
                this.keyVaultClient = new KeyVaultClient(keyVaultLoadStoreParameter.getUri());
            }
        }
        sideLoad();
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        sideLoad();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        if (this.aliases == null) {
            this.aliases = this.keyVaultClient.getAliases();
        }
        if (this.aliases.contains(str)) {
            return;
        }
        this.aliases.add(str);
        this.certificates.put(str, certificate);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        super.engineSetEntry(str, entry, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        if (this.aliases != null) {
            return this.aliases.size();
        }
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
    }

    private String[] getFilenames(String str) throws IOException {
        ArrayList arrayList = new ArrayList();
        InputStream resourceAsStream = getClass().getResourceAsStream(str);
        if (resourceAsStream != null) {
            try {
                BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(resourceAsStream, StandardCharsets.UTF_8));
                while (true) {
                    try {
                        String readLine = bufferedReader.readLine();
                        if (readLine == null) {
                            break;
                        }
                        arrayList.add(readLine);
                    } finally {
                    }
                }
                bufferedReader.close();
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        }
        if (resourceAsStream != null) {
            resourceAsStream.close();
        }
        return (String[]) arrayList.toArray(new String[0]);
    }

    private byte[] readAllBytes(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            byte[] bArr = new byte[1024];
            while (true) {
                int read = inputStream.read(bArr);
                if (read == -1) {
                    byte[] byteArray = byteArrayOutputStream.toByteArray();
                    byteArrayOutputStream.close();
                    return byteArray;
                }
                byteArrayOutputStream.write(bArr, 0, read);
            }
        } catch (Throwable th) {
            try {
                byteArrayOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private void sideLoad() {
        try {
            String[] filenames = getFilenames("/keyvault");
            if (filenames.length > 0) {
                for (String str : filenames) {
                    InputStream resourceAsStream = getClass().getResourceAsStream("/keyvault/" + str);
                    String str2 = str;
                    if (str2 != null) {
                        try {
                            if (str2.lastIndexOf(46) != -1) {
                                str2 = str2.substring(0, str2.lastIndexOf(46));
                            }
                            try {
                                engineSetCertificateEntry(str2, (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(readAllBytes(resourceAsStream))));
                                LOGGER.log(Level.INFO, "Side loaded certificate: {0} from: {1}", new Object[]{str2, str});
                            } catch (CertificateException e) {
                                LOGGER.log(Level.WARNING, "Unable to side-load certificate from: " + str, (Throwable) e);
                            }
                        } catch (Throwable th) {
                            if (resourceAsStream != null) {
                                try {
                                    resourceAsStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            }
                            throw th;
                        }
                    }
                    if (resourceAsStream != null) {
                        resourceAsStream.close();
                    }
                }
            }
        } catch (IOException e2) {
            LOGGER.log(Level.WARNING, "Unable to determine certificates to side-load", (Throwable) e2);
        }
    }
}
