package com.helger.peppol.utils;

import com.helger.commons.annotation.Nonempty;
import com.helger.commons.text.util.TextHelper;
import com.helger.security.keystore.EKeyStoreType;
import com.helger.security.keystore.KeyStoreHelper;
import com.helger.security.keystore.LoadedKey;
import com.helger.security.keystore.LoadedKeyStore;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.Immutable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Immutable
/* loaded from: input_file:WEB-INF/lib/peppol-commons-8.7.1.jar:com/helger/peppol/utils/PeppolKeyStoreHelper.class */
public final class PeppolKeyStoreHelper {
    public static final String TRUSTSTORE_COMPLETE_CLASSPATH = "truststore/complete-truststore.jks";
    public static final String TRUSTSTORE_PASSWORD = "peppol";
    public static final EKeyStoreType TRUSTSTORE_TYPE = EKeyStoreType.JKS;
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PeppolKeyStoreHelper.class);
    private static final PeppolKeyStoreHelper INSTANCE = new PeppolKeyStoreHelper();

    @Immutable
    /* loaded from: input_file:WEB-INF/lib/peppol-commons-8.7.1.jar:com/helger/peppol/utils/PeppolKeyStoreHelper$Config2018.class */
    public static final class Config2018 {
        public static final String TRUSTSTORE_PRODUCTION_CLASSPATH = "truststore/2018/prod-truststore.jks";
        public static final KeyStore TRUSTSTORE_PRODUCTION = KeyStoreHelper.loadKeyStore(PeppolKeyStoreHelper.TRUSTSTORE_TYPE, TRUSTSTORE_PRODUCTION_CLASSPATH, PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD).getKeyStore();
        public static final String TRUSTSTORE_PRODUCTION_ALIAS_ROOT = "peppol root ca - g2";
        public static final X509Certificate CERTIFICATE_PRODUCTION_ROOT;
        public static final String TRUSTSTORE_PRODUCTION_ALIAS_AP = "peppol access point ca - g2 (peppol root ca - g2)";
        public static final X509Certificate CERTIFICATE_PRODUCTION_AP;
        public static final String TRUSTSTORE_PRODUCTION_ALIAS_SMP = "peppol service metadata publisher ca - g2 (peppol root ca - g2)";
        public static final X509Certificate CERTIFICATE_PRODUCTION_SMP;
        public static final String TRUSTSTORE_SMP_PRODUCTION_CLASSPATH = "truststore/2018/smp-prod-truststore.jks";
        public static final KeyStore TRUSTSTORE_SMP_PRODUCTION;
        public static final String TRUSTSTORE_PILOT_CLASSPATH = "truststore/2018/pilot-truststore.jks";
        public static final KeyStore TRUSTSTORE_PILOT;
        public static final String TRUSTSTORE_PILOT_ALIAS_ROOT = "peppol root test ca - g2";
        public static final X509Certificate CERTIFICATE_PILOT_ROOT;
        public static final String TRUSTSTORE_PILOT_ALIAS_AP = "peppol access point test ca - g2 (peppol root test ca - g2)";
        public static final X509Certificate CERTIFICATE_PILOT_AP;
        public static final String TRUSTSTORE_PILOT_ALIAS_SMP = "peppol service metadata publisher test ca - g2 (peppol root test ca - g2)";
        public static final X509Certificate CERTIFICATE_PILOT_SMP;
        public static final String TRUSTSTORE_SMP_PILOT_CLASSPATH = "truststore/2018/smp-pilot-truststore.jks";
        public static final KeyStore TRUSTSTORE_SMP_PILOT;

        private Config2018() {
        }

        static {
            if (TRUSTSTORE_PRODUCTION == null) {
                throw new IllegalStateException("Failed to load pre-configured production trust store");
            }
            CERTIFICATE_PRODUCTION_ROOT = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PRODUCTION, TRUSTSTORE_PRODUCTION_ALIAS_ROOT);
            CERTIFICATE_PRODUCTION_AP = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PRODUCTION, TRUSTSTORE_PRODUCTION_ALIAS_AP);
            CERTIFICATE_PRODUCTION_SMP = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PRODUCTION, TRUSTSTORE_PRODUCTION_ALIAS_SMP);
            TRUSTSTORE_SMP_PRODUCTION = KeyStoreHelper.loadKeyStore(PeppolKeyStoreHelper.TRUSTSTORE_TYPE, TRUSTSTORE_SMP_PRODUCTION_CLASSPATH, PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD).getKeyStore();
            if (TRUSTSTORE_SMP_PRODUCTION == null) {
                throw new IllegalStateException("Failed to load pre-configured SMP production trust store");
            }
            TRUSTSTORE_PILOT = KeyStoreHelper.loadKeyStore(PeppolKeyStoreHelper.TRUSTSTORE_TYPE, TRUSTSTORE_PILOT_CLASSPATH, PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD).getKeyStore();
            if (TRUSTSTORE_PILOT == null) {
                throw new IllegalStateException("Failed to load pre-configured pilot trust store");
            }
            CERTIFICATE_PILOT_ROOT = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PILOT, TRUSTSTORE_PILOT_ALIAS_ROOT);
            CERTIFICATE_PILOT_AP = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PILOT, TRUSTSTORE_PILOT_ALIAS_AP);
            CERTIFICATE_PILOT_SMP = PeppolKeyStoreHelper._resolveCert(TRUSTSTORE_PILOT, TRUSTSTORE_PILOT_ALIAS_SMP);
            TRUSTSTORE_SMP_PILOT = KeyStoreHelper.loadKeyStore(PeppolKeyStoreHelper.TRUSTSTORE_TYPE, TRUSTSTORE_SMP_PILOT_CLASSPATH, PeppolKeyStoreHelper.TRUSTSTORE_PASSWORD).getKeyStore();
            if (TRUSTSTORE_SMP_PILOT == null) {
                throw new IllegalStateException("Failed to load pre-configured SMP pilot trust store");
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nullable
    public static X509Certificate _resolveCert(@Nonnull KeyStore keyStore, @Nonnull @Nonempty String str) {
        try {
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(str);
            if (x509Certificate == null) {
                LOGGER.warn("Failed to resolve alias '" + str + "' in trust store");
            }
            return x509Certificate;
        } catch (KeyStoreException e) {
            LOGGER.warn("Failed to resolve alias '" + str + "' in trust store.", (Throwable) e);
            return null;
        }
    }

    private PeppolKeyStoreHelper() {
    }

    @Nullable
    public static String getLoadError(@Nonnull LoadedKeyStore loadedKeyStore) {
        if (loadedKeyStore == null) {
            return null;
        }
        return loadedKeyStore.getErrorText(TextHelper.EN);
    }

    @Nullable
    public static String getLoadError(@Nonnull LoadedKey<?> loadedKey) {
        if (loadedKey == null) {
            return null;
        }
        return loadedKey.getErrorText(TextHelper.EN);
    }
}
