package com.helger.security.keystore;

import com.helger.commons.ValueEnforcer;
import com.helger.commons.concurrent.SimpleReadWriteLock;
import com.helger.commons.io.resourceprovider.ClassPathResourceProvider;
import com.helger.commons.io.resourceprovider.FileSystemResourceProvider;
import com.helger.commons.io.resourceprovider.IReadableResourceProvider;
import com.helger.commons.io.resourceprovider.ReadableResourceProviderChain;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.commons.lang.ClassHelper;
import com.helger.commons.string.StringHelper;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.UnrecoverableKeyException;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:WEB-INF/lib/ph-security-9.4.5.jar:com/helger/security/keystore/KeyStoreHelper.class */
public final class KeyStoreHelper {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) KeyStoreHelper.class);
    private static final SimpleReadWriteLock s_aRWLock = new SimpleReadWriteLock();

    @GuardedBy("s_aRWLock")
    private static IReadableResourceProvider s_aResourceProvider = new ReadableResourceProviderChain(new FileSystemResourceProvider().setCanReadRelativePaths(true), new ClassPathResourceProvider());
    private static final KeyStoreHelper s_aInstance = new KeyStoreHelper();

    private KeyStoreHelper() {
    }

    @Nonnull
    public static IReadableResourceProvider getResourceProvider() {
        return (IReadableResourceProvider) s_aRWLock.readLockedGet(() -> {
            return s_aResourceProvider;
        });
    }

    public static void setResourceProvider(@Nonnull IReadableResourceProvider iReadableResourceProvider) {
        ValueEnforcer.notNull(iReadableResourceProvider, "ResourceProvider");
        s_aRWLock.writeLockedGet(() -> {
            s_aResourceProvider = iReadableResourceProvider;
            return iReadableResourceProvider;
        });
    }

    @Nonnull
    public static KeyStore getSimiliarKeyStore(@Nonnull KeyStore keyStore) throws KeyStoreException {
        return KeyStore.getInstance(keyStore.getType(), keyStore.getProvider());
    }

    @Nonnull
    public static KeyStore loadKeyStoreDirect(@Nonnull IKeyStoreType iKeyStoreType, @Nonnull String str, @Nullable String str2) throws GeneralSecurityException, IOException {
        return loadKeyStoreDirect(iKeyStoreType, str, str2 == null ? null : str2.toCharArray());
    }

    @Nonnull
    public static KeyStore loadKeyStoreDirect(@Nonnull IKeyStoreType iKeyStoreType, @Nonnull String str, @Nullable char[] cArr) throws GeneralSecurityException, IOException {
        ValueEnforcer.notNull(iKeyStoreType, "KeyStoreType");
        ValueEnforcer.notNull(str, "KeyStorePath");
        InputStream inputStream = getResourceProvider().getInputStream(str);
        if (inputStream == null) {
            throw new IllegalArgumentException("Failed to open key store '" + str + "'");
        }
        try {
            try {
                KeyStore keyStore = iKeyStoreType.getKeyStore();
                keyStore.load(inputStream, cArr);
                StreamHelper.close(inputStream);
                return keyStore;
            } catch (KeyStoreException e) {
                throw new IllegalStateException("No provider can handle key stores of type " + iKeyStoreType, e);
            }
        } catch (Throwable th) {
            StreamHelper.close(inputStream);
            throw th;
        }
    }

    @Nonnull
    public static KeyStore createKeyStoreWithOnlyOneItem(@Nonnull KeyStore keyStore, @Nonnull String str, @Nullable char[] cArr) throws GeneralSecurityException, IOException {
        ValueEnforcer.notNull(keyStore, "BaseKeyStore");
        ValueEnforcer.notNull(str, "AliasToCopy");
        KeyStore similiarKeyStore = getSimiliarKeyStore(keyStore);
        similiarKeyStore.load(null, null);
        KeyStore.PasswordProtection passwordProtection = null;
        if (cArr != null) {
            passwordProtection = new KeyStore.PasswordProtection(cArr);
        }
        similiarKeyStore.setEntry(str, keyStore.getEntry(str, passwordProtection), passwordProtection);
        return similiarKeyStore;
    }

    private static boolean _isInvalidPasswordException(@Nonnull Exception exc) {
        return (exc instanceof IOException) && (exc.getCause() instanceof UnrecoverableKeyException);
    }

    @Nonnull
    public static LoadedKeyStore loadKeyStore(@Nonnull IKeyStoreType iKeyStoreType, @Nullable String str, @Nullable String str2) {
        ValueEnforcer.notNull(iKeyStoreType, "KeyStoreType");
        if (StringHelper.hasNoText(str)) {
            return new LoadedKeyStore(null, EKeyStoreLoadError.KEYSTORE_NO_PATH, new String[0]);
        }
        try {
            return new LoadedKeyStore(loadKeyStoreDirect(iKeyStoreType, str, str2), null, new String[0]);
        } catch (IllegalArgumentException e) {
            if (LOGGER.isWarnEnabled()) {
                LOGGER.warn("No such key store '" + str + "': " + e.getMessage(), e.getCause());
            }
            return new LoadedKeyStore(null, EKeyStoreLoadError.KEYSTORE_LOAD_ERROR_NON_EXISTING, str, e.getMessage());
        } catch (Exception e2) {
            boolean _isInvalidPasswordException = _isInvalidPasswordException(e2);
            if (LOGGER.isWarnEnabled()) {
                LOGGER.warn("Failed to load key store '" + str + "': " + e2.getMessage(), _isInvalidPasswordException ? null : e2.getCause());
            }
            return new LoadedKeyStore(null, _isInvalidPasswordException ? EKeyStoreLoadError.KEYSTORE_INVALID_PASSWORD : EKeyStoreLoadError.KEYSTORE_LOAD_ERROR_FORMAT_ERROR, str, e2.getMessage());
        }
    }

    @Nonnull
    private static <T extends KeyStore.Entry> LoadedKey<T> _loadKey(@Nonnull KeyStore keyStore, @Nonnull String str, @Nullable String str2, @Nullable char[] cArr, @Nonnull Class<T> cls) {
        ValueEnforcer.notNull(keyStore, "KeyStore");
        ValueEnforcer.notNull(str, "KeyStorePath");
        ValueEnforcer.notNull(cls, "TargetClass");
        if (StringHelper.hasNoText(str2)) {
            return new LoadedKey<>(null, EKeyStoreLoadError.KEY_NO_ALIAS, str);
        }
        if (cArr == null) {
            return new LoadedKey<>(null, EKeyStoreLoadError.KEY_NO_PASSWORD, str2, str);
        }
        try {
            KeyStore.Entry entry = keyStore.getEntry(str2, new KeyStore.PasswordProtection(cArr));
            return entry == null ? new LoadedKey<>(null, EKeyStoreLoadError.KEY_INVALID_ALIAS, str2, str) : !cls.isAssignableFrom(entry.getClass()) ? new LoadedKey<>(null, EKeyStoreLoadError.KEY_INVALID_TYPE, str2, str, ClassHelper.getClassName(entry)) : new LoadedKey<>(cls.cast(entry), null, new String[0]);
        } catch (UnrecoverableKeyException e) {
            return new LoadedKey<>(null, EKeyStoreLoadError.KEY_INVALID_PASSWORD, str2, str, e.getMessage());
        } catch (GeneralSecurityException e2) {
            return new LoadedKey<>(null, EKeyStoreLoadError.KEY_LOAD_ERROR, str2, str, e2.getMessage());
        }
    }

    @Nonnull
    public static LoadedKey<KeyStore.PrivateKeyEntry> loadPrivateKey(@Nonnull KeyStore keyStore, @Nonnull String str, @Nullable String str2, @Nullable char[] cArr) {
        return _loadKey(keyStore, str, str2, cArr, KeyStore.PrivateKeyEntry.class);
    }

    @Nonnull
    public static LoadedKey<KeyStore.SecretKeyEntry> loadSecretKey(@Nonnull KeyStore keyStore, @Nonnull String str, @Nullable String str2, @Nullable char[] cArr) {
        return _loadKey(keyStore, str, str2, cArr, KeyStore.SecretKeyEntry.class);
    }

    @Nonnull
    public static LoadedKey<KeyStore.TrustedCertificateEntry> loadTrustedCertificateKey(@Nonnull KeyStore keyStore, @Nonnull String str, @Nullable String str2, @Nullable char[] cArr) {
        return _loadKey(keyStore, str, str2, cArr, KeyStore.TrustedCertificateEntry.class);
    }
}
