package dev.scheibelhofer.crypto.provider;

import dev.scheibelhofer.crypto.provider.Pem;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.security.interfaces.ECPrivateKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:dev/scheibelhofer/crypto/provider/PemKeystore.class */
public abstract class PemKeystore extends KeyStoreSpi {
    final Map<String, Pem.PrivateKeyEntry> privateKeys = new LinkedHashMap();
    final Map<String, List<Pem.CertificateEntry>> certificateChains = new LinkedHashMap();
    final Map<String, Pem.CertificateEntry> certificates = new LinkedHashMap();
    final Date creationDate = new Date();
    static final String SUBJECT_KEY_ID = "2.5.29.14";
    static final String AUTHORITY_KEY_ID = "2.5.29.35";

    /* JADX INFO: Access modifiers changed from: package-private */
    public void clearKeystore() {
        this.privateKeys.clear();
        this.certificateChains.clear();
        this.certificates.clear();
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        Pem.PrivateKeyEntry privateKeyEntry = this.privateKeys.get(str);
        if (privateKeyEntry == null) {
            return null;
        }
        if (privateKeyEntry.privateKey != null) {
            return privateKeyEntry.privateKey;
        }
        if (!(privateKeyEntry instanceof Pem.EncryptedPrivateKeyEntry)) {
            return null;
        }
        Pem.EncryptedPrivateKeyEntry encryptedPrivateKeyEntry = (Pem.EncryptedPrivateKeyEntry) privateKeyEntry;
        try {
            encryptedPrivateKeyEntry.decryptPrivateKey(cArr);
            return encryptedPrivateKeyEntry.privateKey;
        } catch (PemKeystoreException e) {
            throw new NoSuchAlgorithmException("failed decrypting encrypted private key", e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        List<Pem.CertificateEntry> list = this.certificateChains.get(str);
        if (list == null) {
            return null;
        }
        return (Certificate[]) ((List) list.stream().map(certificateEntry -> {
            return certificateEntry.certificate;
        }).collect(Collectors.toList())).toArray(new Certificate[list.size()]);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Pem.CertificateEntry certificateEntry = this.certificates.get(str);
        if (certificateEntry != null) {
            return certificateEntry.certificate;
        }
        List<Pem.CertificateEntry> list = this.certificateChains.get(str);
        if (list != null) {
            return list.get(0).certificate;
        }
        return null;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return this.creationDate;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if ((key instanceof PrivateKey) && cArr == null) {
            this.privateKeys.put(str, new Pem.PrivateKeyEntry(str, (PrivateKey) key));
            Stream of = Stream.of((Object[]) certificateArr);
            Class<X509Certificate> cls = X509Certificate.class;
            Objects.requireNonNull(X509Certificate.class);
            Stream filter = of.filter((v1) -> {
                return r1.isInstance(v1);
            });
            Class<X509Certificate> cls2 = X509Certificate.class;
            Objects.requireNonNull(X509Certificate.class);
            this.certificateChains.put(str, (List) filter.map((v1) -> {
                return r1.cast(v1);
            }).map(x509Certificate -> {
                return new Pem.CertificateEntry(str, x509Certificate);
            }).collect(Collectors.toList()));
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        Pem.EncryptedPrivateKeyEntry encryptedPrivateKeyEntry = new Pem.EncryptedPrivateKeyEntry(str);
        encryptedPrivateKeyEntry.initFromEncoding(bArr);
        this.privateKeys.put(str, encryptedPrivateKeyEntry);
        Stream of = Stream.of((Object[]) certificateArr);
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        Stream filter = of.filter((v1) -> {
            return r1.isInstance(v1);
        });
        Class<X509Certificate> cls2 = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        this.certificateChains.put(str, (List) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(x509Certificate -> {
            return new Pem.CertificateEntry(str, x509Certificate);
        }).collect(Collectors.toList()));
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        if (!(certificate instanceof X509Certificate)) {
            throw new KeyStoreException("certificate entry must be of type java.security.cert.X509Certificate, but is " + certificate.getClass());
        }
        this.certificates.put(str, new Pem.CertificateEntry(str, (X509Certificate) certificate));
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        this.privateKeys.remove(str);
        this.certificateChains.remove(str);
        this.certificates.remove(str);
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        HashSet hashSet = new HashSet();
        hashSet.addAll(this.certificates.keySet());
        hashSet.addAll(this.privateKeys.keySet());
        return Collections.enumeration(hashSet);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return this.certificates.containsKey(str) || this.privateKeys.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return this.certificates.size() + this.privateKeys.size();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return this.privateKeys.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return this.certificates.containsKey(str);
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (certificate == null) {
            return null;
        }
        for (Map.Entry<String, Pem.CertificateEntry> entry : this.certificates.entrySet()) {
            if (certificate.equals(entry.getValue().certificate)) {
                return entry.getKey();
            }
        }
        for (Map.Entry<String, List<Pem.CertificateEntry>> entry2 : this.certificateChains.entrySet()) {
            List<Pem.CertificateEntry> value = entry2.getValue();
            if (value.size() != 0 && certificate.equals(value.get(0).certificate)) {
                return entry2.getKey();
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean matching(PublicKey publicKey, PrivateKey privateKey) {
        if ((publicKey instanceof RSAPublicKey) && (privateKey instanceof RSAPrivateKey)) {
            return matching((RSAPublicKey) publicKey, (RSAPrivateKey) privateKey);
        }
        if ((publicKey instanceof ECPublicKey) && (privateKey instanceof ECPrivateKey)) {
            return matching((ECPublicKey) publicKey, (ECPrivateKey) privateKey);
        }
        return false;
    }

    static boolean matching(ECPublicKey eCPublicKey, ECPrivateKey eCPrivateKey) {
        try {
            byte[] bArr = new byte[32];
            Signature signature = Signature.getInstance("SHA256withECDSA");
            signature.initSign(eCPrivateKey);
            signature.update(bArr);
            byte[] sign = signature.sign();
            signature.initVerify(eCPublicKey);
            signature.update(bArr);
            return signature.verify(sign);
        } catch (Exception e) {
            return false;
        }
    }

    static boolean matching(RSAPublicKey rSAPublicKey, RSAPrivateKey rSAPrivateKey) {
        return rSAPublicKey.getModulus().equals(rSAPrivateKey.getModulus());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void buildCertChains(List<Pem.CertificateEntry> list) {
        String makeAlias;
        if (list.isEmpty()) {
            return;
        }
        HashSet hashSet = new HashSet();
        for (String str : this.privateKeys.keySet()) {
            Pem.PrivateKeyEntry privateKeyEntry = this.privateKeys.get(str);
            List<Pem.CertificateEntry> buildChainFor = buildChainFor(privateKeyEntry.privateKey, list);
            if (buildChainFor.size() > 0) {
                if (privateKeyEntry.alias != null) {
                    makeAlias = str;
                } else {
                    makeAlias = makeAlias(buildChainFor.get(0));
                    this.privateKeys.remove(str);
                    this.privateKeys.put(makeAlias, privateKeyEntry);
                }
                this.certificateChains.put(makeAlias, buildChainFor);
                hashSet.addAll(buildChainFor);
            }
        }
        list.removeAll(hashSet);
    }

    List<Pem.CertificateEntry> buildChainFor(PrivateKey privateKey, List<Pem.CertificateEntry> list) {
        Optional<Pem.CertificateEntry> findFirst = list.stream().filter(certificateEntry -> {
            return matching(certificateEntry.certificate.getPublicKey(), privateKey);
        }).findFirst();
        ArrayList arrayList = new ArrayList(4);
        Pem.CertificateEntry orElse = findFirst.orElse(null);
        while (true) {
            Pem.CertificateEntry certificateEntry2 = orElse;
            if (certificateEntry2 == null) {
                return arrayList;
            }
            byte[] extensionValue = certificateEntry2.certificate.getExtensionValue(AUTHORITY_KEY_ID);
            arrayList.add(certificateEntry2);
            orElse = list.stream().filter(certificateEntry3 -> {
                return !certificateEntry3.equals(certificateEntry2);
            }).filter(certificateEntry4 -> {
                return certificateEntry4.certificate.getSubjectX500Principal().equals(certificateEntry2.certificate.getIssuerX500Principal());
            }).filter(certificateEntry5 -> {
                return matchingKeyIDs(extensionValue, certificateEntry5.certificate);
            }).findFirst().orElse(null);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static boolean matchingKeyIDs(byte[] bArr, X509Certificate x509Certificate) {
        byte[] extensionValue;
        if (bArr == null || (extensionValue = x509Certificate.getExtensionValue(SUBJECT_KEY_ID)) == null) {
            return true;
        }
        return Arrays.equals(bArr, bArr.length - 20, bArr.length, extensionValue, extensionValue.length - 20, extensionValue.length);
    }

    private String makeAlias(Pem.CertificateEntry certificateEntry) {
        return certificateEntry.certificate.getSubjectX500Principal().getName();
    }

    private String makeUniqueAlias(Set<String> set, String str) {
        String str2 = str;
        int i = 2;
        while (set.contains(str2)) {
            str2 = str + "-" + i;
            i++;
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public String makeUniqueAlias(Set<String> set, Pem.Entry entry) {
        return entry.alias != null ? makeUniqueAlias(set, entry.alias) : entry instanceof Pem.PrivateKeyEntry ? makeUniqueAlias(set, "private-key") : entry instanceof Pem.CertificateEntry ? makeUniqueAlias(set, makeAlias((Pem.CertificateEntry) entry)) : makeUniqueAlias(set, "entry");
    }
}
