package io.mapsmessaging.security.certificates.keystore;

import io.mapsmessaging.configuration.ConfigurationProperties;
import io.mapsmessaging.security.certificates.CertificateManager;
import io.mapsmessaging.security.storage.StorageFactory;
import io.mapsmessaging.security.storage.Store;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:io/mapsmessaging/security/certificates/keystore/KeyStoreManager.class */
public class KeyStoreManager implements CertificateManager {
    protected static final String KEYSTORE_TYPE = "type";
    protected static final String KEYSTORE_PATH = "path";
    protected static final String KEYSTORE_PASSWORD = "passphrase";
    protected static final String PROVIDER_NAME = "providerName";
    private final KeyStore keyStore;
    private final String keyStorePath;
    private final char[] keyStorePassword;
    private final boolean existed;
    private final Store storage;

    public KeyStoreManager() {
        this.keyStore = null;
        this.keyStorePath = "";
        this.keyStorePassword = new char[0];
        this.existed = true;
        this.storage = null;
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public boolean isValid(ConfigurationProperties configurationProperties) {
        return configurationProperties.containsKey(KEYSTORE_TYPE) && configurationProperties.containsKey(KEYSTORE_PASSWORD) && configurationProperties.containsKey(KEYSTORE_PATH);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyStoreManager(ConfigurationProperties configurationProperties) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        String property = configurationProperties.getProperty(PROVIDER_NAME);
        if (property != null && !property.isEmpty() && "BC".equals(property)) {
            Security.addProvider(new BouncyCastleProvider());
        }
        this.storage = StorageFactory.getInstance().getStore(configurationProperties.getMap());
        this.keyStorePath = configurationProperties.getProperty(KEYSTORE_PATH);
        String property2 = configurationProperties.getProperty(KEYSTORE_PASSWORD);
        this.keyStorePassword = (property2 == null ? "" : property2).toCharArray();
        if (this.keyStorePath != null) {
            this.existed = this.storage.exists(this.keyStorePath);
        } else {
            this.existed = true;
        }
        this.keyStore = createKeyStore(configurationProperties.getProperty(KEYSTORE_TYPE), this.keyStorePath, this.keyStorePassword, configurationProperties);
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public CertificateManager create(ConfigurationProperties configurationProperties) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        return new KeyStoreManager(configurationProperties);
    }

    protected KeyStore createKeyStore(String str, String str2, char[] cArr, ConfigurationProperties configurationProperties) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(str);
        if (str2 == null || !this.existed) {
            keyStore.load(null, null);
            return keyStore;
        }
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.storage.load(str2));
        try {
            keyStore.load(byteArrayInputStream, cArr);
            byteArrayInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                byteArrayInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public Certificate getCertificate(String str) throws CertificateException {
        try {
            if (this.keyStore.containsAlias(str)) {
                return this.keyStore.getCertificate(str);
            }
            throw new CertificateException("Alias does not exist");
        } catch (KeyStoreException e) {
            throw new CertificateException("Error retrieving certificate", e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public void addCertificate(String str, Certificate certificate) throws CertificateException {
        try {
            this.keyStore.setCertificateEntry(str, certificate);
            saveKeyStore();
        } catch (KeyStoreException e) {
            throw new CertificateException("Error storing certificate", e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public void deleteCertificate(String str) throws CertificateException {
        try {
            if (!this.keyStore.containsAlias(str)) {
                throw new KeyStoreException("Alias does not exist");
            }
            this.keyStore.deleteEntry(str);
            saveKeyStore();
        } catch (KeyStoreException e) {
            throw new CertificateException("Error deleting certificate", e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public PrivateKey getKey(String str, char[] cArr) throws CertificateException {
        try {
            Key key = this.keyStore.getKey(str, cArr);
            if (key instanceof PrivateKey) {
                return (PrivateKey) key;
            }
            throw new KeyStoreException("No private key found for alias: " + str);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new CertificateException(e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public void addPrivateKey(String str, char[] cArr, PrivateKey privateKey, Certificate[] certificateArr) throws CertificateException {
        try {
            this.keyStore.setKeyEntry(str, privateKey, cArr, certificateArr);
            saveKeyStore();
        } catch (KeyStoreException e) {
            throw new CertificateException("Exception saving private key", e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public boolean getExists() {
        return this.existed;
    }

    private void saveKeyStore() throws CertificateException {
        try {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
            this.keyStore.store(byteArrayOutputStream, this.keyStorePassword);
            this.storage.save(byteArrayOutputStream.toByteArray(), this.keyStorePath);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException e) {
            throw new CertificateException("Error saving keystore", e);
        }
    }

    @Override // io.mapsmessaging.security.certificates.CertificateManager
    public KeyStore getKeyStore() {
        return this.keyStore;
    }
}
