package org.elasticsearch.hadoop.security;

import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.crypto.spec.SecretKeySpec;
import org.elasticsearch.hadoop.EsHadoopIllegalArgumentException;
import org.elasticsearch.hadoop.util.Assert;
import org.elasticsearch.hadoop.util.IOUtils;
import org.elasticsearch.hadoop.util.StringUtils;

/* loaded from: input_file:org/elasticsearch/hadoop/security/KeystoreWrapper.class */
public class KeystoreWrapper {
    private static final String PKCS12 = "PKCS12";
    private static final String AES = "AES";
    private static final String DEFAULT_PASS = "";
    private final KeyStore keyStore;
    private final KeyStore.PasswordProtection protection;

    /* loaded from: input_file:org/elasticsearch/hadoop/security/KeystoreWrapper$KeystoreBuilder.class */
    public static final class KeystoreBuilder {
        private String type;
        private String password;
        private String path;
        private InputStream keystoreFile;

        private KeystoreBuilder(InputStream inputStream) {
            this.keystoreFile = inputStream;
        }

        private KeystoreBuilder(String str) {
            this.path = str;
        }

        private KeystoreBuilder() {
        }

        public KeystoreBuilder setType(String str) {
            this.type = str;
            return this;
        }

        public KeystoreBuilder setPassword(String str) {
            this.password = str;
            return this;
        }

        public KeystoreWrapper build() throws EsHadoopSecurityException, IOException {
            if (StringUtils.hasText(this.path)) {
                try {
                    this.keystoreFile = IOUtils.open(this.path);
                    if (this.keystoreFile == null) {
                        throw new EsHadoopIllegalArgumentException(String.format("Could not locate [%s] on classpath", this.path));
                    }
                } catch (Exception e) {
                    throw new EsHadoopIllegalArgumentException(String.format("Expected to find keystore file at [%s] but was unable to. Make sure that it is available on the classpath, or if not, that you have specified a valid file URI.", this.path));
                }
            }
            if (!StringUtils.hasText(this.type)) {
                this.type = KeystoreWrapper.PKCS12;
            }
            if (!StringUtils.hasText(this.password)) {
                this.password = "";
            }
            return new KeystoreWrapper(this.keystoreFile, this.type, this.password);
        }
    }

    private KeystoreWrapper(InputStream inputStream, String str, String str2) throws EsHadoopSecurityException, IOException {
        Assert.notNull(str2, "Password should not be null");
        try {
            char[] charArray = str2.toCharArray();
            this.protection = new KeyStore.PasswordProtection(charArray);
            this.keyStore = KeyStore.getInstance(str);
            this.keyStore.load(inputStream, charArray);
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException("Could not create keystore", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new EsHadoopSecurityException("Could not create keystore", e2);
        } catch (CertificateException e3) {
            throw new EsHadoopSecurityException("Could not create keystore", e3);
        }
    }

    public void setSecureSetting(String str, String str2) throws EsHadoopSecurityException {
        try {
            this.keyStore.setEntry(str, new KeyStore.SecretKeyEntry(new SecretKeySpec(str2.getBytes(), AES)), this.protection);
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException(String.format("Could not store secret key (alias : [%s]) in keystore", str), e);
        }
    }

    public void removeSecureSetting(String str) throws EsHadoopSecurityException {
        try {
            this.keyStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException(String.format("Could not delete secret key (alias : [%s]) from keystore", str), e);
        }
    }

    public String getSecureSetting(String str) throws EsHadoopSecurityException {
        try {
            if (this.keyStore.containsAlias(str)) {
                return new String(((KeyStore.SecretKeyEntry) this.keyStore.getEntry(str, this.protection)).getSecretKey().getEncoded());
            }
            return null;
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", str), e);
        } catch (NoSuchAlgorithmException e2) {
            throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", str), e2);
        } catch (UnrecoverableEntryException e3) {
            throw new EsHadoopSecurityException(String.format("Could not read alias [%s] from keystore", str), e3);
        }
    }

    public boolean containsEntry(String str) throws EsHadoopSecurityException {
        try {
            return this.keyStore.containsAlias(str);
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException(String.format("Could not read existence of alias [%s]", str), e);
        }
    }

    public List<String> listEntries() throws EsHadoopSecurityException {
        try {
            ArrayList arrayList = new ArrayList(this.keyStore.size());
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException("Could not read aliases from keystore", e);
        }
    }

    public void saveKeystore(OutputStream outputStream) throws EsHadoopSecurityException, IOException {
        try {
            this.keyStore.store(outputStream, this.protection.getPassword());
        } catch (KeyStoreException e) {
            throw new EsHadoopSecurityException("Could not persist keystore", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new EsHadoopSecurityException("Could not persist keystore", e2);
        } catch (CertificateException e3) {
            throw new EsHadoopSecurityException("Could not persist keystore", e3);
        }
    }

    public void saveKeystore(String str) throws EsHadoopSecurityException, IOException {
        FileOutputStream fileOutputStream = null;
        try {
            fileOutputStream = new FileOutputStream(new File(str));
            saveKeystore(fileOutputStream);
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
        } catch (Throwable th) {
            if (fileOutputStream != null) {
                fileOutputStream.close();
            }
            throw th;
        }
    }

    public static KeystoreBuilder loadStore(String str) {
        return new KeystoreBuilder(str);
    }

    public static KeystoreBuilder loadStore(InputStream inputStream) {
        return new KeystoreBuilder(inputStream);
    }

    public static KeystoreBuilder newStore() {
        return new KeystoreBuilder();
    }
}
