package org.finos.tracdap.common.config.local;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.util.Properties;
import org.finos.tracdap.common.config.ConfigKeys;
import org.finos.tracdap.common.config.ConfigManager;
import org.finos.tracdap.common.config.CryptoHelpers;
import org.finos.tracdap.common.config.ISecretLoader;
import org.finos.tracdap.common.exception.EConfigLoad;
import org.finos.tracdap.common.exception.EStartup;
import org.finos.tracdap.common.startup.StartupLog;
import org.slf4j.event.Level;

/* loaded from: input_file:org/finos/tracdap/common/config/local/JksSecretLoader.class */
public class JksSecretLoader implements ISecretLoader {
    public static final String DEFAULT_KEYSTORE_TYPE = "PKCS12";
    private final Properties properties;
    private KeyStore keystore = null;
    private boolean ready = false;
    String secretKey;

    public JksSecretLoader(Properties properties) {
        this.properties = properties;
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public void init(ConfigManager configManager) {
        if (this.ready) {
            StartupLog.log(this, Level.ERROR, "JKS secret loader initialized twice");
            throw new EStartup("JKS secret loader initialized twice");
        }
        String property = this.properties.getProperty(ConfigKeys.SECRET_TYPE_KEY, DEFAULT_KEYSTORE_TYPE);
        String property2 = this.properties.getProperty(ConfigKeys.SECRET_URL_KEY);
        String property3 = this.properties.getProperty(ConfigKeys.SECRET_KEY_KEY);
        try {
            StartupLog.log(this, Level.INFO, "Initializing JKS secret loader...");
            if (property2 == null || property2.isBlank()) {
                String format = String.format("JKS secrets need %s in the main config file", ConfigKeys.SECRET_URL_KEY);
                StartupLog.log(this, Level.ERROR, format);
                throw new EStartup(format);
            }
            if (property3 == null || property3.isBlank()) {
                String format2 = String.format("JKS secrets need a secret key, use --secret-key or set %s in the environment", ConfigKeys.SECRET_KEY_ENV);
                StartupLog.log(this, Level.ERROR, format2);
                throw new EStartup(format2);
            }
            this.keystore = KeyStore.getInstance(property);
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(configManager.loadBinaryConfig(property2));
            try {
                this.keystore.load(byteArrayInputStream, property3.toCharArray());
                this.ready = true;
                this.secretKey = property3;
                byteArrayInputStream.close();
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException e) {
            String format3 = String.format("Failed to open keystore [%s]: %s", property2, (e.getCause() != null ? e.getCause() : e).getMessage() + " (this normally means the secret key is wrong)");
            StartupLog.log(this, Level.ERROR, format3);
            throw new EStartup(format3);
        } catch (KeyStoreException e2) {
            String format4 = String.format("Keystore type is not supported: [%s]", property);
            StartupLog.log(this, Level.ERROR, format4);
            throw new EStartup(format4);
        } catch (NoSuchAlgorithmException | CertificateException e3) {
            String format5 = String.format("Failed to open keystore [%s]: %s", property2, e3.getMessage());
            StartupLog.log(this, Level.ERROR, format5);
            throw new EStartup(format5);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public boolean hasSecret(String str) {
        try {
            return this.keystore.containsAlias(str);
        } catch (GeneralSecurityException e) {
            String format = String.format("Secret could not be found in the key store: [%s] %s", str, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public String loadPassword(String str) {
        try {
            return CryptoHelpers.readTextEntry(this.keystore, this.secretKey, str);
        } catch (EConfigLoad e) {
            String format = String.format("Password could not be retrieved from the key store: [%s] %s", str, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format, e);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public boolean hasAttr(String str, String str2) {
        try {
            return CryptoHelpers.containsAttribute(this.keystore, str, str2);
        } catch (EConfigLoad e) {
            String format = String.format("Password could not be retrieved from the key store: [%s, %s] %s", str, str2, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format, e);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public String loadAttr(String str, String str2) {
        try {
            return CryptoHelpers.readAttribute(this.keystore, this.secretKey, str, str2);
        } catch (EConfigLoad e) {
            String format = String.format("Attribute could not be retrieved from the key store: [%s, %s] %s", str, str2, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format, e);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public PublicKey loadPublicKey(String str) {
        try {
            return CryptoHelpers.decodePublicKey(CryptoHelpers.readTextEntry(this.keystore, this.secretKey, str), false);
        } catch (EConfigLoad e) {
            String format = String.format("Public key could not be retrieved from the key store: [%s] %s", str, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format, e);
        }
    }

    @Override // org.finos.tracdap.common.config.ISecretLoader
    public PrivateKey loadPrivateKey(String str) {
        try {
            return CryptoHelpers.decodePrivateKey(CryptoHelpers.readTextEntry(this.keystore, this.secretKey, str), false);
        } catch (EConfigLoad e) {
            String format = String.format("Private key could not be retrieved from the key store: [%s] %s", str, e.getMessage());
            StartupLog.log(this, Level.ERROR, format);
            throw new EConfigLoad(format, e);
        }
    }
}
