package org.reaktivity.nukleus.tls.internal.vault;

import java.io.InputStream;
import java.net.URL;
import java.security.KeyStore;
import java.util.Optional;
import java.util.function.Function;
import org.agrona.LangUtil;
import org.reaktivity.nukleus.tls.internal.vault.config.FileSystemOptions;
import org.reaktivity.nukleus.tls.internal.vault.config.FileSystemStore;
import org.reaktivity.reaktor.nukleus.vault.BindingVault;

/* loaded from: input_file:org/reaktivity/nukleus/tls/internal/vault/FileSystemVault.class */
public class FileSystemVault implements BindingVault {
    private static final String TYPE_DEFAULT = "PKCS12";
    private final Function<String, KeyStore.PrivateKeyEntry> lookupKey;
    private final Function<String, KeyStore.TrustedCertificateEntry> lookupTrust;

    /* JADX INFO: Access modifiers changed from: private */
    @FunctionalInterface
    /* loaded from: input_file:org/reaktivity/nukleus/tls/internal/vault/FileSystemVault$Lookup.class */
    public interface Lookup<T> {
        T apply(String str, KeyStore keyStore, KeyStore.PasswordProtection passwordProtection);
    }

    public FileSystemVault(FileSystemOptions fileSystemOptions, Function<String, URL> function) {
        this.lookupKey = supplyLookupPrivateKeyEntry(function, fileSystemOptions.keys);
        this.lookupTrust = supplyLookupTrustedCertificateEntry(function, fileSystemOptions.trust);
    }

    public KeyStore.PrivateKeyEntry key(String str) {
        return this.lookupKey.apply(str);
    }

    public KeyStore.TrustedCertificateEntry certificate(String str) {
        return this.lookupTrust.apply(str);
    }

    private static Function<String, KeyStore.PrivateKeyEntry> supplyLookupPrivateKeyEntry(Function<String, URL> function, FileSystemStore fileSystemStore) {
        return supplyLookupAlias(function, fileSystemStore, FileSystemVault::lookupPrivateKeyEntry);
    }

    private static Function<String, KeyStore.TrustedCertificateEntry> supplyLookupTrustedCertificateEntry(Function<String, URL> function, FileSystemStore fileSystemStore) {
        return supplyLookupAlias(function, fileSystemStore, FileSystemVault::lookupTrustedCertificateEntry);
    }

    private static <R> Function<String, R> supplyLookupAlias(Function<String, URL> function, FileSystemStore fileSystemStore, Lookup<R> lookup) {
        Function<String, R> function2 = str -> {
            return null;
        };
        if (fileSystemStore != null) {
            try {
                InputStream inputStream = function.apply(fileSystemStore.store).openConnection().getInputStream();
                try {
                    String str2 = (String) Optional.ofNullable(fileSystemStore.type).orElse(TYPE_DEFAULT);
                    char[] cArr = (char[]) Optional.ofNullable(fileSystemStore.password).map((v0) -> {
                        return v0.toCharArray();
                    }).orElse(null);
                    KeyStore keyStore = KeyStore.getInstance(str2);
                    keyStore.load(inputStream, cArr);
                    KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(cArr);
                    function2 = str3 -> {
                        return lookup.apply(str3, keyStore, passwordProtection);
                    };
                    if (inputStream != null) {
                        inputStream.close();
                    }
                } finally {
                }
            } catch (Exception e) {
                LangUtil.rethrowUnchecked(e);
            }
        }
        return function2;
    }

    private static KeyStore.Entry lookupEntry(String str, KeyStore keyStore, KeyStore.PasswordProtection passwordProtection) {
        KeyStore.Entry entry = null;
        try {
            entry = keyStore.getEntry(str, passwordProtection);
        } catch (Exception e) {
            try {
                entry = keyStore.getEntry(str, null);
            } catch (Exception e2) {
                e2.addSuppressed(e);
                LangUtil.rethrowUnchecked(e2);
            }
        }
        return entry;
    }

    private static KeyStore.PrivateKeyEntry lookupPrivateKeyEntry(String str, KeyStore keyStore, KeyStore.PasswordProtection passwordProtection) {
        KeyStore.Entry lookupEntry = lookupEntry(str, keyStore, passwordProtection);
        if (lookupEntry instanceof KeyStore.PrivateKeyEntry) {
            return (KeyStore.PrivateKeyEntry) lookupEntry;
        }
        return null;
    }

    private static KeyStore.TrustedCertificateEntry lookupTrustedCertificateEntry(String str, KeyStore keyStore, KeyStore.PasswordProtection passwordProtection) {
        KeyStore.Entry lookupEntry = lookupEntry(str, keyStore, passwordProtection);
        if (lookupEntry instanceof KeyStore.TrustedCertificateEntry) {
            return (KeyStore.TrustedCertificateEntry) lookupEntry;
        }
        return null;
    }
}
