package com.github.robozonky.common.secrets;

import com.github.robozonky.util.IoUtil;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.FileAlreadyExistsException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Optional;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/robozonky/common/secrets/KeyStoreHandler.class */
public class KeyStoreHandler {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) KeyStoreHandler.class);
    private static final String KEYSTORE_TYPE = "JCEKS";
    private static final String KEY_TYPE = "PBE";
    private final AtomicBoolean dirty;
    private final File keyStoreFile;
    private final KeyStore keyStore;
    private final KeyStore.ProtectionParameter protectionParameter;
    private final SecretKeyFactory keyFactory;
    private char[] password;

    private KeyStoreHandler(KeyStore keyStore, char[] cArr, File file, SecretKeyFactory secretKeyFactory) {
        this(keyStore, cArr, file, secretKeyFactory, true);
    }

    private KeyStoreHandler(KeyStore keyStore, char[] cArr, File file, SecretKeyFactory secretKeyFactory, boolean z) {
        this.keyStore = keyStore;
        this.password = (char[]) cArr.clone();
        this.protectionParameter = new KeyStore.PasswordProtection("NO_PASSWORD".toCharArray());
        this.keyStoreFile = file;
        this.keyFactory = secretKeyFactory;
        this.dirty = new AtomicBoolean(z);
    }

    private static SecretKeyFactory getSecretKeyFactory() {
        try {
            return SecretKeyFactory.getInstance(KEY_TYPE);
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(e);
        }
    }

    public static KeyStoreHandler create(File file, char... cArr) throws IOException, KeyStoreException {
        if (file == null) {
            throw new FileNotFoundException(null);
        }
        if (file.exists()) {
            throw new FileAlreadyExistsException(file.getAbsolutePath());
        }
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        try {
            keyStore.load(null, cArr);
            KeyStoreHandler keyStoreHandler = new KeyStoreHandler(keyStore, cArr, file, getSecretKeyFactory());
            keyStoreHandler.save();
            return keyStoreHandler;
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public static KeyStoreHandler open(File file, char... cArr) throws IOException, KeyStoreException {
        if (file == null) {
            throw new FileNotFoundException(null);
        }
        if (!file.exists()) {
            throw new FileNotFoundException(file.getAbsolutePath());
        }
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        return (KeyStoreHandler) IoUtil.tryFunction(() -> {
            return new FileInputStream(file);
        }, fileInputStream -> {
            try {
                keyStore.load(fileInputStream, cArr);
                return new KeyStoreHandler(keyStore, cArr, file, getSecretKeyFactory(), false);
            } catch (NoSuchAlgorithmException | CertificateException e) {
                throw new IllegalStateException(e);
            }
        });
    }

    public boolean set(String str, char[] cArr) {
        try {
            this.keyStore.setEntry(str, new KeyStore.SecretKeyEntry(this.keyFactory.generateSecret(new PBEKeySpec(cArr))), this.protectionParameter);
            this.dirty.set(true);
            return true;
        } catch (KeyStoreException | InvalidKeySpecException e) {
            LOGGER.debug("Failed storing '{}'.", str, e);
            return false;
        }
    }

    public Optional<char[]> get(String str) {
        try {
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) this.keyStore.getEntry(str, this.protectionParameter);
            return secretKeyEntry == null ? Optional.empty() : Optional.of(((PBEKeySpec) this.keyFactory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class)).getPassword());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | InvalidKeySpecException e) {
            LOGGER.debug("Unrecoverable entry '{}'.", str, e);
            return Optional.empty();
        }
    }

    public boolean delete(String str) {
        try {
            this.keyStore.deleteEntry(str);
            this.dirty.set(true);
            return true;
        } catch (KeyStoreException e) {
            LOGGER.debug("Entry '{}' not deleted.", str, e);
            return false;
        }
    }

    public boolean isDirty() {
        return this.dirty.get();
    }

    public void save() throws IOException {
        save(this.password);
    }

    public void save(char... cArr) throws IOException {
        this.password = (char[]) cArr.clone();
        IoUtil.tryConsumer(() -> {
            return new BufferedOutputStream(new FileOutputStream(this.keyStoreFile));
        }, bufferedOutputStream -> {
            try {
                this.keyStore.store(bufferedOutputStream, cArr);
                this.dirty.set(false);
            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                throw new IllegalStateException(e);
            }
        });
    }
}
