package com.github.toolarium.security.keystore.util;

import com.github.toolarium.common.security.ISecuredValue;
import com.github.toolarium.security.certificate.CertificateUtilFactory;
import com.github.toolarium.security.certificate.dto.CertificateStore;
import com.github.toolarium.security.pki.util.PKIUtil;
import java.io.BufferedInputStream;
import java.io.BufferedOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Objects;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/toolarium/security/keystore/util/KeyStoreUtil.class */
public final class KeyStoreUtil {
    private static final String PKCS12 = "PKCS12";
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) KeyStoreUtil.class);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/github/toolarium/security/keystore/util/KeyStoreUtil$HOLDER.class */
    public static class HOLDER {
        static final KeyStoreUtil INSTANCE = new KeyStoreUtil();

        private HOLDER() {
        }
    }

    private KeyStoreUtil() {
    }

    public static KeyStoreUtil getInstance() {
        return HOLDER.INSTANCE;
    }

    public KeyStore createKeyStore(String str) throws GeneralSecurityException, IOException {
        return createKeyStore(null, str);
    }

    public KeyStore createKeyStore(String str, String str2) throws GeneralSecurityException, IOException {
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        char[] cArr = null;
        if (str2 != null && !str2.isBlank()) {
            cArr = str2.toCharArray();
        }
        keyStore.load(null, cArr);
        if (str != null && !str.isBlank()) {
            FileOutputStream fileOutputStream = null;
            try {
                fileOutputStream = new FileOutputStream(str);
                keyStore.store(fileOutputStream, cArr);
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e) {
                    }
                }
            } catch (Throwable th) {
                if (fileOutputStream != null) {
                    try {
                        fileOutputStream.close();
                    } catch (IOException e2) {
                    }
                }
                throw th;
            }
        }
        return keyStore;
    }

    public KeyStore readPKCS12KeyStore(String str, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        return readKeyStore(str, PKCS12, null, iSecuredValue);
    }

    public KeyStore readPKCS12KeyStore(String str, String str2, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        return readKeyStore(str, PKCS12, str2, iSecuredValue);
    }

    public KeyStore readKeyStore(String str, String str2, String str3, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        if (str == null) {
            return null;
        }
        KeyStore keyStore = str3 != null ? KeyStore.getInstance(str2, str3) : KeyStore.getInstance(str2);
        BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(new File(str)));
        if (iSecuredValue == null || iSecuredValue.getValue() == null) {
            keyStore.load(bufferedInputStream, null);
        } else {
            keyStore.load(bufferedInputStream, iSecuredValue.getValue().toCharArray());
        }
        return keyStore;
    }

    public CertificateStore readPKCS12KeyPair(String str, String str2, String str3, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        if (str == null) {
            return null;
        }
        KeyStore readPKCS12KeyStore = readPKCS12KeyStore(str, str2, iSecuredValue);
        if (readPKCS12KeyStore == null) {
            throw new GeneralSecurityException("Could not read key keystore: " + str);
        }
        if (str3 == null) {
            throw new GeneralSecurityException("Invalid alias!");
        }
        X509Certificate x509Certificate = (X509Certificate) readPKCS12KeyStore.getCertificate(str3);
        if (x509Certificate == null) {
            throw new GeneralSecurityException("Could not read the certificate from keystore: " + str);
        }
        PrivateKey privateKey = (iSecuredValue == null || iSecuredValue.getValue() == null) ? (PrivateKey) readPKCS12KeyStore.getKey(str3, null) : (PrivateKey) readPKCS12KeyStore.getKey(str3, iSecuredValue.getValue().toCharArray());
        if (privateKey == null) {
            throw new GeneralSecurityException("Could not read the private key from keystore: " + str);
        }
        return new CertificateStore(new KeyPair(x509Certificate.getPublicKey(), privateKey), x509Certificate);
    }

    public KeyStore writePKCS12KeyStore(String str, String str2, PrivateKey privateKey, Certificate[] certificateArr, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        return writePKCS12KeyStore(str, null, str2, privateKey, certificateArr, iSecuredValue);
    }

    public KeyStore writePKCS12KeyStore(String str, String str2, String str3, PrivateKey privateKey, Certificate[] certificateArr, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        if (privateKey == null) {
            throw new GeneralSecurityException("Invalid private key!");
        }
        KeyStore keyStore = null;
        if (new File(str).exists()) {
            try {
                LOG.info("Read existing keystore [" + str + "].");
                keyStore = readPKCS12KeyStore(str, str2, iSecuredValue);
            } catch (IOException e) {
                LOG.error("Invalid keystore: " + str);
            }
        }
        if (keyStore == null) {
            LOG.debug("Create new keystore [" + str + "].");
            keyStore = str2 == null ? KeyStore.getInstance(PKCS12) : KeyStore.getInstance(PKCS12, str2);
        }
        if (keyStore == null) {
            throw new GeneralSecurityException("Could not write keystore: " + str);
        }
        char[] cArr = null;
        if (iSecuredValue != null && iSecuredValue.getValue() != null) {
            cArr = iSecuredValue.getValue().toCharArray();
        }
        if (cArr != null) {
            keyStore.load(null, cArr);
        } else {
            keyStore.load(null, null);
        }
        keyStore.setKeyEntry(str3, privateKey, cArr, certificateArr);
        BufferedOutputStream bufferedOutputStream = null;
        try {
            LOG.debug("Write keystore [" + str + "].");
            bufferedOutputStream = new BufferedOutputStream(new FileOutputStream(new File(str)));
            keyStore.store(bufferedOutputStream, cArr);
            bufferedOutputStream.flush();
            if (bufferedOutputStream != null) {
                bufferedOutputStream.close();
            }
            return keyStore;
        } catch (Throwable th) {
            if (bufferedOutputStream != null) {
                bufferedOutputStream.close();
            }
            throw th;
        }
    }

    public KeyStore createPKCS12KeyStore(String str, String str2, PrivateKey privateKey, Certificate[] certificateArr, ISecuredValue<String> iSecuredValue) throws GeneralSecurityException, IOException {
        if (privateKey == null) {
            throw new GeneralSecurityException("Invalid private key!");
        }
        LOG.debug("Create new keystore...");
        KeyStore keyStore = str == null ? KeyStore.getInstance(PKCS12) : KeyStore.getInstance(PKCS12, str);
        char[] cArr = null;
        if (iSecuredValue != null && iSecuredValue.getValue() != null) {
            cArr = iSecuredValue.getValue().toCharArray();
        }
        if (cArr != null) {
            keyStore.load(null, cArr);
        } else {
            keyStore.load(null, null);
        }
        keyStore.setKeyEntry(str2, privateKey, cArr, certificateArr);
        return keyStore;
    }

    public X509TrustManager getDefaultX509TrustManager() throws GeneralSecurityException {
        for (TrustManager trustManager : getDefaultTrustManager()) {
            if (trustManager instanceof X509TrustManager) {
                return (X509TrustManager) trustManager;
            }
        }
        return null;
    }

    public TrustManager[] getDefaultTrustManager() throws GeneralSecurityException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return trustManagerFactory.getTrustManagers();
    }

    public KeyStore getDefaultTrustKeyStore() throws GeneralSecurityException, IOException {
        KeyStore createKeyStore = getInstance().createKeyStore(null);
        X509Certificate[] acceptedIssuers = getInstance().getDefaultX509TrustManager().getAcceptedIssuers();
        if (acceptedIssuers != null) {
            int i = 1;
            if (LOG.isDebugEnabled()) {
                LOG.debug("Init new default trust stire with default trusted issuers: " + acceptedIssuers.length);
            }
            for (X509Certificate x509Certificate : acceptedIssuers) {
                int i2 = i;
                i++;
                createKeyStore.setCertificateEntry("cert" + i2, x509Certificate);
            }
        }
        return createKeyStore;
    }

    public KeyStore addCertificateToTrustKeystore(String str, X509Certificate x509Certificate) throws GeneralSecurityException, IOException {
        return addCertificateToTrustKeystore(str, new X509Certificate[]{x509Certificate});
    }

    public KeyStore addCertificateToTrustKeystore(String str, X509Certificate[] x509CertificateArr) throws GeneralSecurityException, IOException {
        if (LOG.isDebugEnabled()) {
            LOG.debug("Add self-signed certificate to trust store with alias " + str + "...");
        }
        return addCertificateToKeystore(getDefaultTrustKeyStore(), str, x509CertificateArr);
    }

    public KeyStore addCertificateToKeystore(KeyStore keyStore, String str, X509Certificate[] x509CertificateArr) throws GeneralSecurityException, IOException {
        if (keyStore != null && x509CertificateArr != null) {
            String str2 = str;
            if (str2 == null) {
                str2 = "";
            }
            if (keyStore != null && x509CertificateArr != null) {
                ArrayList arrayList = new ArrayList();
                arrayList.addAll(CertificateUtilFactory.getInstance().getFilter().filterValid(Arrays.asList(x509CertificateArr)));
                arrayList.addAll(CertificateUtilFactory.getInstance().getFilter().filterNotYedValid(Arrays.asList(x509CertificateArr)));
                for (int i = 0; i < arrayList.size(); i++) {
                    keyStore.setCertificateEntry(str2 + i, (Certificate) arrayList.get(i));
                    if (LOG.isDebugEnabled()) {
                        PKIUtil pKIUtil = PKIUtil.getInstance();
                        Logger logger = LOG;
                        Objects.requireNonNull(logger);
                        pKIUtil.processCertificate(logger::debug, "Add certificate to key store:", (X509Certificate) arrayList.get(i));
                    }
                }
            }
        }
        return keyStore;
    }

    public TrustManager[] getTrustAllCertificateManager() {
        return new TrustManager[]{new X509TrustManager() { // from class: com.github.toolarium.security.keystore.util.KeyStoreUtil.1
            @Override // javax.net.ssl.X509TrustManager
            public X509Certificate[] getAcceptedIssuers() {
                return new X509Certificate[0];
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkClientTrusted(X509Certificate[] x509CertificateArr, String str) {
            }

            @Override // javax.net.ssl.X509TrustManager
            public void checkServerTrusted(X509Certificate[] x509CertificateArr, String str) {
            }
        }};
    }
}
