package keywhiz.service.crypto;

import com.google.common.base.Throwables;
import com.google.inject.AbstractModule;
import com.google.inject.Provides;
import java.io.IOException;
import java.io.InputStream;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.SecretKey;
import javax.inject.Qualifier;
import javax.inject.Singleton;
import keywhiz.service.config.KeyStoreConfig;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:keywhiz/service/crypto/CryptoModule.class */
public class CryptoModule extends AbstractModule {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) CryptoModule.class);
    private final Provider bcProvider = new BouncyCastleProvider();
    private final String derivationProviderClass;
    private final KeyStoreConfig keyStoreConfig;

    @Qualifier
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:keywhiz/service/crypto/CryptoModule$Derivation.class */
    public @interface Derivation {
    }

    @Qualifier
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:keywhiz/service/crypto/CryptoModule$Encryption.class */
    public @interface Encryption {
    }

    public CryptoModule(String str, KeyStoreConfig keyStoreConfig) {
        this.derivationProviderClass = str;
        this.keyStoreConfig = keyStoreConfig;
    }

    @Override // com.google.inject.AbstractModule
    protected void configure() {
    }

    @Singleton
    @Derivation
    @Provides
    SecretKey baseDerivationKey(@Derivation Provider provider) {
        String alias = this.keyStoreConfig.alias();
        char[] charArray = this.keyStoreConfig.resolvedPassword().toCharArray();
        try {
            InputStream openPath = this.keyStoreConfig.openPath();
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(this.keyStoreConfig.type(), provider);
                    keyStore.load(openPath, charArray);
                    SecretKey secretKey = (SecretKey) keyStore.getKey(alias, charArray);
                    if (openPath != null) {
                        if (0 != 0) {
                            try {
                                openPath.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            openPath.close();
                        }
                    }
                    return secretKey;
                } finally {
                }
            } catch (Throwable th3) {
                if (openPath != null) {
                    if (th != null) {
                        try {
                            openPath.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        openPath.close();
                    }
                }
                throw th3;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            logger.error("Error loading base derivation key: {}", e.getMessage(), e);
            throw Throwables.propagate(e);
        }
    }

    @Encryption
    @Singleton
    @Provides
    Provider encryptionProvider() {
        if (Security.getProvider(this.bcProvider.getName()) == null) {
            logger.debug("Registering new crypto provider {}", this.bcProvider.getName());
            Security.addProvider(this.bcProvider);
        }
        return this.bcProvider;
    }

    @Singleton
    @Derivation
    @Provides
    Provider derivationProvider() {
        try {
            Provider provider = (Provider) Class.forName(this.derivationProviderClass).newInstance();
            if (Security.getProvider(provider.getName()) == null) {
                logger.debug("Registering new crypto provider {}", provider.getName());
                Security.addProvider(provider);
            }
            return provider;
        } catch (ClassNotFoundException | IllegalAccessException | InstantiationException e) {
            logger.error("Error instantiating derivation provider: {}", e.getMessage(), e);
            throw Throwables.propagate(e);
        }
    }
}
