package net.eightlives.friendlyssl.service;

import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.SwitchBootstraps;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
import java.util.Optional;
import net.eightlives.friendlyssl.config.FriendlySSLConfig;
import net.eightlives.friendlyssl.exception.KeyStoreGeneratorException;
import org.bouncycastle.asn1.DERBMPString;
import org.bouncycastle.asn1.DEROctetString;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.crypto.engines.DESedeEngine;
import org.bouncycastle.crypto.engines.RC2Engine;
import org.bouncycastle.crypto.modes.CBCBlockCipher;
import org.bouncycastle.pkcs.PKCS12PfxPduBuilder;
import org.bouncycastle.pkcs.PKCS12SafeBag;
import org.bouncycastle.pkcs.PKCSException;
import org.bouncycastle.pkcs.bc.BcPKCS12MacCalculatorBuilder;
import org.bouncycastle.pkcs.bc.BcPKCS12PBEOutputEncryptorBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS12SafeBagBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:net/eightlives/friendlyssl/service/PKCS12KeyStoreService.class */
public class PKCS12KeyStoreService {
    private static final Logger LOG = LoggerFactory.getLogger(PKCS12KeyStoreService.class);
    private static final String ROOT_FRIENDLY_NAME = "root";
    private static final String KEYSTORE_TYPE = "PKCS12";
    private static final String KEYFACTORY_TYPE = "RSA";
    private final FriendlySSLConfig config;
    private final LocalIdGeneratorService localIdGeneratorService;

    public PKCS12KeyStoreService(FriendlySSLConfig friendlySSLConfig, LocalIdGeneratorService localIdGeneratorService) {
        this.config = friendlySSLConfig;
        this.localIdGeneratorService = localIdGeneratorService;
    }

    public byte[] generateKeyStore(List<X509Certificate> list, PrivateKey privateKey) {
        try {
            byte[] generate = this.localIdGeneratorService.generate();
            PKCS12SafeBag[] pKCS12SafeBagArr = new PKCS12SafeBag[list.size()];
            for (int size = list.size() - 1; size >= 0; size--) {
                JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder = new JcaPKCS12SafeBagBuilder(list.get(size));
                if (size == 0) {
                    jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(this.config.getCertificateKeyAlias()));
                    jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DEROctetString(generate));
                } else {
                    jcaPKCS12SafeBagBuilder.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(ROOT_FRIENDLY_NAME));
                }
                pKCS12SafeBagArr[size] = jcaPKCS12SafeBagBuilder.build();
            }
            JcaPKCS12SafeBagBuilder jcaPKCS12SafeBagBuilder2 = new JcaPKCS12SafeBagBuilder(privateKey, new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd3_KeyTripleDES_CBC, CBCBlockCipher.newInstance(new DESedeEngine())).setIterationCount(2048).build("".toCharArray()));
            jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_friendlyName, new DERBMPString(this.config.getCertificateKeyAlias()));
            jcaPKCS12SafeBagBuilder2.addBagAttribute(PKCSObjectIdentifiers.pkcs_9_at_localKeyId, new DEROctetString(generate));
            PKCS12PfxPduBuilder pKCS12PfxPduBuilder = new PKCS12PfxPduBuilder();
            pKCS12PfxPduBuilder.addEncryptedData(new BcPKCS12PBEOutputEncryptorBuilder(PKCSObjectIdentifiers.pbeWithSHAAnd40BitRC2_CBC, CBCBlockCipher.newInstance(new RC2Engine())).setIterationCount(2048).build("".toCharArray()), pKCS12SafeBagArr);
            pKCS12PfxPduBuilder.addData(jcaPKCS12SafeBagBuilder2.build());
            BcPKCS12MacCalculatorBuilder bcPKCS12MacCalculatorBuilder = new BcPKCS12MacCalculatorBuilder();
            bcPKCS12MacCalculatorBuilder.setIterationCount(2048);
            return pKCS12PfxPduBuilder.build(bcPKCS12MacCalculatorBuilder, "".toCharArray()).getEncoded("DL");
        } catch (PKCSException | IOException e) {
            throw new KeyStoreGeneratorException(e);
        }
    }

    public KeyPair getKeyPair(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            keyStore.load(Files.newInputStream(Path.of(this.config.getKeystoreFile(), new String[0]), new OpenOption[0]), "".toCharArray());
            KeyFactory keyFactory = KeyFactory.getInstance(KEYFACTORY_TYPE);
            Key key = keyStore.getKey(str, "".toCharArray());
            if (key == null) {
                LOG.error("Private key alias {} not found in keystore {} when loading keystore", str, this.config.getKeystoreFile());
                return null;
            }
            PrivateKey generatePrivate = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded()));
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate != null) {
                return new KeyPair(certificate.getPublicKey(), generatePrivate);
            }
            LOG.error("Certificate with alias {} not found in keystore {} when loading keystore", str, this.config.getKeystoreFile());
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException | InvalidKeySpecException e) {
            LOG.error("Exception while accessing keystore", e);
            return null;
        }
    }

    public Optional<X509Certificate> getCertificate(String str) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
            try {
                keyStore.load(Files.newInputStream(Path.of(this.config.getKeystoreFile(), new String[0]), new OpenOption[0]), "".toCharArray());
                Certificate certificate = keyStore.getCertificate(str);
                switch ((int) SwitchBootstraps.typeSwitch(MethodHandles.lookup(), "typeSwitch", MethodType.methodType(Integer.TYPE, Object.class, Integer.TYPE), X509Certificate.class).dynamicInvoker().invoke(certificate, 0) /* invoke-custom */) {
                    case -1:
                    default:
                        return Optional.empty();
                    case 0:
                        return Optional.of((X509Certificate) certificate);
                }
            } catch (NoSuchFileException e) {
                return Optional.empty();
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            LOG.error("Exception while accessing keystore", e2);
            return Optional.empty();
        }
    }
}
