package org.wso2.carbon.secvault.cipher;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.Paths;
import java.security.InvalidKeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.List;
import java.util.Optional;
import javax.crypto.Cipher;
import javax.crypto.CipherOutputStream;
import javax.crypto.NoSuchPaddingException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.wso2.carbon.secvault.MasterKey;
import org.wso2.carbon.secvault.SecureVaultUtils;
import org.wso2.carbon.secvault.exception.SecureVaultException;
import org.wso2.carbon.secvault.model.SecretRepositoryConfiguration;

/* loaded from: input_file:org/wso2/carbon/secvault/cipher/JKSBasedCipherProvider.class */
public class JKSBasedCipherProvider {
    private static Logger logger = LoggerFactory.getLogger((Class<?>) JKSBasedCipherProvider.class);
    private static final String LOCATION = "keystoreLocation";
    private static final String ALIAS = "privateKeyAlias";
    public static final String KEY_STORE_PASSWORD = "keyStorePassword";
    public static final String PRIVATE_KEY_PASSWORD = "privateKeyPassword";
    private static final String JKS = "JKS";
    private Cipher encryptionCipher;
    private Cipher decryptionCipher;

    public void init(SecretRepositoryConfiguration secretRepositoryConfiguration, List<MasterKey> list) throws SecureVaultException {
        String orElseThrow = secretRepositoryConfiguration.getParameter(LOCATION).orElseThrow(() -> {
            return new SecureVaultException("Key store location is mandatory");
        });
        String orElseThrow2 = secretRepositoryConfiguration.getParameter(ALIAS).orElseThrow(() -> {
            return new SecureVaultException("Private key alias is mandatory");
        });
        MasterKey secret = SecureVaultUtils.getSecret(list, "keyStorePassword");
        MasterKey secret2 = SecureVaultUtils.getSecret(list, PRIVATE_KEY_PASSWORD);
        KeyStore loadKeyStore = loadKeyStore(orElseThrow, secret.getMasterKeyValue().orElseThrow(() -> {
            return new SecureVaultException("Key store password is mandatory");
        }));
        this.encryptionCipher = getEncryptionCipher(loadKeyStore, orElseThrow2);
        this.decryptionCipher = getDecryptionCipher(loadKeyStore, orElseThrow2, secret2.getMasterKeyValue().orElseThrow(() -> {
            return new SecureVaultException("Private key password is mandatory");
        }));
        logger.debug("JKSBasedCipherProvider initialized successfully.");
    }

    public byte[] encrypt(byte[] bArr) throws SecureVaultException {
        return doCipher(this.encryptionCipher, bArr);
    }

    public byte[] decrypt(byte[] bArr) throws SecureVaultException {
        return doCipher(this.decryptionCipher, bArr);
    }

    private KeyStore loadKeyStore(String str, char[] cArr) throws SecureVaultException {
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(Paths.get(str, new String[0]).toAbsolutePath().toString()));
            Throwable th = null;
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    keyStore.load(bufferedInputStream, cArr);
                    logger.debug("Keystore at path : '{}', loaded successfully.", str);
                    if (bufferedInputStream != null) {
                        if (0 != 0) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    return keyStore;
                } finally {
                }
            } catch (KeyStoreException e) {
                throw new SecureVaultException("Failed to initialize keystore at : '" + str + "'", e);
            } catch (NoSuchAlgorithmException e2) {
                throw new SecureVaultException("Failed to load keystore algorithm at : '" + str + "'", e2);
            } catch (CertificateException e3) {
                throw new SecureVaultException("Failed to load certificates from keystore : '" + str + "'", e3);
            }
        } catch (IOException e4) {
            throw new SecureVaultException("Unable to find keystore at '" + str + "'", e4);
        }
    }

    private Cipher getEncryptionCipher(KeyStore keyStore, String str) throws SecureVaultException {
        try {
            Certificate certificate = (Certificate) Optional.ofNullable(keyStore.getCertificate(str)).orElseThrow(() -> {
                return new SecureVaultException("No certificate found with the given alias : " + str);
            });
            try {
                Cipher cipher = Cipher.getInstance(certificate.getPublicKey().getAlgorithm());
                cipher.init(1, certificate);
                logger.debug("Successfully created an encryption cipher with alias : '{}'", str);
                return cipher;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new SecureVaultException("Failed to initialize Cipher for mode '1'", e);
            }
        } catch (KeyStoreException e2) {
            throw new SecureVaultException("Failed to get certificate for alias '" + str + "'", e2);
        }
    }

    private Cipher getDecryptionCipher(KeyStore keyStore, String str, char[] cArr) throws SecureVaultException {
        try {
            PrivateKey privateKey = (PrivateKey) Optional.ofNullable((PrivateKey) keyStore.getKey(str, cArr)).orElseThrow(() -> {
                return new SecureVaultException("No key found with the given alias : " + str);
            });
            try {
                Cipher cipher = Cipher.getInstance(privateKey.getAlgorithm());
                cipher.init(2, privateKey);
                logger.debug("Successfully created a decryption cipher with alias : '{}'", str);
                return cipher;
            } catch (InvalidKeyException | NoSuchAlgorithmException | NoSuchPaddingException e) {
                throw new SecureVaultException("Failed to initialize Cipher for mode '2'", e);
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e2) {
            throw new SecureVaultException("Failed to get private key for alias '" + str + "'", e2);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r11v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00fd: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:71:0x00fd */
    /* JADX WARN: Not initialized variable reg: 11, insn: 0x0102: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r11 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:73:0x0102 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x012e: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:87:0x012e */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x0132: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:89:0x0132 */
    /* JADX WARN: Type inference failed for: r10v0, types: [javax.crypto.CipherOutputStream] */
    /* JADX WARN: Type inference failed for: r11v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.io.ByteArrayOutputStream] */
    /* JADX WARN: Type inference failed for: r9v0, types: [java.lang.Throwable] */
    private byte[] doCipher(Cipher cipher, byte[] bArr) throws SecureVaultException {
        ?? r10;
        ?? r11;
        try {
            try {
                ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                Throwable th = null;
                try {
                    CipherOutputStream cipherOutputStream = new CipherOutputStream(byteArrayOutputStream, cipher);
                    Throwable th2 = null;
                    ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(bArr);
                    Throwable th3 = null;
                    try {
                        try {
                            byte[] bArr2 = new byte[1024];
                            while (true) {
                                int read = byteArrayInputStream.read(bArr2);
                                if (read == -1) {
                                    break;
                                }
                                cipherOutputStream.write(bArr2, 0, read);
                            }
                            cipherOutputStream.flush();
                            cipherOutputStream.close();
                            byte[] byteArray = byteArrayOutputStream.toByteArray();
                            if (byteArrayInputStream != null) {
                                if (0 != 0) {
                                    try {
                                        byteArrayInputStream.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    byteArrayInputStream.close();
                                }
                            }
                            if (cipherOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        cipherOutputStream.close();
                                    } catch (Throwable th5) {
                                        th2.addSuppressed(th5);
                                    }
                                } else {
                                    cipherOutputStream.close();
                                }
                            }
                            if (byteArrayOutputStream != null) {
                                if (0 != 0) {
                                    try {
                                        byteArrayOutputStream.close();
                                    } catch (Throwable th6) {
                                        th.addSuppressed(th6);
                                    }
                                } else {
                                    byteArrayOutputStream.close();
                                }
                            }
                            return byteArray;
                        } finally {
                        }
                    } catch (Throwable th7) {
                        if (byteArrayInputStream != null) {
                            if (th3 != null) {
                                try {
                                    byteArrayInputStream.close();
                                } catch (Throwable th8) {
                                    th3.addSuppressed(th8);
                                }
                            } else {
                                byteArrayInputStream.close();
                            }
                        }
                        throw th7;
                    }
                } catch (Throwable th9) {
                    if (r10 != 0) {
                        if (r11 != 0) {
                            try {
                                r10.close();
                            } catch (Throwable th10) {
                                r11.addSuppressed(th10);
                            }
                        } else {
                            r10.close();
                        }
                    }
                    throw th9;
                }
            } catch (IOException e) {
                throw new SecureVaultException("Failed to decrypt the password", e);
            }
        } finally {
        }
    }
}
