package org.wildfly.security.credential.store.impl;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.OutputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.AlgorithmParameters;
import java.security.GeneralSecurityException;
import java.security.InvalidKeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.InvalidParameterSpecException;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.locks.ReadWriteLock;
import java.util.concurrent.locks.ReentrantReadWriteLock;
import java.util.regex.Pattern;
import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.wildfly.common.Assert;
import org.wildfly.common.codec.Base32Alphabet;
import org.wildfly.common.iteration.ByteIterator;
import org.wildfly.security.EmptyProvider;
import org.wildfly.security.asn1.ASN1;
import org.wildfly.security.asn1.ASN1Exception;
import org.wildfly.security.asn1.DERDecoder;
import org.wildfly.security.asn1.DEREncoder;
import org.wildfly.security.credential.AlgorithmCredential;
import org.wildfly.security.credential.BearerTokenCredential;
import org.wildfly.security.credential.Credential;
import org.wildfly.security.credential.KeyPairCredential;
import org.wildfly.security.credential.PasswordCredential;
import org.wildfly.security.credential.PublicKeyCredential;
import org.wildfly.security.credential.SecretKeyCredential;
import org.wildfly.security.credential.X509CertificateChainPrivateCredential;
import org.wildfly.security.credential.X509CertificateChainPublicCredential;
import org.wildfly.security.credential.store.CredentialStore;
import org.wildfly.security.credential.store.CredentialStoreException;
import org.wildfly.security.credential.store.CredentialStoreSpi;
import org.wildfly.security.credential.store._private.ElytronMessages;
import org.wildfly.security.key.KeyUtil;
import org.wildfly.security.password.Password;
import org.wildfly.security.password.PasswordFactory;
import org.wildfly.security.password.interfaces.BCryptPassword;
import org.wildfly.security.password.interfaces.BSDUnixDESCryptPassword;
import org.wildfly.security.password.interfaces.ClearPassword;
import org.wildfly.security.password.interfaces.DigestPassword;
import org.wildfly.security.password.interfaces.MaskedPassword;
import org.wildfly.security.password.interfaces.OneTimePassword;
import org.wildfly.security.password.interfaces.SaltedSimpleDigestPassword;
import org.wildfly.security.password.interfaces.ScramDigestPassword;
import org.wildfly.security.password.interfaces.SimpleDigestPassword;
import org.wildfly.security.password.interfaces.SunUnixMD5CryptPassword;
import org.wildfly.security.password.interfaces.UnixDESCryptPassword;
import org.wildfly.security.password.interfaces.UnixMD5CryptPassword;
import org.wildfly.security.password.interfaces.UnixSHACryptPassword;
import org.wildfly.security.password.spec.ClearPasswordSpec;
import org.wildfly.security.password.spec.DigestPasswordSpec;
import org.wildfly.security.password.spec.HashPasswordSpec;
import org.wildfly.security.password.spec.IteratedSaltedHashPasswordSpec;
import org.wildfly.security.password.spec.MaskedPasswordSpec;
import org.wildfly.security.password.spec.OneTimePasswordSpec;
import org.wildfly.security.password.spec.SaltedHashPasswordSpec;
import org.wildfly.security.util.AtomicFileOutputStream;
import org.wildfly.security.x500.GeneralName;
import org.wildfly.security.x500.X500;

/* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore.class */
public final class KeyStoreCredentialStore extends CredentialStoreSpi {
    private static final String DATA_OID = "1.2.840.113549.1.7.1";
    public static final String KEY_STORE_CREDENTIAL_STORE;
    private static final String X_509 = "X.509";
    private static final String CREATE = "create";
    private static final String CRYPTOALG = "cryptoAlg";
    private static final String EXTERNAL = "external";
    private static final String EXTERNALPATH = "externalPath";
    private static final String KEYALIAS = "keyAlias";
    private static final String KEYSTORETYPE = "keyStoreType";
    private static final String LOCATION = "location";
    private static final String MODIFIABLE = "modifiable";
    private static final List<String> validAttribtues;
    private volatile boolean modifiable;
    private KeyStore keyStore;
    private Path location;
    private Path externalPath;
    private boolean create;
    private CredentialStore.ProtectionParameter protectionParameter;
    private Provider[] providers;
    private String encryptionKeyAlias;
    private ExternalStorage externalStorage;
    private String cryptographicAlgorithm;
    private static final Pattern INDEX_PATTERN;
    private static final Map<String, Class<? extends Credential>> CREDENTIAL_TYPES;
    static final /* synthetic */ boolean $assertionsDisabled;
    private final ReadWriteLock readWriteLock = new ReentrantReadWriteLock();
    private final HashMap<String, TopEntry> cache = new HashMap<>();
    private boolean useExternalStorage = false;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$BottomEntry.class */
    public static final class BottomEntry {
        private final MidEntry midEntry;
        private final String algorithm;
        private final HashMap<ParamKey, String> map = new HashMap<>(0);
        private String noParams;

        BottomEntry(MidEntry midEntry, String str) {
            this.midEntry = midEntry;
            this.algorithm = str;
        }

        String getAlgorithm() {
            return this.algorithm;
        }

        HashMap<ParamKey, String> getMap() {
            return this.map;
        }

        String getNoParams() {
            return this.noParams;
        }

        String setNoParams(String str) {
            try {
                return this.noParams;
            } finally {
                this.noParams = str;
            }
        }

        boolean isEmpty() {
            return this.noParams == null && this.map.isEmpty();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public String removeNoParams() {
            try {
                return this.noParams;
            } finally {
                this.noParams = null;
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$ExternalStorage.class */
    public final class ExternalStorage {
        private int VERSION;
        private int SECRET_KEY_ENTRY_TYPE;
        private static final String DEFAULT_CRYPTOGRAPHIC_ALGORITHM = "AES/CBC/NoPadding";
        private Cipher encrypt;
        private Cipher decrypt;
        private KeyStore dataKeyStore;
        private KeyStore storageSecretKeyStore;
        private SecretKey storageSecretKey;

        private ExternalStorage() {
            this.VERSION = 1;
            this.SECRET_KEY_ENTRY_TYPE = 100;
        }

        void init(String str, String str2, KeyStore keyStore, char[] cArr, KeyStore keyStore2) throws CredentialStoreException {
            if (str == null) {
                str = DEFAULT_CRYPTOGRAPHIC_ALGORITHM;
            }
            this.storageSecretKeyStore = keyStore;
            this.dataKeyStore = keyStore2;
            try {
                fetchStorageSecretKey(str2, cArr);
                Provider provider = keyStore.getProvider();
                try {
                    this.encrypt = Cipher.getInstance(str, provider);
                } catch (NoSuchAlgorithmException e) {
                    this.encrypt = Cipher.getInstance(str);
                }
                try {
                    this.decrypt = Cipher.getInstance(str, provider);
                } catch (NoSuchAlgorithmException e2) {
                    this.decrypt = Cipher.getInstance(str);
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException | NoSuchPaddingException e3) {
                throw new CredentialStoreException(e3);
            }
        }

        private void fetchStorageSecretKey(String str, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException, CredentialStoreException, UnrecoverableEntryException, KeyStoreException {
            KeyStore.Entry entry = this.storageSecretKeyStore.getEntry(str, new KeyStore.PasswordProtection(cArr));
            if (entry == null) {
                throw ElytronMessages.log.externalStorageKeyDoesNotExist(str);
            }
            if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                throw ElytronMessages.log.wrongTypeOfExternalStorageKey(str);
            }
            this.storageSecretKey = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
        }

        void load(InputStream inputStream) throws IOException, GeneralSecurityException {
            this.dataKeyStore.load(null, null);
            ObjectInputStream objectInputStream = new ObjectInputStream(inputStream);
            int readInt = objectInputStream.readInt();
            if (readInt != this.VERSION) {
                throw ElytronMessages.log.unexpectedFileVersion(Integer.toString(readInt));
            }
            while (objectInputStream.available() > 0) {
                int readInt2 = objectInputStream.readInt();
                if (readInt2 != this.SECRET_KEY_ENTRY_TYPE) {
                    throw ElytronMessages.log.unrecognizedEntryType(Integer.toString(readInt2));
                }
                loadSecretKey(objectInputStream);
            }
            objectInputStream.close();
        }

        private void loadSecretKey(ObjectInputStream objectInputStream) throws IOException, GeneralSecurityException {
            byte[] readBytes = readBytes(objectInputStream);
            this.decrypt.init(2, this.storageSecretKey, new IvParameterSpec(readBytes(objectInputStream)));
            Assert.checkMaximumParameter("cipher block size", 256, this.decrypt.getBlockSize());
            ObjectInputStream objectInputStream2 = new ObjectInputStream(new ByteArrayInputStream(pkcs7UnPad(this.decrypt.doFinal(readBytes))));
            this.dataKeyStore.setEntry(objectInputStream2.readUTF(), new KeyStore.SecretKeyEntry(new SecretKeySpec(readBytes(objectInputStream2), KeyStoreCredentialStore.DATA_OID)), KeyStoreCredentialStore.this.convertParameter(KeyStoreCredentialStore.this.protectionParameter));
        }

        private byte[] readBytes(ObjectInputStream objectInputStream) throws IOException {
            int readInt = objectInputStream.readInt();
            byte[] bArr = new byte[readInt];
            int read = objectInputStream.read(bArr, 0, readInt);
            if (readInt != read) {
                throw ElytronMessages.log.readBytesMismatch(read, readInt);
            }
            return bArr;
        }

        private int writeBytes(byte[] bArr, ObjectOutputStream objectOutputStream) throws IOException {
            int length = bArr.length;
            objectOutputStream.writeInt(length);
            objectOutputStream.write(bArr, 0, length);
            return length;
        }

        void store(OutputStream outputStream) throws IOException, GeneralSecurityException {
            ObjectOutputStream objectOutputStream = new ObjectOutputStream(outputStream);
            objectOutputStream.writeInt(this.VERSION);
            Enumeration<String> aliases = this.dataKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                KeyStore.Entry entry = this.dataKeyStore.getEntry(nextElement, KeyStoreCredentialStore.this.convertParameter(KeyStoreCredentialStore.this.protectionParameter));
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    throw ElytronMessages.log.unrecognizedEntryType(entry != null ? entry.getClass().getCanonicalName() : "null");
                }
                saveSecretKey(nextElement, objectOutputStream, (KeyStore.SecretKeyEntry) entry);
            }
            objectOutputStream.flush();
            objectOutputStream.close();
        }

        private void saveSecretKey(String str, ObjectOutputStream objectOutputStream, KeyStore.SecretKeyEntry secretKeyEntry) throws IOException, GeneralSecurityException {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(1024);
            ObjectOutputStream objectOutputStream2 = new ObjectOutputStream(byteArrayOutputStream);
            objectOutputStream2.writeUTF(str);
            writeBytes(secretKeyEntry.getSecretKey().getEncoded(), objectOutputStream2);
            objectOutputStream2.flush();
            this.encrypt.init(1, this.storageSecretKey, (AlgorithmParameterSpec) null);
            int blockSize = this.encrypt.getBlockSize();
            if (blockSize == 0) {
                throw ElytronMessages.log.algorithmNotBlockBased(this.encrypt.getAlgorithm());
            }
            Assert.checkMaximumParameter("cipher block size", 256, blockSize);
            byte[] doFinal = this.encrypt.doFinal(pkcs7Pad(byteArrayOutputStream.toByteArray(), blockSize));
            byte[] iv = this.encrypt.getIV();
            if (iv == null) {
                throw ElytronMessages.log.algorithmNotIV(this.encrypt.getAlgorithm());
            }
            objectOutputStream.writeInt(this.SECRET_KEY_ENTRY_TYPE);
            writeBytes(doFinal, objectOutputStream);
            writeBytes(iv, objectOutputStream);
        }

        private byte[] pkcs7Pad(byte[] bArr, int i) {
            int length = bArr.length;
            int i2 = i - (length % i);
            byte[] copyOf = Arrays.copyOf(bArr, i2 + length);
            Arrays.fill(copyOf, length, copyOf.length, (byte) i2);
            return copyOf;
        }

        private byte[] pkcs7UnPad(byte[] bArr) throws BadPaddingException {
            byte b = bArr[bArr.length - 1];
            int length = bArr.length - 2;
            while (bArr[length] == b) {
                length--;
            }
            if (length + 1 + b != bArr.length) {
                throw new BadPaddingException();
            }
            return Arrays.copyOfRange(bArr, 0, length + 1);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$Hold.class */
    public interface Hold extends AutoCloseable {
        @Override // java.lang.AutoCloseable
        void close();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$MidEntry.class */
    public static final class MidEntry {
        private final TopEntry topEntry;
        private final Class<? extends Credential> credentialType;
        private final HashMap<String, BottomEntry> map = new HashMap<>(0);
        private BottomEntry noAlgorithm;

        MidEntry(TopEntry topEntry, Class<? extends Credential> cls) {
            this.topEntry = topEntry;
            this.credentialType = cls;
        }

        Class<? extends Credential> getCredentialType() {
            return this.credentialType;
        }

        HashMap<String, BottomEntry> getMap() {
            return this.map;
        }

        BottomEntry getNoAlgorithm() {
            return this.noAlgorithm;
        }

        void setNoAlgorithm(BottomEntry bottomEntry) {
            this.noAlgorithm = bottomEntry;
        }

        BottomEntry removeNoAlgorithm() {
            try {
                return this.noAlgorithm;
            } finally {
                this.noAlgorithm = null;
            }
        }

        boolean isEmpty() {
            return this.noAlgorithm == null && this.map.isEmpty();
        }

        /* JADX INFO: Access modifiers changed from: private */
        public BottomEntry getOrCreateNoAlgorithm() {
            BottomEntry bottomEntry = this.noAlgorithm;
            if (bottomEntry != null) {
                return bottomEntry;
            }
            BottomEntry bottomEntry2 = new BottomEntry(this, null);
            this.noAlgorithm = bottomEntry2;
            return bottomEntry2;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$ParamKey.class */
    public static final class ParamKey {
        private final AlgorithmParameterSpec parameterSpec;
        private final int hashCode;

        ParamKey(AlgorithmParameterSpec algorithmParameterSpec) {
            this.parameterSpec = algorithmParameterSpec;
            this.hashCode = KeyUtil.parametersHashCode(algorithmParameterSpec);
        }

        public int hashCode() {
            return this.hashCode;
        }

        AlgorithmParameterSpec getParameterSpec() {
            return this.parameterSpec;
        }

        int getHashCode() {
            return this.hashCode;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/wildfly/security/credential/store/impl/KeyStoreCredentialStore$TopEntry.class */
    public static final class TopEntry {
        private final String alias;
        private final HashMap<Class<? extends Credential>, MidEntry> map = new HashMap<>(0);

        TopEntry(String str) {
            this.alias = str;
        }

        String getAlias() {
            return this.alias;
        }

        HashMap<Class<? extends Credential>, MidEntry> getMap() {
            return this.map;
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void initialize(Map<String, String> map, CredentialStore.ProtectionParameter protectionParameter, Provider[] providerArr) throws CredentialStoreException {
        Path path;
        Hold lockForWrite = lockForWrite();
        try {
            if (protectionParameter == null) {
                throw ElytronMessages.log.protectionParameterRequired();
            }
            validateAttribute(map, validAttribtues);
            this.cache.clear();
            this.protectionParameter = protectionParameter;
            this.modifiable = Boolean.parseBoolean(map.getOrDefault(MODIFIABLE, "true"));
            this.create = Boolean.parseBoolean(map.getOrDefault(CREATE, "false"));
            this.providers = providerArr;
            String orDefault = map.getOrDefault(KEYSTORETYPE, KeyStore.getDefaultType());
            String str = map.get(LOCATION);
            String str2 = map.get(EXTERNALPATH);
            if (str == null) {
                path = null;
            } else {
                try {
                    path = Paths.get(str, new String[0]);
                } catch (IOException e) {
                    throw ElytronMessages.log.credentialStoreFileDoesNotExist(this.useExternalStorage ? str2 : str);
                }
            }
            this.location = path;
            if (this.location != null && Files.isSymbolicLink(this.location)) {
                this.location = this.location.toRealPath(new LinkOption[0]);
            }
            this.useExternalStorage = Boolean.parseBoolean(map.getOrDefault(EXTERNAL, "false"));
            if (this.useExternalStorage) {
                if (str2 == null) {
                    throw ElytronMessages.log.externalPathMissing(orDefault);
                }
                this.externalPath = Paths.get(str2, new String[0]);
                if (Files.isSymbolicLink(this.externalPath)) {
                    this.externalPath = this.externalPath.toRealPath(new LinkOption[0]);
                }
                if (this.externalPath.equals(this.location)) {
                    throw ElytronMessages.log.locationAndExternalPathAreIdentical(this.location.toString(), this.externalPath.toString());
                }
            }
            this.encryptionKeyAlias = map.getOrDefault(KEYALIAS, "cs_key");
            this.cryptographicAlgorithm = map.get(CRYPTOALG);
            load(orDefault);
            if (this.create && !this.useExternalStorage && this.location != null && !Files.exists(this.location, new LinkOption[0])) {
                flush();
            }
            this.initialized = true;
            if (lockForWrite != null) {
                lockForWrite.close();
            }
        } catch (Throwable th) {
            if (lockForWrite != null) {
                try {
                    lockForWrite.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public boolean isModifiable() {
        return this.modifiable;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void store(String str, Credential credential, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
        KeyStore.Entry secretKeyEntry;
        try {
            Class<?> cls = credential.getClass();
            String algorithm = credential instanceof AlgorithmCredential ? ((AlgorithmCredential) credential).getAlgorithm() : null;
            AlgorithmParameterSpec algorithmParameterSpec = (AlgorithmParameterSpec) credential.castAndApply(AlgorithmCredential.class, (v0) -> {
                return v0.getParameters();
            });
            if (cls == SecretKeyCredential.class) {
                secretKeyEntry = new KeyStore.SecretKeyEntry((SecretKey) credential.castAndApply(SecretKeyCredential.class, (v0) -> {
                    return v0.getSecretKey();
                }));
            } else if (cls == PublicKeyCredential.class) {
                PublicKey publicKey = (PublicKey) credential.castAndApply(PublicKeyCredential.class, (v0) -> {
                    return v0.getPublicKey();
                });
                KeyFactory keyFactory = KeyFactory.getInstance(publicKey.getAlgorithm());
                secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(((X509EncodedKeySpec) keyFactory.getKeySpec(keyFactory.translateKey(publicKey), X509EncodedKeySpec.class)).getEncoded(), DATA_OID));
            } else if (cls == KeyPairCredential.class) {
                KeyPair keyPair = (KeyPair) credential.castAndApply(KeyPairCredential.class, (v0) -> {
                    return v0.getKeyPair();
                });
                PublicKey publicKey2 = keyPair.getPublic();
                PrivateKey privateKey = keyPair.getPrivate();
                KeyFactory keyFactory2 = KeyFactory.getInstance(publicKey2.getAlgorithm());
                if (!$assertionsDisabled && !privateKey.getAlgorithm().equals(publicKey2.getAlgorithm())) {
                    throw new AssertionError();
                }
                X509EncodedKeySpec x509EncodedKeySpec = (X509EncodedKeySpec) keyFactory2.getKeySpec(keyFactory2.translateKey(publicKey2), X509EncodedKeySpec.class);
                PKCS8EncodedKeySpec pKCS8EncodedKeySpec = (PKCS8EncodedKeySpec) keyFactory2.getKeySpec(keyFactory2.translateKey(privateKey), PKCS8EncodedKeySpec.class);
                DEREncoder dEREncoder = new DEREncoder();
                dEREncoder.startSequence();
                dEREncoder.writeEncoded(x509EncodedKeySpec.getEncoded());
                dEREncoder.writeEncoded(pKCS8EncodedKeySpec.getEncoded());
                dEREncoder.endSequence();
                secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(dEREncoder.getEncoded(), DATA_OID));
            } else if (cls == X509CertificateChainPublicCredential.class) {
                X509Certificate[] x509CertificateArr = (X509Certificate[]) credential.castAndApply(X509CertificateChainPublicCredential.class, obj -> {
                    return ((X509CertificateChainPublicCredential) obj).getCertificateChain();
                });
                DEREncoder dEREncoder2 = new DEREncoder();
                dEREncoder2.encodeInteger(x509CertificateArr.length);
                dEREncoder2.startSequence();
                for (X509Certificate x509Certificate : x509CertificateArr) {
                    dEREncoder2.writeEncoded(x509Certificate.getEncoded());
                }
                dEREncoder2.endSequence();
                secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(dEREncoder2.getEncoded(), DATA_OID));
            } else if (cls == X509CertificateChainPrivateCredential.class) {
                X509CertificateChainPrivateCredential x509CertificateChainPrivateCredential = (X509CertificateChainPrivateCredential) credential;
                secretKeyEntry = new KeyStore.PrivateKeyEntry(x509CertificateChainPrivateCredential.getPrivateKey(), x509CertificateChainPrivateCredential.getCertificateChain());
            } else if (cls == BearerTokenCredential.class) {
                secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec((byte[]) credential.castAndApply(BearerTokenCredential.class, bearerTokenCredential -> {
                    return bearerTokenCredential.getToken().getBytes(StandardCharsets.UTF_8);
                }), DATA_OID));
            } else {
                if (cls != PasswordCredential.class) {
                    throw ElytronMessages.log.unsupportedCredentialType(cls);
                }
                Password password = (Password) credential.castAndApply(PasswordCredential.class, (v0) -> {
                    return v0.getPassword();
                });
                String algorithm2 = password.getAlgorithm();
                DEREncoder dEREncoder3 = new DEREncoder();
                PasswordFactory passwordFactory = PasswordFactory.getInstance(algorithm2);
                boolean z = -1;
                switch (algorithm2.hashCode()) {
                    case -1912980823:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_SHA_256)) {
                            z = 13;
                            break;
                        }
                        break;
                    case -1912979771:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_SHA_384)) {
                            z = 14;
                            break;
                        }
                        break;
                    case -1912978068:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_SHA_512)) {
                            z = 15;
                            break;
                        }
                        break;
                    case -1757081455:
                        if (algorithm2.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
                            z = 2;
                            break;
                        }
                        break;
                    case -1701396786:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                            z = 24;
                            break;
                        }
                        break;
                    case -1701395734:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                            z = 25;
                            break;
                        }
                        break;
                    case -1701394031:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                            z = 26;
                            break;
                        }
                        break;
                    case -1690837980:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256)) {
                            z = 37;
                            break;
                        }
                        break;
                    case -1690836928:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384)) {
                            z = 38;
                            break;
                        }
                        break;
                    case -1690835225:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512)) {
                            z = 39;
                            break;
                        }
                        break;
                    case -1543890167:
                        if (algorithm2.equals(OneTimePassword.ALGORITHM_OTP_SHA_256)) {
                            z = 19;
                            break;
                        }
                        break;
                    case -1543889115:
                        if (algorithm2.equals(OneTimePassword.ALGORITHM_OTP_SHA_384)) {
                            z = 20;
                            break;
                        }
                        break;
                    case -1543887412:
                        if (algorithm2.equals(OneTimePassword.ALGORITHM_OTP_SHA_512)) {
                            z = 21;
                            break;
                        }
                        break;
                    case -1394365876:
                        if (algorithm2.equals(BCryptPassword.ALGORITHM_BCRYPT)) {
                            z = false;
                            break;
                        }
                        break;
                    case -1310312971:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_MD5)) {
                            z = 11;
                            break;
                        }
                        break;
                    case -1310307037:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_SHA)) {
                            z = 12;
                            break;
                        }
                        break;
                    case -1140442148:
                        if (algorithm2.equals(OneTimePassword.ALGORITHM_OTP_MD5)) {
                            z = 17;
                            break;
                        }
                        break;
                    case -1040294462:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1)) {
                            z = 28;
                            break;
                        }
                        break;
                    case -993784217:
                        if (algorithm2.equals(OneTimePassword.ALGORITHM_OTP_SHA1)) {
                            z = 18;
                            break;
                        }
                        break;
                    case -819635646:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1)) {
                            z = 36;
                            break;
                        }
                        break;
                    case -749279630:
                        if (algorithm2.equals(DigestPassword.ALGORITHM_DIGEST_SHA_512_256)) {
                            z = 16;
                            break;
                        }
                        break;
                    case -706146221:
                        if (algorithm2.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256)) {
                            z = 8;
                            break;
                        }
                        break;
                    case -706143466:
                        if (algorithm2.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512)) {
                            z = 9;
                            break;
                        }
                        break;
                    case -633128269:
                        if (algorithm2.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
                            z = 3;
                            break;
                        }
                        break;
                    case -633127217:
                        if (algorithm2.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_384)) {
                            z = 4;
                            break;
                        }
                        break;
                    case -633125514:
                        if (algorithm2.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_512)) {
                            z = 5;
                            break;
                        }
                        break;
                    case -338914150:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
                            z = 22;
                            break;
                        }
                        break;
                    case -311107102:
                        if (algorithm2.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT)) {
                            z = 7;
                            break;
                        }
                        break;
                    case -211770786:
                        if (algorithm2.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5)) {
                            z = 6;
                            break;
                        }
                        break;
                    case 94746189:
                        if (algorithm2.equals(ClearPassword.ALGORITHM_CLEAR)) {
                            z = 10;
                            break;
                        }
                        break;
                    case 726720364:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                            z = 23;
                            break;
                        }
                        break;
                    case 1004404644:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256)) {
                            z = 29;
                            break;
                        }
                        break;
                    case 1004405696:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384)) {
                            z = 30;
                            break;
                        }
                        break;
                    case 1004407399:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512)) {
                            z = 31;
                            break;
                        }
                        break;
                    case 1012583449:
                        if (algorithm2.equals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES)) {
                            z = true;
                            break;
                        }
                        break;
                    case 1330753648:
                        if (algorithm2.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5)) {
                            z = 27;
                            break;
                        }
                        break;
                    case 1527631085:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2)) {
                            z = 34;
                            break;
                        }
                        break;
                    case 1527631088:
                        if (algorithm2.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5)) {
                            z = 35;
                            break;
                        }
                        break;
                    case 1596346163:
                        if (algorithm2.equals(UnixDESCryptPassword.ALGORITHM_CRYPT_DES)) {
                            z = 32;
                            break;
                        }
                        break;
                    case 1596354719:
                        if (algorithm2.equals(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5)) {
                            z = 33;
                            break;
                        }
                        break;
                }
                switch (z) {
                    case false:
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                    case GeneralName.IP_ADDRESS /* 7 */:
                    case true:
                    case true:
                        IteratedSaltedHashPasswordSpec iteratedSaltedHashPasswordSpec = (IteratedSaltedHashPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), IteratedSaltedHashPasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(iteratedSaltedHashPasswordSpec.getHash());
                        dEREncoder3.encodeOctetString(iteratedSaltedHashPasswordSpec.getSalt());
                        dEREncoder3.encodeInteger(iteratedSaltedHashPasswordSpec.getIterationCount());
                        dEREncoder3.endSequence();
                        break;
                    case true:
                        dEREncoder3.encodeOctetString(new String(((ClearPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), ClearPasswordSpec.class)).getEncodedPassword()));
                        break;
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                        DigestPasswordSpec digestPasswordSpec = (DigestPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), DigestPasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(digestPasswordSpec.getUsername());
                        dEREncoder3.encodeOctetString(digestPasswordSpec.getRealm());
                        dEREncoder3.encodeOctetString(digestPasswordSpec.getDigest());
                        dEREncoder3.endSequence();
                        break;
                    case true:
                    case true:
                    case ASN1.PRINTABLE_STRING_TYPE /* 19 */:
                    case true:
                    case true:
                        OneTimePasswordSpec oneTimePasswordSpec = (OneTimePasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), OneTimePasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(oneTimePasswordSpec.getHash());
                        dEREncoder3.encodeIA5String(oneTimePasswordSpec.getSeed());
                        dEREncoder3.encodeInteger(oneTimePasswordSpec.getSequenceNumber());
                        dEREncoder3.endSequence();
                        break;
                    case ASN1.IA5_STRING_TYPE /* 22 */:
                    case BCryptPassword.BCRYPT_HASH_SIZE /* 23 */:
                    case ASN1.GENERALIZED_TIME_TYPE /* 24 */:
                    case true:
                    case true:
                    case true:
                    case ASN1.UNIVERSAL_STRING_TYPE /* 28 */:
                    case true:
                    case ASN1.BMP_STRING_TYPE /* 30 */:
                    case ASN1.TAG_NUMBER_MASK /* 31 */:
                    case true:
                    case true:
                        SaltedHashPasswordSpec saltedHashPasswordSpec = (SaltedHashPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), SaltedHashPasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(saltedHashPasswordSpec.getHash());
                        dEREncoder3.encodeOctetString(saltedHashPasswordSpec.getSalt());
                        dEREncoder3.endSequence();
                        break;
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                    case true:
                        HashPasswordSpec hashPasswordSpec = (HashPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), HashPasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(hashPasswordSpec.getDigest());
                        dEREncoder3.endSequence();
                        break;
                    default:
                        if (!MaskedPassword.isMaskedAlgorithm(algorithm)) {
                            throw ElytronMessages.log.unsupportedCredentialType(cls);
                        }
                        MaskedPasswordSpec maskedPasswordSpec = (MaskedPasswordSpec) passwordFactory.getKeySpec(passwordFactory.translate(password), MaskedPasswordSpec.class);
                        dEREncoder3.startSequence();
                        dEREncoder3.encodeOctetString(new String(maskedPasswordSpec.getInitialKeyMaterial()));
                        dEREncoder3.encodeInteger(maskedPasswordSpec.getIterationCount());
                        dEREncoder3.encodeOctetString(maskedPasswordSpec.getSalt());
                        dEREncoder3.encodeOctetString(maskedPasswordSpec.getMaskedPasswordBytes());
                        dEREncoder3.endSequence();
                        break;
                }
                secretKeyEntry = new KeyStore.SecretKeyEntry(new SecretKeySpec(dEREncoder3.getEncoded(), DATA_OID));
            }
            String calculateNewAlias = calculateNewAlias(str, cls, algorithm, algorithmParameterSpec);
            Hold lockForWrite = lockForWrite();
            try {
                this.keyStore.setEntry(calculateNewAlias, secretKeyEntry, convertParameter(protectionParameter));
                TopEntry computeIfAbsent = this.cache.computeIfAbsent(toLowercase(str), TopEntry::new);
                MidEntry midEntry = (MidEntry) computeIfAbsent.getMap().computeIfAbsent(cls, cls2 -> {
                    return new MidEntry(computeIfAbsent, cls2);
                });
                BottomEntry computeIfAbsent2 = algorithm != null ? midEntry.getMap().computeIfAbsent(algorithm, str2 -> {
                    return new BottomEntry(midEntry, str2);
                }) : midEntry.getOrCreateNoAlgorithm();
                String put = algorithmParameterSpec != null ? computeIfAbsent2.getMap().put(new ParamKey(algorithmParameterSpec), calculateNewAlias) : computeIfAbsent2.setNoParams(calculateNewAlias);
                if (put != null && !put.equals(calculateNewAlias)) {
                    this.keyStore.deleteEntry(put);
                }
                if (lockForWrite != null) {
                    lockForWrite.close();
                }
            } finally {
            }
        } catch (InvalidKeyException | KeyStoreException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
            throw ElytronMessages.log.cannotWriteCredentialToStore(e);
        }
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public <C extends Credential> C retrieve(String str, Class<C> cls, String str2, AlgorithmParameterSpec algorithmParameterSpec, CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
        MidEntry midEntry;
        BottomEntry next;
        String next2;
        KeySpec maskedPasswordSpec;
        try {
            Hold lockForRead = lockForRead();
            try {
                TopEntry topEntry = this.cache.get(toLowercase(str));
                if (topEntry == null) {
                    ElytronMessages.log.trace("KeyStoreCredentialStore: alias not found in cache");
                    if (lockForRead != null) {
                        lockForRead.close();
                    }
                    return null;
                }
                if (!topEntry.getMap().containsKey(cls)) {
                    for (MidEntry midEntry2 : topEntry.getMap().values()) {
                        if (cls.isAssignableFrom(midEntry2.getCredentialType())) {
                            ElytronMessages.log.trace("KeyStoreCredentialStore: assignable found");
                            midEntry = midEntry2;
                        }
                    }
                    ElytronMessages.log.trace("KeyStoreCredentialStore: no assignable found");
                    if (lockForRead != null) {
                        lockForRead.close();
                    }
                    return null;
                }
                ElytronMessages.log.trace("KeyStoreCredentialStore: contains exact type");
                midEntry = topEntry.getMap().get(cls);
                if (str2 != null) {
                    next = midEntry.getMap().get(str2);
                } else {
                    Iterator<BottomEntry> it = midEntry.getMap().values().iterator();
                    next = it.hasNext() ? it.next() : midEntry.getNoAlgorithm();
                }
                if (next == null) {
                    ElytronMessages.log.tracef("KeyStoreCredentialStore: no entry for algorithm %s", str2);
                    if (lockForRead != null) {
                        lockForRead.close();
                    }
                    return null;
                }
                if (algorithmParameterSpec != null) {
                    next2 = next.getMap().get(new ParamKey(algorithmParameterSpec));
                } else {
                    Iterator<String> it2 = next.getMap().values().iterator();
                    next2 = it2.hasNext() ? it2.next() : next.getNoParams();
                }
                if (next2 == null) {
                    ElytronMessages.log.tracef("KeyStoreCredentialStore: no entry for parameterSpec %s", algorithmParameterSpec);
                    if (lockForRead != null) {
                        lockForRead.close();
                    }
                    return null;
                }
                KeyStore.Entry entry = this.keyStore.getEntry(next2, convertParameter(protectionParameter));
                if (lockForRead != null) {
                    lockForRead.close();
                }
                if (entry == null) {
                    ElytronMessages.log.trace("KeyStoreCredentialStore: null entry");
                    return null;
                }
                Class<? extends Credential> credentialType = midEntry.getCredentialType();
                if (credentialType == SecretKeyCredential.class) {
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        return cls.cast(new SecretKeyCredential(((KeyStore.SecretKeyEntry) entry).getSecretKey()));
                    }
                    throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                }
                if (credentialType == PublicKeyCredential.class) {
                    if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                        throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                    }
                    try {
                        byte[] encoded = ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded();
                        String algorithm = next.getAlgorithm();
                        if ($assertionsDisabled || algorithm != null) {
                            return cls.cast(new PublicKeyCredential(KeyFactory.getInstance(algorithm).generatePublic(new X509EncodedKeySpec(encoded))));
                        }
                        throw new AssertionError();
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
                        throw ElytronMessages.log.cannotAcquireCredentialFromStore(e);
                    }
                }
                if (credentialType == KeyPairCredential.class) {
                    if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                        throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                    }
                    try {
                        byte[] encoded2 = ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded();
                        String algorithm2 = next.getAlgorithm();
                        if (!$assertionsDisabled && algorithm2 == null) {
                            throw new AssertionError();
                        }
                        DERDecoder dERDecoder = new DERDecoder(encoded2);
                        dERDecoder.startSequence();
                        byte[] drainElement = dERDecoder.drainElement();
                        byte[] drainElement2 = dERDecoder.drainElement();
                        dERDecoder.endSequence();
                        KeyFactory keyFactory = KeyFactory.getInstance(algorithm2);
                        return cls.cast(new KeyPairCredential(new KeyPair(keyFactory.generatePublic(new X509EncodedKeySpec(drainElement)), keyFactory.generatePrivate(new PKCS8EncodedKeySpec(drainElement2)))));
                    } catch (NoSuchAlgorithmException | InvalidKeySpecException | ASN1Exception e2) {
                        throw ElytronMessages.log.cannotAcquireCredentialFromStore(e2);
                    }
                }
                if (credentialType == X509CertificateChainPublicCredential.class) {
                    if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                        throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                    }
                    try {
                        byte[] encoded3 = ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded();
                        String algorithm3 = next.getAlgorithm();
                        if (!$assertionsDisabled && algorithm3 == null) {
                            throw new AssertionError();
                        }
                        DERDecoder dERDecoder2 = new DERDecoder(encoded3);
                        CertificateFactory certificateFactory = CertificateFactory.getInstance(X_509);
                        X509Certificate[] x509CertificateArr = new X509Certificate[dERDecoder2.decodeInteger().intValueExact()];
                        dERDecoder2.startSequence();
                        int i = 0;
                        while (dERDecoder2.hasNextElement()) {
                            int i2 = i;
                            i++;
                            x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(dERDecoder2.drainElement()));
                        }
                        dERDecoder2.endSequence();
                        return cls.cast(new X509CertificateChainPublicCredential(x509CertificateArr));
                    } catch (ArrayIndexOutOfBoundsException | CertificateException | ASN1Exception e3) {
                        throw ElytronMessages.log.cannotAcquireCredentialFromStore(e3);
                    }
                }
                if (credentialType == X509CertificateChainPrivateCredential.class) {
                    if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                        throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.PrivateKeyEntry.class, entry.getClass());
                    }
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                    return cls.cast(new X509CertificateChainPrivateCredential(privateKeyEntry.getPrivateKey(), X500.asX509CertificateArray(privateKeyEntry.getCertificateChain())));
                }
                if (credentialType == BearerTokenCredential.class) {
                    if (entry instanceof KeyStore.SecretKeyEntry) {
                        return cls.cast(new BearerTokenCredential(new String(((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded(), StandardCharsets.UTF_8)));
                    }
                    throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                }
                if (credentialType != PasswordCredential.class) {
                    throw ElytronMessages.log.unableToReadCredentialTypeFromStore(credentialType);
                }
                if (!(entry instanceof KeyStore.SecretKeyEntry)) {
                    throw ElytronMessages.log.invalidCredentialStoreEntryType(KeyStore.SecretKeyEntry.class, entry.getClass());
                }
                try {
                    byte[] encoded4 = ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded();
                    String algorithm4 = next.getAlgorithm();
                    if (!$assertionsDisabled && algorithm4 == null) {
                        throw new AssertionError();
                    }
                    DERDecoder dERDecoder3 = new DERDecoder(encoded4);
                    boolean z = -1;
                    switch (algorithm4.hashCode()) {
                        case -1912980823:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_SHA_256)) {
                                z = 13;
                                break;
                            }
                            break;
                        case -1912979771:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_SHA_384)) {
                                z = 14;
                                break;
                            }
                            break;
                        case -1912978068:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_SHA_512)) {
                                z = 15;
                                break;
                            }
                            break;
                        case -1757081455:
                            if (algorithm4.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_1)) {
                                z = 2;
                                break;
                            }
                            break;
                        case -1701396786:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_256)) {
                                z = 24;
                                break;
                            }
                            break;
                        case -1701395734:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_384)) {
                                z = 25;
                                break;
                            }
                            break;
                        case -1701394031:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_512)) {
                                z = 26;
                                break;
                            }
                            break;
                        case -1690837980:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_256)) {
                                z = 37;
                                break;
                            }
                            break;
                        case -1690836928:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_384)) {
                                z = 38;
                                break;
                            }
                            break;
                        case -1690835225:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_512)) {
                                z = 39;
                                break;
                            }
                            break;
                        case -1543890167:
                            if (algorithm4.equals(OneTimePassword.ALGORITHM_OTP_SHA_256)) {
                                z = 19;
                                break;
                            }
                            break;
                        case -1543889115:
                            if (algorithm4.equals(OneTimePassword.ALGORITHM_OTP_SHA_384)) {
                                z = 20;
                                break;
                            }
                            break;
                        case -1543887412:
                            if (algorithm4.equals(OneTimePassword.ALGORITHM_OTP_SHA_512)) {
                                z = 21;
                                break;
                            }
                            break;
                        case -1394365876:
                            if (algorithm4.equals(BCryptPassword.ALGORITHM_BCRYPT)) {
                                z = false;
                                break;
                            }
                            break;
                        case -1310312971:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_MD5)) {
                                z = 11;
                                break;
                            }
                            break;
                        case -1310307037:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_SHA)) {
                                z = 12;
                                break;
                            }
                            break;
                        case -1140442148:
                            if (algorithm4.equals(OneTimePassword.ALGORITHM_OTP_MD5)) {
                                z = 17;
                                break;
                            }
                            break;
                        case -1040294462:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_1)) {
                                z = 28;
                                break;
                            }
                            break;
                        case -993784217:
                            if (algorithm4.equals(OneTimePassword.ALGORITHM_OTP_SHA1)) {
                                z = 18;
                                break;
                            }
                            break;
                        case -819635646:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_SHA_1)) {
                                z = 36;
                                break;
                            }
                            break;
                        case -749279630:
                            if (algorithm4.equals(DigestPassword.ALGORITHM_DIGEST_SHA_512_256)) {
                                z = 16;
                                break;
                            }
                            break;
                        case -706146221:
                            if (algorithm4.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_256)) {
                                z = 8;
                                break;
                            }
                            break;
                        case -706143466:
                            if (algorithm4.equals(UnixSHACryptPassword.ALGORITHM_CRYPT_SHA_512)) {
                                z = 9;
                                break;
                            }
                            break;
                        case -633128269:
                            if (algorithm4.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_256)) {
                                z = 3;
                                break;
                            }
                            break;
                        case -633127217:
                            if (algorithm4.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_384)) {
                                z = 4;
                                break;
                            }
                            break;
                        case -633125514:
                            if (algorithm4.equals(ScramDigestPassword.ALGORITHM_SCRAM_SHA_512)) {
                                z = 5;
                                break;
                            }
                            break;
                        case -338914150:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_MD5)) {
                                z = 22;
                                break;
                            }
                            break;
                        case -311107102:
                            if (algorithm4.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5_BARE_SALT)) {
                                z = 7;
                                break;
                            }
                            break;
                        case -211770786:
                            if (algorithm4.equals(SunUnixMD5CryptPassword.ALGORITHM_SUN_CRYPT_MD5)) {
                                z = 6;
                                break;
                            }
                            break;
                        case 94746189:
                            if (algorithm4.equals(ClearPassword.ALGORITHM_CLEAR)) {
                                z = 10;
                                break;
                            }
                            break;
                        case 726720364:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_PASSWORD_SALT_DIGEST_SHA_1)) {
                                z = 23;
                                break;
                            }
                            break;
                        case 1004404644:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_256)) {
                                z = 29;
                                break;
                            }
                            break;
                        case 1004405696:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_384)) {
                                z = 30;
                                break;
                            }
                            break;
                        case 1004407399:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_SHA_512)) {
                                z = 31;
                                break;
                            }
                            break;
                        case 1012583449:
                            if (algorithm4.equals(BSDUnixDESCryptPassword.ALGORITHM_BSD_CRYPT_DES)) {
                                z = true;
                                break;
                            }
                            break;
                        case 1330753648:
                            if (algorithm4.equals(SaltedSimpleDigestPassword.ALGORITHM_SALT_PASSWORD_DIGEST_MD5)) {
                                z = 27;
                                break;
                            }
                            break;
                        case 1527631085:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD2)) {
                                z = 34;
                                break;
                            }
                            break;
                        case 1527631088:
                            if (algorithm4.equals(SimpleDigestPassword.ALGORITHM_SIMPLE_DIGEST_MD5)) {
                                z = 35;
                                break;
                            }
                            break;
                        case 1596346163:
                            if (algorithm4.equals(UnixDESCryptPassword.ALGORITHM_CRYPT_DES)) {
                                z = 32;
                                break;
                            }
                            break;
                        case 1596354719:
                            if (algorithm4.equals(UnixMD5CryptPassword.ALGORITHM_CRYPT_MD5)) {
                                z = 33;
                                break;
                            }
                            break;
                    }
                    switch (z) {
                        case false:
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                        case GeneralName.IP_ADDRESS /* 7 */:
                        case true:
                        case true:
                            dERDecoder3.startSequence();
                            byte[] decodeOctetString = dERDecoder3.decodeOctetString();
                            byte[] decodeOctetString2 = dERDecoder3.decodeOctetString();
                            int intValue = dERDecoder3.decodeInteger().intValue();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new IteratedSaltedHashPasswordSpec(decodeOctetString, decodeOctetString2, intValue);
                            break;
                        case true:
                            maskedPasswordSpec = new ClearPasswordSpec(dERDecoder3.decodeOctetStringAsString().toCharArray());
                            break;
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                            dERDecoder3.startSequence();
                            String decodeOctetStringAsString = dERDecoder3.decodeOctetStringAsString();
                            String decodeOctetStringAsString2 = dERDecoder3.decodeOctetStringAsString();
                            byte[] decodeOctetString3 = dERDecoder3.decodeOctetString();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new DigestPasswordSpec(decodeOctetStringAsString, decodeOctetStringAsString2, decodeOctetString3);
                            break;
                        case true:
                        case true:
                        case ASN1.PRINTABLE_STRING_TYPE /* 19 */:
                        case true:
                        case true:
                            dERDecoder3.startSequence();
                            byte[] decodeOctetString4 = dERDecoder3.decodeOctetString();
                            String decodeIA5String = dERDecoder3.decodeIA5String();
                            int intValue2 = dERDecoder3.decodeInteger().intValue();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new OneTimePasswordSpec(decodeOctetString4, decodeIA5String, intValue2);
                            break;
                        case ASN1.IA5_STRING_TYPE /* 22 */:
                        case BCryptPassword.BCRYPT_HASH_SIZE /* 23 */:
                        case ASN1.GENERALIZED_TIME_TYPE /* 24 */:
                        case true:
                        case true:
                        case true:
                        case ASN1.UNIVERSAL_STRING_TYPE /* 28 */:
                        case true:
                        case ASN1.BMP_STRING_TYPE /* 30 */:
                        case ASN1.TAG_NUMBER_MASK /* 31 */:
                        case true:
                        case true:
                            dERDecoder3.startSequence();
                            byte[] decodeOctetString5 = dERDecoder3.decodeOctetString();
                            byte[] decodeOctetString6 = dERDecoder3.decodeOctetString();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new SaltedHashPasswordSpec(decodeOctetString5, decodeOctetString6);
                            break;
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                        case true:
                            dERDecoder3.startSequence();
                            byte[] decodeOctetString7 = dERDecoder3.decodeOctetString();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new HashPasswordSpec(decodeOctetString7);
                            break;
                        default:
                            if (!MaskedPassword.isMaskedAlgorithm(algorithm4)) {
                                throw ElytronMessages.log.unsupportedCredentialType(cls);
                            }
                            dERDecoder3.startSequence();
                            char[] charArray = dERDecoder3.decodeOctetStringAsString().toCharArray();
                            int intValue3 = dERDecoder3.decodeInteger().intValue();
                            byte[] decodeOctetString8 = dERDecoder3.decodeOctetString();
                            byte[] decodeOctetString9 = dERDecoder3.decodeOctetString();
                            dERDecoder3.endSequence();
                            maskedPasswordSpec = new MaskedPasswordSpec(charArray, intValue3, decodeOctetString8, decodeOctetString9);
                            break;
                    }
                    return cls.cast(new PasswordCredential(PasswordFactory.getInstance(algorithm4).generatePassword(maskedPasswordSpec)));
                } catch (NoSuchAlgorithmException | InvalidKeySpecException e4) {
                    throw ElytronMessages.log.cannotAcquireCredentialFromStore(e4);
                }
            } finally {
            }
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e5) {
            throw ElytronMessages.log.cannotAcquireCredentialFromStore(e5);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public KeyStore.ProtectionParameter convertParameter(CredentialStore.ProtectionParameter protectionParameter) throws CredentialStoreException {
        if (protectionParameter == null) {
            return convertParameter(this.protectionParameter);
        }
        if (!(protectionParameter instanceof CredentialStore.CredentialSourceProtectionParameter)) {
            throw ElytronMessages.log.invalidProtectionParameter(protectionParameter);
        }
        try {
            return (KeyStore.ProtectionParameter) ((CredentialStore.CredentialSourceProtectionParameter) protectionParameter).getCredentialSource().applyToCredential(PasswordCredential.class, passwordCredential -> {
                return (KeyStore.PasswordProtection) passwordCredential.getPassword().castAndApply(ClearPassword.class, clearPassword -> {
                    return new KeyStore.PasswordProtection(clearPassword.getPassword());
                });
            });
        } catch (IOException e) {
            throw ElytronMessages.log.cannotAcquireCredentialFromStore(e);
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void remove(String str, Class<? extends Credential> cls, String str2, AlgorithmParameterSpec algorithmParameterSpec) throws CredentialStoreException {
        String lowercase = toLowercase(str);
        try {
            Hold lockForWrite = lockForWrite();
            try {
                if (!this.modifiable) {
                    throw ElytronMessages.log.nonModifiableCredentialStore("remove");
                }
                TopEntry topEntry = this.cache.get(lowercase);
                if (topEntry == null) {
                    if (lockForWrite != null) {
                        lockForWrite.close();
                        return;
                    }
                    return;
                }
                if (topEntry.getMap().containsKey(cls)) {
                    remove(topEntry.getMap().remove(cls), str2, algorithmParameterSpec);
                } else {
                    Iterator<MidEntry> it = topEntry.getMap().values().iterator();
                    while (it.hasNext()) {
                        MidEntry next = it.next();
                        if (cls.isAssignableFrom(next.getCredentialType())) {
                            remove(next, str2, algorithmParameterSpec);
                            if (next.isEmpty()) {
                                it.remove();
                            }
                        }
                    }
                }
                this.cache.remove(lowercase);
                if (lockForWrite != null) {
                    lockForWrite.close();
                }
            } finally {
            }
        } catch (KeyStoreException e) {
            throw ElytronMessages.log.cannotRemoveCredentialFromStore(e);
        }
    }

    private void remove(MidEntry midEntry, String str, AlgorithmParameterSpec algorithmParameterSpec) throws KeyStoreException {
        if (midEntry != null) {
            if (str != null) {
                remove(midEntry.getMap().get(str), algorithmParameterSpec);
                return;
            }
            Iterator<BottomEntry> it = midEntry.getMap().values().iterator();
            while (it.hasNext()) {
                BottomEntry next = it.next();
                remove(next, algorithmParameterSpec);
                if (next.isEmpty()) {
                    it.remove();
                }
            }
            remove(midEntry.removeNoAlgorithm(), algorithmParameterSpec);
        }
    }

    private void remove(BottomEntry bottomEntry, AlgorithmParameterSpec algorithmParameterSpec) throws KeyStoreException {
        if (bottomEntry != null) {
            if (algorithmParameterSpec != null) {
                remove(bottomEntry.getMap().remove(new ParamKey(algorithmParameterSpec)));
                return;
            }
            Iterator<String> it = bottomEntry.getMap().values().iterator();
            while (it.hasNext()) {
                remove(it.next());
                it.remove();
            }
            remove(bottomEntry.removeNoParams());
        }
    }

    private void remove(String str) throws KeyStoreException {
        if (str != null) {
            this.keyStore.deleteEntry(str);
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x007a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_ENTER], block:B:37:0x007a */
    /* JADX WARN: Type inference failed for: r8v0, types: [org.wildfly.security.util.AtomicFileOutputStream] */
    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public void flush() throws CredentialStoreException {
        ?? r8;
        Hold lockForWrite = lockForWrite();
        try {
            Path path = this.externalPath == null ? this.location : this.externalPath;
            ElytronMessages.log.tracef("KeyStoreCredentialStore: flushing into %s", path);
            if (path != null) {
                try {
                    try {
                        char[] storePassword = getStorePassword(this.protectionParameter);
                        AtomicFileOutputStream atomicFileOutputStream = new AtomicFileOutputStream(path);
                        try {
                            if (this.useExternalStorage) {
                                this.externalStorage.store(atomicFileOutputStream);
                            } else {
                                this.keyStore.store(atomicFileOutputStream, storePassword);
                            }
                        } finally {
                            try {
                                atomicFileOutputStream.close();
                            } catch (IOException e) {
                            }
                        }
                        atomicFileOutputStream.close();
                    } catch (IOException e2) {
                        throw ElytronMessages.log.cannotFlushCredentialStore(e2);
                    }
                } catch (Throwable th) {
                    try {
                        r8.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            }
            if (lockForWrite != null) {
                lockForWrite.close();
            }
        } catch (Throwable th3) {
            if (lockForWrite != null) {
                try {
                    lockForWrite.close();
                } catch (Throwable th4) {
                    th3.addSuppressed(th4);
                }
            }
            throw th3;
        }
    }

    @Override // org.wildfly.security.credential.store.CredentialStoreSpi
    public Set<String> getAliases() throws UnsupportedOperationException, CredentialStoreException {
        return this.cache.keySet();
    }

    private Hold lockForRead() {
        this.readWriteLock.readLock().lock();
        return () -> {
            this.readWriteLock.readLock().unlock();
        };
    }

    private Hold lockForWrite() {
        this.readWriteLock.writeLock().lock();
        return () -> {
            this.readWriteLock.writeLock().unlock();
        };
    }

    /* JADX WARN: Removed duplicated region for block: B:14:0x014c  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private void load(java.lang.String r6) throws org.wildfly.security.credential.store.CredentialStoreException {
        /*
            Method dump skipped, instructions count: 730
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.wildfly.security.credential.store.impl.KeyStoreCredentialStore.load(java.lang.String):void");
    }

    private KeyStore getKeyStoreInstance(String str) throws CredentialStoreException {
        if (this.providers != null) {
            for (Provider provider : this.providers) {
                try {
                    return KeyStore.getInstance(str, provider);
                } catch (KeyStoreException e) {
                }
            }
        }
        try {
            if (ElytronMessages.log.isTraceEnabled()) {
                ElytronMessages.log.tracef("Obtaining KeyStore instance of type %s, providers: %s", str, Arrays.toString(Security.getProviders()));
            }
            KeyStore keyStore = KeyStore.getInstance(str);
            ElytronMessages.log.tracef("Obtained KeyStore instance: %s", keyStore);
            return keyStore;
        } catch (KeyStoreException e2) {
            throw ElytronMessages.log.cannotInitializeCredentialStore(e2);
        }
    }

    private void setupExternalStorage(String str, Path path) throws CredentialStoreException {
        KeyStore keyStoreInstance = getKeyStoreInstance(str);
        this.keyStore = getKeyStoreInstance("JCEKS");
        this.externalStorage = new ExternalStorage();
        try {
            char[] storePassword = getStorePassword(this.protectionParameter);
            if (path != null) {
                InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
                try {
                    keyStoreInstance.load(newInputStream, storePassword);
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                } finally {
                }
            } else {
                synchronized (EmptyProvider.getInstance()) {
                    keyStoreInstance.load(null, storePassword);
                }
            }
            this.externalStorage.init(this.cryptographicAlgorithm, this.encryptionKeyAlias, keyStoreInstance, storePassword, this.keyStore);
        } catch (IOException | GeneralSecurityException e) {
            throw ElytronMessages.log.cannotInitializeCredentialStore(e);
        }
    }

    private static char[] getStorePassword(CredentialStore.ProtectionParameter protectionParameter) throws IOException, CredentialStoreException {
        char[] cArr;
        if (protectionParameter instanceof CredentialStore.CredentialSourceProtectionParameter) {
            cArr = (char[]) ((CredentialStore.CredentialSourceProtectionParameter) protectionParameter).getCredentialSource().applyToCredential(PasswordCredential.class, passwordCredential -> {
                return (char[]) passwordCredential.getPassword().castAndApply(ClearPassword.class, (v0) -> {
                    return v0.getPassword();
                });
            });
        } else {
            if (protectionParameter != null) {
                throw ElytronMessages.log.invalidProtectionParameter(protectionParameter);
            }
            cArr = null;
        }
        return cArr;
    }

    private String calculateNewAlias(String str, Class<? extends Credential> cls, String str2, AlgorithmParameterSpec algorithmParameterSpec) throws CredentialStoreException {
        StringBuilder sb = new StringBuilder(64 + str.length());
        sb.append(str.toLowerCase(Locale.ROOT));
        sb.append('/');
        sb.append(cls.getSimpleName().toLowerCase(Locale.ROOT));
        sb.append('/');
        if (str2 != null) {
            sb.append(str2.toLowerCase(Locale.ROOT));
            sb.append('/');
            if (algorithmParameterSpec != null) {
                try {
                    AlgorithmParameters algorithmParameters = AlgorithmParameters.getInstance(str2);
                    algorithmParameters.init(algorithmParameterSpec);
                    ByteIterator.ofBytes(algorithmParameters.getEncoded()).base32Encode(Base32Alphabet.LOWERCASE, false).drainTo(sb);
                } catch (IOException | NoSuchAlgorithmException | InvalidParameterSpecException e) {
                    throw ElytronMessages.log.cannotWriteCredentialToStore(e);
                }
            }
        } else {
            sb.append('/');
        }
        return sb.toString();
    }

    private static String toLowercase(String str) {
        return str.toLowerCase(Locale.ROOT);
    }

    static {
        $assertionsDisabled = !KeyStoreCredentialStore.class.desiredAssertionStatus();
        KEY_STORE_CREDENTIAL_STORE = KeyStoreCredentialStore.class.getSimpleName();
        validAttribtues = Arrays.asList(CREATE, CRYPTOALG, EXTERNAL, EXTERNALPATH, KEYALIAS, KEYSTORETYPE, LOCATION, MODIFIABLE);
        INDEX_PATTERN = Pattern.compile("(.+)/([a-z0-9_]+)/([-a-z0-9_]+)?/([2-7a-z]+)?$");
        HashMap hashMap = new HashMap();
        for (Class cls : Arrays.asList(PasswordCredential.class, X509CertificateChainPublicCredential.class, X509CertificateChainPrivateCredential.class, KeyPairCredential.class, PublicKeyCredential.class, SecretKeyCredential.class, BearerTokenCredential.class)) {
            hashMap.put(cls.getSimpleName().toLowerCase(Locale.ROOT), cls);
        }
        CREDENTIAL_TYPES = hashMap;
    }
}
