package com.fortanix.sdkms.jce.provider;

import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fortanix.sdkms.jce.provider.config.Configuration;
import com.fortanix.sdkms.jce.provider.constants.ProviderConstants;
import com.fortanix.sdkms.jce.provider.keys.SdkmsKey;
import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.jce.provider.service.SdkmsCertificateService;
import com.fortanix.sdkms.jce.provider.service.SdkmsKeyService;
import com.fortanix.sdkms.v1.model.KeyObject;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectInputStream;
import java.io.OutputStream;
import java.io.Serializable;
import java.io.StreamCorruptedException;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.ProviderException;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Map;
import java.util.Random;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Hex;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/LocalKeyStore.class */
public final class LocalKeyStore extends KeyStore {
    private static final String IN_KEYSTORE = " in keystore";
    private static final String FROM_KEYSTORE = " from keystore";
    private static final String NOT_FOUND_FROM_KEYSTORE = " not found from keystore";
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(LocalKeyStore.class));
    private static final ObjectMapper OBJECT_MAPPER = new ObjectMapper();

    @Deprecated
    private final Hashtable<String, Object> deprecated_store = new Hashtable<>();
    private final HashMap<String, KeyStoreEntry> store = new HashMap<>();
    private Random rand = new SecureRandom();

    /* JADX INFO: Access modifiers changed from: private */
    @Deprecated
    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/LocalKeyStore$KeyEntry.class */
    public static class KeyEntry implements Serializable {
        private static final long serialVersionUID = -5142363665585798533L;
        String name;
        Date date;

        private KeyEntry() {
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/LocalKeyStore$KeyStoreEntry.class */
    public static class KeyStoreEntry {
        public String keyName;
        public Date date;
        public String[] chain;
        public String certId;
        public boolean isCertEntry;

        private KeyStoreEntry() {
            this.isCertEntry = false;
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Deprecated
    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/LocalKeyStore$PrivateKeyEntry.class */
    public static class PrivateKeyEntry extends KeyEntry implements Serializable {
        private static final long serialVersionUID = -6193851493258721062L;
        String[] chain;

        private PrivateKeyEntry() {
            super();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Deprecated
    /* loaded from: input_file:com/fortanix/sdkms/jce/provider/LocalKeyStore$TrustedCertEntry.class */
    public static class TrustedCertEntry implements Serializable {
        private static final long serialVersionUID = 3753936163205389700L;
        Date date;
        String certId;

        private TrustedCertEntry() {
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        LOGGER.debug("Get key " + str + FROM_KEYSTORE);
        KeyStoreEntry keyStoreEntry = this.store.get(str);
        if (keyStoreEntry == null || keyStoreEntry.keyName.isEmpty()) {
            LOGGER.debug("key " + str + NOT_FOUND_FROM_KEYSTORE);
            return null;
        }
        try {
            KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(keyStoreEntry.keyName);
            if (securityObjectByName != null) {
                return SdkmsKeyService.getKeyFromKeyObject(securityObjectByName, false);
            }
            LOGGER.debug("key " + str + " not found in SDKMS");
            return null;
        } catch (InvalidKeyException e) {
            LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            return null;
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        LOGGER.debug("Get certificate chain " + str + FROM_KEYSTORE);
        KeyStoreEntry keyStoreEntry = this.store.get(str);
        if (keyStoreEntry == null) {
            LOGGER.debug("certificate chain " + str + NOT_FOUND_FROM_KEYSTORE);
            return null;
        }
        int length = keyStoreEntry.chain == null ? 0 : keyStoreEntry.chain.length;
        Certificate[] certificateArr = new Certificate[length];
        for (int i = 0; i < length; i++) {
            try {
                KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(keyStoreEntry.chain[i]);
                if (securityObjectByName != null) {
                    certificateArr[i] = CertificateFactory.getInstance(ProviderConstants.X509_KEY_FORMAT, "SUN").generateCertificate(new ByteArrayInputStream(securityObjectByName.getValue()));
                }
            } catch (NoSuchProviderException | CertificateException e) {
                LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            }
        }
        return certificateArr;
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        LOGGER.debug("Get certificate " + str + FROM_KEYSTORE);
        KeyStoreEntry keyStoreEntry = this.store.get(str);
        if (keyStoreEntry == null) {
            LOGGER.debug("certificate " + str + NOT_FOUND_FROM_KEYSTORE);
            return null;
        }
        String str2 = null;
        if (keyStoreEntry.isCertEntry) {
            str2 = keyStoreEntry.certId;
        } else if (keyStoreEntry.chain != null && keyStoreEntry.chain.length > 0) {
            str2 = keyStoreEntry.chain[0];
        }
        if (str2 == null) {
            return null;
        }
        return super.engineGetCertificate(str2);
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        LOGGER.debug("Get key " + str + " creation date from keystore");
        return this.store.get(str).date;
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        LOGGER.debug("Adding key " + str + " to keystore");
        synchronized (this.store) {
            if (key instanceof PrivateKey) {
                setPrivateKeyEntry(str, key, certificateArr);
            } else {
                setSecretKeyEntry(str, key);
            }
        }
    }

    private void setPrivateKeyEntry(String str, Key key, Certificate[] certificateArr) {
        KeyStoreEntry keyStoreEntry = new KeyStoreEntry();
        keyStoreEntry.date = new Date();
        keyStoreEntry.keyName = str + getRandomString();
        if (!(key instanceof SdkmsKey)) {
            importPrivateKey(key, keyStoreEntry);
        } else if (((SdkmsKey) key).getKeyDescriptor().getTransientKey() != null) {
            SdkmsKeyService.persistKey(key, keyStoreEntry.keyName, null);
        } else {
            SdkmsKeyService.updateKey(((SdkmsKey) key).getKeyDescriptor(), keyStoreEntry.keyName, null);
        }
        if (certificateArr != null) {
            String[] strArr = new String[certificateArr.length];
            for (int i = 0; i < certificateArr.length; i++) {
                String str2 = keyStoreEntry.keyName + "-certificate-" + i;
                SdkmsCertificateService.importCertificate(certificateArr[i], str2, null);
                strArr[i] = str2;
            }
            keyStoreEntry.chain = strArr;
        }
        this.store.put(str, keyStoreEntry);
    }

    private void setSecretKeyEntry(String str, Key key) {
        KeyStoreEntry keyStoreEntry = new KeyStoreEntry();
        keyStoreEntry.date = new Date();
        keyStoreEntry.keyName = str + getRandomString();
        if (!(key instanceof SdkmsKey)) {
            importSecretKey(key, keyStoreEntry);
        } else if (((SdkmsKey) key).getKeyDescriptor().getTransientKey() != null) {
            SdkmsKeyService.persistKey(key, keyStoreEntry.keyName, null);
        } else {
            SdkmsKeyService.updateKey(((SdkmsKey) key).getKeyDescriptor(), keyStoreEntry.keyName, null);
        }
        this.store.put(str, keyStoreEntry);
    }

    private void importPrivateKey(Key key, KeyStoreEntry keyStoreEntry) {
        LOGGER.debug("Importing key into SDKMS");
        try {
            SdkmsKeyService.updateKey(((SdkmsKey) KeyFactory.getInstance(key.getAlgorithm(), Configuration.getInstance().getProviderName()).generatePrivate(new PKCS8EncodedKeySpec(key.getEncoded()))).getKeyDescriptor(), keyStoreEntry.keyName, null);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            LOGGER.logAndRaiseProviderException("Failed to import private key ", e);
        }
    }

    private void importSecretKey(Key key, KeyStoreEntry keyStoreEntry) {
        LOGGER.debug("Importing key into keystore");
        try {
            SdkmsKeyService.updateKey(((SdkmsKey) SecretKeyFactory.getInstance(key.getAlgorithm(), Configuration.getInstance().getProviderName()).generateSecret(new SecretKeySpec(key.getEncoded(), key.getAlgorithm()))).getKeyDescriptor(), keyStoreEntry.keyName, null);
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
            LOGGER.logAndRaiseProviderException("Failed to import secret key", e);
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        LOGGER.debug("Adding certificate " + str + " to keystore");
        synchronized (this.store) {
            try {
                KeyStoreEntry keyStoreEntry = new KeyStoreEntry();
                String str2 = str + getRandomString() + "-certificate";
                super.setCertificateEntry(str2, certificate, null);
                keyStoreEntry.certId = str2;
                keyStoreEntry.date = new Date();
                keyStoreEntry.isCertEntry = true;
                this.store.put(str, keyStoreEntry);
            } catch (KeyStoreException e) {
                LOGGER.logAndRaiseProviderException("Failed to add certificate to keystore", e);
            }
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        LOGGER.debug("Deleting entry " + str + FROM_KEYSTORE);
        synchronized (this.store) {
            KeyStoreEntry keyStoreEntry = this.store.get(str);
            if (keyStoreEntry.isCertEntry) {
                KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(keyStoreEntry.certId);
                if (securityObjectByName != null) {
                    SdkmsKeyService.deleteKey(securityObjectByName.getKid());
                }
            } else {
                KeyObject securityObjectByName2 = SdkmsKeyService.getSecurityObjectByName(keyStoreEntry.keyName);
                if (securityObjectByName2 != null) {
                    SdkmsKeyService.deleteKey(securityObjectByName2.getKid());
                }
                if (keyStoreEntry.chain != null) {
                    int i = 0;
                    for (int i2 = 0; i2 < keyStoreEntry.chain.length; i2++) {
                        KeyObject securityObjectByName3 = SdkmsKeyService.getSecurityObjectByName(keyStoreEntry.chain[i2]);
                        if (securityObjectByName3 != null) {
                            try {
                                SdkmsKeyService.deleteKey(securityObjectByName3.getKid());
                            } catch (Exception e) {
                                i++;
                                LOGGER.warn("Ignoring certificate deletion failure in SDKMS: " + keyStoreEntry.chain[i2], e);
                            }
                        }
                    }
                    if (i > 0) {
                        LOGGER.logAndRaiseProviderException("Failed to delete certificate chain", null);
                    }
                }
            }
            this.store.remove(str);
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        LOGGER.debug("Get All aliases from keystore");
        return Collections.enumeration(this.store.keySet());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        LOGGER.debug("Contains check for alias " + str + IN_KEYSTORE);
        return this.store.containsKey(str);
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public int engineSize() {
        LOGGER.debug("Get keystore size");
        return this.store.size();
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        LOGGER.debug("Is key entry check for alias " + str + IN_KEYSTORE);
        KeyStoreEntry keyStoreEntry = this.store.get(str);
        return (keyStoreEntry == null || keyStoreEntry.isCertEntry) ? false : true;
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        LOGGER.debug("Is certificate entry check for alias " + str + IN_KEYSTORE);
        KeyStoreEntry keyStoreEntry = this.store.get(str);
        if (keyStoreEntry == null) {
            return false;
        }
        return keyStoreEntry.isCertEntry;
    }

    /* JADX WARN: Can't wrap try/catch for region: R(8:4|(2:33|34)(3:6|(2:11|12)|26)|13|14|16|(3:18|19|(3:21|22|23)(1:25))(1:27)|26|2) */
    /* JADX WARN: Code restructure failed: missing block: B:28:0x0093, code lost:
    
        r11 = move-exception;
     */
    /* JADX WARN: Code restructure failed: missing block: B:29:0x0095, code lost:
    
        com.fortanix.sdkms.jce.provider.LocalKeyStore.LOGGER.logAndRaiseProviderException("Failed to get alias for certificate", r11);
     */
    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.lang.String engineGetCertificateAlias(java.security.cert.Certificate r6) {
        /*
            r5 = this;
            com.fortanix.sdkms.jce.provider.service.SDKMSLogger r0 = com.fortanix.sdkms.jce.provider.LocalKeyStore.LOGGER
            java.lang.String r1 = "Get alias for certificate in keystore"
            r0.debug(r1)
            r0 = 0
            r7 = r0
            r0 = r5
            java.util.HashMap<java.lang.String, com.fortanix.sdkms.jce.provider.LocalKeyStore$KeyStoreEntry> r0 = r0.store
            java.util.Set r0 = r0.keySet()
            java.util.Iterator r0 = r0.iterator()
            r8 = r0
        L17:
            r0 = r8
            boolean r0 = r0.hasNext()
            if (r0 == 0) goto La2
            r0 = r8
            java.lang.Object r0 = r0.next()
            java.lang.String r0 = (java.lang.String) r0
            r9 = r0
            r0 = r5
            java.util.HashMap<java.lang.String, com.fortanix.sdkms.jce.provider.LocalKeyStore$KeyStoreEntry> r0 = r0.store
            r1 = r9
            java.lang.Object r0 = r0.get(r1)
            com.fortanix.sdkms.jce.provider.LocalKeyStore$KeyStoreEntry r0 = (com.fortanix.sdkms.jce.provider.LocalKeyStore.KeyStoreEntry) r0
            r10 = r0
            r0 = r10
            boolean r0 = r0.isCertEntry
            if (r0 == 0) goto L4a
            r0 = r10
            java.lang.String r0 = r0.certId
            r7 = r0
            goto L63
        L4a:
            r0 = r10
            java.lang.String[] r0 = r0.chain
            if (r0 == 0) goto L17
            r0 = r10
            java.lang.String[] r0 = r0.chain
            int r0 = r0.length
            if (r0 <= 0) goto L17
            r0 = r10
            java.lang.String[] r0 = r0.chain
            r1 = 0
            r0 = r0[r1]
            r7 = r0
        L63:
            r0 = r7
            boolean r0 = r0.isEmpty()     // Catch: java.security.cert.CertificateEncodingException -> L93
            if (r0 != 0) goto L90
            r0 = r7
            com.fortanix.sdkms.v1.model.KeyObject r0 = com.fortanix.sdkms.jce.provider.service.SdkmsKeyService.getSecurityObjectByName(r0)     // Catch: java.security.cert.CertificateEncodingException -> L93
            r11 = r0
            java.lang.String r0 = new java.lang.String     // Catch: java.security.cert.CertificateEncodingException -> L93
            r1 = r0
            r2 = r6
            byte[] r2 = r2.getEncoded()     // Catch: java.security.cert.CertificateEncodingException -> L93
            r1.<init>(r2)     // Catch: java.security.cert.CertificateEncodingException -> L93
            java.lang.String r1 = new java.lang.String     // Catch: java.security.cert.CertificateEncodingException -> L93
            r2 = r1
            r3 = r11
            byte[] r3 = r3.getValue()     // Catch: java.security.cert.CertificateEncodingException -> L93
            r2.<init>(r3)     // Catch: java.security.cert.CertificateEncodingException -> L93
            boolean r0 = r0.equalsIgnoreCase(r1)     // Catch: java.security.cert.CertificateEncodingException -> L93
            if (r0 == 0) goto L90
            r0 = r9
            return r0
        L90:
            goto L9f
        L93:
            r11 = move-exception
            com.fortanix.sdkms.jce.provider.service.SDKMSLogger r0 = com.fortanix.sdkms.jce.provider.LocalKeyStore.LOGGER
            java.lang.String r1 = "Failed to get alias for certificate"
            r2 = r11
            r0.logAndRaiseProviderException(r1, r2)
        L9f:
            goto L17
        La2:
            r0 = 0
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: com.fortanix.sdkms.jce.provider.LocalKeyStore.engineGetCertificateAlias(java.security.cert.Certificate):java.lang.String");
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
        LOGGER.debug("Saving keystore");
        if (outputStream == null) {
            throw new ProviderException("Invalid output stream");
        }
        synchronized (this.store) {
            OBJECT_MAPPER.writeValue(outputStream, this.store);
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
        LOGGER.debug("Loading keystore");
        if (inputStream == null) {
            return;
        }
        ByteArrayOutputStream copyInputStream = copyInputStream(inputStream);
        ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(copyInputStream.toByteArray());
        synchronized (this.store) {
            try {
                ObjectInputStream objectInputStream = new ObjectInputStream(byteArrayInputStream);
                Hashtable hashtable = (Hashtable) objectInputStream.readObject();
                objectInputStream.close();
                Enumeration keys = hashtable.keys();
                while (keys.hasMoreElements()) {
                    String str = (String) keys.nextElement();
                    this.store.put(str, objectToKeyStoreEntry(hashtable.get(str)));
                }
            } catch (StreamCorruptedException e) {
                byteArrayInputStream.close();
                try {
                    this.store.putAll((Map) OBJECT_MAPPER.readValue(copyInputStream.toByteArray(), new TypeReference<Map<String, KeyStoreEntry>>() { // from class: com.fortanix.sdkms.jce.provider.LocalKeyStore.1
                    }));
                } catch (Exception e2) {
                    LOGGER.logAndRaiseProviderException(e2.getMessage(), e2);
                }
            } catch (ClassNotFoundException e3) {
                byteArrayInputStream.close();
                LOGGER.logAndRaiseProviderException("Failed to load keystore", e3);
                this.store.putAll((Map) OBJECT_MAPPER.readValue(copyInputStream.toByteArray(), new TypeReference<Map<String, KeyStoreEntry>>() { // from class: com.fortanix.sdkms.jce.provider.LocalKeyStore.1
                }));
            }
        }
    }

    private ByteArrayOutputStream copyInputStream(InputStream inputStream) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        byte[] bArr = new byte[1024];
        while (true) {
            int read = inputStream.read(bArr);
            if (read <= -1) {
                byteArrayOutputStream.flush();
                inputStream.close();
                return byteArrayOutputStream;
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private String getRandomString() {
        byte[] bArr = new byte[6];
        this.rand.nextBytes(bArr);
        return " (" + Hex.encodeHexString(bArr, false) + ")";
    }

    private KeyStoreEntry objectToKeyStoreEntry(Object obj) {
        KeyStoreEntry keyStoreEntry = new KeyStoreEntry();
        if (obj instanceof TrustedCertEntry) {
            keyStoreEntry.isCertEntry = true;
            keyStoreEntry.certId = ((TrustedCertEntry) obj).certId;
            keyStoreEntry.date = ((TrustedCertEntry) obj).date;
            return keyStoreEntry;
        }
        if (obj instanceof PrivateKeyEntry) {
            keyStoreEntry.chain = ((PrivateKeyEntry) obj).chain;
        }
        keyStoreEntry.keyName = ((KeyEntry) obj).name;
        keyStoreEntry.date = ((KeyEntry) obj).date;
        return keyStoreEntry;
    }
}
