package com.wso2.openbanking.accelerator.common.identity.retriever;

import com.wso2.openbanking.accelerator.common.exception.OpenBankingException;
import com.wso2.openbanking.accelerator.common.identity.IdentityConstants;
import com.wso2.openbanking.accelerator.common.util.HTTPClientUtils;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.util.Optional;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.base.ServerConfiguration;

/* loaded from: input_file:com/wso2/openbanking/accelerator/common/identity/retriever/ServerIdentityRetriever.class */
public class ServerIdentityRetriever {
    private static KeyStore keyStore;
    private static char[] keyStorePassword;
    private static final Log log = LogFactory.getLog(ServerIdentityRetriever.class);

    public static Optional<Key> getPrimaryCertificate(IdentityConstants.CertificateType certificateType, IdentityConstants.EnvironmentType environmentType) throws OpenBankingException {
        if (certificateType.equals(IdentityConstants.CertificateType.SIGNING)) {
            Optional<String> certAlias = getCertAlias(certificateType, environmentType);
            if (certAlias.isPresent()) {
                try {
                    return Optional.of(keyStore.getKey(certAlias.get(), keyStorePassword));
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    throw new OpenBankingException("Unable to retrieve certificate", e);
                }
            }
        }
        return Optional.empty();
    }

    public static Optional<Key> getPrimaryCertificate(IdentityConstants.CertificateType certificateType) throws OpenBankingException {
        return getPrimaryCertificate(certificateType, IdentityConstants.EnvironmentType.PRODUCTION);
    }

    public static Certificate getCertificate(String str) throws KeyStoreException {
        return keyStore.getCertificate(str);
    }

    public static Optional<String> getCertAlias(IdentityConstants.CertificateType certificateType) throws OpenBankingException {
        return getCertAlias(certificateType, IdentityConstants.EnvironmentType.PRODUCTION);
    }

    public static Optional<String> getCertAlias(IdentityConstants.CertificateType certificateType, IdentityConstants.EnvironmentType environmentType) throws OpenBankingException {
        Optional<String> empty = Optional.empty();
        if (certificateType.equals(IdentityConstants.CertificateType.SIGNING)) {
            if (keyStore == null) {
                throw new OpenBankingException("Internal Key Store not initialized");
            }
            empty = environmentType == IdentityConstants.EnvironmentType.SANDBOX ? IdentityConstants.SANDBOX_SIGNING_CERT_ALIAS : IdentityConstants.PRIMARY_SIGNING_CERT_ALIAS;
        }
        return empty;
    }

    static {
        keyStore = null;
        String firstProperty = ServerConfiguration.getInstance().getFirstProperty(IdentityConstants.KEYSTORE_LOCATION_CONF_KEY);
        String firstProperty2 = ServerConfiguration.getInstance().getFirstProperty(IdentityConstants.KEYSTORE_PASS_CONF_KEY);
        try {
            keyStore = HTTPClientUtils.loadKeyStore(firstProperty, firstProperty2);
            keyStorePassword = firstProperty2.toCharArray();
        } catch (OpenBankingException e) {
            log.error("Unable to load InternalKeyStore", e);
        }
    }
}
