package org.sonatype.nexus.ssl.internal.geronimo;

import java.io.IOException;
import java.security.InvalidKeyException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.annotation.concurrent.NotThreadSafe;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.sonatype.nexus.crypto.CryptoHelper;
import org.sonatype.nexus.ssl.CertificateUtil;
import org.sonatype.nexus.ssl.KeyNotFoundException;
import org.sonatype.nexus.ssl.KeystoreException;
import org.sonatype.nexus.ssl.spi.KeyStoreStorage;

@NotThreadSafe
/* loaded from: input_file:org/sonatype/nexus/ssl/internal/geronimo/FileKeystoreInstance.class */
public class FileKeystoreInstance implements KeystoreInstance {
    private static final Logger log = LoggerFactory.getLogger(FileKeystoreInstance.class);
    private final CryptoHelper crypto;
    private KeyStoreStorage storage;
    private String keystoreName;
    private String keystoreType;
    private char[] keystorePassword;
    private char[] openPassword;
    private KeyStore keystore;
    private Map<String, char[]> keyPasswords = new HashMap();
    private List<String> privateKeys = new ArrayList();
    private List<String> trustCerts = new ArrayList();

    public FileKeystoreInstance(CryptoHelper cryptoHelper, KeyStoreStorage keyStoreStorage, String str, char[] cArr, String str2, Map<String, char[]> map) {
        this.crypto = cryptoHelper;
        this.storage = keyStoreStorage;
        this.keystoreName = str;
        this.keystoreType = str2;
        this.keystorePassword = cArr;
        if (map != null) {
            this.keyPasswords.putAll(map);
        }
        initializeKeystoreIfNotExist();
    }

    public String toString() {
        return String.valueOf(getClass().getSimpleName()) + "{storage=" + this.storage + ", keystoreType='" + this.keystoreType + "'}";
    }

    private void initializeKeystoreIfNotExist() {
        if (this.storage.exists()) {
            return;
        }
        log.debug("keystore does not exist, creating new one of type: {}", this.keystoreType);
        try {
            KeyStore createKeyStore = this.crypto.createKeyStore(this.keystoreType);
            createKeyStore.load(null, this.keystorePassword);
            this.keystore = createKeyStore;
            saveKeystore(this.keystorePassword);
            loadKeystoreData(this.keystorePassword);
        } catch (Exception e) {
            throw new IllegalArgumentException("Invalid keystore storage (" + this.storage + ")", e);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public String[] listPrivateKeys(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return (String[]) this.privateKeys.toArray(new String[this.privateKeys.size()]);
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public String[] listTrustCertificates(char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        return (String[]) this.trustCerts.toArray(new String[this.trustCerts.size()]);
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public void importTrustCertificate(Certificate certificate, String str, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            this.keystore.setCertificateEntry(str, certificate);
            this.trustCerts.add(str);
            saveKeystore(cArr);
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to set certificate entry in keystore '" + this.keystoreName + "' for alias '" + str + "'", e);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public void generateKeyPair(String str, char[] cArr, char[] cArr2, String str2, int i, String str3, int i2, String str4, String str5, String str6, String str7, String str8, String str9) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            KeyPairGenerator createKeyPairGenerator = this.crypto.createKeyPairGenerator(str2);
            createKeyPairGenerator.initialize(i);
            KeyPair generateKeyPair = createKeyPairGenerator.generateKeyPair();
            this.keystore.setKeyEntry(str, generateKeyPair.getPrivate(), cArr2, new Certificate[]{generateCertificate(generateKeyPair.getPublic(), generateKeyPair.getPrivate(), str3, i2, str4, str5, str6, str7, str8, str9)});
            this.privateKeys.add(str);
            this.keyPasswords.put(str, cArr2);
            saveKeystore(cArr);
        } catch (InvalidKeyException e) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e);
        } catch (KeyStoreException e2) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e3);
        } catch (SignatureException e4) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e4);
        } catch (CertificateEncodingException e5) {
            throw new KeystoreException("Unable to generate key pair in keystore '" + this.keystoreName + "'", e5);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public void deleteEntry(String str, char[] cArr) throws KeystoreException {
        if (cArr == null) {
            throw new NullPointerException("storePassword is null");
        }
        ensureLoaded(cArr);
        try {
            this.keystore.deleteEntry(str);
            this.privateKeys.remove(str);
            this.trustCerts.remove(str);
            if (this.keyPasswords.containsKey(str)) {
                this.keyPasswords.remove(str);
            }
            saveKeystore(cArr);
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to delete key in keystore '" + this.keystoreName + "' for alias '" + str + "'", e);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public KeyManager[] getKeyManager(String str, String str2, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            KeyManagerFactory createKeyManagerFactory = this.crypto.createKeyManagerFactory(str);
            if (this.privateKeys.size() == 1) {
                createKeyManagerFactory.init(this.keystore, this.keyPasswords.get(str2));
            } else {
                KeyStore keyStore = KeyStore.getInstance(this.keystore.getType(), this.keystore.getProvider());
                try {
                    keyStore.load(null, null);
                } catch (IOException unused) {
                } catch (NoSuchAlgorithmException unused2) {
                } catch (CertificateException unused3) {
                }
                keyStore.setKeyEntry(str2, this.keystore.getKey(str2, this.keyPasswords.get(str2)), this.keyPasswords.get(str2), this.keystore.getCertificateChain(str2));
                createKeyManagerFactory.init(keyStore, this.keyPasswords.get(str2));
            }
            return createKeyManagerFactory.getKeyManagers();
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeystoreException("Unable to retrieve key manager in keystore '" + this.keystoreName + "' for alias '" + str2 + "'", e3);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public TrustManager[] getTrustManager(String str, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            TrustManagerFactory createTrustManagerFactory = this.crypto.createTrustManagerFactory(str);
            createTrustManagerFactory.init(this.keystore);
            return createTrustManagerFactory.getTrustManagers();
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve trust manager in keystore '" + this.keystoreName + "'", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeystoreException("Unable to retrieve trust manager in keystore '" + this.keystoreName + "'", e2);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public PrivateKey getPrivateKey(String str, char[] cArr, char[] cArr2) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            PrivateKey privateKey = (PrivateKey) this.keystore.getKey(str, cArr2);
            if (privateKey == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain a private key with alias '" + str + "'.");
            }
            return privateKey;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new KeystoreException("Unable to retrieve private key from keystore", e3);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public Certificate getCertificate(String str, char[] cArr) throws KeystoreException {
        ensureLoaded(cArr);
        try {
            Certificate certificate = this.keystore.getCertificate(str);
            if (certificate == null) {
                throw new KeyNotFoundException("Keystore '" + this.keystoreName + "' does not contain a certificate with alias '" + str + "'.");
            }
            return certificate;
        } catch (KeyStoreException e) {
            throw new KeystoreException("Unable to retrieve certificate from keystore", e);
        }
    }

    @Override // org.sonatype.nexus.ssl.internal.geronimo.KeystoreInstance
    public Certificate getCertificate(String str) {
        try {
            return this.keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            log.error("Unable to read certificate from keystore", e);
            return null;
        }
    }

    private void loadKeystoreData(char[] cArr) throws KeystoreException {
        try {
            KeyStore createKeyStore = this.crypto.createKeyStore(this.keystoreType);
            this.storage.load(createKeyStore, cArr);
            this.keystore = createKeyStore;
            this.privateKeys.clear();
            this.trustCerts.clear();
            this.openPassword = cArr;
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keystore.isKeyEntry(nextElement)) {
                    this.privateKeys.add(nextElement);
                } else if (this.keystore.isCertificateEntry(nextElement)) {
                    this.trustCerts.add(nextElement);
                }
            }
        } catch (IOException e) {
            throw new KeystoreException("Unable to open keystore with provided password", e);
        } catch (KeyStoreException e2) {
            throw new KeystoreException("Unable to open keystore with provided password", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeystoreException("Unable to open keystore with provided password", e3);
        } catch (CertificateException e4) {
            throw new KeystoreException("Unable to open keystore with provided password", e4);
        }
    }

    private boolean isLoaded(char[] cArr) {
        if (this.openPassword == null || this.openPassword.length != cArr.length || this.storage.modified()) {
            return false;
        }
        for (int i = 0; i < cArr.length; i++) {
            if (cArr[i] != this.openPassword[i]) {
                return false;
            }
        }
        return true;
    }

    private void ensureLoaded(char[] cArr) throws KeystoreException {
        char[] cArr2 = cArr == null ? this.keystorePassword : cArr;
        if (isLoaded(cArr2)) {
            return;
        }
        loadKeystoreData(cArr2);
    }

    private X509Certificate generateCertificate(PublicKey publicKey, PrivateKey privateKey, String str, int i, String str2, String str3, String str4, String str5, String str6, String str7) throws SignatureException, InvalidKeyException, NoSuchAlgorithmException, CertificateEncodingException {
        return CertificateUtil.generateCertificate(publicKey, privateKey, str, i, str2, str3, str4, str5, str6, str7);
    }

    private void saveKeystore(char[] cArr) throws KeystoreException {
        try {
            this.storage.save(this.keystore, cArr);
        } catch (IOException e) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e);
        } catch (KeyStoreException e2) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e2);
        } catch (NoSuchAlgorithmException e3) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e3);
        } catch (CertificateException e4) {
            throw new KeystoreException("Unable to save keystore '" + this.keystoreName + "'", e4);
        }
    }
}
