package org.cesecore.keys.token;

import java.io.IOException;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Vector;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.SecretKey;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/cesecore/keys/token/CachingKeyStoreWrapper.class */
public class CachingKeyStoreWrapper {
    private static final Logger log = Logger.getLogger(CachingKeyStoreWrapper.class);
    private final KeyStore keyStore;
    private final boolean cachingEnabled;
    private final ReentrantLock updateLock = new ReentrantLock(false);
    private HashMap<String, KeyStoreMapEntry> keyStoreCache = new HashMap<>();

    /* loaded from: input_file:org/cesecore/keys/token/CachingKeyStoreWrapper$KeyStoreMapEntry.class */
    private class KeyStoreMapEntry {
        Key key;
        Certificate[] certificateChain;

        private KeyStoreMapEntry() {
        }
    }

    @Deprecated
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public CachingKeyStoreWrapper(KeyStore keyStore, boolean z) throws KeyStoreException {
        Certificate certificate;
        this.keyStore = keyStore;
        this.cachingEnabled = z;
        if (log.isDebugEnabled()) {
            log.debug("cachingEnabled: " + z);
        }
        if (z) {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (log.isDebugEnabled()) {
                    log.debug("KeyStore has alias: " + nextElement);
                }
                KeyStoreMapEntry keyStoreMapEntry = new KeyStoreMapEntry();
                keyStoreMapEntry.certificateChain = keyStore.getCertificateChain(nextElement);
                if (keyStoreMapEntry.certificateChain == null && (certificate = keyStore.getCertificate(nextElement)) != null) {
                    keyStoreMapEntry.certificateChain = new Certificate[]{certificate};
                }
                this.keyStoreCache.put(nextElement, keyStoreMapEntry);
            }
        }
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        if (!this.cachingEnabled) {
            return this.keyStore.getCertificate(str);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null || keyStoreMapEntry.certificateChain == null || keyStoreMapEntry.certificateChain.length == 0) {
            return null;
        }
        return keyStoreMapEntry.certificateChain[0];
    }

    public void setCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.keyStore.setCertificateEntry(str, certificate);
        if (this.cachingEnabled) {
            this.updateLock.lock();
            try {
                HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.keyStoreCache);
                KeyStoreMapEntry keyStoreMapEntry = hashMap.get(str);
                if (keyStoreMapEntry == null) {
                    keyStoreMapEntry = new KeyStoreMapEntry();
                }
                keyStoreMapEntry.certificateChain = new Certificate[]{certificate};
                hashMap.put(str, keyStoreMapEntry);
                this.keyStoreCache = hashMap;
                this.updateLock.unlock();
                if (log.isDebugEnabled()) {
                    log.debug("Updated certificate entry in cache for alias: " + str);
                }
            } catch (Throwable th) {
                this.updateLock.unlock();
                throw th;
            }
        }
    }

    public Enumeration<String> aliases() throws KeyStoreException {
        return this.cachingEnabled ? new Vector(this.keyStoreCache.keySet()).elements() : this.keyStore.aliases();
    }

    public void store(OutputStream outputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.keyStore.store(outputStream, cArr);
    }

    public void setKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, key, cArr, certificateArr);
        if (this.cachingEnabled) {
            KeyStoreMapEntry keyStoreMapEntry = new KeyStoreMapEntry();
            keyStoreMapEntry.certificateChain = certificateArr;
            keyStoreMapEntry.key = key;
            this.updateLock.lock();
            try {
                HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.keyStoreCache);
                hashMap.put(str, keyStoreMapEntry);
                this.keyStoreCache = hashMap;
                this.updateLock.unlock();
                if (log.isDebugEnabled()) {
                    log.debug("Updated key entry in cache for alias: " + str);
                }
            } catch (Throwable th) {
                this.updateLock.unlock();
                throw th;
            }
        }
    }

    public void deleteEntry(String str) throws KeyStoreException {
        this.keyStore.deleteEntry(str);
        if (this.cachingEnabled) {
            this.updateLock.lock();
            try {
                HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.keyStoreCache);
                hashMap.remove(str);
                this.keyStoreCache = hashMap;
                this.updateLock.unlock();
                if (log.isDebugEnabled()) {
                    log.debug("Removed entry from cache for alias: " + str);
                }
            } catch (Throwable th) {
                this.updateLock.unlock();
                throw th;
            }
        }
    }

    public KeyStore.Entry getEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
        if (!this.cachingEnabled) {
            return this.keyStore.getEntry(str, protectionParameter);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null) {
            return null;
        }
        if (keyStoreMapEntry.key instanceof PrivateKey) {
            return new KeyStore.PrivateKeyEntry((PrivateKey) keyStoreMapEntry.key, keyStoreMapEntry.certificateChain);
        }
        if (keyStoreMapEntry.key instanceof SecretKey) {
            return new KeyStore.SecretKeyEntry((SecretKey) keyStoreMapEntry.key);
        }
        if (keyStoreMapEntry.certificateChain == null || keyStoreMapEntry.certificateChain.length <= 0) {
            return null;
        }
        return new KeyStore.TrustedCertificateEntry(keyStoreMapEntry.certificateChain[0]);
    }

    public void setEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        this.keyStore.setEntry(str, entry, protectionParameter);
        if (this.cachingEnabled) {
            KeyStoreMapEntry keyStoreMapEntry = new KeyStoreMapEntry();
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) entry;
                keyStoreMapEntry.certificateChain = privateKeyEntry.getCertificateChain();
                keyStoreMapEntry.key = privateKeyEntry.getPrivateKey();
            } else if (entry instanceof KeyStore.SecretKeyEntry) {
                keyStoreMapEntry.certificateChain = null;
                keyStoreMapEntry.key = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            } else {
                keyStoreMapEntry.certificateChain = new Certificate[]{((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate()};
                keyStoreMapEntry.key = null;
            }
            this.updateLock.lock();
            try {
                HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.keyStoreCache);
                hashMap.put(str, keyStoreMapEntry);
                this.keyStoreCache = hashMap;
                this.updateLock.unlock();
            } catch (Throwable th) {
                this.updateLock.unlock();
                throw th;
            }
        }
    }

    public Provider getProvider() {
        return this.keyStore.getProvider();
    }

    public Key getKey(String str, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        if (!this.cachingEnabled) {
            return this.keyStore.getKey(str, cArr);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null) {
            return null;
        }
        if (keyStoreMapEntry.key == null) {
            this.updateLock.lock();
            try {
                if (keyStoreMapEntry.key == null) {
                    keyStoreMapEntry.key = this.keyStore.getKey(str, cArr);
                }
                if (log.isDebugEnabled()) {
                    log.debug("Caching key for alias: " + str);
                }
            } finally {
                this.updateLock.unlock();
            }
        }
        return keyStoreMapEntry.key;
    }
}
