package org.cesecore.keys.token;

import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Vector;
import java.util.concurrent.locks.ReentrantLock;
import javax.crypto.SecretKey;
import org.apache.log4j.Logger;

/* loaded from: input_file:org/cesecore/keys/token/CachingKeyStoreWrapper.class */
public class CachingKeyStoreWrapper {
    private static final Logger log = Logger.getLogger(CachingKeyStoreWrapper.class);
    private final ReentrantLock updateLock = new ReentrantLock(false);
    private final KeyStore keyStore;
    private final KeyStoreCache keyStoreCache;

    /* loaded from: input_file:org/cesecore/keys/token/CachingKeyStoreWrapper$KeyStoreCache.class */
    private class KeyStoreCache {
        private HashMap<String, KeyStoreMapEntry> cache = new HashMap<>();

        public KeyStoreCache(KeyStore keyStore) throws KeyStoreException {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                this.cache.put(CachingKeyStoreWrapper.this.fixBadUTF8(nextElement), new KeyStoreMapEntry(nextElement, keyStore));
                if (CachingKeyStoreWrapper.log.isDebugEnabled()) {
                    CachingKeyStoreWrapper.log.debug("KeyStore has alias: " + nextElement);
                }
            }
        }

        public void addEntry(String str, KeyStoreMapEntry keyStoreMapEntry) {
            HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.cache);
            hashMap.put(str, keyStoreMapEntry);
            this.cache = hashMap;
        }

        public void removeEntry(String str) {
            HashMap<String, KeyStoreMapEntry> hashMap = new HashMap<>(this.cache);
            hashMap.remove(str);
            this.cache = hashMap;
        }

        public KeyStoreMapEntry get(String str) {
            return this.cache.get(str);
        }

        public Enumeration<String> getAliases() {
            return new Vector(this.cache.keySet()).elements();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/cesecore/keys/token/CachingKeyStoreWrapper$KeyStoreMapEntry.class */
    public class KeyStoreMapEntry {
        public final Key key;
        public final Certificate[] certificateChain;
        public final boolean isTrusted;
        static final /* synthetic */ boolean $assertionsDisabled;

        public KeyStoreMapEntry(String str, KeyStore keyStore) throws KeyStoreException {
            Key key;
            if (keyStore.isCertificateEntry(str)) {
                this.certificateChain = new Certificate[]{keyStore.getCertificate(str)};
                this.key = null;
                this.isTrusted = true;
                return;
            }
            this.isTrusted = false;
            this.certificateChain = keyStore.getCertificateChain(str);
            try {
                key = keyStore.getKey(str, null);
            } catch (KeyStoreException e) {
                throw e;
            } catch (Exception e2) {
                key = null;
            }
            this.key = key;
        }

        public KeyStoreMapEntry(String str, KeyStore keyStore, char[] cArr, KeyStoreMapEntry keyStoreMapEntry) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
            if (!$assertionsDisabled && keyStoreMapEntry.isTrusted) {
                throw new AssertionError();
            }
            this.isTrusted = false;
            this.certificateChain = keyStoreMapEntry.certificateChain;
            this.key = keyStore.getKey(str, cArr);
        }

        public KeyStoreMapEntry(Certificate certificate) {
            this.key = null;
            this.isTrusted = true;
            this.certificateChain = new Certificate[]{certificate};
        }

        public KeyStoreMapEntry(Certificate[] certificateArr, Key key) {
            this.key = key;
            this.isTrusted = false;
            this.certificateChain = certificateArr;
        }

        public KeyStoreMapEntry(CachingKeyStoreWrapper cachingKeyStoreWrapper, String str, KeyStore.ProtectionParameter protectionParameter, KeyStore keyStore) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
            this(keyStore.getEntry(str, protectionParameter));
        }

        public KeyStoreMapEntry(KeyStore.Entry entry) {
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                this.key = ((KeyStore.PrivateKeyEntry) entry).getPrivateKey();
                this.certificateChain = ((KeyStore.PrivateKeyEntry) entry).getCertificateChain();
                this.isTrusted = false;
            } else if (entry instanceof KeyStore.SecretKeyEntry) {
                this.key = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
                this.certificateChain = null;
                this.isTrusted = false;
            } else {
                if (!(entry instanceof KeyStore.TrustedCertificateEntry)) {
                    throw new Error("It should not be possible to reach this point!");
                }
                this.key = null;
                this.certificateChain = new Certificate[]{((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate()};
                this.isTrusted = true;
            }
        }

        public KeyStore.Entry getEntry() {
            if (!this.isTrusted) {
                if ($assertionsDisabled || this.key != null) {
                    return this.certificateChain != null ? new KeyStore.PrivateKeyEntry((PrivateKey) this.key, this.certificateChain) : new KeyStore.SecretKeyEntry((SecretKey) this.key);
                }
                throw new AssertionError();
            }
            if (!$assertionsDisabled && this.certificateChain == null) {
                throw new AssertionError();
            }
            if ($assertionsDisabled || this.certificateChain.length == 1) {
                return new KeyStore.TrustedCertificateEntry(this.certificateChain[0]);
            }
            throw new AssertionError();
        }

        static {
            $assertionsDisabled = !CachingKeyStoreWrapper.class.desiredAssertionStatus();
        }
    }

    private static boolean isSunP11(KeyStore keyStore) {
        return keyStore.getProvider().getName().indexOf("SunPKCS11") == 0;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public String fixBadUTF8(String str) {
        if (!isSunP11(this.keyStore)) {
            return str;
        }
        try {
            byte[] bytes = str.getBytes("UTF-16BE");
            byte[] bArr = new byte[bytes.length / 2];
            for (int i = 1; i < bytes.length; i += 2) {
                bArr[i / 2] = (byte) (bytes[i] & 255);
            }
            return new String(bArr, "UTF-8");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("UTF-16BE and UTF-8 must be implemented for all JREs.");
        }
    }

    private String makeBadUTF8(String str) {
        if (!isSunP11(this.keyStore)) {
            return str;
        }
        try {
            byte[] bytes = str.getBytes("UTF-8");
            byte[] bArr = new byte[bytes.length * 2];
            for (int i = 0; i < bytes.length; i++) {
                bArr[i * 2] = 0;
                bArr[(i * 2) + 1] = (byte) (bytes[i] & 255);
            }
            return new String(bArr, "UTF-16BE");
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("UTF-16BE and UTF-8 must be implemented for all JREs.");
        }
    }

    @Deprecated
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public CachingKeyStoreWrapper(KeyStore keyStore, boolean z) throws KeyStoreException {
        this.keyStore = keyStore;
        if (log.isDebugEnabled()) {
            log.debug("cachingEnabled: " + z);
        }
        if (z) {
            this.keyStoreCache = new KeyStoreCache(keyStore);
        } else {
            this.keyStoreCache = null;
        }
    }

    public Certificate getCertificate(String str) throws KeyStoreException {
        if (this.keyStoreCache == null) {
            return this.keyStore.getCertificate(str);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null || keyStoreMapEntry.certificateChain == null || keyStoreMapEntry.certificateChain.length == 0) {
            return null;
        }
        return keyStoreMapEntry.certificateChain[0];
    }

    public void setCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.keyStore.setCertificateEntry(str, certificate);
        if (this.keyStoreCache == null) {
            return;
        }
        this.updateLock.lock();
        try {
            this.keyStoreCache.addEntry(str, new KeyStoreMapEntry(certificate));
            if (log.isDebugEnabled()) {
                log.debug("Updated certificate entry in cache for alias: " + str);
            }
        } finally {
            this.updateLock.unlock();
        }
    }

    public Enumeration<String> aliases() throws KeyStoreException {
        return this.keyStoreCache == null ? this.keyStore.aliases() : this.keyStoreCache.getAliases();
    }

    public void store(OutputStream outputStream, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.keyStore.store(outputStream, cArr);
    }

    public void setKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, key, cArr, certificateArr);
        if (this.keyStoreCache == null) {
            return;
        }
        this.updateLock.lock();
        try {
            this.keyStoreCache.addEntry(str, new KeyStoreMapEntry(certificateArr, key));
            this.updateLock.unlock();
            if (log.isDebugEnabled()) {
                log.debug("Updated key entry in cache for alias: " + str);
            }
        } catch (Throwable th) {
            this.updateLock.unlock();
            throw th;
        }
    }

    public void deleteEntry(String str) throws KeyStoreException {
        this.keyStore.deleteEntry(makeBadUTF8(str));
        if (this.keyStoreCache == null) {
            return;
        }
        this.updateLock.lock();
        try {
            this.keyStoreCache.removeEntry(str);
            if (log.isDebugEnabled()) {
                log.debug("Removed entry from cache for alias: " + str);
            }
        } finally {
            this.updateLock.unlock();
        }
    }

    public KeyStore.Entry getEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws NoSuchAlgorithmException, UnrecoverableEntryException, KeyStoreException {
        if (this.keyStoreCache == null) {
            return this.keyStore.getEntry(str, protectionParameter);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null) {
            return null;
        }
        if (keyStoreMapEntry.isTrusted || keyStoreMapEntry.key != null) {
            return keyStoreMapEntry.getEntry();
        }
        this.updateLock.lock();
        try {
            KeyStoreMapEntry keyStoreMapEntry2 = this.keyStoreCache.get(str);
            if (keyStoreMapEntry2.isTrusted || keyStoreMapEntry2.key != null) {
                KeyStore.Entry entry = keyStoreMapEntry2.getEntry();
                this.updateLock.unlock();
                return entry;
            }
            KeyStoreMapEntry keyStoreMapEntry3 = new KeyStoreMapEntry(this, str, protectionParameter, this.keyStore);
            this.keyStoreCache.addEntry(str, keyStoreMapEntry3);
            KeyStore.Entry entry2 = keyStoreMapEntry3.getEntry();
            this.updateLock.unlock();
            return entry2;
        } catch (Throwable th) {
            this.updateLock.unlock();
            throw th;
        }
    }

    public void setEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        this.keyStore.setEntry(str, entry, protectionParameter);
        if (this.keyStoreCache == null) {
            return;
        }
        this.updateLock.lock();
        try {
            this.keyStoreCache.addEntry(str, new KeyStoreMapEntry(entry));
            this.updateLock.unlock();
        } catch (Throwable th) {
            this.updateLock.unlock();
            throw th;
        }
    }

    public Provider getProvider() {
        return this.keyStore.getProvider();
    }

    public Key getKey(String str, char[] cArr) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException {
        if (this.keyStoreCache == null) {
            return this.keyStore.getKey(str, cArr);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry == null) {
            return null;
        }
        if (keyStoreMapEntry.isTrusted || keyStoreMapEntry.key != null) {
            return keyStoreMapEntry.key;
        }
        this.updateLock.lock();
        try {
            KeyStoreMapEntry keyStoreMapEntry2 = this.keyStoreCache.get(str);
            if (keyStoreMapEntry2.isTrusted || keyStoreMapEntry2.key != null) {
                Key key = keyStoreMapEntry2.key;
                this.updateLock.unlock();
                return key;
            }
            KeyStoreMapEntry keyStoreMapEntry3 = new KeyStoreMapEntry(str, this.keyStore, cArr, keyStoreMapEntry2);
            this.keyStoreCache.addEntry(str, keyStoreMapEntry3);
            if (log.isDebugEnabled()) {
                log.debug("Caching key for alias: " + str);
            }
            Key key2 = keyStoreMapEntry3.key;
            this.updateLock.unlock();
            return key2;
        } catch (Throwable th) {
            this.updateLock.unlock();
            throw th;
        }
    }

    public boolean isKeyEntry(String str) throws KeyStoreException {
        if (this.keyStoreCache == null) {
            return this.keyStore.isKeyEntry(str);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        return (keyStoreMapEntry == null || keyStoreMapEntry.isTrusted) ? false : true;
    }

    public Certificate[] getCertificateChain(String str) throws KeyStoreException {
        if (this.keyStoreCache == null) {
            return this.keyStore.getCertificateChain(str);
        }
        KeyStoreMapEntry keyStoreMapEntry = this.keyStoreCache.get(str);
        if (keyStoreMapEntry != null) {
            return keyStoreMapEntry.certificateChain;
        }
        return null;
    }
}
