package ru.ftc.cucu.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:ru/ftc/cucu/security/KeyStoreManager.class */
public class KeyStoreManager {
    public static final String PKCS12 = "PKCS12";
    public static final String JKS = "JKS";
    private static final Logger logger = LoggerFactory.getLogger(KeyStoreManager.class);
    private static final Provider BC_PROVIDER = new BouncyCastleProvider();
    private static final String[] FILTER_PATTERNS = {".cer", ".crt"};

    public static String getSignKeyAlias(KeyStore keyStore, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableKeyException {
        char[] charArray;
        String str3 = null;
        if (str == null || str.isEmpty()) {
            Enumeration<String> aliases = keyStore.aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                if (keyStore.isKeyEntry(nextElement)) {
                    str3 = nextElement;
                    break;
                }
            }
            if (str3 == null || str3.isEmpty()) {
                logger.error("getSignKeyAlias: {}", "Can't get sign key alias");
                throw new KeyStoreException("Can't get sign key alias");
            }
        } else {
            str3 = str;
        }
        if (logger.isInfoEnabled()) {
            logger.info("getSignKeyAlias: Use key&cert entry " + str3);
        }
        String str4 = str3;
        if (str2 == null) {
            charArray = null;
        } else {
            try {
                charArray = str2.toCharArray();
            } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
                logger.error("getSignKeyAlias: Get key|cert error for alias {}, {}:{}", new Object[]{str3, e.getClass(), e.getMessage()});
                throw e;
            }
        }
        if (keyStore.getKey(str4, charArray) != null) {
            keyStore.getCertificate(str3);
            return str3;
        }
        String str5 = "The given alias '" + str3 + "' does not exist or does not identify a key-related entry, " + keyStore.getProvider().getName();
        logger.error("getSignKeyAlias: {}", str5);
        throw new KeyStoreException(str5);
    }

    public static KeyStore loadKeyStore(String str, File file, String str2) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        char[] charArray;
        String str3 = (str == null || str.isEmpty()) ? PKCS12 : str;
        if (logger.isDebugEnabled()) {
            logger.debug("loadKeyStore: <- type={}", str3);
        }
        KeyStore keyStore = str3.equalsIgnoreCase(PKCS12) ? KeyStore.getInstance(str3, BC_PROVIDER) : KeyStore.getInstance(str3);
        if (logger.isDebugEnabled()) {
            logger.debug("loadKeyStore: KeyStore provider={}", keyStore.getProvider().getName());
        }
        if (file == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("loadKeyStore: Empty store");
            }
            keyStore.load(null, str2 == null ? null : str2.toCharArray());
        } else {
            if (!file.isFile()) {
                String str4 = file.getAbsolutePath() + " is not file";
                logger.error("loadKeyStore: {}", str4);
                throw new IOException(str4);
            }
            if (logger.isDebugEnabled()) {
                logger.debug("loadKeyStore: path={}", file.getAbsolutePath());
            }
            FileInputStream fileInputStream = new FileInputStream(file);
            Throwable th = null;
            if (str2 == null) {
                charArray = null;
            } else {
                try {
                    try {
                        charArray = str2.toCharArray();
                    } finally {
                    }
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th3) {
                                th.addSuppressed(th3);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th2;
                }
            }
            keyStore.load(fileInputStream, charArray);
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("loadKeyStore: -> ");
        }
        return keyStore;
    }

    public static KeyStore loadStoreDir(File file) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        if (logger.isDebugEnabled()) {
            logger.debug("loadStoreDir: <- type={}", JKS);
        }
        if (file == null || !file.isDirectory()) {
            String str = file == null ? "Directory can't be NULL" : file.getAbsolutePath() + " is not directory";
            logger.error("loadStoreDir: {}", str);
            throw new IOException(str);
        }
        KeyStore keyStore = KeyStore.getInstance(JKS);
        keyStore.load(null, null);
        if (logger.isDebugEnabled()) {
            logger.debug("loadStoreDir: KeyStore provider={}", keyStore.getProvider().getName());
        }
        File[] listFiles = listFiles(file);
        if (listFiles == null) {
            String str2 = "Can't list directory '" + file.getAbsolutePath() + "'";
            logger.error("loadStoreDir: {}", str2);
            throw new IOException(str2);
        }
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        boolean z = false;
        if (logger.isInfoEnabled()) {
            logger.info("loadStoreDir: path={}", file);
        }
        for (File file2 : listFiles) {
            if (!file2.isDirectory()) {
                FileInputStream fileInputStream = new FileInputStream(file2);
                Throwable th = null;
                try {
                    try {
                        X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
                        keyStore.setCertificateEntry(file2.getName(), x509Certificate);
                        if (logger.isDebugEnabled()) {
                            logger.debug("loadStoreDir: Add trusted cert {}", x509Certificate);
                        } else if (logger.isInfoEnabled()) {
                            logger.info("loadStoreDir: Add trusted cert, serial={}, issuer=[{}], subject=[{}]", new Object[]{x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN(), x509Certificate.getSubjectDN()});
                        }
                        z = true;
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (fileInputStream != null) {
                        if (th != null) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th3;
                }
            } else if (logger.isDebugEnabled()) {
                logger.debug("loadStoreDir: skip sub-directory, {}", file2.getName());
            }
        }
        if (z) {
            if (logger.isDebugEnabled()) {
                logger.debug("loadStoreDir: -> ");
            }
            return keyStore;
        }
        String str3 = "Empty directory " + file.getAbsolutePath();
        logger.error("loadStoreDir: {}", str3);
        throw new IOException(str3);
    }

    private static File[] listFiles(File file) {
        return file.listFiles((file2, str) -> {
            boolean z = false;
            String[] strArr = FILTER_PATTERNS;
            int length = strArr.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                if (str.toLowerCase().endsWith(strArr[i])) {
                    z = true;
                    break;
                }
                i++;
            }
            return z;
        });
    }

    public static KeyStore loadJksStore(File file, String str) throws IOException, KeyStoreException, NoSuchAlgorithmException, CertificateException {
        char[] charArray;
        if (logger.isDebugEnabled()) {
            logger.debug("loadJksStore: <- type={}", JKS);
        }
        if (file == null || file.isDirectory()) {
            String str2 = file == null ? "JKS store can't be NULL" : file.getAbsolutePath() + " is directory";
            logger.error("loadJksStore: {}", str2);
            throw new IOException(str2);
        }
        KeyStore keyStore = KeyStore.getInstance(JKS);
        FileInputStream fileInputStream = new FileInputStream(file);
        Throwable th = null;
        if (str == null) {
            charArray = null;
        } else {
            try {
                try {
                    charArray = str.toCharArray();
                } finally {
                }
            } catch (Throwable th2) {
                if (fileInputStream != null) {
                    if (th != null) {
                        try {
                            fileInputStream.close();
                        } catch (Throwable th3) {
                            th.addSuppressed(th3);
                        }
                    } else {
                        fileInputStream.close();
                    }
                }
                throw th2;
            }
        }
        keyStore.load(fileInputStream, charArray);
        if (fileInputStream != null) {
            if (0 != 0) {
                try {
                    fileInputStream.close();
                } catch (Throwable th4) {
                    th.addSuppressed(th4);
                }
            } else {
                fileInputStream.close();
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("loadJksStore: KeyStore provider={}", keyStore.getProvider().getName());
        }
        boolean z = false;
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                if (logger.isInfoEnabled()) {
                    logger.info("loadJksStore: alias={}", nextElement);
                }
                X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
                if (logger.isDebugEnabled()) {
                    logger.debug("loadJksStore: Add trusted cert {}", x509Certificate);
                } else if (logger.isInfoEnabled()) {
                    logger.info("loadJksStore: Add trusted cert, serial={}, issuer=[{}], subject=[{}]", new Object[]{x509Certificate.getSerialNumber(), x509Certificate.getIssuerDN(), x509Certificate.getSubjectDN()});
                }
                z = true;
            }
        }
        if (z) {
            if (logger.isDebugEnabled()) {
                logger.debug("loadJksStore: -> ");
            }
            return keyStore;
        }
        String str3 = "Empty directory " + file.getAbsolutePath();
        logger.error("loadJksStore: {}", str3);
        throw new IOException(str3);
    }
}
