package de.fraunhofer.iosb.ilt.faaast.service.certificate.util;

import de.fraunhofer.iosb.ilt.faaast.service.certificate.CertificateData;
import de.fraunhofer.iosb.ilt.faaast.service.certificate.CertificateInformation;
import de.fraunhofer.iosb.ilt.faaast.service.config.CertificateConfig;
import de.fraunhofer.iosb.ilt.faaast.service.util.Ensure;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.stream.Stream;

/* loaded from: input_file:de/fraunhofer/iosb/ilt/faaast/service/certificate/util/KeyStoreHelper.class */
public class KeyStoreHelper {
    public static final String DEFAULT_ALIAS = "faaast";

    private KeyStoreHelper() {
    }

    public static KeyStore create(CertificateData certificateData, String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(null, passwordToChar(str4));
        String str5 = Objects.nonNull(str2) ? str2 : DEFAULT_ALIAS;
        keyStore.setCertificateEntry(str5, certificateData.getCertificate());
        keyStore.setKeyEntry(str5, certificateData.getKeyPair().getPrivate(), passwordToChar(str3), certificateData.getCertificateChain());
        return keyStore;
    }

    public static void save(CertificateData certificateData, File file, String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        save(create(certificateData, str, str2, str3, str4), file, str4);
    }

    public static KeyStore load(File file, String str, String str2) throws IOException, GeneralSecurityException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(fileInputStream, passwordToChar(str2));
            fileInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static void save(KeyStore keyStore, File file, String str) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(keyStore, "keyStore must be non-null");
        FileOutputStream fileOutputStream = new FileOutputStream(file);
        try {
            keyStore.store(fileOutputStream, passwordToChar(str));
            fileOutputStream.close();
        } catch (Throwable th) {
            try {
                fileOutputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CertificateData generateSelfSigned(CertificateInformation certificateInformation) throws KeyStoreException, NoSuchAlgorithmException {
        Ensure.requireNonNull(certificateInformation, "certificateInformation must be non-null when key store does not exist");
        CertificateData certificateData = new CertificateData();
        certificateData.setKeyPair(SelfSignedCertificateGenerator.generateRsaKeyPair(2048));
        SelfSignedCertificateBuilder applicationUri = new SelfSignedCertificateBuilder(certificateData.getKeyPair()).setCommonName(certificateInformation.getCommonName()).setOrganization(certificateInformation.getOrganization()).setOrganizationalUnit(certificateInformation.getOrganizationUnit()).setLocalityName(certificateInformation.getLocalityName()).setCountryCode(certificateInformation.getCountryCode()).setApplicationUri(certificateInformation.getApplicationUri());
        if (certificateInformation.getDnsNames().isEmpty() && certificateInformation.getIpAddresses().isEmpty()) {
            certificateInformation.autodetectDnsAndIp();
            applicationUri.addDnsName("localhost");
            applicationUri.addIpAddress("127.0.0.1");
        }
        List<String> dnsNames = certificateInformation.getDnsNames();
        Objects.requireNonNull(applicationUri);
        dnsNames.forEach(applicationUri::addDnsName);
        List<String> ipAddresses = certificateInformation.getIpAddresses();
        Objects.requireNonNull(applicationUri);
        ipAddresses.forEach(applicationUri::addIpAddress);
        try {
            X509Certificate build = applicationUri.build();
            certificateData.setCertificate(build);
            certificateData.setCertificateChain(new X509Certificate[]{build});
            return certificateData;
        } catch (Exception e) {
            throw new KeyStoreException("generating certificate failed", e);
        }
    }

    public static CertificateData loadOrCreateCertificateData(File file, String str, String str2, String str3, String str4, CertificateInformation certificateInformation) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(file, "file must be non-null");
        if (!file.exists()) {
            CertificateData loadOrDefaultCertificateData = loadOrDefaultCertificateData(null, str, str2, str3, str4, certificateInformation);
            save(loadOrDefaultCertificateData, file, str, str2, str3, str4);
            return loadOrDefaultCertificateData;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            CertificateData loadOrDefaultCertificateData2 = loadOrDefaultCertificateData(fileInputStream, str, str2, str3, str4, certificateInformation);
            fileInputStream.close();
            return loadOrDefaultCertificateData2;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CertificateData loadOrCreateCertificateData(CertificateConfig certificateConfig, CertificateInformation certificateInformation) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(certificateConfig, "certificate must be non-null");
        File file = new File(certificateConfig.getKeyStorePath());
        if (!file.exists()) {
            CertificateData loadOrDefaultCertificateData = loadOrDefaultCertificateData(null, certificateConfig.getKeyStoreType(), certificateConfig.getKeyAlias(), certificateConfig.getKeyPassword(), certificateConfig.getKeyStorePassword(), certificateInformation);
            save(loadOrDefaultCertificateData, file, certificateConfig.getKeyStoreType(), certificateConfig.getKeyAlias(), certificateConfig.getKeyPassword(), certificateConfig.getKeyStorePassword());
            return loadOrDefaultCertificateData;
        }
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            CertificateData loadOrDefaultCertificateData2 = loadOrDefaultCertificateData(fileInputStream, certificateConfig.getKeyStoreType(), certificateConfig.getKeyAlias(), certificateConfig.getKeyPassword(), certificateConfig.getKeyStorePassword(), certificateInformation);
            fileInputStream.close();
            return loadOrDefaultCertificateData2;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CertificateData loadCertificateData(File file, String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(file, "file must be non-null");
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            CertificateData loadCertificateData = loadCertificateData(fileInputStream, str, str2, str3, str4);
            fileInputStream.close();
            return loadCertificateData;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CertificateData loadCertificateData(CertificateConfig certificateConfig) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(certificateConfig.getKeyStorePath(), "file must be non-null");
        FileInputStream fileInputStream = new FileInputStream(certificateConfig.getKeyStorePath());
        try {
            CertificateData loadCertificateData = loadCertificateData(fileInputStream, certificateConfig.getKeyStoreType(), certificateConfig.getKeyAlias(), certificateConfig.getKeyPassword(), certificateConfig.getKeyStorePassword());
            fileInputStream.close();
            return loadCertificateData;
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    public static CertificateData loadCertificateData(InputStream inputStream, String str, String str2, String str3, String str4) throws IOException, GeneralSecurityException {
        Ensure.requireNonNull(inputStream, "keystoreInputStream must be non-null");
        KeyStore keyStore = KeyStore.getInstance(str);
        keyStore.load(inputStream, passwordToChar(str4));
        String str5 = str2;
        if (Objects.isNull(str5)) {
            if (!keyStore.aliases().hasMoreElements()) {
                throw new KeyStoreException("keystore must contain at least one alias (found: 0)");
            }
            str5 = keyStore.aliases().nextElement();
        }
        Key key = keyStore.getKey(str5, passwordToChar(str3));
        if (Objects.isNull(key) || !PrivateKey.class.isAssignableFrom(key.getClass())) {
            throw new KeyStoreException("keystore must contain private key");
        }
        Certificate certificate = keyStore.getCertificate(str5);
        if (Objects.isNull(certificate) || !X509Certificate.class.isAssignableFrom(certificate.getClass())) {
            throw new KeyStoreException("keystore must contain X509 certificate");
        }
        PublicKey publicKey = certificate.getPublicKey();
        if (Objects.isNull(publicKey)) {
            throw new KeyStoreException("X509 certificate must contain public key");
        }
        CertificateData.Builder certificate2 = CertificateData.builder().certificate((X509Certificate) certificate);
        Stream stream = Arrays.stream(keyStore.getCertificateChain(str5));
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        return certificate2.certificateChain((X509Certificate[]) stream.map((v1) -> {
            return r2.cast(v1);
        }).toArray(i -> {
            return new X509Certificate[i];
        })).keyPair(publicKey, (PrivateKey) key).build();
    }

    public static CertificateData loadOrDefaultCertificateData(InputStream inputStream, String str, String str2, String str3, String str4, CertificateInformation certificateInformation) throws IOException, GeneralSecurityException {
        return Objects.isNull(inputStream) ? generateSelfSigned(certificateInformation) : loadCertificateData(inputStream, str, str2, str3, str4);
    }

    private static char[] passwordToChar(String str) {
        return Objects.nonNull(str) ? str.toCharArray() : new char[0];
    }
}
