package com.liumapp.keystore.service;

import com.liumapp.keystore.builder.KeyPairBuilder;
import com.liumapp.keystore.entity.CSR;
import com.liumapp.keystore.entity.P7B;
import com.liumapp.keystore.signer.CSRSigner;
import com.liumapp.keystore.utils.Preconditions;
import java.io.IOException;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509TrustManager;
import sun.security.pkcs10.PKCS10;
import sun.security.x509.X500Name;

/* loaded from: input_file:com/liumapp/keystore/service/KeyStoreAdapter.class */
public class KeyStoreAdapter {
    private static final Logger LOGGER = Logger.getLogger(KeyStoreAdapter.class.getName());
    private final KeyStore keyStore;
    private final String password;

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreAdapter(KeyStore keyStore, String str) {
        this.keyStore = keyStore;
        this.password = str;
    }

    public KeyPairBuilder newKeyPair(String str) throws NoSuchAlgorithmException {
        return new KeyPairBuilder(str, this);
    }

    public KeyPairBuilder newKeyPair() throws NoSuchAlgorithmException {
        return new KeyPairBuilder(this);
    }

    public KeyStoreAdapter addToKeyStore(String str, Key key, String str2, Certificate... certificateArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, key, str2.toCharArray(), certificateArr);
        return this;
    }

    public CSR generateCSR(String str, String str2) throws KeyStoreException {
        try {
            KeyPair orElseThrow = getKayPairFor(str, str2).orElseThrow(() -> {
                return new KeyStoreException("Cannot find key for alias  " + str);
            });
            PKCS10 pkcs10 = new PKCS10(orElseThrow.getPublic());
            Signature signature = Signature.getInstance("SHA256withRSA");
            signature.initSign(orElseThrow.getPrivate());
            pkcs10.encodeAndSign(getX500Name(this.keyStore.getCertificate(str)), signature);
            return new CSR(pkcs10);
        } catch (IOException | InvalidKeyException | NoSuchAlgorithmException | SignatureException | CertificateException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new KeyStoreException(e);
        }
    }

    public CSRSigner signCSR(CSR csr, String str, String str2) throws KeyStoreException {
        return new CSRSigner(this, csr, getKayPairFor(str, str2).orElseThrow(() -> {
            return new KeyStoreException("Cannot find key for alias  " + str);
        }), (X509Certificate) this.keyStore.getCertificate(str));
    }

    public void importCAReply(P7B p7b, String str, String str2) throws KeyStoreException {
        addToKeyStore(str, getKayPairFor(str, str2).orElseThrow(() -> {
            return new KeyStoreException("Cannot find key for alias  " + str);
        }).getPrivate(), str2, p7b.getCertificates());
    }

    public void verifyWithTrustStore(String str, KeyStore keyStore) throws KeyStoreException, CertificateException {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                ((X509TrustManager) trustManager).checkClientTrusted(getCertificates(str), "RSA");
            }
        } catch (NoSuchAlgorithmException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new KeyStoreException(e);
        }
    }

    private X500Name getX500Name(Certificate certificate) throws IOException {
        Preconditions.checkArgument(certificate instanceof X509Certificate, "Certificate is not X.509");
        return new X500Name(((X509Certificate) certificate).getSubjectX500Principal().getEncoded());
    }

    public Optional<KeyPair> getKayPairFor(String str, String str2) throws KeyStoreException {
        try {
            Certificate certificate = this.keyStore.getCertificate(str);
            Key key = this.keyStore.getKey(str, str2.toCharArray());
            return key != null ? Optional.of(new KeyPair(certificate.getPublicKey(), (PrivateKey) key)) : Optional.empty();
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new KeyStoreException(e);
        }
    }

    public X509Certificate getCertificate(String str) throws KeyStoreException {
        return (X509Certificate) this.keyStore.getCertificate(str);
    }

    public X509Certificate[] getCertificates(String str) throws KeyStoreException {
        return (X509Certificate[]) Stream.of((Object[]) this.keyStore.getCertificateChain(str)).map(certificate -> {
            return (X509Certificate) certificate;
        }).toArray(i -> {
            return new X509Certificate[i];
        });
    }

    public KeyStore toKeyStore() {
        return this.keyStore;
    }

    public KeyStore writeTo(OutputStream outputStream) throws KeyStoreException {
        try {
            this.keyStore.store(outputStream, this.password.toCharArray());
            return this.keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            LOGGER.log(Level.SEVERE, e.getMessage(), (Throwable) e);
            throw new KeyStoreException(e);
        }
    }
}
