package cz.xtf.keystore;

import cz.xtf.io.IOUtils;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.StringWriter;
import java.math.BigInteger;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Collection;
import java.util.Enumeration;
import java.util.LinkedList;
import javax.crypto.KeyGenerator;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.cert.CertIOException;
import org.bouncycastle.cert.X509v3CertificateBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cz/xtf/keystore/XTFKeyStore.class */
public class XTFKeyStore {
    public static final String SIGNER_CERTIFICATE = "xtf.ca";
    public static final String SIGNER_PASSWORD = "password";
    private static XTFKeyStore instance;
    private final KeyStore keystore;

    private XTFKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public static XTFKeyStore newInstance() {
        try {
            return newInstance(null, null);
        } catch (IOException e) {
            throw new RuntimeException("Unable to instantiate new KeyStore", e);
        }
    }

    public static XTFKeyStore newInstance(InputStream inputStream, String str) throws IOException {
        return newInstance(inputStream, str, "JKS");
    }

    public static XTFKeyStore newInstance(InputStream inputStream, String str, String str2) throws IOException {
        try {
            KeyStore keyStore = KeyStore.getInstance(str2 == null ? "JKS" : str2);
            keyStore.load(inputStream, str == null ? null : str.toCharArray());
            return new XTFKeyStore(keyStore);
        } catch (GeneralSecurityException e) {
            throw new RuntimeException("Couldn't load keystore", e);
        }
    }

    public static XTFKeyStore getInstance() {
        if (instance == null) {
            Path findDefaultKeyStore = findDefaultKeyStore();
            try {
                InputStream newInputStream = Files.newInputStream(findDefaultKeyStore, new OpenOption[0]);
                Throwable th = null;
                try {
                    instance = newInstance(newInputStream, "");
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                } finally {
                }
            } catch (IOException e) {
                throw new RuntimeException("Couldn't load default keystore: " + findDefaultKeyStore, e);
            }
        }
        return instance;
    }

    private static Path findDefaultKeyStore() {
        return IOUtils.findProjectRoot().resolve("keystore");
    }

    public Collection<String> getAliases() {
        try {
            LinkedList linkedList = new LinkedList();
            Enumeration<String> aliases = this.keystore.aliases();
            while (aliases.hasMoreElements()) {
                linkedList.add(aliases.nextElement());
            }
            return linkedList;
        } catch (KeyStoreException e) {
            throw new IllegalStateException("Key store is not initialized", e);
        }
    }

    public String getCertificate(String str) {
        try {
            return convertObject(this.keystore.getCertificate(str));
        } catch (IOException e) {
            throw new IllegalStateException("Could not convert certificate " + str, e);
        } catch (KeyStoreException e2) {
            throw new IllegalStateException("Key store is not initialized", e2);
        }
    }

    public String getKey(String str) {
        return getKey(str, SIGNER_PASSWORD);
    }

    public String getKey(String str, String str2) {
        try {
            return convertObject(this.keystore.getKey(str, str2.toCharArray()));
        } catch (IOException e) {
            throw new IllegalStateException("Could not convert key " + str, e);
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            throw new IllegalStateException("Key store is not initialized", e2);
        } catch (UnrecoverableKeyException e3) {
            throw new IllegalArgumentException("Wrong password for key " + str, e3);
        }
    }

    public void addCertificateFromBase64String(String str) {
        try {
            this.keystore.setCertificateEntry("maven", CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes())));
        } catch (KeyStoreException | CertificateException e) {
            throw new IllegalStateException(e);
        }
    }

    public void addSelfSignedCertificate(String str) {
        addSelfSignedCertificate(str, "CN=xtf,OU=QE,O=xtf.cz,L=Brno,C=CZ", SIGNER_PASSWORD);
    }

    public void addSelfSignedCertificate(String str, String str2, String str3) {
        try {
            KeyPair generateKeyPair = generateKeyPair();
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 1);
            X500Name x500Name = new X500Name(str2);
            this.keystore.setEntry(str, new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new Certificate[]{new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new X509v3CertificateBuilder(x500Name, BigInteger.ONE, calendar.getTime(), calendar2.getTime(), x500Name, SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded())).build(new JcaContentSignerBuilder("SHA1WithRSA").setProvider(new BouncyCastleProvider()).build(generateKeyPair.getPrivate())))}), new KeyStore.PasswordProtection(str3.toCharArray()));
        } catch (GeneralSecurityException | OperatorCreationException e) {
            throw new RuntimeException("Unable to generate self-signed certificate", e);
        }
    }

    public void addSignedCertificate(XTFKeyStore xTFKeyStore, String str, String str2, String str3, String str4, String str5) {
        try {
            X509Certificate x509Certificate = (X509Certificate) xTFKeyStore.keystore.getCertificate(str);
            PrivateKey privateKey = (PrivateKey) xTFKeyStore.keystore.getKey(str, str2.toCharArray());
            Calendar calendar = Calendar.getInstance();
            Calendar calendar2 = Calendar.getInstance();
            calendar2.add(1, 1);
            KeyPair generateKeyPair = generateKeyPair();
            X509v3CertificateBuilder x509v3CertificateBuilder = new X509v3CertificateBuilder(new X500Name(x509Certificate.getSubjectDN().getName()), BigInteger.valueOf(System.nanoTime()), calendar.getTime(), calendar2.getTime(), new X500Name(str3), SubjectPublicKeyInfo.getInstance(generateKeyPair.getPublic().getEncoded()));
            JcaX509ExtensionUtils jcaX509ExtensionUtils = new JcaX509ExtensionUtils();
            x509v3CertificateBuilder.addExtension(Extension.authorityKeyIdentifier, false, jcaX509ExtensionUtils.createAuthorityKeyIdentifier(x509Certificate));
            x509v3CertificateBuilder.addExtension(Extension.subjectKeyIdentifier, false, jcaX509ExtensionUtils.createSubjectKeyIdentifier(generateKeyPair.getPublic()));
            this.keystore.setEntry(str4, new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new Certificate[]{new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(x509v3CertificateBuilder.build(new JcaContentSignerBuilder("SHA256WithRSA").setProvider(new BouncyCastleProvider()).build(privateKey))), x509Certificate}), new KeyStore.PasswordProtection(str5.toCharArray()));
        } catch (GeneralSecurityException | OperatorCreationException | CertIOException e) {
            throw new RuntimeException("Unable to generate signed certificate", e);
        }
    }

    public void addPrivateKey(String str, String str2) {
        addPrivateKey(str, str2, SIGNER_PASSWORD);
    }

    public void addPrivateKey(String str, String str2, String str3) {
        String format = String.format("%s (%s)", str, str2);
        try {
            Certificate[] certificateChain = this.keystore.getCertificateChain(str2);
            if (certificateChain == null) {
                LoggerFactory.getLogger(getClass()).warn("Could not find certificate");
                certificateChain = new Certificate[0];
            }
            this.keystore.setEntry(format, new KeyStore.PrivateKeyEntry(generateKeyPair().getPrivate(), certificateChain), new KeyStore.PasswordProtection(str3.toCharArray()));
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new RuntimeException("Unable to add new private key", e);
        }
    }

    public void addSecretKey(String str, String str2, String str3) {
        Certificate[] certificateArr = null;
        try {
            try {
                certificateArr = this.keystore.getCertificateChain(str2);
            } catch (NullPointerException e) {
            }
            this.keystore.setKeyEntry(str, generateKey("DES", 56), str3.toCharArray(), certificateArr);
        } catch (KeyStoreException | NoSuchAlgorithmException e2) {
            throw new RuntimeException("Unable to add new secret key", e2);
        }
    }

    public Path export() {
        Path findDefaultKeyStore = findDefaultKeyStore();
        try {
            OutputStream newOutputStream = Files.newOutputStream(findDefaultKeyStore, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    export(newOutputStream, "");
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    return findDefaultKeyStore;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new RuntimeException("Unable to export keystore to default location.");
        }
    }

    public void export(OutputStream outputStream, String str) throws IOException {
        try {
            this.keystore.store(outputStream, str.toCharArray());
        } catch (GeneralSecurityException e) {
            throw new IllegalStateException("Unable to export keystore", e);
        }
    }

    private String convertObject(Object obj) throws IOException {
        StringWriter stringWriter = new StringWriter();
        Throwable th = null;
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th2 = null;
            try {
                try {
                    jcaPEMWriter.writeObject(obj);
                    jcaPEMWriter.close();
                    String stringWriter2 = stringWriter.toString();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return stringWriter2;
                } finally {
                }
            } catch (Throwable th4) {
                if (jcaPEMWriter != null) {
                    if (th2 != null) {
                        try {
                            jcaPEMWriter.close();
                        } catch (Throwable th5) {
                            th2.addSuppressed(th5);
                        }
                    } else {
                        jcaPEMWriter.close();
                    }
                }
                throw th4;
            }
        } finally {
            if (stringWriter != null) {
                if (0 != 0) {
                    try {
                        stringWriter.close();
                    } catch (Throwable th6) {
                        th.addSuppressed(th6);
                    }
                } else {
                    stringWriter.close();
                }
            }
        }
    }

    private Key generateKey(String str, int i) throws NoSuchAlgorithmException, InvalidParameterException {
        KeyGenerator keyGenerator = KeyGenerator.getInstance(str);
        keyGenerator.init(i);
        return keyGenerator.generateKey();
    }

    private KeyPair generateKeyPair() throws NoSuchAlgorithmException {
        KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
        keyPairGenerator.initialize(1024, new SecureRandom());
        return keyPairGenerator.generateKeyPair();
    }
}
