package io.quarkiverse.filevault.util;

import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.jboss.logging.Logger;

/* loaded from: input_file:io/quarkiverse/filevault/util/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static final Logger LOGGER = Logger.getLogger(KeyStoreUtil.class.getName());

    /* loaded from: input_file:io/quarkiverse/filevault/util/KeyStoreUtil$KeyStoreEntry.class */
    public static class KeyStoreEntry {
        private final String value;
        private final boolean certificate;

        KeyStoreEntry(String str) {
            this(str, false);
        }

        KeyStoreEntry(String str, boolean z) {
            this.value = str;
            this.certificate = z;
        }

        public boolean isCertificate() {
            return this.certificate;
        }

        public String getValue() {
            return this.value;
        }
    }

    public static Map<String, KeyStoreEntry> readKeyStore(String str, String str2, String str3) {
        if (str == null) {
            return Map.of();
        }
        if (str2 == null) {
            LOGGER.errorf("Keystore %s secret is not configured", str);
            throw new RuntimeException();
        }
        if (str3 != null) {
            str2 = EncryptionUtil.decrypt(str2, new String(Base64.getUrlDecoder().decode(str3), StandardCharsets.UTF_8));
        }
        URL resource = Thread.currentThread().getContextClassLoader().getResource(str);
        if (resource != null) {
            return readKeyStore(resource, str2);
        }
        Path path = Paths.get(str, new String[0]);
        if (!Files.exists(path, new LinkOption[0])) {
            LOGGER.errorf("Keystore %s can not be found on the classpath and the file system", str);
            throw new RuntimeException();
        }
        try {
            return readKeyStore(path.toUri().toURL(), str2);
        } catch (MalformedURLException e) {
            LOGGER.errorf("Keystore %s location is not a valid URL", str);
            throw new RuntimeException(e);
        }
    }

    private static Map<String, KeyStoreEntry> readKeyStore(URL url, String str) {
        try {
            InputStream openStream = url.openStream();
            try {
                KeyStore keyStore = KeyStore.getInstance("PKCS12");
                keyStore.load(openStream, str.toCharArray());
                HashMap hashMap = new HashMap();
                Enumeration<String> aliases = keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    KeyStoreEntry loadStoreEntry = loadStoreEntry(keyStore, str, nextElement);
                    if (loadStoreEntry != null) {
                        hashMap.put(nextElement, loadStoreEntry);
                    }
                }
                if (openStream != null) {
                    openStream.close();
                }
                return hashMap;
            } finally {
            }
        } catch (IOException e) {
            LOGGER.errorf("Keystore %s can not be loaded", url.toString());
            throw new RuntimeException(e);
        } catch (Exception e2) {
            LOGGER.errorf("Keystore %s entries can not be loaded", url.toString());
            throw new RuntimeException(e2);
        }
    }

    private static KeyStoreEntry loadStoreEntry(KeyStore keyStore, String str, String str2) throws Exception {
        KeyStore.Entry entry = keyStore.getEntry(str2, new KeyStore.PasswordProtection(str.toCharArray()));
        if (entry instanceof KeyStore.SecretKeyEntry) {
            return new KeyStoreEntry(new String(((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded(), "UTF-8"));
        }
        if (entry instanceof KeyStore.PrivateKeyEntry) {
            Certificate[] certificateChain = keyStore.getCertificateChain(str2);
            if (certificateChain != null && certificateChain.length > 0) {
                return new KeyStoreEntry(new String(certificateChain[0].getEncoded(), StandardCharsets.ISO_8859_1), true);
            }
        } else if (entry instanceof KeyStore.TrustedCertificateEntry) {
            return new KeyStoreEntry(new String(((KeyStore.TrustedCertificateEntry) entry).getTrustedCertificate().getEncoded(), StandardCharsets.ISO_8859_1), true);
        }
        LOGGER.tracef("%s entry type %s is not supported", str2, entry.getClass().getName());
        return null;
    }
}
