package org.nhindirect.stagent.cert.impl;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.nhindirect.stagent.NHINDException;
import org.nhindirect.stagent.cert.CertificateStore;
import org.nhindirect.stagent.cert.X509CertificateEx;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/agent-8.0.0.jar:org/nhindirect/stagent/cert/impl/KeyStoreCertificateStore.class */
public class KeyStoreCertificateStore extends CertificateStore {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreCertificateStore.class);
    private Set<X509Certificate> certs;
    protected File keyStoreFile;
    protected String keyStorePassword;
    protected String privateKeyPassword;
    protected KeyStore ks;

    public KeyStoreCertificateStore() {
        this.certs = new HashSet();
    }

    public KeyStoreCertificateStore(File file) {
        this(file, (String) null, (String) null);
    }

    public KeyStoreCertificateStore(File file, String str) {
        this(file, str, (String) null);
    }

    public KeyStoreCertificateStore(String str, String str2, String str3) {
        this.certs = new HashSet();
        this.keyStoreFile = new File(str);
        this.keyStorePassword = str2;
        this.privateKeyPassword = str3;
        if (this.keyStoreFile == null) {
            throw new IllegalArgumentException();
        }
        bootstrapFromFile();
    }

    public KeyStoreCertificateStore(File file, String str, String str2) {
        this.certs = new HashSet();
        this.keyStoreFile = file;
        this.keyStorePassword = str;
        this.privateKeyPassword = str2;
        if (file == null) {
            throw new IllegalArgumentException();
        }
        bootstrapFromFile();
    }

    public void setKeyStoreFile(File file) {
        if (this.ks != null) {
            throw new IllegalStateException();
        }
        this.keyStoreFile = file;
    }

    public void setKeyStoreFile(String str) {
        if (this.ks != null) {
            throw new IllegalStateException();
        }
        setKeyStoreFile(new File(str));
    }

    public void setKeyStorePassword(String str) {
        if (this.ks != null) {
            throw new IllegalStateException();
        }
        this.keyStorePassword = str;
    }

    public void setPrivateKeyPassword(String str) {
        if (this.ks != null) {
            throw new IllegalStateException();
        }
        this.privateKeyPassword = str;
    }

    public void loadKeyStore() {
        if (this.ks != null) {
            throw new IllegalStateException();
        }
        bootstrapFromFile();
    }

    private void bootstrapFromFile() {
        try {
            this.ks = KeyStore.getInstance(KeyStore.getDefaultType());
            if (this.keyStoreFile.exists()) {
                FileInputStream fileInputStream = new FileInputStream(this.keyStoreFile);
                this.ks.load(fileInputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                IOUtils.closeQuietly((InputStream) fileInputStream);
                Enumeration<String> aliases = this.ks.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    Certificate certificate = this.ks.getCertificate(nextElement);
                    if (certificate != null && (certificate instanceof X509Certificate)) {
                        Key key = this.ks.getKey(nextElement, this.privateKeyPassword == null ? null : this.privateKeyPassword.toCharArray());
                        this.certs.add((key == null || !(key instanceof PrivateKey)) ? (X509Certificate) certificate : X509CertificateEx.fromX509Certificate((X509Certificate) certificate, (PrivateKey) key));
                    }
                }
            } else {
                this.ks.load(null, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
                this.ks.store(fileOutputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                IOUtils.closeQuietly((OutputStream) fileOutputStream);
            }
        } catch (Exception e) {
            throw new NHINDException("", e);
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public boolean contains(X509Certificate x509Certificate) {
        return this.certs.contains(x509Certificate);
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void add(X509Certificate x509Certificate) {
        add(x509Certificate, x509Certificate.getIssuerX500Principal().getName() + ":" + x509Certificate.getIssuerX500Principal().getName());
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public void remove(X509Certificate x509Certificate) {
        if (this.certs.remove(x509Certificate)) {
            try {
                String certificateAlias = this.ks.getCertificateAlias(x509Certificate);
                if (certificateAlias != null) {
                    this.ks.deleteEntry(certificateAlias);
                    FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
                    this.ks.store(fileOutputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
                    IOUtils.closeQuietly((OutputStream) fileOutputStream);
                }
            } catch (Exception e) {
                log.warn("Error attempting to remove certificate: {}", e.getMessage());
            }
        }
    }

    @Override // org.nhindirect.stagent.cert.CertificateStore, org.nhindirect.stagent.cert.X509Store
    public Collection<X509Certificate> getAllCertificates() {
        return new ArrayList(this.certs);
    }

    public void add(X509Certificate x509Certificate, String str) {
        if (this.certs.contains(x509Certificate)) {
            log.warn("Certificate already exists in store.  Use update() instead.");
            return;
        }
        try {
            this.certs.add(x509Certificate);
            if (x509Certificate instanceof X509CertificateEx) {
                this.ks.setKeyEntry(str, ((X509CertificateEx) x509Certificate).getPrivateKey(), this.privateKeyPassword == null ? null : this.privateKeyPassword.toCharArray(), new Certificate[]{x509Certificate});
            } else {
                this.ks.setCertificateEntry(str, x509Certificate);
            }
            FileOutputStream fileOutputStream = new FileOutputStream(this.keyStoreFile);
            this.ks.store(fileOutputStream, this.keyStorePassword == null ? null : this.keyStorePassword.toCharArray());
            IOUtils.closeQuietly((OutputStream) fileOutputStream);
        } catch (Throwable th) {
            log.warn("Error adding certificate to store: {}", th.getMessage());
        }
    }

    public void update(X509Certificate x509Certificate, String str) {
        if (contains(x509Certificate)) {
            remove(x509Certificate);
        }
        add(x509Certificate, str);
    }

    public X509Certificate getByAlias(String str) {
        X509Certificate x509Certificate = null;
        try {
            Certificate certificate = this.ks.getCertificate(str);
            if (certificate != null && (certificate instanceof X509Certificate)) {
                Key key = this.ks.getKey(str, this.privateKeyPassword == null ? null : this.privateKeyPassword.toCharArray());
                x509Certificate = (key == null || !(key instanceof PrivateKey)) ? (X509Certificate) certificate : X509CertificateEx.fromX509Certificate((X509Certificate) certificate, (PrivateKey) key);
            }
            return x509Certificate;
        } catch (Exception e) {
            throw new NHINDException("", e);
        }
    }
}
