package be.atbash.ee.security.octopus.keys.reader;

import be.atbash.ee.security.octopus.config.JwtSupportConfiguration;
import be.atbash.ee.security.octopus.exception.MissingPasswordLookupException;
import be.atbash.ee.security.octopus.exception.ResourceNotFoundException;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.reader.password.KeyResourcePasswordLookup;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.bc.BouncyCastleProviderSingleton;
import be.atbash.util.exception.AtbashUnexpectedException;
import be.atbash.util.resource.ResourceUtil;
import java.io.ByteArrayInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import org.bouncycastle.util.encoders.Base64;

/* loaded from: input_file:be/atbash/ee/security/octopus/keys/reader/KeyReaderKeyStore.class */
public class KeyReaderKeyStore {
    public List<AtbashKey> readResource(String str, KeyResourcePasswordLookup keyResourcePasswordLookup) {
        if (keyResourcePasswordLookup == null) {
            throw new MissingPasswordLookupException();
        }
        try {
            InputStream stream = ResourceUtil.getInstance().getStream(str);
            try {
                List<AtbashKey> parseContent = parseContent(stream, str, keyResourcePasswordLookup);
                if (stream != null) {
                    stream.close();
                }
                return parseContent;
            } finally {
            }
        } catch (FileNotFoundException e) {
            throw new ResourceNotFoundException(str);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e2) {
            throw new AtbashUnexpectedException(e2);
        }
    }

    public List<AtbashKey> parseContent(String str, KeyResourcePasswordLookup keyResourcePasswordLookup) {
        ArrayList arrayList = new ArrayList();
        KeyStore createKeyStore = createKeyStore();
        try {
            createKeyStore.load(new ByteArrayInputStream(Base64.decode(str)), keyResourcePasswordLookup.getResourcePassword("inline"));
            defineKeys("inline", keyResourcePasswordLookup, arrayList, createKeyStore);
            return arrayList;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    public List<AtbashKey> parseContent(InputStream inputStream, String str, KeyResourcePasswordLookup keyResourcePasswordLookup) throws IOException, NoSuchAlgorithmException, CertificateException, KeyStoreException, UnrecoverableKeyException {
        ArrayList arrayList = new ArrayList();
        KeyStore createKeyStore = createKeyStore();
        createKeyStore.load(inputStream, keyResourcePasswordLookup.getResourcePassword(str));
        defineKeys(str, keyResourcePasswordLookup, arrayList, createKeyStore);
        return arrayList;
    }

    private void defineKeys(String str, KeyResourcePasswordLookup keyResourcePasswordLookup, List<AtbashKey> list, KeyStore keyStore) throws KeyStoreException, UnrecoverableKeyException, NoSuchAlgorithmException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                list.addAll(readKeysFromKeyEntry(keyStore, nextElement, keyResourcePasswordLookup.getKeyPassword(str, nextElement)));
            }
            if (keyStore.isCertificateEntry(nextElement)) {
                list.add(new AtbashKey(nextElement, keyStore.getCertificate(nextElement).getPublicKey()));
            }
        }
    }

    private KeyStore createKeyStore() {
        try {
            String keyStoreType = JwtSupportConfiguration.getInstance().getKeyStoreType();
            return "JKS".equals(keyStoreType) ? KeyStore.getInstance(keyStoreType) : KeyStore.getInstance(keyStoreType, (Provider) BouncyCastleProviderSingleton.getInstance());
        } catch (KeyStoreException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    private List<AtbashKey> readKeysFromKeyEntry(KeyStore keyStore, String str, char[] cArr) throws UnrecoverableKeyException, NoSuchAlgorithmException, KeyStoreException {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new AtbashKey(str, (PrivateKey) keyStore.getKey(str, cArr)));
        arrayList.add(new AtbashKey(str, keyStore.getCertificate(str).getPublicKey()));
        return arrayList;
    }
}
