package be.atbash.ee.security.octopus.keys.writer;

import be.atbash.ee.security.octopus.config.JwtSupportConfiguration;
import be.atbash.ee.security.octopus.config.PemKeyEncryption;
import be.atbash.ee.security.octopus.exception.MissingPasswordException;
import be.atbash.ee.security.octopus.keys.AtbashKey;
import be.atbash.ee.security.octopus.keys.reader.KeyResourceType;
import be.atbash.ee.security.octopus.keys.selector.AsymmetricPart;
import be.atbash.ee.security.octopus.nimbus.jose.crypto.bc.BouncyCastleProviderSingleton;
import be.atbash.ee.security.octopus.nimbus.jwk.JWKSet;
import be.atbash.util.PublicAPI;
import be.atbash.util.StringUtils;
import be.atbash.util.exception.AtbashUnexpectedException;
import be.atbash.util.resource.ResourceUtil;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.text.ParseException;
import java.util.Scanner;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;

@PublicAPI
@ApplicationScoped
/* loaded from: input_file:be/atbash/ee/security/octopus/keys/writer/KeyWriter.class */
public class KeyWriter {

    @Inject
    private JwtSupportConfiguration jwtSupportConfiguration;

    @Inject
    private KeyWriterFactory keyWriterFactory;

    @Inject
    private ResourceUtil resourceUtil;

    public void writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType, String str) {
        writeKeyResource(atbashKey, keyResourceType, str, null, null);
    }

    public void writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType, String str, char[] cArr) {
        writeKeyResource(atbashKey, keyResourceType, str, cArr, null);
    }

    public void writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType, String str, char[] cArr, char[] cArr2) {
        checkDependencies();
        try {
            switch (keyResourceType) {
                case JWK:
                    checkTargetFile(str, true);
                    writeFile(str, writeKeyAsJWK(atbashKey, cArr));
                    break;
                case JWKSET:
                    checkTargetFile(str, false);
                    writeFile(str, writeKeyAsJWKSet(atbashKey, loadExistingJWKSet(str)));
                    break;
                case PEM:
                    checkTargetFile(str, true);
                    writeFile(str, writeKeyAsPEM(atbashKey, cArr));
                    break;
                case KEYSTORE:
                    checkTargetFile(str, false);
                    writeFile(str, writeKeyAsKeyStore(atbashKey, cArr, cArr2, loadExistingKeyStore(str, cArr2)));
                    break;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    private byte[] writeKeyAsJWKSet(AtbashKey atbashKey, JWKSet jWKSet) {
        return this.keyWriterFactory.writeKeyAsJWKSet(atbashKey, new KeyEncoderParameters(jWKSet));
    }

    private JWKSet loadExistingJWKSet(String str) {
        JWKSet parse;
        InputStream inputStream = null;
        try {
            if (this.resourceUtil.resourceExists(str)) {
                inputStream = this.resourceUtil.getStream(str);
            }
            if (inputStream == null) {
                parse = new JWKSet();
            } else {
                try {
                    try {
                        parse = JWKSet.parse(new Scanner(inputStream).useDelimiter("\\Z").next());
                        try {
                            inputStream.close();
                        } catch (IOException e) {
                            throw new AtbashUnexpectedException(e);
                        }
                    } catch (ParseException e2) {
                        throw new AtbashUnexpectedException(e2);
                    }
                } catch (Throwable th) {
                    try {
                        inputStream.close();
                        throw th;
                    } catch (IOException e3) {
                        throw new AtbashUnexpectedException(e3);
                    }
                }
            }
            return parse;
        } catch (IOException e4) {
            throw new AtbashUnexpectedException(e4);
        }
    }

    private KeyStore loadExistingKeyStore(String str, char[] cArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(this.jwtSupportConfiguration.getKeyStoreType(), (Provider) BouncyCastleProviderSingleton.getInstance());
        if (this.resourceUtil.resourceExists(str)) {
            keyStore.load(this.resourceUtil.getStream(str), cArr);
        } else {
            keyStore.load(null, null);
        }
        return keyStore;
    }

    private void writeFile(String str, byte[] bArr) throws IOException {
        FileOutputStream fileOutputStream = new FileOutputStream(str);
        Throwable th = null;
        try {
            try {
                fileOutputStream.write(bArr);
                if (fileOutputStream != null) {
                    if (0 == 0) {
                        fileOutputStream.close();
                        return;
                    }
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (fileOutputStream != null) {
                if (th != null) {
                    try {
                        fileOutputStream.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    fileOutputStream.close();
                }
            }
            throw th4;
        }
    }

    public byte[] writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType) {
        return writeKeyResource(atbashKey, keyResourceType, (char[]) null, (char[]) null);
    }

    public byte[] writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType, char[] cArr) {
        return writeKeyResource(atbashKey, keyResourceType, cArr, (char[]) null);
    }

    public byte[] writeKeyResource(AtbashKey atbashKey, KeyResourceType keyResourceType, char[] cArr, char[] cArr2) {
        byte[] writeKeyAsKeyStore;
        checkDependencies();
        try {
            switch (keyResourceType) {
                case JWK:
                    writeKeyAsKeyStore = writeKeyAsJWK(atbashKey, cArr);
                    break;
                case JWKSET:
                    writeKeyAsKeyStore = writeKeyAsJWKSet(atbashKey, new JWKSet());
                    break;
                case PEM:
                    writeKeyAsKeyStore = writeKeyAsPEM(atbashKey, cArr);
                    break;
                case KEYSTORE:
                    KeyStore keyStore = KeyStore.getInstance(this.jwtSupportConfiguration.getKeyStoreType());
                    keyStore.load(null, null);
                    writeKeyAsKeyStore = writeKeyAsKeyStore(atbashKey, cArr, cArr2, keyStore);
                    break;
                default:
                    throw new IllegalArgumentException(String.format("Unsupported value for KeyResourceType : %s", keyResourceType));
            }
            return writeKeyAsKeyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new AtbashUnexpectedException(e);
        }
    }

    private byte[] writeKeyAsPEM(AtbashKey atbashKey, char[] cArr) throws IOException {
        if (this.jwtSupportConfiguration.getPemKeyEncryption() != PemKeyEncryption.NONE) {
            if ((this.jwtSupportConfiguration.getPemKeyEncryption() == PemKeyEncryption.PKCS1 && StringUtils.isEmpty(this.jwtSupportConfiguration.getPKCS1EncryptionAlgorithm())) ? false : true) {
                checkKeyPassword(atbashKey, cArr, MissingPasswordException.ObjectType.PEM);
            }
        }
        KeyEncoderParameters keyEncoderParameters = new KeyEncoderParameters(cArr);
        keyEncoderParameters.addValue(PemKeyEncryption.class, this.jwtSupportConfiguration.getPemKeyEncryption());
        keyEncoderParameters.addValue("PKCS1.encryption", this.jwtSupportConfiguration.getPKCS1EncryptionAlgorithm());
        return this.keyWriterFactory.writeKeyAsPEM(atbashKey, keyEncoderParameters);
    }

    private byte[] writeKeyAsKeyStore(AtbashKey atbashKey, char[] cArr, char[] cArr2, KeyStore keyStore) throws IOException {
        checkKeyPassword(atbashKey, cArr, MissingPasswordException.ObjectType.STORE);
        if (StringUtils.isEmpty(cArr2)) {
            throw new MissingPasswordException(MissingPasswordException.ObjectType.STORE, "A password for the keystore is required in order to save the key info");
        }
        return this.keyWriterFactory.writeKeyAsKeyStore(atbashKey, new KeyEncoderParameters(cArr, cArr2, keyStore));
    }

    private byte[] writeKeyAsJWK(AtbashKey atbashKey, char[] cArr) {
        if (this.jwtSupportConfiguration.isJWKEncrypted()) {
            checkKeyPassword(atbashKey, cArr, MissingPasswordException.ObjectType.ENCRYPTION);
        }
        return this.keyWriterFactory.writeKeyAsJWK(atbashKey, new KeyEncoderParameters(cArr));
    }

    private void checkTargetFile(String str, boolean z) {
        File file = new File(str);
        if (file.isDirectory()) {
            throw new KeyResourceLocationException(String.format("Location '%s' denotes a directory and must point to a file", str));
        }
        if (z && file.exists()) {
            throw new KeyResourceLocationException(String.format("File '%s' already exists and overwrite is not allowed for this key resource type", str));
        }
        boolean exists = file.exists();
        if (exists && !file.canWrite()) {
            throw new KeyResourceLocationException(String.format("File '%s' must be writable", str));
        }
        if (exists) {
            if (!file.canRead() || !file.canWrite()) {
                throw new KeyResourceLocationException(String.format("File '%s' must be readable and writable", str));
            }
        } else {
            File parentFile = file.getParentFile();
            if (!parentFile.exists() && !parentFile.mkdirs()) {
                throw new AtbashUnexpectedException(String.format("Directory %s could not be created", parentFile.getAbsolutePath()));
            }
        }
    }

    private void checkKeyPassword(AtbashKey atbashKey, char[] cArr, MissingPasswordException.ObjectType objectType) {
        if (atbashKey.getSecretKeyType().isAsymmetric() && atbashKey.getSecretKeyType().getAsymmetricPart() == AsymmetricPart.PRIVATE && StringUtils.isEmpty(cArr)) {
            throw new MissingPasswordException(objectType, "A passphrase is required in order to save the key info");
        }
    }

    private void checkDependencies() {
        if (this.keyWriterFactory == null) {
            this.keyWriterFactory = new KeyWriterFactory();
            this.keyWriterFactory.init();
            this.jwtSupportConfiguration = JwtSupportConfiguration.getInstance();
            this.resourceUtil = ResourceUtil.getInstance();
        }
    }
}
