package io.mosip.kernel.keymanager.hsm.impl.pkcs;

import io.mosip.kernel.core.keymanager.exception.KeystoreProcessingException;
import io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException;
import io.mosip.kernel.core.keymanager.model.CertificateParameters;
import io.mosip.kernel.core.keymanager.spi.KeyStore;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.keygenerator.bouncycastle.constant.KeyGeneratorExceptionConstant;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerConstant;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerErrorCode;
import io.mosip.kernel.keymanager.hsm.util.CertificateUtility;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import java.io.IOException;
import java.security.InvalidParameterException;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.ProviderException;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.concurrent.ConcurrentHashMap;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;

/* loaded from: input_file:io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS11KeyStoreImpl.class */
public class PKCS11KeyStoreImpl implements KeyStore {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(PKCS11KeyStoreImpl.class);
    private String configPath;
    private String keystorePass;
    private String symmetricKeyAlgorithm;
    private int symmetricKeyLength;
    private String asymmetricKeyAlgorithm;
    private int asymmetricKeyLength;
    private String signAlgorithm;
    private boolean enableKeyReferenceCache;
    private Map<String, KeyStore.PrivateKeyEntry> privateKeyReferenceCache;
    private Map<String, SecretKey> secretKeyReferenceCache;
    private java.security.KeyStore keyStore;
    private LocalDateTime lastProviderLoadedTime;
    private static final int PROVIDER_ALLOWED_RELOAD_INTERVEL_IN_SECONDS = 60;
    private static final int NO_OF_RETRIES = 3;
    private Provider provider = null;
    private char[] keystorePwdCharArr = null;
    private String keystoreType = KeymanagerConstant.KEYSTORE_TYPE_PKCS11;

    public PKCS11KeyStoreImpl(Map<String, String> map) throws Exception {
        this.configPath = map.get(KeymanagerConstant.CONFIG_FILE_PATH);
        this.keystorePass = map.get(KeymanagerConstant.PKCS11_KEYSTORE_PASSWORD);
        this.symmetricKeyAlgorithm = map.get(KeymanagerConstant.SYM_KEY_ALGORITHM);
        this.symmetricKeyLength = Integer.valueOf(map.get(KeymanagerConstant.SYM_KEY_SIZE)).intValue();
        this.asymmetricKeyAlgorithm = map.get(KeymanagerConstant.ASYM_KEY_ALGORITHM);
        this.asymmetricKeyLength = Integer.valueOf(map.get(KeymanagerConstant.ASYM_KEY_SIZE)).intValue();
        this.signAlgorithm = map.get(KeymanagerConstant.CERT_SIGN_ALGORITHM);
        this.enableKeyReferenceCache = Boolean.parseBoolean(map.get(KeymanagerConstant.FLAG_KEY_REF_CACHE));
        initKeystore();
    }

    private void initKeystore() {
        initKeyReferenceCache();
        this.keystorePwdCharArr = getKeystorePwd();
        this.provider = setupProvider(this.configPath);
        addProvider(this.provider);
        this.keyStore = getKeystoreInstance(this.keystoreType, this.provider);
        this.lastProviderLoadedTime = DateUtils.getUTCCurrentDateTime();
    }

    private char[] getKeystorePwd() {
        if (this.keystorePass.trim().length() == 0) {
            return null;
        }
        return this.keystorePass.toCharArray();
    }

    private synchronized Provider setupProvider(String str) {
        try {
            Provider provider = Security.getProvider(KeymanagerConstant.SUN_PKCS11_PROVIDER);
            if (provider == null) {
                throw new ProviderException("SunPKCS11 provider not found");
            }
            return provider.configure(str);
        } catch (InvalidParameterException | ProviderException e) {
            throw new NoSuchSecurityProviderException(KeymanagerErrorCode.INVALID_CONFIG_FILE.getErrorCode(), KeymanagerErrorCode.INVALID_CONFIG_FILE.getErrorMessage(), e);
        }
    }

    private void addProvider(Provider provider) {
        Security.removeProvider(provider.getName());
        if (-1 == Security.addProvider(provider)) {
            throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_SECURITY_PROVIDER.getErrorCode(), KeymanagerErrorCode.NO_SUCH_SECURITY_PROVIDER.getErrorMessage());
        }
    }

    private java.security.KeyStore getKeystoreInstance(String str, Provider provider) {
        try {
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance(str, provider);
            keyStore.load(null, this.keystorePwdCharArr);
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public List<String> getAllAlias() {
        try {
            return Collections.list(this.keyStore.aliases());
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public Key getKey(String str) {
        try {
            return this.keyStore.getKey(str, this.keystorePwdCharArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x00dd  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x010a  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public java.security.KeyStore.PrivateKeyEntry getAsymmetricKey(java.lang.String r7) {
        /*
            Method dump skipped, instructions count: 274
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.getAsymmetricKey(java.lang.String):java.security.KeyStore$PrivateKeyEntry");
    }

    private synchronized void reloadProvider() {
        LOGGER.info(io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.SESSIONID, "KeyStoreImpl", "KeyStoreImpl", "reloading provider");
        if (DateUtils.getUTCCurrentDateTime().isBefore(this.lastProviderLoadedTime.plusSeconds(60L))) {
            LOGGER.warn(io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.SESSIONID, "KeyStoreImpl", "reloadProvider", "Last time successful reload done on " + this.lastProviderLoadedTime.toString() + ", so reloading not done before interval of 60 sec");
            return;
        }
        String str = null;
        if (Objects.nonNull(this.provider)) {
            str = this.provider.getName();
        }
        this.provider = setupProvider(this.configPath);
        if (str != null) {
            Security.removeProvider(str);
        }
        addProvider(this.provider);
        this.keyStore = getKeystoreInstance(this.keystoreType, this.provider);
        this.lastProviderLoadedTime = DateUtils.getUTCCurrentDateTime();
    }

    public PrivateKey getPrivateKey(String str) {
        return getAsymmetricKey(str).getPrivateKey();
    }

    public PublicKey getPublicKey(String str) {
        return getAsymmetricKey(str).getCertificateChain()[0].getPublicKey();
    }

    /* renamed from: getCertificate, reason: merged with bridge method [inline-methods] */
    public X509Certificate m18getCertificate(String str) {
        return ((X509Certificate[]) getAsymmetricKey(str).getCertificateChain())[0];
    }

    /* JADX WARN: Removed duplicated region for block: B:22:0x00d4  */
    /* JADX WARN: Removed duplicated region for block: B:24:0x0101  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public javax.crypto.SecretKey getSymmetricKey(java.lang.String r7) {
        /*
            Method dump skipped, instructions count: 265
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.getSymmetricKey(java.lang.String):javax.crypto.SecretKey");
    }

    public void deleteKey(String str) {
        try {
            this.keyStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    private void storeCertificate(String str, Certificate[] certificateArr, PrivateKey privateKey) {
        try {
            this.keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, certificateArr), getPasswordProtection());
            this.keyStore.store(null, this.keystorePwdCharArr);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public void generateAndStoreAsymmetricKey(String str, String str2, CertificateParameters certificateParameters) {
        KeyPair generateKeyPair;
        PrivateKey privateKey;
        X500Principal x500Principal = null;
        if (Objects.nonNull(str2)) {
            KeyStore.PrivateKeyEntry asymmetricKey = getAsymmetricKey(str2);
            privateKey = asymmetricKey.getPrivateKey();
            x500Principal = ((X509Certificate) asymmetricKey.getCertificate()).getSubjectX500Principal();
            generateKeyPair = generateKeyPair();
        } else {
            generateKeyPair = generateKeyPair();
            privateKey = generateKeyPair.getPrivate();
        }
        storeCertificate(str, new X509Certificate[]{CertificateUtility.generateX509Certificate(privateKey, generateKeyPair.getPublic(), certificateParameters, x500Principal, this.signAlgorithm, this.provider.getName())}, generateKeyPair.getPrivate());
    }

    public void generateAndStoreSymmetricKey(String str) {
        try {
            this.keyStore.setEntry(str, new KeyStore.SecretKeyEntry(generateSymmetricKey()), getPasswordProtection());
            this.keyStore.store(null, this.keystorePwdCharArr);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    private KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.asymmetricKeyAlgorithm, this.provider);
            keyPairGenerator.initialize(this.asymmetricKeyLength, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException(KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorMessage(), e);
        }
    }

    private SecretKey generateSymmetricKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.symmetricKeyAlgorithm, this.provider);
            keyGenerator.init(this.symmetricKeyLength, new SecureRandom());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException(KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorMessage(), e);
        }
    }

    public void storeCertificate(String str, PrivateKey privateKey, Certificate certificate) {
        try {
            this.keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate}), getPasswordProtection());
            this.keyStore.store(null, this.keystorePwdCharArr);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public String getKeystoreProviderName() {
        if (Objects.nonNull(this.keyStore)) {
            return this.keyStore.getProvider().getName();
        }
        throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_NOT_INSTANTIATED.getErrorCode(), KeymanagerErrorCode.KEYSTORE_NOT_INSTANTIATED.getErrorMessage());
    }

    private KeyStore.PasswordProtection getPasswordProtection() {
        if (this.keystorePwdCharArr == null) {
            return null;
        }
        return new KeyStore.PasswordProtection(this.keystorePwdCharArr);
    }

    private void initKeyReferenceCache() {
        if (this.enableKeyReferenceCache) {
            this.privateKeyReferenceCache = new ConcurrentHashMap();
            this.secretKeyReferenceCache = new ConcurrentHashMap();
        }
    }

    private void addPrivateKeyEntryToCache(String str, KeyStore.PrivateKeyEntry privateKeyEntry) {
        if (this.enableKeyReferenceCache) {
            LOGGER.debug(io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.SESSIONID, "KeyStoreImpl", "addPrivateKeyEntryToCache", "Adding private key reference to map for alias " + str);
            this.privateKeyReferenceCache.put(str, privateKeyEntry);
        }
    }

    private KeyStore.PrivateKeyEntry getPrivateKeyEntryFromCache(String str) {
        if (this.enableKeyReferenceCache) {
            return this.privateKeyReferenceCache.get(str);
        }
        return null;
    }

    private void addSecretKeyToCache(String str, SecretKey secretKey) {
        if (this.enableKeyReferenceCache) {
            LOGGER.debug(io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.SESSIONID, "KeyStoreImpl", "addSecretKeyToCache", "Adding secretKey reference to map for alias " + str);
            this.secretKeyReferenceCache.put(str, secretKey);
        }
    }

    private SecretKey getSecretKeyFromCache(String str) {
        if (this.enableKeyReferenceCache) {
            return this.secretKeyReferenceCache.get(str);
        }
        return null;
    }
}
