package io.mosip.kernel.keymanager.hsm.impl.pkcs;

import io.mosip.kernel.core.keymanager.exception.KeystoreProcessingException;
import io.mosip.kernel.core.keymanager.exception.NoSuchSecurityProviderException;
import io.mosip.kernel.core.keymanager.model.CertificateParameters;
import io.mosip.kernel.core.keymanager.spi.KeyStore;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.keygenerator.bouncycastle.constant.KeyGeneratorExceptionConstant;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerConstant;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerErrorCode;
import io.mosip.kernel.keymanager.hsm.util.CertificateUtility;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.attribute.FileAttribute;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:io/mosip/kernel/keymanager/hsm/impl/pkcs/PKCS12KeyStoreImpl.class */
public class PKCS12KeyStoreImpl implements KeyStore {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(PKCS12KeyStoreImpl.class);
    private String p12FilePath;
    private String keystorePass;
    private String symmetricKeyAlgorithm;
    private int symmetricKeyLength;
    private String asymmetricKeyAlgorithm;
    private int asymmetricKeyLength;
    private String signAlgorithm;
    private java.security.KeyStore keyStore;
    private Provider provider = null;
    private char[] keystorePwdCharArr = null;
    private String keystoreType = KeymanagerConstant.KEYSTORE_TYPE_PKCS12;

    public PKCS12KeyStoreImpl(Map<String, String> map) throws Exception {
        this.p12FilePath = map.get(KeymanagerConstant.CONFIG_FILE_PATH);
        this.keystorePass = map.get(KeymanagerConstant.PKCS11_KEYSTORE_PASSWORD);
        this.symmetricKeyAlgorithm = map.get(KeymanagerConstant.SYM_KEY_ALGORITHM);
        this.symmetricKeyLength = Integer.valueOf(map.get(KeymanagerConstant.SYM_KEY_SIZE)).intValue();
        this.asymmetricKeyAlgorithm = map.get(KeymanagerConstant.ASYM_KEY_ALGORITHM);
        this.asymmetricKeyLength = Integer.valueOf(map.get(KeymanagerConstant.ASYM_KEY_SIZE)).intValue();
        this.signAlgorithm = map.get(KeymanagerConstant.CERT_SIGN_ALGORITHM);
        initKeystore();
    }

    private void initKeystore() {
        this.keystorePwdCharArr = getKeystorePwd();
        this.provider = setupProvider();
        addProvider(this.provider);
        this.keyStore = getKeystoreInstance(this.keystoreType, this.p12FilePath, this.provider);
    }

    private char[] getKeystorePwd() {
        if (this.keystorePass.trim().length() == 0) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.NOT_VALID_STORE_PASSWORD.getErrorCode(), KeymanagerErrorCode.NOT_VALID_STORE_PASSWORD.getErrorMessage());
        }
        return this.keystorePass.toCharArray();
    }

    private Provider setupProvider() {
        return new BouncyCastleProvider();
    }

    private void addProvider(Provider provider) {
        Security.removeProvider(provider.getName());
        if (-1 == Security.addProvider(provider)) {
            throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_SECURITY_PROVIDER.getErrorCode(), KeymanagerErrorCode.NO_SUCH_SECURITY_PROVIDER.getErrorMessage());
        }
    }

    private java.security.KeyStore getKeystoreInstance(String str, String str2, Provider provider) {
        try {
            java.security.KeyStore keyStore = java.security.KeyStore.getInstance(str);
            if (Files.exists(Paths.get(str2, new String[0]), new LinkOption[0])) {
                keyStore.load(new FileInputStream(str2), this.keystorePwdCharArr);
            } else {
                keyStore.load(null, this.keystorePwdCharArr);
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public List<String> getAllAlias() {
        try {
            return Collections.list(this.keyStore.aliases());
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public Key getKey(String str) {
        try {
            return this.keyStore.getKey(str, this.keystorePwdCharArr);
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public KeyStore.PrivateKeyEntry getAsymmetricKey(String str) {
        try {
            if (!this.keyStore.entryInstanceOf(str, KeyStore.PrivateKeyEntry.class)) {
                throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + str);
            }
            LOGGER.debug(io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant.SESSIONID, "KeyStoreImpl", "getAsymmetricKey", "alias is instanceof keystore");
            return (KeyStore.PrivateKeyEntry) this.keyStore.getEntry(str, getPasswordProtection());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public PrivateKey getPrivateKey(String str) {
        return getAsymmetricKey(str).getPrivateKey();
    }

    public PublicKey getPublicKey(String str) {
        return getAsymmetricKey(str).getCertificateChain()[0].getPublicKey();
    }

    /* renamed from: getCertificate, reason: merged with bridge method [inline-methods] */
    public X509Certificate m20getCertificate(String str) {
        return ((X509Certificate[]) getAsymmetricKey(str).getCertificateChain())[0];
    }

    public SecretKey getSymmetricKey(String str) {
        try {
            if (!this.keyStore.entryInstanceOf(str, KeyStore.SecretKeyEntry.class)) {
                throw new NoSuchSecurityProviderException(KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorCode(), KeymanagerErrorCode.NO_SUCH_ALIAS.getErrorMessage() + str);
            }
            return ((KeyStore.SecretKeyEntry) this.keyStore.getEntry(str, getPasswordProtection())).getSecretKey();
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public void deleteKey(String str) {
        try {
            this.keyStore.deleteEntry(str);
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public void setKeyStore(java.security.KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    public void generateAndStoreAsymmetricKey(String str, String str2, CertificateParameters certificateParameters) {
        KeyPair generateKeyPair;
        PrivateKey privateKey;
        X500Principal x500Principal = null;
        if (Objects.nonNull(str2)) {
            KeyStore.PrivateKeyEntry asymmetricKey = getAsymmetricKey(str2);
            privateKey = asymmetricKey.getPrivateKey();
            x500Principal = ((X509Certificate) asymmetricKey.getCertificate()).getSubjectX500Principal();
            generateKeyPair = generateKeyPair();
        } else {
            generateKeyPair = generateKeyPair();
            privateKey = generateKeyPair.getPrivate();
        }
        storeCertificate(str, new X509Certificate[]{CertificateUtility.generateX509Certificate(privateKey, generateKeyPair.getPublic(), certificateParameters, x500Principal, this.signAlgorithm, this.provider.getName())}, generateKeyPair.getPrivate());
    }

    private void storeCertificate(String str, Certificate[] certificateArr, PrivateKey privateKey) {
        try {
            this.keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, certificateArr), getPasswordProtection());
            storeKeyInFile();
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public void generateAndStoreSymmetricKey(String str) {
        try {
            this.keyStore.setEntry(str, new KeyStore.SecretKeyEntry(generateSymmetricKey()), getPasswordProtection());
            storeKeyInFile();
        } catch (KeyStoreException e) {
            e.printStackTrace();
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    private KeyPair generateKeyPair() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(this.asymmetricKeyAlgorithm);
            keyPairGenerator.initialize(this.asymmetricKeyLength, new SecureRandom());
            return keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException(KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorMessage(), e);
        }
    }

    private SecretKey generateSymmetricKey() {
        try {
            KeyGenerator keyGenerator = KeyGenerator.getInstance(this.symmetricKeyAlgorithm, this.provider);
            keyGenerator.init(this.symmetricKeyLength, new SecureRandom());
            return keyGenerator.generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new io.mosip.kernel.core.exception.NoSuchAlgorithmException(KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorCode(), KeyGeneratorExceptionConstant.MOSIP_NO_SUCH_ALGORITHM_EXCEPTION.getErrorMessage(), e);
        }
    }

    public void storeCertificate(String str, PrivateKey privateKey, Certificate certificate) {
        try {
            this.keyStore.setEntry(str, new KeyStore.PrivateKeyEntry(privateKey, new Certificate[]{certificate}), getPasswordProtection());
            storeKeyInFile();
        } catch (KeyStoreException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }

    public String getKeystoreProviderName() {
        if (Objects.nonNull(this.keyStore)) {
            return this.provider.getName();
        }
        throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_NOT_INSTANTIATED.getErrorCode(), KeymanagerErrorCode.KEYSTORE_NOT_INSTANTIATED.getErrorMessage());
    }

    private KeyStore.PasswordProtection getPasswordProtection() {
        if (this.keystorePwdCharArr == null) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.NOT_VALID_STORE_PASSWORD.getErrorCode(), KeymanagerErrorCode.NOT_VALID_STORE_PASSWORD.getErrorMessage());
        }
        return new KeyStore.PasswordProtection(this.keystorePwdCharArr);
    }

    private void storeKeyInFile() {
        try {
            Path parent = Paths.get(this.p12FilePath, new String[0]).getParent();
            if (parent != null && !Files.exists(parent, new LinkOption[0])) {
                Files.createDirectories(parent, new FileAttribute[0]);
            }
            FileOutputStream fileOutputStream = null;
            if (this.keyStore.getType().equals(KeymanagerConstant.KEYSTORE_TYPE_PKCS12)) {
                fileOutputStream = new FileOutputStream(this.p12FilePath);
            }
            this.keyStore.store(fileOutputStream, this.keystorePwdCharArr);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage(), e);
        }
    }
}
