package net.maritimeconnectivity.pki;

import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import net.maritimeconnectivity.pki.exception.PKIRuntimeException;
import net.maritimeconnectivity.pki.pkcs11.P11PKIConfiguration;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/maritimeconnectivity/pki/KeystoreHandler.class */
public class KeystoreHandler {
    private static final Logger log = LoggerFactory.getLogger(KeystoreHandler.class);
    private final PKIConfiguration pkiConfiguration;

    public KeystoreHandler(PKIConfiguration pKIConfiguration) {
        this.pkiConfiguration = pKIConfiguration;
        Security.addProvider(new BouncyCastleProvider());
    }

    public KeyStore.PrivateKeyEntry getSigningCertEntry(String str) {
        if (this.pkiConfiguration instanceof P11PKIConfiguration) {
            P11PKIConfiguration p11PKIConfiguration = (P11PKIConfiguration) this.pkiConfiguration;
            try {
                KeyStore keyStore = KeyStore.getInstance(PKIConstants.PKCS11, p11PKIConfiguration.getProvider());
                keyStore.load(null, p11PKIConfiguration.getPkcs11Pin());
                return (KeyStore.PrivateKeyEntry) keyStore.getEntry(str, null);
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                log.error("Could not open PKCS#11 keystore");
                p11PKIConfiguration.providerLogout();
                throw new PKIRuntimeException(e.getMessage(), e);
            } catch (KeyStoreException e2) {
                log.error("Could not create PKCS#11 keystore");
                p11PKIConfiguration.providerLogout();
                throw new PKIRuntimeException(e2.getMessage(), e2);
            } catch (UnrecoverableEntryException e3) {
                log.error("Could not get CA entry from PKCS#11 keystore");
                p11PKIConfiguration.providerLogout();
                throw new PKIRuntimeException(e3.getMessage(), e3);
            }
        }
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.pkiConfiguration.getSubCaKeystorePath());
                try {
                    KeyStore keyStore2 = KeyStore.getInstance(PKIConstants.KEYSTORE_TYPE);
                    keyStore2.load(fileInputStream, this.pkiConfiguration.getSubCaKeystorePassword().toCharArray());
                    KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) keyStore2.getEntry(str, new KeyStore.PasswordProtection(this.pkiConfiguration.getSubCaKeyPassword().toCharArray()));
                    fileInputStream.close();
                    return privateKeyEntry;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (FileNotFoundException e4) {
                log.error("Could not open CA keystore", e4);
                throw new PKIRuntimeException(e4.getMessage(), e4);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e5) {
            log.error("Could not get CA entry", e5);
            throw new PKIRuntimeException(e5.getMessage(), e5);
        }
    }

    public Certificate getMCPCertificate(String str) {
        log.debug(this.pkiConfiguration.getTruststorePath());
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.pkiConfiguration.getTruststorePath());
                try {
                    KeyStore keyStore = KeyStore.getInstance(PKIConstants.KEYSTORE_TYPE);
                    keyStore.load(fileInputStream, this.pkiConfiguration.getTruststorePassword().toCharArray());
                    Certificate certificate = keyStore.getCertificate(str);
                    fileInputStream.close();
                    return certificate;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (FileNotFoundException e) {
                log.error("Could not open truststore", e);
                throw new PKIRuntimeException(e.getMessage(), e);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            log.error("Could not load CA certificate", e2);
            throw new PKIRuntimeException(e2.getMessage(), e2);
        }
    }

    public KeyStore getTrustStore() {
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(this.pkiConfiguration.getTruststorePath());
                try {
                    KeyStore keyStore = KeyStore.getInstance(PKIConstants.KEYSTORE_TYPE);
                    keyStore.load(fileInputStream, this.pkiConfiguration.getTruststorePassword().toCharArray());
                    fileInputStream.close();
                    return keyStore;
                } catch (Throwable th) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                log.error("Could not load truststore", e);
                throw new PKIRuntimeException(e.getMessage(), e);
            }
        } catch (FileNotFoundException e2) {
            log.error("Could not open truststore", e2);
            throw new PKIRuntimeException(e2.getMessage(), e2);
        }
    }

    public PublicKey getPubKey(String str) {
        return getMCPCertificate(str).getPublicKey();
    }
}
