package de.adorsys.multibanking.encrypt;

import com.nimbusds.jose.jwk.JWKSet;
import de.adorsys.multibanking.domain.KeyStoreEntity;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import javax.crypto.BadPaddingException;
import javax.security.auth.callback.CallbackHandler;
import org.adorsys.encobject.domain.keystore.KeystoreData;
import org.adorsys.encobject.service.MissingKeyAlgorithmException;
import org.adorsys.encobject.service.MissingKeystoreAlgorithmException;
import org.adorsys.encobject.service.MissingKeystoreProviderException;
import org.adorsys.encobject.service.WrongKeystoreCredentialException;
import org.adorsys.envutils.EnvProperties;
import org.adorsys.jkeygen.keystore.PasswordCallbackUtils;
import org.adorsys.jkeygen.pwd.PasswordCallbackHandler;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;

/* loaded from: input_file:de/adorsys/multibanking/encrypt/KeyStoreUtils.class */
public class KeyStoreUtils {
    public static JWKSet loadPrivateKeys(KeyStoreEntity keyStoreEntity) {
        String envOrSysProp = EnvProperties.getEnvOrSysProp("SERVER_KEYSTORE_NAME", "multibanking-service-keystore");
        String envOrSysProp2 = EnvProperties.getEnvOrSysProp("keystore.password", true);
        if (StringUtils.isBlank(envOrSysProp2)) {
            throw new IllegalStateException("Missing environment property keystore.password");
        }
        char[] charArray = envOrSysProp2.toCharArray();
        try {
            return exportPrivateKeys(initKeystore(KeystoreData.parseFrom(keyStoreEntity.getEncData()), envOrSysProp, new PasswordCallbackHandler(charArray)), charArray);
        } catch (CertificateException | WrongKeystoreCredentialException | MissingKeystoreAlgorithmException | MissingKeystoreProviderException | MissingKeyAlgorithmException | IOException e) {
            throw new IllegalStateException(e);
        }
    }

    private static JWKSet exportPrivateKeys(KeyStore keyStore, char[] cArr) {
        try {
            return JWKSet.load(keyStore, str -> {
                return cArr;
            });
        } catch (KeyStoreException e) {
            throw new IllegalStateException(e);
        }
    }

    private static KeyStore initKeystore(KeystoreData keystoreData, String str, CallbackHandler callbackHandler) throws WrongKeystoreCredentialException, MissingKeystoreAlgorithmException, MissingKeystoreProviderException, MissingKeyAlgorithmException, CertificateException, IOException {
        try {
            return loadKeyStore(new ByteArrayInputStream(keystoreData.getKeystore().toByteArray()), str, keystoreData.getType(), callbackHandler);
        } catch (KeyStoreException e) {
            if (e.getCause() != null) {
                Throwable cause = e.getCause();
                if (cause instanceof NoSuchAlgorithmException) {
                    throw new MissingKeystoreAlgorithmException(cause.getMessage(), cause);
                }
                if (cause instanceof NoSuchProviderException) {
                    throw new MissingKeystoreProviderException(cause.getMessage(), cause);
                }
            }
            throw new IllegalStateException("Unidentified keystore exception", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new MissingKeyAlgorithmException(e2.getMessage(), e2);
        } catch (UnrecoverableKeyException e3) {
            throw new WrongKeystoreCredentialException(e3);
        }
    }

    private static KeyStore loadKeyStore(InputStream inputStream, String str, String str2, CallbackHandler callbackHandler) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException, IOException {
        if (StringUtils.isBlank(str2)) {
            str2 = "UBER";
        }
        KeyStore keyStore = KeyStore.getInstance(str2, (Provider) new BouncyCastleProvider());
        try {
            keyStore.load(inputStream, PasswordCallbackUtils.getPassword(callbackHandler, str));
            return keyStore;
        } catch (IOException e) {
            if (e.getCause() != null && (e.getCause() instanceof UnrecoverableKeyException)) {
                throw ((UnrecoverableKeyException) e.getCause());
            }
            if (e.getCause() == null || !(e.getCause() instanceof BadPaddingException)) {
                throw e;
            }
            throw new UnrecoverableKeyException(e.getMessage());
        }
    }
}
