package code.ponfee.commons.jce.security;

import code.ponfee.commons.jce.Providers;
import code.ponfee.commons.jce.cert.X509CertUtils;
import code.ponfee.commons.jce.digest.DigestUtils;
import code.ponfee.commons.util.SecureRandoms;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.SecureRandom;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

/* loaded from: input_file:code/ponfee/commons/jce/security/KeyStoreResolver.class */
public class KeyStoreResolver {
    private static final SecureRandom SECURE_RANDOM = new SecureRandom(SecureRandoms.generateSeed(20));
    private final KeyStore keyStore;

    /* loaded from: input_file:code/ponfee/commons/jce/security/KeyStoreResolver$KeyStoreType.class */
    public enum KeyStoreType {
        JKS,
        PKCS12
    }

    public KeyStoreResolver(KeyStoreType keyStoreType) {
        this(keyStoreType, null);
    }

    public KeyStoreResolver(KeyStoreType keyStoreType, String str) {
        this(keyStoreType, (InputStream) null, str);
    }

    public KeyStoreResolver(KeyStoreType keyStoreType, byte[] bArr, String str) {
        this(keyStoreType, new ByteArrayInputStream(bArr), str);
    }

    public KeyStoreResolver(KeyStoreType keyStoreType, InputStream inputStream, String str) {
        this.keyStore = Providers.getKeyStore(keyStoreType.name());
        Throwable th = null;
        try {
            try {
                this.keyStore.load(inputStream, toCharArray(str));
                if (inputStream != null) {
                    if (0 != 0) {
                        try {
                            inputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        inputStream.close();
                    }
                }
            } finally {
            }
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public void setCertificateEntry(String str, Certificate certificate) {
        try {
            checkAliasNotExists(str);
            this.keyStore.setCertificateEntry(str, certificate);
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public final void setKeyEntry(String str, PrivateKey privateKey, String str2, Certificate[] certificateArr) {
        try {
            checkAliasNotExists(str);
            this.keyStore.setKeyEntry(str, privateKey, str2.toCharArray(), certificateArr);
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public final void setKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
        try {
            checkAliasNotExists(str);
            this.keyStore.setKeyEntry(str, bArr, certificateArr);
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public byte[] export(String str) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        export(byteArrayOutputStream, str);
        return byteArrayOutputStream.toByteArray();
    }

    public void export(OutputStream outputStream, String str) {
        try {
            this.keyStore.store(outputStream, toCharArray(str));
            outputStream.flush();
        } catch (Exception e) {
            throw new SecurityException(e);
        }
    }

    public List<String> listAlias() {
        try {
            ArrayList arrayList = new ArrayList();
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                arrayList.add(aliases.nextElement());
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public void delAlias(String str) {
        try {
            if (this.keyStore.containsAlias(str)) {
                this.keyStore.deleteEntry(str);
            }
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public String getFirstAlias() {
        try {
            return this.keyStore.aliases().nextElement();
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public Certificate getCertificate() {
        return getCertificate(getFirstAlias());
    }

    public Certificate getCertificate(String str) {
        try {
            return this.keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public PrivateKey getPrivateKey(String str) {
        return getPrivateKey(getFirstAlias(), str);
    }

    public PrivateKey getPrivateKey(String str, String str2) {
        try {
            if (this.keyStore.isKeyEntry(str)) {
                return (PrivateKey) this.keyStore.getKey(str, toCharArray(str2));
            }
            throw new SecurityException("alias[" + str + "] is not key entry.");
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new SecurityException(e);
        } catch (UnrecoverableKeyException e2) {
            throw new SecurityException("invalid key password: " + str2, e2);
        }
    }

    public X509Certificate[] getX509CertChain() {
        return getX509CertChain(getFirstAlias());
    }

    public X509Certificate[] getX509CertChain(String str) {
        try {
            if (!this.keyStore.isKeyEntry(str)) {
                throw new SecurityException("alias[" + str + "] is not key entry.");
            }
            Certificate[] certificateChain = this.keyStore.getCertificateChain(str);
            X509Certificate[] x509CertificateArr = new X509Certificate[certificateChain.length];
            for (int i = 0; i < certificateChain.length; i++) {
                x509CertificateArr[i] = (X509Certificate) certificateChain[i];
            }
            return x509CertificateArr;
        } catch (KeyStoreException e) {
            throw new SecurityException(e);
        }
    }

    public SSLContext getSSLContext(String str) {
        return getSSLContext(str, null);
    }

    public SSLContext getSSLContext(String str, KeyStore keyStore) {
        TrustManager[] trustManagerArr = null;
        if (keyStore != null) {
            try {
                TrustManagerFactory trustManagerFactory = Providers.getTrustManagerFactory("SunX509");
                trustManagerFactory.init(keyStore);
                trustManagerArr = trustManagerFactory.getTrustManagers();
            } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                throw new SecurityException(e);
            }
        }
        KeyManagerFactory keyManagerFactory = Providers.getKeyManagerFactory("SunX509");
        keyManagerFactory.init(this.keyStore, toCharArray(str));
        SSLContext sSLContext = Providers.getSSLContext("TLS");
        sSLContext.init(keyManagerFactory.getKeyManagers(), trustManagerArr, SECURE_RANDOM);
        return sSLContext;
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public static KeyStoreResolver loadFromPem(String str) {
        KeyStoreResolver keyStoreResolver = new KeyStoreResolver(KeyStoreType.JKS);
        keyStoreResolver.setCertificateEntry(DigestUtils.md5Hex(str), X509CertUtils.loadPemCert(str));
        return keyStoreResolver;
    }

    private void checkAliasNotExists(String str) throws KeyStoreException {
        if (this.keyStore.containsAlias(str)) {
            throw new SecurityException("alias[" + str + "] is exists.");
        }
    }

    private static char[] toCharArray(String str) {
        if (null == str || str.length() == 0) {
            return null;
        }
        return str.toCharArray();
    }
}
