package org.starchartlabs.lockdown;

import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.Security;
import java.util.Arrays;
import java.util.Objects;
import java.util.Optional;
import java.util.Properties;
import java.util.function.BiConsumer;
import org.bouncycastle.crypto.InvalidCipherTextException;
import org.bouncycastle.crypto.encodings.PKCS1Encoding;
import org.bouncycastle.crypto.engines.RSAEngine;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.util.PrivateKeyFactory;
import org.bouncycastle.crypto.util.PublicKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.util.encoders.Base64;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/starchartlabs/lockdown/CredentialStore.class */
public class CredentialStore {
    private static final Logger logger = LoggerFactory.getLogger(CredentialStore.class);
    private static final String PKCS_1_PUBLIC_TYPE = "RSA PUBLIC KEY";
    private static final String PKCS_1_PRIVATE_TYPE = "RSA PRIVATE KEY";
    private final Path credentialFile;

    private CredentialStore(Path path) {
        Objects.requireNonNull(path);
        Security.addProvider(new BouncyCastleProvider());
        this.credentialFile = path;
    }

    public void addOrUpdateCredentials(String str, String str2, char[] cArr, Path path) throws IOException, InvalidCipherTextException {
        OutputStream newOutputStream;
        Throwable th;
        Objects.requireNonNull(str);
        Objects.requireNonNull(str2);
        Objects.requireNonNull(cArr);
        Objects.requireNonNull(path);
        String str3 = new String(Base64.encode(encrypt(getCombinedCredentials(str2, cArr), readAndDecodeKey(path, PKCS_1_PUBLIC_TYPE))));
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(this.credentialFile, StandardOpenOption.READ);
        Throwable th2 = null;
        try {
            try {
                properties.load(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                properties.setProperty(str, str3);
                newOutputStream = Files.newOutputStream(this.credentialFile, new OpenOption[0]);
                th = null;
            } finally {
            }
            try {
                try {
                    properties.store(newOutputStream, (String) null);
                    if (newOutputStream != null) {
                        if (0 != 0) {
                            try {
                                newOutputStream.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            newOutputStream.close();
                        }
                    }
                    logger.info("Credentials added for lookup key {}", str);
                } finally {
                }
            } catch (Throwable th5) {
                if (newOutputStream != null) {
                    if (th != null) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th6) {
                            th.addSuppressed(th6);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (newInputStream != null) {
                if (th2 != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th8) {
                        th2.addSuppressed(th8);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th7;
        }
    }

    public void deleteCredentials(String str) throws IOException {
        OutputStream newOutputStream;
        Throwable th;
        Objects.requireNonNull(str);
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(this.credentialFile, StandardOpenOption.READ);
        Throwable th2 = null;
        try {
            try {
                properties.load(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                properties.remove(str);
                newOutputStream = Files.newOutputStream(this.credentialFile, new OpenOption[0]);
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    properties.store(newOutputStream, (String) null);
                    if (newOutputStream != null) {
                        if (0 == 0) {
                            newOutputStream.close();
                            return;
                        }
                        try {
                            newOutputStream.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } catch (Throwable th7) {
                if (newOutputStream != null) {
                    if (th != null) {
                        try {
                            newOutputStream.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        newOutputStream.close();
                    }
                }
                throw th7;
            }
        } catch (Throwable th9) {
            if (newInputStream != null) {
                if (th2 != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th9;
        }
    }

    public void accessCredentials(String str, Path path, BiConsumer<String, char[]> biConsumer) throws IOException, InvalidCipherTextException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(path);
        Objects.requireNonNull(biConsumer);
        Properties properties = new Properties();
        InputStream newInputStream = Files.newInputStream(this.credentialFile, StandardOpenOption.READ);
        Throwable th = null;
        try {
            try {
                properties.load(newInputStream);
                if (newInputStream != null) {
                    if (0 != 0) {
                        try {
                            newInputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        newInputStream.close();
                    }
                }
                String property = properties.getProperty(str);
                if (property == null) {
                    throw new IllegalArgumentException("No credentials stored with lookupKey " + str);
                }
                processExtractedCredentials(decrypt(Base64.decode(property.getBytes()), readAndDecodeKey(path, PKCS_1_PRIVATE_TYPE)), biConsumer);
            } finally {
            }
        } catch (Throwable th3) {
            if (newInputStream != null) {
                if (th != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    newInputStream.close();
                }
            }
            throw th3;
        }
    }

    public static CredentialStore loadOrCreate(Path path) throws IOException {
        if (!path.toFile().exists() && !path.toFile().createNewFile()) {
            logger.warn("File.exists() check did not match upon creation at location {}", path.toUri());
        }
        return new CredentialStore(path);
    }

    public static CredentialStore load(Path path) throws FileNotFoundException {
        if (path.toFile().exists()) {
            return new CredentialStore(path);
        }
        throw new FileNotFoundException("Credential file does not exist at " + path.toUri().toString());
    }

    private String getCombinedCredentials(String str, char[] cArr) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(cArr);
        return new String(Base64.encode(str.getBytes())) + ':' + new String(Base64.encode(new String(cArr).getBytes()));
    }

    private void processExtractedCredentials(String str, BiConsumer<String, char[]> biConsumer) {
        Objects.requireNonNull(str);
        Objects.requireNonNull(biConsumer);
        String[] split = str.split(":");
        if (split.length != 2) {
            throw new IllegalArgumentException("Encrypted credentials not of expected form");
        }
        String str2 = split[0];
        String str3 = split[1];
        String str4 = new String(Base64.decode(str2.getBytes()));
        char[] charArray = new String(Base64.decode(str3.getBytes())).toCharArray();
        try {
            biConsumer.accept(str4, charArray);
            Arrays.fill(charArray, (char) 0);
        } catch (Throwable th) {
            Arrays.fill(charArray, (char) 0);
            throw th;
        }
    }

    private byte[] encrypt(String str, byte[] bArr) throws IOException, InvalidCipherTextException {
        Objects.requireNonNull(str);
        Objects.requireNonNull(bArr);
        AsymmetricKeyParameter createKey = PublicKeyFactory.createKey(bArr);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSAEngine());
        pKCS1Encoding.init(true, createKey);
        byte[] bytes = str.getBytes();
        return pKCS1Encoding.processBlock(bytes, 0, bytes.length);
    }

    private String decrypt(byte[] bArr, byte[] bArr2) throws IOException, InvalidCipherTextException {
        Objects.requireNonNull(bArr);
        Objects.requireNonNull(bArr2);
        AsymmetricKeyParameter createKey = PrivateKeyFactory.createKey(bArr2);
        PKCS1Encoding pKCS1Encoding = new PKCS1Encoding(new RSAEngine());
        pKCS1Encoding.init(false, createKey);
        return new String(pKCS1Encoding.processBlock(bArr, 0, bArr.length));
    }

    private byte[] readAndDecodeKey(Path path, String str) throws IOException {
        Objects.requireNonNull(path);
        PemReader pemReader = new PemReader(Files.newBufferedReader(path));
        Throwable th = null;
        try {
            PemObject pemObject = (PemObject) Optional.ofNullable(pemReader.readPemObject()).orElseThrow(() -> {
                return new IllegalArgumentException("Invalid key provided - Only PEM (PKCS1 format) is supported");
            });
            if (!Objects.equals(str, pemObject.getType())) {
                throw new IllegalArgumentException("Invalid key provided - Only PEM (PKCS1 format) is supported. (Found header: " + pemObject.getType() + ")");
            }
            byte[] content = pemObject.getContent();
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    pemReader.close();
                }
            }
            return content;
        } catch (Throwable th3) {
            if (pemReader != null) {
                if (0 != 0) {
                    try {
                        pemReader.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    pemReader.close();
                }
            }
            throw th3;
        }
    }
}
