package uk.ac.ceh.components.tokengeneration.stateless;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;

/* loaded from: input_file:uk/ac/ceh/components/tokengeneration/stateless/StatelessTokenKeystoreManager.class */
public class StatelessTokenKeystoreManager implements StatelessTokenKeyContainer {
    private static final char[] DEFAULT_KEYSTORE_PASSWORD = "changeit".toCharArray();
    private static final String DEFAULT_MAC_ALIAS = "token-hmac";
    private static final String DEFAULT_KEY_ALIAS = "token-key";
    private static final String DEFAULT_KEYSTORE_TYPE = "JCEKS";
    private final File keyFile;
    private final char[] password;
    private final String hmacAlias;
    private final String keyAlias;
    private SecretKey key;
    private SecretKey hmac;

    public StatelessTokenKeystoreManager(File file) throws StatelessTokenKeystoreManagerException {
        this(file, DEFAULT_KEYSTORE_PASSWORD, DEFAULT_MAC_ALIAS, DEFAULT_KEY_ALIAS);
    }

    public StatelessTokenKeystoreManager(File file, char[] cArr) throws StatelessTokenKeystoreManagerException {
        this(file, cArr, DEFAULT_MAC_ALIAS, DEFAULT_KEY_ALIAS);
    }

    public StatelessTokenKeystoreManager(File file, char[] cArr, String str, String str2) throws StatelessTokenKeystoreManagerException {
        this.keyFile = file;
        this.password = cArr;
        this.hmacAlias = str;
        this.keyAlias = str2;
        generateKeys();
        if (readStoredKeys()) {
            return;
        }
        saveKeys();
    }

    @Override // uk.ac.ceh.components.tokengeneration.stateless.StatelessTokenKeyContainer
    public SecretKey getHMacKey() {
        return this.hmac;
    }

    @Override // uk.ac.ceh.components.tokengeneration.stateless.StatelessTokenKeyContainer
    public SecretKey getKey() {
        return this.key;
    }

    public final void generateKeys() throws StatelessTokenKeystoreManagerException {
        try {
            this.key = KeyGenerator.getInstance("AES").generateKey();
            this.hmac = KeyGenerator.getInstance("HmacSHA256").generateKey();
        } catch (NoSuchAlgorithmException e) {
            throw new StatelessTokenKeystoreManagerException(e);
        }
    }

    public final void saveKeys() throws StatelessTokenKeystoreManagerException {
        KeyStore loadKeyStore = loadKeyStore();
        KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.password);
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.keyFile);
            Throwable th = null;
            try {
                try {
                    loadKeyStore.setEntry(this.keyAlias, new KeyStore.SecretKeyEntry(this.key), passwordProtection);
                    loadKeyStore.setEntry(this.hmacAlias, new KeyStore.SecretKeyEntry(this.hmac), passwordProtection);
                    loadKeyStore.store(fileOutputStream, this.password);
                    if (fileOutputStream != null) {
                        if (0 != 0) {
                            try {
                                fileOutputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileOutputStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new StatelessTokenKeystoreManagerException(e);
        }
    }

    public final boolean readStoredKeys() throws StatelessTokenKeystoreManagerException {
        try {
            KeyStore loadKeyStore = loadKeyStore();
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.password);
            KeyStore.Entry entry = loadKeyStore.getEntry(this.hmacAlias, passwordProtection);
            KeyStore.Entry entry2 = loadKeyStore.getEntry(this.keyAlias, passwordProtection);
            if (entry != null) {
                this.hmac = ((KeyStore.SecretKeyEntry) entry).getSecretKey();
            }
            if (entry2 != null) {
                this.key = ((KeyStore.SecretKeyEntry) entry2).getSecretKey();
            }
            return (entry2 == null && entry == null) ? false : true;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException e) {
            throw new StatelessTokenKeystoreManagerException(e);
        }
    }

    private KeyStore loadKeyStore() throws StatelessTokenKeystoreManagerException {
        try {
            KeyStore keyStore = KeyStore.getInstance(DEFAULT_KEYSTORE_TYPE);
            if (this.keyFile.exists()) {
                FileInputStream fileInputStream = new FileInputStream(this.keyFile);
                Throwable th = null;
                try {
                    keyStore.load(fileInputStream, this.password);
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } finally {
                }
            } else {
                keyStore.load(null, this.password);
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new StatelessTokenKeystoreManagerException(e);
        }
    }
}
