package com.fortanix.sdkms.jce.provider;

import com.fortanix.sdkms.jce.provider.service.SDKMSLogger;
import com.fortanix.sdkms.jce.provider.service.SdkmsCertificate;
import com.fortanix.sdkms.jce.provider.service.SdkmsKeyService;
import com.fortanix.sdkms.jce.provider.util.ProviderConstants;
import com.fortanix.sdkms.v1.model.KeyObject;
import com.fortanix.sdkms.v1.model.ObjectType;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/fortanix/sdkms/jce/provider/SdkmsKeyStore.class */
public final class SdkmsKeyStore extends KeyStore {
    private static final String CERT_CHAIN_METADATA_PREFIX = "certificate";
    private static final SDKMSLogger LOGGER = new SDKMSLogger(LoggerFactory.getLogger(SdkmsKeyStore.class));
    private String groupId;

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException {
        LOGGER.debug("Loading keystore");
        if (cArr != null) {
            setGroupId(cArr);
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException {
        LOGGER.debug("Saving keystore. No keys are stored in keystore file");
        setGroupId(cArr);
        if (this.groupId != null) {
            outputStream.write(this.groupId.getBytes());
        } else {
            outputStream.write("no-local-data".getBytes());
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        LOGGER.debug("Get all aliases for keystore");
        return Collections.enumeration(getAllAlias());
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        LOGGER.debug("Get certificate chain for alias" + str + " in keystore");
        KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(str);
        if (securityObjectByName == null) {
            LOGGER.logAndRaiseProviderException("Invalid alias received in the request. Cannot retrieve alias : " + str + "  from sdkms", null);
        }
        if (securityObjectByName.getCustomMetadata() == null) {
            return new Certificate[0];
        }
        ArrayList<String> arrayList = new ArrayList(securityObjectByName.getCustomMetadata().keySet());
        Collections.sort(arrayList);
        ArrayList arrayList2 = new ArrayList();
        for (String str2 : arrayList) {
            if (str2.startsWith(CERT_CHAIN_METADATA_PREFIX)) {
                try {
                    KeyObject securityObjectByName2 = SdkmsKeyService.getSecurityObjectByName((String) securityObjectByName.getCustomMetadata().get(str2));
                    if (securityObjectByName2 != null) {
                        arrayList2.add(CertificateFactory.getInstance(ProviderConstants.X509_KEY_FORMAT, "SUN").generateCertificate(new ByteArrayInputStream(SdkmsKeyService.getKeyValue(securityObjectByName2.getKid()))));
                    }
                } catch (NoSuchProviderException | CertificateException e) {
                    LOGGER.logAndRaiseProviderException(e.getMessage(), e);
                }
            }
        }
        return (Certificate[]) arrayList2.toArray(new Certificate[arrayList2.size()]);
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        LOGGER.debug("Get creation date for alias" + str + " in keystore");
        try {
            return new SimpleDateFormat("yyyyMMdd'T'HHmmss'Z'").parse(SdkmsKeyService.getSecurityObjectByName(str).getCreatedAt());
        } catch (ParseException e) {
            LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            return null;
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        LOGGER.debug("Get key for alias" + str + " in keystore");
        setGroupId(cArr);
        try {
            return SdkmsKeyService.getKeyFromKeyObject(SdkmsKeyService.getSecurityObjectByName(str), false);
        } catch (InvalidKeyException e) {
            LOGGER.logAndRaiseProviderException(e.getMessage(), e);
            return null;
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        LOGGER.debug("Add key for alias" + str + " in keystore");
        setGroupId(cArr);
        if (!(key instanceof SdkmsKey)) {
            importKey(key, certificateArr, str);
            return;
        }
        HashMap hashMap = null;
        if (certificateArr != null) {
            hashMap = new HashMap();
            for (int i = 0; i < certificateArr.length; i++) {
                hashMap.put(CERT_CHAIN_METADATA_PREFIX + i, SdkmsCertificate.importCertificate(certificateArr[i], str + "-certificate-" + i, this.groupId).getName());
            }
        }
        if (((SdkmsKey) key).getKeyDescriptor().getTransientKey() != null) {
            SdkmsKeyService.persistKey(key, str, hashMap);
            return;
        }
        KeyObject keyObject = SdkmsKeyService.getKeyObject(((SdkmsKey) key).getKeyDescriptor());
        if (this.groupId != null && !this.groupId.isEmpty() && !keyObject.getGroupId().equalsIgnoreCase(this.groupId)) {
            LOGGER.logAndRaiseProviderException("GroupId for key and GroupId provided in password does not match", null);
        }
        SdkmsKeyService.updateKey(SdkmsKeyService.getKeyDescriptor(keyObject), str, hashMap);
    }

    private void importKey(Key key, Certificate[] certificateArr, String str) {
        LOGGER.debug("Importing key into SDKMS");
        if (key instanceof PrivateKey) {
            try {
                KeyFactory.getInstance(key.getAlgorithm(), Configuration.getInstance().getProviderName()).generatePrivate(new SecurityObjectKeySpec(new PKCS8EncodedKeySpec(key.getEncoded()), this.groupId, str));
                return;
            } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e) {
                LOGGER.logAndRaiseProviderException(e.getMessage(), e);
                return;
            }
        }
        try {
            SecretKeyFactory.getInstance(key.getAlgorithm(), Configuration.getInstance().getProviderName()).generateSecret(new SecurityObjectKeySpec(new SecretKeySpec(key.getEncoded(), key.getAlgorithm()), this.groupId, str));
        } catch (NoSuchAlgorithmException | NoSuchProviderException | InvalidKeySpecException e2) {
            LOGGER.logAndRaiseProviderException(e2.getMessage(), e2);
        }
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        LOGGER.debug("Deleting entry" + str + " from keystore");
        KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(str);
        if (securityObjectByName == null) {
            LOGGER.logAndRaiseProviderException("No entry present for alias : " + str + "  in sdkms", null);
        }
        if (securityObjectByName.getCustomMetadata() != null) {
            ArrayList arrayList = new ArrayList(securityObjectByName.getCustomMetadata().values());
            int i = 0;
            for (int i2 = 0; i2 < arrayList.size(); i2++) {
                KeyObject securityObjectByName2 = SdkmsKeyService.getSecurityObjectByName((String) arrayList.get(i2));
                if (securityObjectByName2 != null) {
                    try {
                        SdkmsKeyService.deleteKey(securityObjectByName2.getKid());
                    } catch (Exception e) {
                        i++;
                        LOGGER.warn("Ignoring certificate deletion failure in SDKMS: " + ((String) arrayList.get(i2)), e);
                    }
                }
            }
            if (i > 0) {
                LOGGER.logAndRaiseProviderException("Certificate Chain deletion failed", null);
            }
        }
        SdkmsKeyService.deleteKey(securityObjectByName.getKid());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        LOGGER.debug("Contains check for alias " + str + " in keystore");
        return getAllAlias().contains(str);
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public int engineSize() {
        LOGGER.debug("Get size of the keystore");
        return getAllAlias().size();
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        LOGGER.debug("Is key check for alias " + str + " in keystore");
        KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(str);
        return (securityObjectByName == null || securityObjectByName.getObjType().equals(ObjectType.OPAQUE) || securityObjectByName.getObjType().equals(ObjectType.CERTIFICATE)) ? false : true;
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        LOGGER.debug("Is certificate check for alias " + str + " in keystore");
        KeyObject securityObjectByName = SdkmsKeyService.getSecurityObjectByName(str);
        if (securityObjectByName == null) {
            return false;
        }
        return securityObjectByName.getObjType().equals(ObjectType.OPAQUE) || securityObjectByName.getObjType().equals(ObjectType.CERTIFICATE);
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        LOGGER.debug("Get alias for certificate in keystore. This just returns null.");
        return null;
    }

    private List<String> getAllAlias() {
        List<KeyObject> keys = SdkmsKeyService.getKeys(null, this.groupId, null);
        ArrayList arrayList = new ArrayList();
        Iterator<KeyObject> it = keys.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getName());
        }
        return arrayList;
    }

    @Override // com.fortanix.sdkms.jce.provider.KeyStore, java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        LOGGER.debug("Add certificate with alias " + str + " to keystore");
        try {
            super.setCertificateEntry(str, certificate, this.groupId);
        } catch (KeyStoreException e) {
            LOGGER.logAndRaiseProviderException("Failed to set certificate in keystore", e);
        }
    }

    private void setGroupId(char[] cArr) {
        if (cArr != null) {
            this.groupId = String.valueOf(cArr);
            if (ProviderConstants.VALID_GROUPID_LENGTH.contains(Integer.valueOf(this.groupId.length()))) {
                return;
            }
            this.groupId = null;
        }
    }
}
