package de.governikus.panstar.sdk.utils.crypto;

import de.governikus.panstar.sdk.utils.constant.Common;
import de.governikus.panstar.sdk.utils.exception.InvalidCertificateException;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/panstar/sdk/utils/crypto/KeystoreLoader.class */
public class KeystoreLoader {
    private static final Logger LOG = LoggerFactory.getLogger(KeystoreLoader.class);
    public static final String PKCS_12 = "PKCS12";
    public static final String JKS = "JKS";

    public static KeyStore loadKeystore(String str, String str2, String str3) {
        try {
            try {
                InputStream openStream = constructURL(str).openStream();
                try {
                    KeyStore keyStore = KeyStore.getInstance(str2);
                    keyStore.load(openStream, str3.toCharArray());
                    if (openStream != null) {
                        openStream.close();
                    }
                    return keyStore;
                } catch (Throwable th) {
                    if (openStream != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException | CertificateException e) {
                LOG.debug("Can not load key store from path {}", str, e);
                LOG.debug("No key store for path {} loaded. Key store is null", str);
                return null;
            }
        } catch (KeyStoreException e2) {
            LOG.debug("Can not get a key store from instance {}", str2, e2);
            LOG.debug("No key store for path {} loaded. Key store is null", str);
            return null;
        } catch (NoSuchAlgorithmException e3) {
            LOG.debug("Can not load key store from path {}. Algorithm is unknown", str, e3);
            LOG.debug("No key store for path {} loaded. Key store is null", str);
            return null;
        }
    }

    public static Optional<KeyStore> loadKeystore(InputStream inputStream, String str, String str2) {
        try {
            try {
                try {
                    KeyStore keyStore = KeyStore.getInstance(str);
                    keyStore.load(inputStream, str2.toCharArray());
                    Optional<KeyStore> of = Optional.of(keyStore);
                    if (inputStream != null) {
                        inputStream.close();
                    }
                    return of;
                } catch (IOException | CertificateException e) {
                    LOG.debug("Can not load key store from inputStream", e);
                    LOG.debug("No key store for inputStream loaded.");
                    return Optional.empty();
                }
            } catch (Throwable th) {
                if (inputStream != null) {
                    try {
                        inputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (KeyStoreException e2) {
            LOG.debug("Can not get a key store from instance {}", str, e2);
            LOG.debug("No key store for inputStream loaded.");
            return Optional.empty();
        } catch (NoSuchAlgorithmException e3) {
            LOG.debug("Can not load key store from inputStream. Algorithm is unknown", e3);
            LOG.debug("No key store for inputStream loaded.");
            return Optional.empty();
        }
    }

    public static PrivateKey loadKey(String str, String str2, String str3, String str4, String str5) {
        KeyStore loadKeystore = loadKeystore(str, str2, str3);
        if (loadKeystore == null) {
            return null;
        }
        try {
            return (PrivateKey) loadKeystore.getKey(str4, str5.toCharArray());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            LOG.debug("Can not load key {} from keystore", str4, e);
            return null;
        }
    }

    public static PrivateKey loadPrivateKey(byte[] bArr, String str) throws InvalidKeySpecException, NoSuchAlgorithmException {
        return KeyFactory.getInstance(str, Common.BOUNCY_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    public static X509Certificate loadX509Certificate(byte[] bArr) throws InvalidCertificateException {
        if (bArr == null) {
            throw new InvalidCertificateException("Certificate bytes are null", null);
        }
        return loadX509Certificate(new ByteArrayInputStream(bArr));
    }

    public static X509Certificate loadX509Certificate(InputStream inputStream) throws InvalidCertificateException {
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(inputStream);
                if (inputStream != null) {
                    inputStream.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException e) {
            throw new InvalidCertificateException("Can not read input stream from inputstream", e);
        } catch (CertificateException e2) {
            throw new InvalidCertificateException("Can not generate certificate from inputstream", e2);
        }
    }

    public static X509Certificate loadX509Certificate(String str) {
        try {
            InputStream openStream = constructURL(str).openStream();
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(openStream);
                if (openStream != null) {
                    openStream.close();
                }
                return x509Certificate;
            } finally {
            }
        } catch (IOException e) {
            LOG.debug("Can not read input stream from path {}", str, e);
            LOG.debug("No certificate for path {} loaded. Certificate is null", str);
            return null;
        } catch (CertificateException e2) {
            LOG.debug("Can not generate certificate from path {}", str, e2);
            LOG.debug("No certificate for path {} loaded. Certificate is null", str);
            return null;
        }
    }

    public static Optional<X509Certificate> loadX509Certificate(String str, String str2, String str3, String str4) {
        KeyStore loadKeystore = loadKeystore(str, str2, str3);
        if (loadKeystore == null) {
            return Optional.empty();
        }
        try {
            return Optional.ofNullable((X509Certificate) loadKeystore.getCertificate(str4));
        } catch (KeyStoreException e) {
            LOG.debug("Can not load key {} from keystore", str4, e);
            return Optional.empty();
        }
    }

    public static Optional<KeyPair> loadKeyPairFromKeyStore(KeyStore keyStore, String str, String str2) {
        if (keyStore == null) {
            LOG.debug("Key store cannot be null");
            return Optional.empty();
        }
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                LOG.debug("Cannot load certificate from key store. No certificate with alias {} present in key store", str);
                return Optional.empty();
            }
            Key key = keyStore.getKey(str, str2 == null ? null : str2.toCharArray());
            if (key == null) {
                LOG.debug("Cannot load key from key store. No key entry with alias {} present in key store", str);
                return Optional.empty();
            }
            LOG.debug("Key pair with alias {} successfully loaded from key store", str);
            return Optional.of(new KeyPair(certificate.getPublicKey(), (PrivateKey) key));
        } catch (KeyStoreException e) {
            LOG.debug("Keystore has not been initialized (loaded). Cannot load key pair from key store", e);
            return Optional.empty();
        } catch (NoSuchAlgorithmException e2) {
            LOG.debug("Algorithm for recovering the key cannot be found", e2);
            return Optional.empty();
        } catch (UnrecoverableKeyException e3) {
            LOG.debug("Key cannot be recovered", e3);
            return Optional.empty();
        }
    }

    private static URL constructURL(String str) throws MalformedURLException {
        return str.startsWith("classpath:") ? ClassLoader.getSystemResource(str.substring(10)) : new URL(str);
    }

    private KeystoreLoader() {
    }
}
