package de.governikus.panstar.sdk.utils.crypto;

import de.governikus.panstar.sdk.utils.constant.Common;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Optional;
import org.apache.commons.lang3.ArrayUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/panstar/sdk/utils/crypto/KeystoreLoader.class */
public class KeystoreLoader {
    private static final Logger LOG = LoggerFactory.getLogger(KeystoreLoader.class);
    public static final String PKCS_12 = "PKCS12";
    public static final String JKS = "JKS";

    private KeystoreLoader() {
    }

    public static Optional<KeyStore> loadKeystore(String str, String str2, String str3) {
        try {
            try {
                InputStream openStream = constructURL(str).openStream();
                try {
                    KeyStore keyStore = KeyStore.getInstance(str2);
                    keyStore.load(openStream, str3.toCharArray());
                    Optional<KeyStore> of = Optional.of(keyStore);
                    if (openStream != null) {
                        openStream.close();
                    }
                    return of;
                } catch (Throwable th) {
                    if (openStream != null) {
                        try {
                            openStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            } catch (IOException | CertificateException e) {
                LOG.debug("Can not load key store from path {}", str, e);
                LOG.debug("No key store for path {} loaded. Key store is null", str);
                return Optional.empty();
            }
        } catch (KeyStoreException e2) {
            LOG.debug("Can not get a key store from instance {}", str2, e2);
            LOG.debug("No key store for path {} loaded. Key store is null", str);
            return Optional.empty();
        } catch (NoSuchAlgorithmException e3) {
            LOG.debug("Can not load key store from path {}. Algorithm is unknown", str, e3);
            LOG.debug("No key store for path {} loaded. Key store is null", str);
            return Optional.empty();
        }
    }

    public static Optional<KeyStore> loadKeystore(InputStream inputStream, String str, String str2) {
        try {
            try {
                if (inputStream != null) {
                    try {
                        if (inputStream.available() != 0) {
                            KeyStore keyStore = KeyStore.getInstance(str);
                            keyStore.load(inputStream, str2.toCharArray());
                            Optional<KeyStore> of = Optional.of(keyStore);
                            if (inputStream != null) {
                                inputStream.close();
                            }
                            return of;
                        }
                    } catch (Throwable th) {
                        if (inputStream != null) {
                            try {
                                inputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                }
                LOG.debug("Can not load key store from inputStream. InputStream is null.");
                Optional<KeyStore> empty = Optional.empty();
                if (inputStream != null) {
                    inputStream.close();
                }
                return empty;
            } catch (IOException | CertificateException e) {
                LOG.debug("Can not load key store from inputStream", e);
                LOG.debug("No key store for inputStream loaded.");
                return Optional.empty();
            }
        } catch (KeyStoreException e2) {
            LOG.debug("Can not get a key store from instance {}", str, e2);
        } catch (NoSuchAlgorithmException e3) {
            LOG.debug("Can not load key store from inputStream. Algorithm is unknown", e3);
        }
    }

    public static Optional<PrivateKey> loadPrivateKeyFromKeystore(String str, String str2, String str3, String str4, String str5) {
        return loadPrivateKeyInternal(str4, str5, loadKeystore(str, str2, str3));
    }

    public static Optional<PrivateKey> loadPrivateKeyFromKeystore(InputStream inputStream, String str, String str2, String str3, String str4) {
        return loadPrivateKeyInternal(str3, str4, loadKeystore(inputStream, str, str2));
    }

    private static Optional<PrivateKey> loadPrivateKeyInternal(String str, String str2, Optional<KeyStore> optional) {
        if (optional.isEmpty()) {
            return Optional.empty();
        }
        try {
            return Optional.ofNullable((PrivateKey) optional.get().getKey(str, str2.toCharArray()));
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            LOG.debug("Can not load key {} from keystore", str, e);
            return Optional.empty();
        }
    }

    public static Optional<X509Certificate> loadX509CertificateFromKeystore(String str, String str2, String str3, String str4) {
        return loadX509CertificateInternal(str4, loadKeystore(str, str2, str3));
    }

    public static Optional<X509Certificate> loadX509CertificateFromKeystore(InputStream inputStream, String str, String str2, String str3) {
        return loadX509CertificateInternal(str3, loadKeystore(inputStream, str, str2));
    }

    private static Optional<X509Certificate> loadX509CertificateInternal(String str, Optional<KeyStore> optional) {
        if (optional.isEmpty()) {
            return Optional.empty();
        }
        try {
            return Optional.ofNullable((X509Certificate) optional.get().getCertificate(str));
        } catch (KeyStoreException e) {
            LOG.debug("Can not load certificate {} from keystore", str, e);
            return Optional.empty();
        }
    }

    public static Optional<KeyPair> loadKeyPairFromKeyStore(KeyStore keyStore, String str, String str2) {
        if (keyStore == null) {
            LOG.debug("Key store cannot be null");
            return Optional.empty();
        }
        try {
            Certificate certificate = keyStore.getCertificate(str);
            if (certificate == null) {
                LOG.debug("Cannot load certificate from key store. No certificate with alias {} present in key store", str);
                return Optional.empty();
            }
            Key key = keyStore.getKey(str, str2 == null ? null : str2.toCharArray());
            if (key == null) {
                LOG.debug("Cannot load key from key store. No key entry with alias {} present in key store", str);
                return Optional.empty();
            }
            LOG.debug("Key pair with alias {} successfully loaded from key store", str);
            return Optional.of(new KeyPair(certificate.getPublicKey(), (PrivateKey) key));
        } catch (KeyStoreException e) {
            LOG.debug("Keystore has not been initialized (loaded). Cannot load key pair from key store", e);
            return Optional.empty();
        } catch (NoSuchAlgorithmException e2) {
            LOG.debug("Algorithm for recovering the key cannot be found", e2);
            return Optional.empty();
        } catch (UnrecoverableKeyException e3) {
            LOG.debug("Key cannot be recovered", e3);
            return Optional.empty();
        }
    }

    public static Optional<PrivateKey> loadPrivateKey(byte[] bArr, String str) {
        try {
            return Optional.of(KeyFactory.getInstance(str, Common.BOUNCY_PROVIDER).generatePrivate(new PKCS8EncodedKeySpec(bArr)));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            LOG.debug("Key cannot be loaded", e);
            return Optional.empty();
        }
    }

    public static Optional<X509Certificate> loadX509Certificate(byte[] bArr) {
        if (!ArrayUtils.isEmpty(bArr)) {
            return loadX509Certificate(new ByteArrayInputStream(bArr));
        }
        LOG.debug("Certificate bytes cannot be null");
        return Optional.empty();
    }

    public static Optional<X509Certificate> loadX509Certificate(InputStream inputStream) {
        try {
            if (inputStream != null) {
                try {
                    if (inputStream.available() != 0) {
                        Optional<X509Certificate> of = Optional.of((X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(inputStream));
                        if (inputStream != null) {
                            inputStream.close();
                        }
                        return of;
                    }
                } finally {
                }
            }
            LOG.debug("Can not generate certificate from input stream. Input stream is empty");
            Optional<X509Certificate> empty = Optional.empty();
            if (inputStream != null) {
                inputStream.close();
            }
            return empty;
        } catch (IOException e) {
            LOG.debug("Can not read input stream from input stream", e);
            return Optional.empty();
        } catch (CertificateException e2) {
            LOG.debug("Can not generate certificate from input stream", e2);
            return Optional.empty();
        }
    }

    public static Optional<X509Certificate> loadX509Certificate(String str) {
        try {
            InputStream openStream = constructURL(str).openStream();
            try {
                Optional<X509Certificate> of = Optional.of((X509Certificate) CertificateFactory.getInstance("X509", Common.BOUNCY_PROVIDER).generateCertificate(openStream));
                if (openStream != null) {
                    openStream.close();
                }
                return of;
            } catch (Throwable th) {
                if (openStream != null) {
                    try {
                        openStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            LOG.debug("Can not read input stream from path {}", str, e);
            LOG.debug("No certificate for path {} loaded. Certificate is null", str);
            return Optional.empty();
        } catch (CertificateException e2) {
            LOG.debug("Can not generate certificate from path {}", str, e2);
            LOG.debug("No certificate for path {} loaded. Certificate is null", str);
            return Optional.empty();
        }
    }

    private static URL constructURL(String str) throws MalformedURLException {
        return str.startsWith("classpath:") ? ClassLoader.getSystemResource(str.substring(10)) : new URL(str);
    }
}
