package com.ca.apim.gateway.cagatewayconfig.util.keystore;

import com.ca.apim.gateway.cagatewayconfig.beans.PrivateKey;
import com.google.common.annotations.VisibleForTesting;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Base64;
import java.util.Collection;
import javax.inject.Singleton;
import org.apache.commons.lang3.RandomStringUtils;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.jetbrains.annotations.NotNull;

@Singleton
/* loaded from: input_file:com/ca/apim/gateway/cagatewayconfig/util/keystore/KeystoreHelper.class */
public class KeystoreHelper {
    private static final SecureRandom RANDOM = new SecureRandom();
    private final char[] keystorePassword = Base64.getEncoder().encodeToString(RandomStringUtils.random(64, 0, 0, true, true, (char[]) null, RANDOM).getBytes(StandardCharsets.UTF_8)).toCharArray();

    @VisibleForTesting
    public KeystoreHelper() {
    }

    @VisibleForTesting
    public byte[] createKeyStore(Collection<PrivateKey> collection) {
        return collection.isEmpty() ? new byte[0] : toBytes(createKeyStoreInstance(collection));
    }

    @VisibleForTesting
    byte[] toBytes(KeyStore keyStore) {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        try {
            keyStore.store(byteArrayOutputStream, this.keystorePassword);
            return byteArrayOutputStream.toByteArray();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreCreationException("Error saving Key Store", e);
        }
    }

    @VisibleForTesting
    KeyStore createKeyStoreInstance(Collection<PrivateKey> collection) {
        Security.insertProviderAt(new BouncyCastleProvider(), 1);
        try {
            KeyStore loadKeyStore = loadKeyStore(null, this.keystorePassword);
            collection.forEach(privateKey -> {
                storeKey(loadKeyStore, privateKey);
            });
            return loadKeyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreCreationException("Error creating default key store", e);
        }
    }

    @VisibleForTesting
    KeyStore loadKeyStore(InputStream inputStream, char[] cArr) throws CertificateException, NoSuchAlgorithmException, IOException, KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance(getKeyStoreType());
        keyStore.load(inputStream, cArr);
        return keyStore;
    }

    @VisibleForTesting
    void storeKey(KeyStore keyStore, PrivateKey privateKey) {
        KeyStore loadKeyStore = loadKeyStore(privateKey);
        try {
            keyStore.setKeyEntry(privateKey.getAlias(), getKeyFromKeyStore(privateKey, loadKeyStore), this.keystorePassword, loadCertificatesForPrivateKey(privateKey, loadKeyStore));
        } catch (KeyStoreException e) {
            throw new KeyStoreCreationException("Error adding Private Key '" + privateKey.getAlias() + "' to Key Store", e);
        }
    }

    @NotNull
    private Key getKeyFromKeyStore(PrivateKey privateKey, KeyStore keyStore) {
        try {
            Key key = keyStore.getKey(privateKey.getAlias(), privateKey.getKeyPassword().toCharArray());
            if (key == null) {
                throw new KeyStoreCreationException("Key with alias '" + privateKey.getAlias() + "' not found in the p12 file");
            }
            return key;
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KeyStoreCreationException("Error loading key " + privateKey.getAlias() + " from KeyStore p12 file", e);
        }
    }

    public Certificate[] loadCertificatesForPrivateKey(PrivateKey privateKey, KeyStore keyStore) {
        try {
            return keyStore.getCertificateChain(privateKey.getAlias());
        } catch (KeyStoreException e) {
            throw new KeyStoreCreationException("Error loading certificate chain for key " + privateKey.getAlias() + " from KeyStore p12 file", e);
        }
    }

    public KeyStore loadKeyStore(PrivateKey privateKey) {
        try {
            InputStream withIO = privateKey.getPrivateKeyFile().getWithIO();
            Throwable th = null;
            try {
                try {
                    KeyStore loadKeyStore = loadKeyStore(withIO, privateKey.getKeyPassword().toCharArray());
                    if (withIO != null) {
                        if (0 != 0) {
                            try {
                                withIO.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            withIO.close();
                        }
                    }
                    return loadKeyStore;
                } finally {
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreCreationException("Error loading Key file for '" + privateKey.getAlias() + "'", e);
        }
    }

    @NotNull
    public char[] getKeystorePassword() {
        return this.keystorePassword;
    }

    @NotNull
    public String getKeyStoreType() {
        return "PKCS12";
    }
}
