package ch.admin.bj.swiyu.didtoolbox.securosys.primus;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintStream;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Properties;
import lombok.Generated;

/* loaded from: input_file:ch/admin/bj/swiyu/didtoolbox/securosys/primus/PrimusKeyStoreLoader.class */
public class PrimusKeyStoreLoader {
    public static final String PROVIDER_CLASS = "com.securosys.primus.jce.PrimusProvider";
    private static final String KEY_STORE_TYPE_GETTER = "getKeyStoreTypeName";
    private static final String PROVIDER_NAME_GETTER = "getProviderName";
    private final KeyStore keyStore;

    /* loaded from: input_file:ch/admin/bj/swiyu/didtoolbox/securosys/primus/PrimusKeyStoreLoader$SecurosysPrimusEnvironment.class */
    public enum SecurosysPrimusEnvironment {
        SECUROSYS_PRIMUS_HOST,
        SECUROSYS_PRIMUS_PORT,
        SECUROSYS_PRIMUS_USER,
        SECUROSYS_PRIMUS_PASSWORD;

        static InputStream toStream(String str, int i, String str2, String str3) {
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            new PrintStream(byteArrayOutputStream).println(SECUROSYS_PRIMUS_HOST.toCredentialFileLine(str) + SECUROSYS_PRIMUS_PORT.toCredentialFileLine(Integer.toString(i)) + SECUROSYS_PRIMUS_USER.toCredentialFileLine(str2) + SECUROSYS_PRIMUS_PASSWORD.toCredentialFileLine(str3));
            return new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
        }

        private String toProperty() {
            return name().toLowerCase();
        }

        private String toCredentialFileLine(String str) {
            if (this == SECUROSYS_PRIMUS_HOST) {
                return "com.securosys.primus.jce.credentials.host=" + str + System.lineSeparator();
            }
            if (this == SECUROSYS_PRIMUS_PORT) {
                return "com.securosys.primus.jce.credentials.port=" + str + System.lineSeparator();
            }
            if (this == SECUROSYS_PRIMUS_USER) {
                return "com.securosys.primus.jce.credentials.user=" + str + System.lineSeparator();
            }
            if (this == SECUROSYS_PRIMUS_PASSWORD) {
                return "com.securosys.primus.jce.credentials.password=" + str + System.lineSeparator();
            }
            throw new RuntimeException("The envvar " + name() + " is not required as credential for a Securosys Primus Key Store.");
        }
    }

    public PrimusKeyStoreLoader() throws PrimusKeyStoreInitializationException {
        try {
            Class<?> cls = Class.forName(PROVIDER_CLASS);
            Provider provider = (Provider) cls.getDeclaredConstructor(new Class[0]).newInstance(new Object[0]);
            Security.addProvider(provider);
            this.keyStore = KeyStore.getInstance((String) cls.getDeclaredMethod(KEY_STORE_TYPE_GETTER, new Class[0]).invoke(provider, new Object[0]), (String) cls.getDeclaredMethod(PROVIDER_NAME_GETTER, new Class[0]).invoke(provider, new Object[0]));
        } catch (Exception e) {
            throw new PrimusKeyStoreInitializationException("Failed to initialize Securosys Primus Key Store. Ensure the required lib/primusX-java[8|11].jar libraries exist on the system", e);
        }
    }

    public PrimusKeyStoreLoader(File file) throws CertificateException, IOException, NoSuchAlgorithmException, PrimusKeyStoreInitializationException {
        this();
        Properties properties = null;
        if (file != null) {
            properties = new Properties();
            properties.load(new FileInputStream(file));
        }
        String str = System.getenv(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_HOST.name());
        if (str == null && properties != null) {
            str = properties.getProperty(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_HOST.toProperty());
        }
        if (str == null) {
            throw new IOException("Securosys Primus HSM host cannot be resolved. You may supply it either via property file or by setting the relevant system environment variable: " + SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_HOST.name());
        }
        String str2 = System.getenv(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PORT.name());
        if (str2 == null && properties != null) {
            str2 = properties.getProperty(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PORT.toProperty());
        }
        short s = -1;
        if (str2 != null) {
            try {
                s = Short.parseShort(str2);
            } catch (NumberFormatException e) {
                throw new IOException("Securosys Primus HSM port is invalid.");
            }
        }
        if (s < 0) {
            throw new IOException("Securosys Primus HSM port cannot be resolved. You may supply it either via property file or by setting the relevant system environment variable: " + SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PORT.name());
        }
        String str3 = System.getenv(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_USER.name());
        if (str3 == null && properties != null) {
            str3 = properties.getProperty(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_USER.toProperty());
        }
        if (str3 == null) {
            throw new IOException("Securosys Primus HSM user cannot be resolved. You may supply it either via property file or by setting the relevant system environment variable: " + SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_USER.name());
        }
        String str4 = System.getenv(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PASSWORD.name());
        if (str4 == null && properties != null) {
            str4 = properties.getProperty(SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PASSWORD.toProperty());
        }
        if (str4 == null) {
            throw new IOException("Securosys Primus HSM password cannot be resolved. You may supply it either via property file or by setting the relevant system environment variable: " + SecurosysPrimusEnvironment.SECUROSYS_PRIMUS_PASSWORD.name());
        }
        this.keyStore.load(SecurosysPrimusEnvironment.toStream(str, s, str3, str4), null);
    }

    public PrimusKeyStoreLoader(String str, int i, String str2, String str3) throws CertificateException, IOException, NoSuchAlgorithmException, PrimusKeyStoreInitializationException {
        this();
        this.keyStore.load(SecurosysPrimusEnvironment.toStream(str, i, str2, str3), null);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyPair loadKeyPair(String str, String str2) throws UnrecoverableEntryException, KeyStoreException, NoSuchAlgorithmException, KeyException {
        KeyStore keyStore = getKeyStore();
        if (!keyStore.isKeyEntry(str)) {
            throw new KeyException("The alias does not exist or does not identify a key-related entry: " + str);
        }
        PrivateKey privateKey = str2 != null ? (PrivateKey) keyStore.getKey(str, str2.toCharArray()) : (PrivateKey) keyStore.getKey(str, null);
        if (privateKey == null) {
            throw new KeyException("The alias does not exist or does not identify a key-related entry: " + str);
        }
        Certificate certificate = keyStore.getCertificate(str);
        if (certificate == null) {
            throw new KeyException("The alias does not exist or does not contain a certificate: " + str);
        }
        certificate.getPublicKey();
        return new KeyPair((PublicKey) KeyFactory.getInstance("EC", keyStore.getProvider()).translateKey(certificate.getPublicKey()), privateKey);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Generated
    public KeyStore getKeyStore() {
        return this.keyStore;
    }
}
