package br.com.fiorilli.webpki;

import br.com.fiorilli.webpki.Constants;
import br.com.fiorilli.webpki.model.Certificate;
import br.com.fiorilli.webpki.model.CertificateRequest;
import br.com.fiorilli.webpki.model.CommandMessage;
import br.com.fiorilli.webpki.util.CertUtils;
import br.com.fiorilli.webpki.util.LogUtils;
import br.com.fiorilli.webpki.util.OSUtils;
import iaik.pkcs.pkcs11.InitializeArgs;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.Notify;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Slot;
import iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.nio.file.DirectoryStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardCopyOption;
import java.nio.file.attribute.FileAttribute;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Base64;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.slf4j.Logger;

/* loaded from: input_file:br/com/fiorilli/webpki/PKCSKeyStore.class */
public class PKCSKeyStore {
    private Logger log;
    private boolean fileKeyStore;
    private KeyStore keyStore;
    private List<String> drivers;

    /* loaded from: input_file:br/com/fiorilli/webpki/PKCSKeyStore$KeyStoreType.class */
    public enum KeyStoreType {
        PKCS11,
        PKCS12
    }

    public PKCSKeyStore(CommandMessage commandMessage) {
        try {
            this.log = LogUtils.getInstance().getLogger();
            this.drivers = commandMessage.getDrivers();
            CertificateRequest certificate = commandMessage.getRequest().getCertificate();
            if (certificate == null || (certificate.getContent() == null && certificate.getPath() == null)) {
                if (OSUtils.isWindows()) {
                    this.keyStore = KeyStore.getInstance(Constants.KeyStore.WINDOWS_USER, Constants.KeyStore.WINDOWS_MSCAPI_PROVIDER);
                    this.keyStore.load(null, null);
                } else {
                    checkDirectoriesExists(Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.CRT_DIRECTORY));
                    checkDirectoriesExists(Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.PFX_DIRECTORY));
                    checkDirectoriesExists(Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.TOKENS_DIRECTORY));
                }
                this.fileKeyStore = false;
            } else {
                String content = certificate.getContent();
                String path = certificate.getPath();
                String password = certificate.getPassword();
                if (content != null) {
                    this.keyStore = loadCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(content)), password);
                }
                if (path != null) {
                    this.keyStore = loadCertificate(new File(path), password);
                }
                this.fileKeyStore = true;
            }
        } catch (Exception e) {
            this.log.error("Failed to instanciate KeyStore", e);
            throw new IllegalStateException(e);
        }
    }

    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    public Certificate loadCertificate() throws Exception {
        return new Certificate(this.keyStore.aliases().nextElement(), (X509Certificate) this.keyStore.getCertificate(this.keyStore.aliases().nextElement()));
    }

    public List<Certificate> loadCertificates() throws Exception {
        List<Certificate> loadFromUnixKeystore;
        if (isFileKeyStore()) {
            loadFromUnixKeystore = Collections.singletonList(loadCertificate());
        } else if (OSUtils.isWindows()) {
            loadFromUnixKeystore = loadFromWindowsKeytore();
        } else {
            loadFromUnixKeystore = loadFromUnixKeystore();
            loadFromUnixKeystore.addAll(loadFromDevice());
        }
        return loadFromUnixKeystore;
    }

    public byte[] loadCertificateFromThumbprint(String str) throws Exception {
        if (OSUtils.isWindows() && str != null) {
            Optional<Map.Entry<String, X509Certificate>> findFirst = getFromWindowsKeytore().entrySet().stream().filter(entry -> {
                return str.equals(CertUtils.getThumbprint((X509Certificate) entry.getValue()));
            }).findFirst();
            if (findFirst.isPresent()) {
                return findFirst.get().getValue().getEncoded();
            }
        }
        throw new Exception("Thumbprint not found");
    }

    public byte[] loadCertificateFromAlias(String str) throws Exception {
        if (!OSUtils.isWindows()) {
            return null;
        }
        Map<String, X509Certificate> fromWindowsKeytore = getFromWindowsKeytore();
        if (fromWindowsKeytore.containsKey(str)) {
            return fromWindowsKeytore.get(str).getEncoded();
        }
        return null;
    }

    public KeyStore loadCertificate(File file, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStoreType.PKCS12.name());
        keyStore.load(new FileInputStream(file), str.toCharArray());
        return keyStore;
    }

    public KeyStore loadCertificate(ByteArrayInputStream byteArrayInputStream, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(KeyStoreType.PKCS12.name());
        keyStore.load(byteArrayInputStream, str.toCharArray());
        return keyStore;
    }

    public String getAliasFromThumbprint(String str) throws Exception {
        if (!OSUtils.isWindows()) {
            return null;
        }
        return this.keyStore.getCertificateAlias(new JcaX509CertificateConverter().getCertificate(new X509CertificateHolder(loadCertificateFromThumbprint(str))));
    }

    public void addCertificate(File file, String str) throws Exception {
        KeyStore keyStore = KeyStore.getInstance(KeyStoreType.PKCS12.name());
        keyStore.load(new FileInputStream(file), str.toCharArray());
        Enumeration<String> aliases = keyStore.aliases();
        if (OSUtils.isWindows()) {
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (((X509Certificate) keyStore.getCertificate(nextElement)).getKeyUsage() != null) {
                    this.keyStore.setKeyEntry(nextElement, keyStore.getKey(nextElement, str.toCharArray()), null, keyStore.getCertificateChain(nextElement));
                }
            }
            return;
        }
        Path path = Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.CRT_DIRECTORY);
        Path path2 = Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.PFX_DIRECTORY);
        while (aliases.hasMoreElements()) {
            String nextElement2 = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement2);
            boolean[] keyUsage = x509Certificate.getKeyUsage();
            if (keyUsage != null || keyUsage[0] || keyUsage[1]) {
                Certificate certificate = new Certificate(nextElement2, x509Certificate);
                Files.write(path.resolve(certificate.getThumbprint()), CertUtils.convertToPEM(x509Certificate).getBytes(), new OpenOption[0]);
                Files.copy(file.toPath(), path2.resolve(certificate.getThumbprint()), StandardCopyOption.REPLACE_EXISTING);
            }
        }
    }

    public void removeCertificate(String str) throws Exception {
        if (OSUtils.isWindows()) {
            this.keyStore.deleteEntry(this.keyStore.getCertificateAlias(new JcaX509CertificateConverter().getCertificate(new X509CertificateHolder(loadCertificateFromThumbprint(str)))));
            return;
        }
        Path path = Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.CRT_DIRECTORY);
        Path path2 = Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.PFX_DIRECTORY);
        Files.deleteIfExists(path.resolve(str));
        Files.deleteIfExists(path2.resolve(str));
    }

    public boolean isFileKeyStore() {
        return this.fileKeyStore;
    }

    private boolean isExistsInUnixKeystore(String str) throws Exception {
        DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.CRT_DIRECTORY));
        try {
            Iterator<Path> it = newDirectoryStream.iterator();
            while (it.hasNext()) {
                if (it.next().getFileName().toString().equals(str)) {
                    if (newDirectoryStream != null) {
                        newDirectoryStream.close();
                    }
                    return true;
                }
            }
            if (newDirectoryStream == null) {
                return false;
            }
            newDirectoryStream.close();
            return false;
        } catch (Throwable th) {
            if (newDirectoryStream != null) {
                try {
                    newDirectoryStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<Certificate> loadFromWindowsKeytore() throws Exception {
        ArrayList arrayList = new ArrayList();
        Map<String, X509Certificate> fromWindowsKeytore = getFromWindowsKeytore();
        for (String str : fromWindowsKeytore.keySet()) {
            arrayList.add(new Certificate(str, fromWindowsKeytore.get(str)));
        }
        return arrayList;
    }

    private Map<String, X509Certificate> getFromWindowsKeytore() throws Exception {
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = this.keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            hashMap.put(nextElement, (X509Certificate) this.keyStore.getCertificate(nextElement));
        }
        return hashMap;
    }

    private List<Certificate> loadFromUnixKeystore() throws Exception {
        ArrayList arrayList = new ArrayList();
        DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(Paths.get(Constants.Unix.HOME_DIRECTORY, Constants.Unix.CRT_DIRECTORY));
        try {
            Iterator<Path> it = newDirectoryStream.iterator();
            while (it.hasNext()) {
                FileInputStream fileInputStream = new FileInputStream(it.next().toFile());
                try {
                    arrayList.add(new Certificate((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream)));
                    fileInputStream.close();
                } finally {
                }
            }
            if (newDirectoryStream != null) {
                newDirectoryStream.close();
            }
            return arrayList;
        } catch (Throwable th) {
            if (newDirectoryStream != null) {
                try {
                    newDirectoryStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    private List<Certificate> loadFromDevice() throws Exception {
        ArrayList arrayList = new ArrayList();
        if (this.drivers != null && !this.drivers.isEmpty()) {
            Iterator<String> it = this.drivers.iterator();
            while (it.hasNext()) {
                arrayList.addAll(loadFromDeviceDriver(it.next()));
            }
        }
        return arrayList;
    }

    private List<Certificate> loadFromDeviceDriver(String str) throws Exception {
        X509Certificate x509Certificate;
        boolean[] keyUsage;
        ArrayList arrayList = new ArrayList();
        Module module = Module.getInstance(str);
        module.initialize((InitializeArgs) null);
        Slot[] slotList = module.getSlotList(true);
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        for (Slot slot : slotList) {
            Session openSession = slot.getToken().openSession(true, false, (Object) null, (Notify) null);
            openSession.findObjectsInit(new X509PublicKeyCertificate());
            while (true) {
                X509PublicKeyCertificate[] findObjects = openSession.findObjects(1);
                if (findObjects.length > 0) {
                    for (X509PublicKeyCertificate x509PublicKeyCertificate : findObjects) {
                        java.security.cert.Certificate generateCertificate = certificateFactory.generateCertificate(new ByteArrayInputStream(x509PublicKeyCertificate.getValue().getByteArrayValue()));
                        if ((generateCertificate instanceof X509Certificate) && ((keyUsage = (x509Certificate = (X509Certificate) generateCertificate).getKeyUsage()) == null || keyUsage[0] || keyUsage[1])) {
                            arrayList.add(new Certificate(x509Certificate));
                        }
                    }
                }
            }
            openSession.findObjectsFinal();
        }
        module.finalize((Object) null);
        return arrayList;
    }

    private void checkDirectoriesExists(Path path) throws IOException {
        if (Files.notExists(path, new LinkOption[0])) {
            Files.createDirectories(path, new FileAttribute[0]);
        }
    }
}
