package com.helger.as2lib.cert;

import com.helger.as2lib.AbstractDynamicComponent;
import com.helger.as2lib.exception.AS2Exception;
import com.helger.as2lib.exception.WrappedAS2Exception;
import com.helger.as2lib.message.IBaseMessage;
import com.helger.as2lib.partner.Partnership;
import com.helger.as2lib.session.IAS2Session;
import com.helger.as2lib.util.AS2Helper;
import com.helger.commons.ValueEnforcer;
import com.helger.commons.annotation.Nonempty;
import com.helger.commons.annotation.OverrideOnDemand;
import com.helger.commons.annotation.ReturnsMutableCopy;
import com.helger.commons.collection.CollectionHelper;
import com.helger.commons.collection.attr.IStringMap;
import com.helger.commons.collection.impl.CommonsArrayList;
import com.helger.commons.collection.impl.CommonsLinkedHashMap;
import com.helger.commons.collection.impl.ICommonsList;
import com.helger.commons.collection.impl.ICommonsOrderedMap;
import com.helger.commons.exception.InitializationException;
import com.helger.commons.io.stream.StreamHelper;
import com.helger.security.keystore.EKeyStoreType;
import com.helger.security.keystore.IKeyStoreType;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.function.Supplier;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.annotation.WillClose;
import javax.annotation.concurrent.GuardedBy;
import javax.annotation.concurrent.ThreadSafe;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ThreadSafe
/* loaded from: input_file:com/helger/as2lib/cert/AbstractCertificateFactory.class */
public abstract class AbstractCertificateFactory extends AbstractDynamicComponent implements IKeyStoreCertificateFactory, IAliasedCertificateFactory {
    public static final String ATTR_TYPE = "type";
    public static final String ATTR_PASSWORD = "password";

    @GuardedBy("m_aRWLock")
    private KeyStore m_aKeyStore;

    @GuardedBy("m_aRWLock")
    private boolean m_bDebugLog = false;
    public static final EKeyStoreType DEFAULT_KEY_STORE_TYPE = EKeyStoreType.PKCS12;
    private static final Logger LOGGER = LoggerFactory.getLogger(AbstractCertificateFactory.class);

    public final boolean isDebugLogEnabled() {
        return this.m_aRWLock.readLockedBoolean(() -> {
            return this.m_bDebugLog;
        });
    }

    public final void setDebugLogEnaled(boolean z) {
        this.m_aRWLock.writeLockedBoolean(() -> {
            this.m_bDebugLog = z;
            return z;
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void debugLog(@Nonnull Supplier<String> supplier) {
        if (isDebugLogEnabled() && LOGGER.isInfoEnabled()) {
            LOGGER.info(supplier.get());
        }
    }

    @Nullable
    public final String getKeyStoreType() {
        debugLog(() -> {
            return "getKeyStoreType ()";
        });
        String str = (String) this.m_aRWLock.readLockedGet(() -> {
            return mo0attrs().getAsString(ATTR_TYPE);
        });
        debugLog(() -> {
            return "getKeyStoreType -> " + str;
        });
        return str;
    }

    public final void setKeyStoreType(@Nullable IKeyStoreType iKeyStoreType) {
        setKeyStoreType(iKeyStoreType == null ? null : (String) iKeyStoreType.getID());
    }

    public final void setKeyStoreType(@Nullable String str) {
        debugLog(() -> {
            return "setKeyStoreType (" + str + ")";
        });
        this.m_aRWLock.writeLocked(() -> {
            if (str == null) {
                mo0attrs().remove(ATTR_TYPE);
            } else {
                mo0attrs().putIn(ATTR_TYPE, str);
            }
        });
    }

    public void setPassword(@Nullable String str) {
        debugLog(() -> {
            return "setPassword (***)";
        });
        this.m_aRWLock.writeLockedGet(() -> {
            return mo0attrs().putIn(ATTR_PASSWORD, str);
        });
    }

    @Nullable
    public char[] getPassword() {
        debugLog(() -> {
            return "getPassword ()";
        });
        char[] cArr = (char[]) this.m_aRWLock.readLockedGet(() -> {
            return mo0attrs().getAsCharArray(ATTR_PASSWORD);
        });
        debugLog(() -> {
            return "getPassword -> ***";
        });
        return cArr;
    }

    @Nonnull
    @Nonempty
    private static String _debug(@Nullable X509Certificate x509Certificate) {
        return x509Certificate == null ? "null" : x509Certificate.getSubjectX500Principal().getName() + "/" + x509Certificate.getSerialNumber().toString();
    }

    @Nonnull
    @Nonempty
    private static String _debug(@Nonnull Exception exc) {
        return exc.getClass().getName() + " - " + exc.getMessage();
    }

    @Nonnull
    @OverrideOnDemand
    protected KeyStore createNewKeyStore(@Nonnull EKeyStoreType eKeyStoreType) throws GeneralSecurityException {
        ValueEnforcer.notNull(eKeyStoreType, "KeystoreType");
        debugLog(() -> {
            return "createNewKeyStore (" + eKeyStoreType + ")";
        });
        return AS2Helper.getCryptoHelper().createNewKeyStore(eKeyStoreType);
    }

    @Override // com.helger.as2lib.AbstractDynamicComponent, com.helger.as2lib.IDynamicComponent
    public void initDynamicComponent(@Nonnull IAS2Session iAS2Session, @Nullable IStringMap iStringMap) throws AS2Exception {
        debugLog(() -> {
            return "initDynamicComponent (" + iAS2Session + ", " + iStringMap + ")";
        });
        super.initDynamicComponent(iAS2Session, iStringMap);
        reinitKeyStore();
        debugLog(() -> {
            return "initDynamicComponent -> done";
        });
    }

    @Override // com.helger.as2lib.cert.IKeyStoreCertificateFactory
    @Nonnull
    public KeyStore getKeyStore() {
        KeyStore keyStore = (KeyStore) this.m_aRWLock.readLockedGet(() -> {
            return this.m_aKeyStore;
        });
        if (keyStore == null) {
            throw new IllegalStateException("No keystore present");
        }
        return keyStore;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public final void setKeyStore(@Nonnull KeyStore keyStore) {
        ValueEnforcer.notNull(keyStore, "KeyStore");
        debugLog(() -> {
            return "setKeyStore (" + keyStore + ")";
        });
        this.m_aRWLock.writeLockedGet(() -> {
            this.m_aKeyStore = keyStore;
            return keyStore;
        });
        debugLog(() -> {
            return "setKeyStore -> done";
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initEmptyKeyStore() throws AS2Exception {
        try {
            EKeyStoreType fromIDCaseInsensitiveOrDefault = EKeyStoreType.getFromIDCaseInsensitiveOrDefault(getKeyStoreType(), DEFAULT_KEY_STORE_TYPE);
            LOGGER.info("Using internal keystore of type " + fromIDCaseInsensitiveOrDefault);
            KeyStore createNewKeyStore = createNewKeyStore(fromIDCaseInsensitiveOrDefault);
            if (createNewKeyStore == null) {
                debugLog(() -> {
                    return "initDynamicComponent -> no keystore";
                });
                throw new InitializationException("Failed to create new keystore with type " + fromIDCaseInsensitiveOrDefault);
            }
            setKeyStore(createNewKeyStore);
        } catch (GeneralSecurityException e) {
            debugLog(() -> {
                return "initDynamicComponent -> " + _debug(e);
            });
            throw WrappedAS2Exception.wrap(e);
        }
    }

    @Nullable
    @OverrideOnDemand
    protected String getUnifiedAlias(@Nullable String str) {
        return str;
    }

    @Nonnull
    public String getAlias(@Nonnull Partnership partnership, @Nonnull ECertificatePartnershipType eCertificatePartnershipType) throws AS2Exception {
        String str;
        ValueEnforcer.notNull(partnership, "Partnership");
        ValueEnforcer.notNull(eCertificatePartnershipType, "PartnershipType");
        debugLog(() -> {
            return "getAlias (" + partnership + ", " + eCertificatePartnershipType + ")";
        });
        switch (eCertificatePartnershipType) {
            case RECEIVER:
                str = partnership.getReceiverX509Alias();
                break;
            case SENDER:
                str = partnership.getSenderX509Alias();
                break;
            default:
                str = null;
                break;
        }
        if (str == null) {
            debugLog(() -> {
                return "getAlias -> null";
            });
            throw new AS2CertificateNotFoundException(eCertificatePartnershipType, partnership);
        }
        String unifiedAlias = getUnifiedAlias(str);
        debugLog(() -> {
            return "getAlias -> " + unifiedAlias;
        });
        return unifiedAlias;
    }

    @Nonnull
    protected X509Certificate internalGetCertificate(@Nullable String str, @Nullable ECertificatePartnershipType eCertificatePartnershipType) throws AS2Exception {
        debugLog(() -> {
            return "internalGetCertificate (" + str + ", " + eCertificatePartnershipType + ")";
        });
        String unifiedAlias = getUnifiedAlias(str);
        this.m_aRWLock.readLock().lock();
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) this.m_aKeyStore.getCertificate(unifiedAlias);
                if (x509Certificate == null) {
                    throw new AS2CertificateNotFoundException(eCertificatePartnershipType, unifiedAlias);
                }
                debugLog(() -> {
                    return "internalGetCertificate -> " + _debug(x509Certificate);
                });
                this.m_aRWLock.readLock().unlock();
                return x509Certificate;
            } catch (KeyStoreException e) {
                debugLog(() -> {
                    return "internalGetCertificate -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } catch (Throwable th) {
            this.m_aRWLock.readLock().unlock();
            throw th;
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    @Nonnull
    public X509Certificate getCertificate(@Nullable String str) throws AS2Exception {
        debugLog(() -> {
            return "getCertificate (" + str + ")";
        });
        X509Certificate internalGetCertificate = internalGetCertificate(str, null);
        debugLog(() -> {
            return "getCertificate -> " + _debug(internalGetCertificate);
        });
        return internalGetCertificate;
    }

    @Override // com.helger.as2lib.cert.ICertificateFactory
    @Nonnull
    public X509Certificate getCertificate(@Nonnull IBaseMessage iBaseMessage, @Nonnull ECertificatePartnershipType eCertificatePartnershipType) throws AS2Exception {
        debugLog(() -> {
            return "getCertificate (" + iBaseMessage.getMessageID() + ", " + eCertificatePartnershipType + ")";
        });
        X509Certificate internalGetCertificate = internalGetCertificate(getAlias(iBaseMessage.partnership(), eCertificatePartnershipType), eCertificatePartnershipType);
        debugLog(() -> {
            return "getCertificate -> " + _debug(internalGetCertificate);
        });
        return internalGetCertificate;
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    @Nonnull
    @ReturnsMutableCopy
    public ICommonsOrderedMap<String, X509Certificate> getCertificates() throws AS2Exception {
        debugLog(() -> {
            return "getCertificates ()";
        });
        CommonsLinkedHashMap commonsLinkedHashMap = new CommonsLinkedHashMap();
        this.m_aRWLock.readLock().lock();
        try {
            try {
                Enumeration<String> aliases = this.m_aKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    commonsLinkedHashMap.put(nextElement, (X509Certificate) this.m_aKeyStore.getCertificate(nextElement));
                }
                debugLog(() -> {
                    return "getCertificates -> " + new CommonsLinkedHashMap(commonsLinkedHashMap, str -> {
                        return str;
                    }, AbstractCertificateFactory::_debug).toString();
                });
                return commonsLinkedHashMap;
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "getCertificates -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @OverrideOnDemand
    protected void onChange() throws AS2Exception {
    }

    @Nonnull
    private ICommonsList<String> _getAllAliases() {
        debugLog(() -> {
            return "_getAllAliases ()";
        });
        CommonsArrayList commonsArrayList = new CommonsArrayList();
        this.m_aRWLock.readLock().lock();
        try {
            commonsArrayList.addAll(this.m_aKeyStore.aliases());
        } catch (KeyStoreException e) {
            LOGGER.warn("Failed to determine all aliases from keystore", e);
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
        debugLog(() -> {
            return "_getAllAliases -> " + commonsArrayList;
        });
        return commonsArrayList;
    }

    @Override // com.helger.as2lib.cert.ICertificateFactory
    @Nonnull
    public PrivateKey getPrivateKey(@Nullable X509Certificate x509Certificate) throws AS2Exception {
        debugLog(() -> {
            return "getPrivateKey (" + _debug(x509Certificate) + ")";
        });
        this.m_aRWLock.readLock().lock();
        try {
            try {
                String certificateAlias = this.m_aKeyStore.getCertificateAlias(x509Certificate);
                if (certificateAlias == null) {
                    debugLog(() -> {
                        return "getCertificates -> null";
                    });
                    throw new AS2CertificateNotFoundException(x509Certificate);
                }
                String unifiedAlias = getUnifiedAlias(certificateAlias);
                PrivateKey privateKey = (PrivateKey) this.m_aKeyStore.getKey(unifiedAlias, getPassword());
                if (privateKey == null) {
                    debugLog(() -> {
                        return "getPrivateKey -> null";
                    });
                    throw new AS2KeyNotFoundException(x509Certificate, unifiedAlias, _getAllAliases(), null);
                }
                debugLog(() -> {
                    return "getPrivateKey -> " + privateKey;
                });
                this.m_aRWLock.readLock().unlock();
                return privateKey;
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "getPrivateKey -> " + _debug(e);
                });
                throw new AS2KeyNotFoundException(x509Certificate, null, _getAllAliases(), e);
            }
        } catch (Throwable th) {
            this.m_aRWLock.readLock().unlock();
            throw th;
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    public void addCertificate(@Nonnull @Nonempty String str, @Nonnull X509Certificate x509Certificate, boolean z) throws AS2Exception {
        ValueEnforcer.notEmpty(str, "Alias");
        ValueEnforcer.notNull(x509Certificate, "Cert");
        debugLog(() -> {
            return "addCertificate (" + str + ", " + _debug(x509Certificate) + ", " + z + ")";
        });
        String unifiedAlias = getUnifiedAlias(str);
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                if (this.m_aKeyStore.containsAlias(unifiedAlias) && !z) {
                    throw new AS2CertificateExistsException(unifiedAlias);
                }
                this.m_aKeyStore.setCertificateEntry(unifiedAlias, x509Certificate);
                this.m_aRWLock.writeLock().unlock();
                onChange();
                LOGGER.info("Added certificate alias '" + unifiedAlias + "' of certificate '" + _debug(x509Certificate) + "'");
                debugLog(() -> {
                    return "addCertificate -> done";
                });
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "addCertificate -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    public void addPrivateKey(@Nonnull @Nonempty String str, @Nonnull Key key, @Nonnull String str2) throws AS2Exception {
        ValueEnforcer.notEmpty(str, "Alias");
        ValueEnforcer.notNull(key, "Key");
        ValueEnforcer.notNull(str2, "Password");
        debugLog(() -> {
            return "addPrivateKey (" + str + ", " + key + ", ***)";
        });
        String unifiedAlias = getUnifiedAlias(str);
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                if (!this.m_aKeyStore.containsAlias(unifiedAlias)) {
                    throw new AS2CertificateNotFoundException((ECertificatePartnershipType) null, unifiedAlias);
                }
                this.m_aKeyStore.setKeyEntry(unifiedAlias, key, str2.toCharArray(), this.m_aKeyStore.getCertificateChain(unifiedAlias));
                this.m_aRWLock.writeLock().unlock();
                onChange();
                LOGGER.info("Added private key alias '" + unifiedAlias + "'");
                debugLog(() -> {
                    return "addPrivateKey -> done";
                });
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "addPrivateKey -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    public void clearCertificates() throws AS2Exception {
        debugLog(() -> {
            return "clearCertificates ()";
        });
        int i = 0;
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                Iterator it = CollectionHelper.newList(this.m_aKeyStore.aliases()).iterator();
                while (it.hasNext()) {
                    this.m_aKeyStore.deleteEntry((String) it.next());
                    i++;
                }
                if (i > 0) {
                    onChange();
                    LOGGER.info("Remove all aliases (" + i + ") in key store");
                }
                int i2 = i;
                debugLog(() -> {
                    return "clearCertificates -> removed " + i2;
                });
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "clearCertificates -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } finally {
            this.m_aRWLock.writeLock().unlock();
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    public void removeCertificate(@Nonnull X509Certificate x509Certificate) throws AS2Exception {
        ValueEnforcer.notNull(x509Certificate, "Cert");
        debugLog(() -> {
            return "removeCertificate (" + _debug(x509Certificate) + ")";
        });
        this.m_aRWLock.readLock().lock();
        try {
            try {
                String certificateAlias = this.m_aKeyStore.getCertificateAlias(x509Certificate);
                if (certificateAlias == null) {
                    throw new AS2CertificateNotFoundException(x509Certificate);
                }
                removeCertificate(certificateAlias);
                debugLog(() -> {
                    return "removeCertificate -> done";
                });
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "removeCertificate -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } finally {
            this.m_aRWLock.readLock().unlock();
        }
    }

    @Override // com.helger.as2lib.cert.IAliasedCertificateFactory
    public void removeCertificate(@Nullable String str) throws AS2Exception {
        debugLog(() -> {
            return "removeCertificate (" + str + ")";
        });
        String unifiedAlias = getUnifiedAlias(str);
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                X509Certificate x509Certificate = (X509Certificate) this.m_aKeyStore.getCertificate(unifiedAlias);
                if (x509Certificate == null) {
                    throw new AS2CertificateNotFoundException((ECertificatePartnershipType) null, unifiedAlias);
                }
                this.m_aKeyStore.deleteEntry(unifiedAlias);
                this.m_aRWLock.writeLock().unlock();
                onChange();
                LOGGER.info("Removed certificate alias '" + unifiedAlias + "' of certificate " + _debug(x509Certificate));
                debugLog(() -> {
                    return "removeCertificate -> done";
                });
            } catch (GeneralSecurityException e) {
                debugLog(() -> {
                    return "removeCertificate -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } catch (Throwable th) {
            this.m_aRWLock.writeLock().unlock();
            throw th;
        }
    }

    public void load(@Nonnull @WillClose InputStream inputStream, @Nonnull char[] cArr) throws AS2Exception {
        debugLog(() -> {
            return "load (" + inputStream + ", ***)";
        });
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                try {
                    this.m_aKeyStore.load(inputStream, cArr);
                    StreamHelper.close(inputStream);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Finished loading keystore from an InputStream");
                    }
                    debugLog(() -> {
                        return "load -> done";
                    });
                } catch (Throwable th) {
                    StreamHelper.close(inputStream);
                    throw th;
                }
            } catch (IOException | GeneralSecurityException e) {
                debugLog(() -> {
                    return "load -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } finally {
            this.m_aRWLock.writeLock().unlock();
        }
    }

    public void save(@Nonnull @WillClose OutputStream outputStream, @Nonnull char[] cArr) throws AS2Exception {
        debugLog(() -> {
            return "save (" + outputStream + ", ***)";
        });
        this.m_aRWLock.writeLock().lock();
        try {
            try {
                try {
                    this.m_aKeyStore.store(outputStream, cArr);
                    StreamHelper.close(outputStream);
                    if (LOGGER.isDebugEnabled()) {
                        LOGGER.debug("Finished saving keystore to an OutputStream");
                    }
                    debugLog(() -> {
                        return "save -> done";
                    });
                } catch (Throwable th) {
                    StreamHelper.close(outputStream);
                    throw th;
                }
            } catch (IOException | GeneralSecurityException e) {
                debugLog(() -> {
                    return "save -> " + _debug(e);
                });
                throw WrappedAS2Exception.wrap(e);
            }
        } finally {
            this.m_aRWLock.writeLock().unlock();
        }
    }

    @Override // com.helger.as2lib.AbstractDynamicComponent
    public boolean equals(Object obj) {
        return super.equals(obj);
    }

    @Override // com.helger.as2lib.AbstractDynamicComponent
    public int hashCode() {
        return super.hashCode();
    }
}
