package de.aaschmid.taskwarrior.client;

import de.aaschmid.taskwarrior.message.TaskwarriorRequestHeader;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.asn1.pkcs.RSAPrivateKey;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.crypto.util.PrivateKeyInfoFactory;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.util.io.pem.PemObject;
import de.aaschmid.taskwarrior.thirdparty.org.bouncycastle.util.io.pem.PemReader;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.ArrayList;
import java.util.List;
import java.util.Objects;
import java.util.concurrent.atomic.AtomicInteger;

/* loaded from: input_file:de/aaschmid/taskwarrior/client/KeyStoreBuilder.class */
class KeyStoreBuilder {
    private static final String CERTIFICATE_TYPE = "X.509";
    private static final String KEY_ALGORITHM_RSA = "RSA";
    private static final String PEM_TYPE_PKCS1 = "RSA PRIVATE KEY";
    private static final String PEM_TYPE_PKCS8 = "PRIVATE KEY";
    private KeyStore.ProtectionParameter keyStoreProtection;
    private File caCertFile;
    private File privateKeyCertFile;
    private File privateKeyFile;

    KeyStoreBuilder withKeyStoreProtection(KeyStore.ProtectionParameter protectionParameter) {
        this.keyStoreProtection = (KeyStore.ProtectionParameter) Objects.requireNonNull(protectionParameter, "'keyStoreProtection' must not be null.");
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreBuilder withPasswordProtection(String str) {
        return withKeyStoreProtection(new KeyStore.PasswordProtection(((String) Objects.requireNonNull(str, "'password' must not be null.")).toCharArray()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreBuilder withCaCertFile(File file) {
        Objects.requireNonNull(file, "'caCertFile' must not be null.");
        if (!file.exists()) {
            throw new IllegalArgumentException(String.format("CA certificate '%s' does not exist.", file));
        }
        this.caCertFile = file;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreBuilder withPrivateKeyCertFile(File file) {
        Objects.requireNonNull(file, "'privateKeyCertFile' must not be null.");
        if (!file.exists()) {
            throw new IllegalArgumentException(String.format("Private key certificate '%s' does not exist.", file));
        }
        this.privateKeyCertFile = file;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStoreBuilder withPrivateKeyFile(File file) {
        Objects.requireNonNull(file, "'privateKeyFile' must not be null.");
        if (!file.exists()) {
            throw new IllegalArgumentException(String.format("Private key '%s' does not exist.", file));
        }
        this.privateKeyFile = file;
        return this;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore build() {
        try {
            KeyStore keyStore = KeyStore.Builder.newInstance(KeyStore.getDefaultType(), null, this.keyStoreProtection).getKeyStore();
            AtomicInteger atomicInteger = new AtomicInteger(0);
            createCertificatesFor(this.caCertFile).forEach(certificate -> {
                try {
                    keyStore.setCertificateEntry("ca_" + atomicInteger.getAndIncrement(), certificate);
                } catch (KeyStoreException e) {
                    throw new TaskwarriorKeyStoreException(e, "Could not add CA certificate '%s' to keystore.", this.caCertFile);
                }
            });
            try {
                keyStore.setEntry(TaskwarriorRequestHeader.HEADER_AUTH_KEY_KEY, new KeyStore.PrivateKeyEntry(createPrivateKeyFor(this.privateKeyFile), (Certificate[]) createCertificatesFor(this.privateKeyCertFile).toArray(new Certificate[0])), this.keyStoreProtection);
                return keyStore;
            } catch (KeyStoreException e) {
                throw new TaskwarriorKeyStoreException(e, "Could not create private cert '%s' and key '%s' to keystore.", this.privateKeyCertFile, this.privateKeyFile);
            }
        } catch (KeyStoreException e2) {
            throw new TaskwarriorKeyStoreException(e2, "Could not build keystore: %s", e2.getMessage());
        }
    }

    private List<Certificate> createCertificatesFor(File file) {
        ArrayList arrayList = new ArrayList();
        try {
            BufferedInputStream bufferedInputStream = new BufferedInputStream(new FileInputStream(file));
            try {
                CertificateFactory certificateFactory = CertificateFactory.getInstance(CERTIFICATE_TYPE);
                while (bufferedInputStream.available() > 0) {
                    arrayList.add(certificateFactory.generateCertificate(bufferedInputStream));
                }
                bufferedInputStream.close();
                return arrayList;
            } finally {
            }
        } catch (IOException e) {
            throw new TaskwarriorKeyStoreException(e, "Could not read certificates of '%s' via input stream.", file);
        } catch (CertificateException e2) {
            throw new TaskwarriorKeyStoreException(e2, "Could not generate certificates for '%s'.", file);
        }
    }

    private PrivateKey createPrivateKeyFor(File file) {
        try {
            byte[] readAllBytes = Files.readAllBytes(file.toPath());
            if (!file.getName().endsWith("pem")) {
                return createPrivateKeyForPkcs8(readAllBytes);
            }
            PemObject readPemObject = new PemReader(new InputStreamReader(new ByteArrayInputStream(readAllBytes), StandardCharsets.UTF_8)).readPemObject();
            String type = readPemObject.getType();
            boolean z = -1;
            switch (type.hashCode()) {
                case -170985982:
                    if (type.equals(PEM_TYPE_PKCS8)) {
                        z = true;
                        break;
                    }
                    break;
                case 2121838594:
                    if (type.equals(PEM_TYPE_PKCS1)) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    return createPrivateKeyForPkcs1(readPemObject.getContent());
                case true:
                    return createPrivateKeyForPkcs8(readPemObject.getContent());
                default:
                    throw new TaskwarriorKeyStoreException("Unsupported key algorithm '%s'.", readPemObject.getType());
            }
        } catch (IOException e) {
            throw new TaskwarriorKeyStoreException(e, "Could not read private key of '%s' via input stream.", file);
        }
    }

    private PrivateKey createPrivateKeyForPkcs1(byte[] bArr) {
        RSAPrivateKey rSAPrivateKey = RSAPrivateKey.getInstance(bArr);
        try {
            return new JcaPEMKeyConverter().getPrivateKey(PrivateKeyInfoFactory.createPrivateKeyInfo(new RSAPrivateCrtKeyParameters(rSAPrivateKey.getModulus(), rSAPrivateKey.getPublicExponent(), rSAPrivateKey.getPrivateExponent(), rSAPrivateKey.getPrime1(), rSAPrivateKey.getPrime2(), rSAPrivateKey.getExponent1(), rSAPrivateKey.getExponent2(), rSAPrivateKey.getCoefficient())));
        } catch (IOException e) {
            throw new TaskwarriorKeyStoreException(e, "Failed to encode PKCS#1 private key of '%s'.", this.privateKeyFile);
        }
    }

    private PrivateKey createPrivateKeyForPkcs8(byte[] bArr) {
        try {
            return KeyFactory.getInstance(KEY_ALGORITHM_RSA).generatePrivate(new PKCS8EncodedKeySpec(bArr));
        } catch (NoSuchAlgorithmException e) {
            throw new TaskwarriorKeyStoreException(e, "Key factory could not be initialized for algorithm '%s'.", KEY_ALGORITHM_RSA);
        } catch (InvalidKeySpecException e2) {
            throw new TaskwarriorKeyStoreException(e2, "Invalid key spec for %s private key in '%s'.", KEY_ALGORITHM_RSA, this.privateKeyFile);
        }
    }
}
