package io.axual.utilities.config.providers.keystore;

import io.axual.utilities.config.providers.exceptions.KeyStoreCreatorException;
import java.io.ByteArrayInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.nio.file.Path;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.kafka.common.config.types.Password;

/* loaded from: input_file:io/axual/utilities/config/providers/keystore/KeyStoreCreator.class */
public class KeyStoreCreator {
    public static final String CERTIFICATE_CHAIN_NAME_PATTERN = "%s_%d";
    private static final Password DEFAULT_PASSWORD = new Password("");
    public static final KeyStoreCreator INSTANCE = new KeyStoreCreator();

    public KeyStore createKeystore(KeyStoreData keyStoreData) {
        return createKeystore(keyStoreData, false);
    }

    public KeyStore createKeystore(KeyStoreData keyStoreData, boolean z) {
        try {
            KeyStore keyStore = KeyStore.getInstance("jks");
            keyStore.load(null, keyStoreData.getKeystorePassword().orElse(DEFAULT_PASSWORD).value().toCharArray());
            for (String str : keyStoreData.getEntryNames()) {
                CertificateData entry = keyStoreData.getEntry(str);
                Certificate[] createCertificates = createCertificates(entry);
                if (entry instanceof KeyData) {
                    KeyData keyData = (KeyData) entry;
                    keyStore.setKeyEntry(str, createKey(keyData), keyData.getKeyPassword().orElse(DEFAULT_PASSWORD).value().toCharArray(), createCertificates);
                } else if (createCertificates.length > 1) {
                    for (int i = 0; i < createCertificates.length; i++) {
                        keyStore.setCertificateEntry(String.format(CERTIFICATE_CHAIN_NAME_PATTERN, str, Integer.valueOf(i)), createCertificates[i]);
                    }
                } else if (createCertificates.length == 1) {
                    keyStore.setCertificateEntry(str, createCertificates[0]);
                }
            }
            if (z) {
                saveKeyStore(keyStore, keyStoreData.getLocation().orElseThrow(() -> {
                    return new KeyStoreCreatorException("No location set");
                }), keyStoreData.getKeystorePassword().orElse(DEFAULT_PASSWORD));
            }
            return keyStore;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreCreatorException("Could not get create KeyStore", e);
        }
    }

    public void saveKeyStore(KeyStore keyStore, Path path, Password password) {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(path.toFile());
            try {
                keyStore.store(fileOutputStream, password.value().toCharArray());
                fileOutputStream.close();
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreCreatorException("Could not get save KeyStore", e);
        }
    }

    public Key createKey(KeyData keyData) {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode(keyData.getKeyPem().orElseThrow(() -> {
                return new KeyStoreCreatorException("No key data set");
            }).replace("\n", "").replaceAll("(-----BEGIN PRIVATE KEY-----|-----END PRIVATE KEY-----)", ""))));
        } catch (IllegalArgumentException e) {
            throw new KeyStoreCreatorException("Provided data is invalid", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyStoreCreatorException("Could not get key factory for key creation", e2);
        } catch (InvalidKeySpecException e3) {
            throw new KeyStoreCreatorException("Could not create private key", e3);
        }
    }

    public Certificate[] createCertificates(CertificateData certificateData) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            List list = (List) Arrays.stream(certificateData.getCertPem().orElseThrow(() -> {
                return new KeyStoreCreatorException("No certificate data set");
            }).replace("\n", "").split("(-----BEGIN CERTIFICATE-----|-----END CERTIFICATE-----)")).filter(str -> {
                return (str == null || str.isEmpty()) ? false : true;
            }).collect(Collectors.toList());
            Certificate[] certificateArr = new Certificate[list.size()];
            for (int i = 0; i < certificateArr.length; i++) {
                certificateArr[i] = certificateFactory.generateCertificate(new ByteArrayInputStream(Base64.getDecoder().decode((String) list.get(i))));
            }
            return certificateArr;
        } catch (CertificateException e) {
            throw new KeyStoreCreatorException("Could not create certificate array from certificate data", e);
        }
    }
}
