package net.jsign;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.UnknownServiceException;
import java.nio.ByteBuffer;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Set;
import java.util.function.Function;
import javax.smartcardio.CardException;
import net.jsign.jca.AmazonCredentials;
import net.jsign.jca.AmazonSigningService;
import net.jsign.jca.AzureKeyVaultSigningService;
import net.jsign.jca.DigiCertOneSigningService;
import net.jsign.jca.ESignerSigningService;
import net.jsign.jca.GoogleCloudSigningService;
import net.jsign.jca.HashiCorpVaultSigningService;
import net.jsign.jca.OpenPGPCardSigningService;
import net.jsign.jca.PIVCardSigningService;
import net.jsign.jca.SigningServiceJcaProvider;

/* loaded from: input_file:net/jsign/KeyStoreType.class */
public enum KeyStoreType {
    NONE(true, false, false) { // from class: net.jsign.KeyStoreType.1
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keyfile() == null) {
                throw new IllegalArgumentException("keyfile " + keyStoreBuilder.parameterName() + " must be set");
            }
            if (!keyStoreBuilder.keyfile().exists()) {
                throw new IllegalArgumentException("The keyfile " + keyStoreBuilder.keyfile() + " couldn't be found");
            }
            if (keyStoreBuilder.certfile() == null) {
                throw new IllegalArgumentException("certfile " + keyStoreBuilder.parameterName() + " must be set");
            }
            if (!keyStoreBuilder.certfile().exists()) {
                throw new IllegalArgumentException("The certfile " + keyStoreBuilder.certfile() + " couldn't be found");
            }
        }

        @Override // net.jsign.KeyStoreType
        KeyStore getKeystore(KeyStoreBuilder keyStoreBuilder, Provider provider) throws KeyStoreException {
            try {
                Certificate[] loadCertificateChain = CertificateUtils.loadCertificateChain(keyStoreBuilder.certfile());
                try {
                    PrivateKey load = PrivateKeyUtils.load(keyStoreBuilder.keyfile(), keyStoreBuilder.keypass() != null ? keyStoreBuilder.keypass() : keyStoreBuilder.storepass());
                    KeyStore keyStore = KeyStore.getInstance("JKS");
                    try {
                        keyStore.load(null, null);
                        String keypass = keyStoreBuilder.keypass();
                        if (keypass == null) {
                            keypass = keyStoreBuilder.storepass();
                        }
                        keyStore.setKeyEntry("jsign", load, keypass != null ? keypass.toCharArray() : new char[0], loadCertificateChain);
                        return keyStore;
                    } catch (Exception e) {
                        throw new KeyStoreException(e);
                    }
                } catch (Exception e2) {
                    throw new KeyStoreException("Failed to load the private key from " + keyStoreBuilder.keyfile(), e2);
                }
            } catch (Exception e3) {
                throw new KeyStoreException("Failed to load the certificate from " + keyStoreBuilder.certfile(), e3);
            }
        }
    },
    JKS(true, true, false) { // from class: net.jsign.KeyStoreType.2
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must be set");
            }
        }
    },
    JCEKS(true, true, false) { // from class: net.jsign.KeyStoreType.3
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must be set");
            }
        }
    },
    PKCS12(true, true, false) { // from class: net.jsign.KeyStoreType.4
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must be set");
            }
        }
    },
    PKCS11(false, true, true) { // from class: net.jsign.KeyStoreType.5
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must be set");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.createFile(keyStoreBuilder.keystore()).exists()) {
                return ProviderUtils.createSunPKCS11Provider(keyStoreBuilder.keystore());
            }
            if (!keyStoreBuilder.keystore().startsWith("SunPKCS11-")) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " should either refer to the SunPKCS11 configuration file or to the name of the provider configured in jre/lib/security/java.security");
            }
            Provider provider = Security.getProvider(keyStoreBuilder.keystore());
            if (provider == null) {
                throw new IllegalArgumentException("Security provider " + keyStoreBuilder.keystore() + " not found");
            }
            return provider;
        }
    },
    OPENPGP(false, false, false) { // from class: net.jsign.KeyStoreType.6
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.storepass() == null) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the PIN");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            try {
                return new SigningServiceJcaProvider(new OpenPGPCardSigningService(keyStoreBuilder.keystore(), keyStoreBuilder.storepass(), keyStoreBuilder.certfile() != null ? KeyStoreType.getCertificateStore(keyStoreBuilder) : null));
            } catch (CardException e) {
                throw new IllegalStateException("Failed to initialize the OpenPGP card", e);
            }
        }
    },
    OPENSC(false, true, true) { // from class: net.jsign.KeyStoreType.7
        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return OpenSC.getProvider(keyStoreBuilder.keystore());
        }
    },
    PIV(false, false, false) { // from class: net.jsign.KeyStoreType.8
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.storepass() == null) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the PIN");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            try {
                return new SigningServiceJcaProvider(new PIVCardSigningService(keyStoreBuilder.keystore(), keyStoreBuilder.storepass(), keyStoreBuilder.certfile() != null ? KeyStoreType.getCertificateStore(keyStoreBuilder) : null));
            } catch (CardException e) {
                throw new IllegalStateException("Failed to initialize the PIV card", e);
            }
        }
    },
    NITROKEY(false, true, true) { // from class: net.jsign.KeyStoreType.9
        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return OpenSC.getProvider(keyStoreBuilder.keystore() != null ? keyStoreBuilder.keystore() : "Nitrokey");
        }
    },
    YUBIKEY(false, true, true) { // from class: net.jsign.KeyStoreType.10
        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return YubiKey.getProvider();
        }

        @Override // net.jsign.KeyStoreType
        Set<String> getAliases(KeyStore keyStore) throws KeyStoreException {
            Set<String> aliases = super.getAliases(keyStore);
            aliases.remove("X.509 Certificate for PIV Attestation");
            return aliases;
        }
    },
    AWS(false, false, false) { // from class: net.jsign.KeyStoreType.11
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must specify the AWS region");
            }
            if (keyStoreBuilder.certfile() == null) {
                throw new IllegalArgumentException("certfile " + keyStoreBuilder.parameterName() + " must be set");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            AmazonCredentials amazonCredentials;
            if (keyStoreBuilder.storepass() != null) {
                amazonCredentials = AmazonCredentials.parse(keyStoreBuilder.storepass());
            } else {
                try {
                    amazonCredentials = AmazonCredentials.getDefault();
                } catch (UnknownServiceException e) {
                    throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the AWS credentials: <accessKey>|<secretKey>[|<sessionToken>], when not running from an EC2 instance (" + e.getMessage() + ")", e);
                } catch (IOException e2) {
                    throw new RuntimeException("An error occurred while fetching temporary credentials from IMDSv2 service", e2);
                }
            }
            return new SigningServiceJcaProvider(new AmazonSigningService(keyStoreBuilder.keystore(), amazonCredentials, (Function<String, Certificate[]>) KeyStoreType.getCertificateStore(keyStoreBuilder)));
        }
    },
    AZUREKEYVAULT(false, true, false) { // from class: net.jsign.KeyStoreType.12
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must specify the Azure vault name");
            }
            if (keyStoreBuilder.storepass() == null) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the Azure API access token");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return new SigningServiceJcaProvider(new AzureKeyVaultSigningService(keyStoreBuilder.keystore(), keyStoreBuilder.storepass()));
        }
    },
    DIGICERTONE(false, true, false) { // from class: net.jsign.KeyStoreType.13
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.storepass() == null || keyStoreBuilder.storepass().split("\\|").length != 3) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the DigiCert ONE API key and the client certificate: <apikey>|<keystore>|<password>");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            String[] split = keyStoreBuilder.storepass().split("\\|");
            return new SigningServiceJcaProvider(new DigiCertOneSigningService(split[0], keyStoreBuilder.createFile(split[1]), split[2]));
        }
    },
    ESIGNER(false, true, false) { // from class: net.jsign.KeyStoreType.14
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.storepass() == null || !keyStoreBuilder.storepass().contains("|")) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the SSL.com username and password: <username>|<password>");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            String[] split = keyStoreBuilder.storepass().split("\\|", 2);
            try {
                return new SigningServiceJcaProvider(new ESignerSigningService(keyStoreBuilder.keystore() != null ? keyStoreBuilder.keystore() : "https://cs.ssl.com", split[0], split[1]));
            } catch (IOException e) {
                throw new IllegalStateException("Authentication failed with SSL.com", e);
            }
        }

        @Override // net.jsign.KeyStoreType
        boolean reuseKeyStorePassword() {
            return false;
        }
    },
    GOOGLECLOUD(false, false, false) { // from class: net.jsign.KeyStoreType.15
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must specify the Goole Cloud keyring");
            }
            if (keyStoreBuilder.storepass() == null) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the Goole Cloud API access token");
            }
            if (keyStoreBuilder.certfile() == null) {
                throw new IllegalArgumentException("certfile " + keyStoreBuilder.parameterName() + " must be set");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return new SigningServiceJcaProvider(new GoogleCloudSigningService(keyStoreBuilder.keystore(), keyStoreBuilder.storepass(), KeyStoreType.getCertificateStore(keyStoreBuilder)));
        }
    },
    HASHICORPVAULT(false, false, false) { // from class: net.jsign.KeyStoreType.16
        @Override // net.jsign.KeyStoreType
        void validate(KeyStoreBuilder keyStoreBuilder) {
            if (keyStoreBuilder.keystore() == null) {
                throw new IllegalArgumentException("keystore " + keyStoreBuilder.parameterName() + " must specify the HashiCorp Vault secrets engine URL");
            }
            if (keyStoreBuilder.storepass() == null) {
                throw new IllegalArgumentException("storepass " + keyStoreBuilder.parameterName() + " must specify the HashiCorp Vault token");
            }
            if (keyStoreBuilder.certfile() == null) {
                throw new IllegalArgumentException("certfile " + keyStoreBuilder.parameterName() + " must be set");
            }
        }

        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return new SigningServiceJcaProvider(new HashiCorpVaultSigningService(keyStoreBuilder.keystore(), keyStoreBuilder.storepass(), KeyStoreType.getCertificateStore(keyStoreBuilder)));
        }
    },
    ETOKEN(false, true, true) { // from class: net.jsign.KeyStoreType.17
        @Override // net.jsign.KeyStoreType
        Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
            return SafeNetEToken.getProvider();
        }
    };

    private final boolean fileBased;
    private final boolean certificate;
    private final boolean pkcs11;

    KeyStoreType(boolean z, boolean z2, boolean z3) {
        this.fileBased = z;
        this.certificate = z2;
        this.pkcs11 = z3;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean hasCertificate() {
        return this.certificate;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void validate(KeyStoreBuilder keyStoreBuilder) throws IllegalArgumentException {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Provider getProvider(KeyStoreBuilder keyStoreBuilder) {
        return null;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public KeyStore getKeystore(KeyStoreBuilder keyStoreBuilder, Provider provider) throws KeyStoreException {
        try {
            KeyStoreType keyStoreType = this.pkcs11 ? PKCS11 : this;
            KeyStore keyStore = provider != null ? KeyStore.getInstance(keyStoreType.name(), provider) : KeyStore.getInstance(keyStoreType.name());
            if (this.fileBased && (keyStoreBuilder.keystore() == null || !keyStoreBuilder.createFile(keyStoreBuilder.keystore()).exists())) {
                throw new KeyStoreException("The keystore " + keyStoreBuilder.keystore() + " couldn't be found");
            }
            try {
                FileInputStream fileInputStream = this.fileBased ? new FileInputStream(keyStoreBuilder.createFile(keyStoreBuilder.keystore())) : null;
                Throwable th = null;
                try {
                    try {
                        keyStore.load(fileInputStream, keyStoreBuilder.storepass() != null ? keyStoreBuilder.storepass().toCharArray() : null);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStore;
                    } finally {
                    }
                } finally {
                }
            } catch (Exception e) {
                throw new KeyStoreException("Unable to load the keystore " + keyStoreBuilder.keystore(), e);
            }
        } catch (KeyStoreException e2) {
            throw new KeyStoreException("keystore type '" + name() + "' is not supported" + (provider != null ? " with security provider " + provider.getName() : ""), e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<String> getAliases(KeyStore keyStore) throws KeyStoreException {
        return new LinkedHashSet(Collections.list(keyStore.aliases()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean reuseKeyStorePassword() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* JADX WARN: Finally extract failed */
    public static KeyStoreType of(File file) {
        if (file.exists()) {
            try {
                FileInputStream fileInputStream = new FileInputStream(file);
                Throwable th = null;
                try {
                    byte[] bArr = new byte[4];
                    fileInputStream.read(bArr);
                    if (ByteBuffer.wrap(bArr).get(0) == 48) {
                        KeyStoreType keyStoreType = PKCS12;
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStoreType;
                    }
                    if ((r0.getInt(0) & 4294967295L) == 3469659854L) {
                        KeyStoreType keyStoreType2 = JCEKS;
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th3) {
                                    th.addSuppressed(th3);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStoreType2;
                    }
                    if ((r0.getInt(0) & 4294967295L) == 4277010157L) {
                        KeyStoreType keyStoreType3 = JKS;
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                        return keyStoreType3;
                    }
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th5) {
                                th.addSuppressed(th5);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                } catch (Throwable th6) {
                    if (fileInputStream != null) {
                        if (0 != 0) {
                            try {
                                fileInputStream.close();
                            } catch (Throwable th7) {
                                th.addSuppressed(th7);
                            }
                        } else {
                            fileInputStream.close();
                        }
                    }
                    throw th6;
                }
            } catch (IOException e) {
                throw new RuntimeException("Unable to load the keystore " + file, e);
            }
            throw new RuntimeException("Unable to load the keystore " + file, e);
        }
        String lowerCase = file.getName().toLowerCase();
        if (lowerCase.endsWith(".p12") || lowerCase.endsWith(".pfx")) {
            return PKCS12;
        }
        if (lowerCase.endsWith(".jceks")) {
            return JCEKS;
        }
        if (lowerCase.endsWith(".jks")) {
            return JKS;
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Function<String, Certificate[]> getCertificateStore(KeyStoreBuilder keyStoreBuilder) {
        return str -> {
            if (str == null || str.isEmpty()) {
                return null;
            }
            try {
                return CertificateUtils.loadCertificateChain(keyStoreBuilder.certfile());
            } catch (IOException | CertificateException e) {
                throw new RuntimeException("Failed to load the certificate from " + keyStoreBuilder.certfile(), e);
            }
        };
    }
}
