package org.imixs.archive.signature;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.FileOutputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.logging.Logger;
import javax.ejb.Singleton;
import javax.inject.Inject;
import org.eclipse.microprofile.config.inject.ConfigProperty;

@Singleton
/* loaded from: input_file:org/imixs/archive/signature/KeystoreService.class */
public class KeystoreService {
    public static final String ENV_SIGNATURE_KEYSTORE_PATH = "signature.keystore.path";
    public static final String ENV_SIGNATURE_KEYSTORE_PASSWORD = "signature.keystore.password";
    public static final String ENV_SIGNATURE_KEYSTORE_TYPE = "signature.keystore.type";

    @Inject
    @ConfigProperty(name = ENV_SIGNATURE_KEYSTORE_PATH, defaultValue = "/")
    String keyStorePath;

    @Inject
    @ConfigProperty(name = ENV_SIGNATURE_KEYSTORE_PASSWORD, defaultValue = "/")
    String keyStorePassword;

    @Inject
    @ConfigProperty(name = ENV_SIGNATURE_KEYSTORE_TYPE, defaultValue = ".jks")
    String keyStoreType;
    private static Logger logger = Logger.getLogger(KeystoreService.class.getName());

    public KeystoreService(String str, String str2, String str3) {
        this.keyStorePath = str;
        this.keyStorePassword = str2;
        this.keyStoreType = str3;
    }

    public KeystoreService() {
    }

    public KeyStore openKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, FileNotFoundException, IOException {
        logger.finest("......open keystore");
        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
        File file = new File(this.keyStorePath);
        if (file.exists()) {
            keyStore.load(new FileInputStream(file), this.keyStorePassword.toCharArray());
        } else {
            logger.warning("keystore " + this.keyStorePath + " does not exists - create empty keystore!");
            keyStore.load(null, this.keyStorePassword.toCharArray());
        }
        return keyStore;
    }

    public Certificate[] loadCertificate(String str) {
        logger.finest("......load certificate '" + str + "'");
        Certificate[] certificateArr = null;
        try {
            KeyStore openKeyStore = openKeyStore();
            if (str != null && !str.isEmpty()) {
                certificateArr = openKeyStore.getCertificateChain(str);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            logger.warning("Failed to load certificate chain for alias '" + str + "' - " + e.getMessage());
            certificateArr = null;
        }
        return certificateArr;
    }

    public PrivateKey loadPrivateKey(String str, String str2) {
        PrivateKey privateKey;
        logger.finest("......load PrivateKey '" + str + "'");
        try {
            KeyStore openKeyStore = openKeyStore();
            if (str2 == null) {
                str2 = "";
            }
            privateKey = (PrivateKey) openKeyStore.getKey(str, str2.toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            logger.warning("Failed to load PrivateKey '" + str + "' from keystore - " + e.getMessage());
            privateKey = null;
        }
        return privateKey;
    }

    public PrivateKey loadPrivateKey(String str) {
        return loadPrivateKey(str, "");
    }

    public void storeCertificate(Certificate[] certificateArr, PrivateKey privateKey, String str, String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        logger.info("...store X509Certificate for alias '" + str2 + "' into keystore...");
        KeyStore openKeyStore = openKeyStore();
        if (str == null || str.isEmpty()) {
            openKeyStore.setKeyEntry(str2, privateKey, null, certificateArr);
        } else {
            openKeyStore.setKeyEntry(str2, privateKey, str.toCharArray(), certificateArr);
        }
        openKeyStore.store(new FileOutputStream(this.keyStorePath), this.keyStorePassword.toCharArray());
    }
}
