package com.jetbrains.bundle.hub_client.util.validation;

import com.jetbrains.service.util.BundleProperty;
import com.jetbrains.service.util.properties.impl.PropertiesBasedConfigurationHelper;
import com.jetbrains.service.util.ssl.KeystoreUtil;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import java.util.Set;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/jetbrains/bundle/hub_client/util/validation/AdditionalKeystore.class */
public class AdditionalKeystore {

    @NotNull
    private final Path keyStorePath;

    @NotNull
    private final String keyStorePassword;
    private final Map<String, CertificateInfo> certificates = new HashMap();
    private final Logger logger = LoggerFactory.getLogger(getClass());

    @NotNull
    private final KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());

    public AdditionalKeystore(@NotNull Path path, @NotNull String str) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        this.keyStorePath = path;
        this.keyStorePassword = str;
        loadKeyStore();
    }

    @NotNull
    public static KeyStore loadAsKeystore(@NotNull Properties properties) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException {
        Path path = Paths.get(PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, BundleProperty.ADDITIONAL_KEYSTORE_PATH.getPrefixedName()), new String[0]);
        String mandatoryServiceProperty = PropertiesBasedConfigurationHelper.getHelper().getMandatoryServiceProperty(properties, BundleProperty.ADDITIONAL_KEYSTORE_PASSWORD.getPrefixedName());
        KeyStore keyStore = KeyStore.getInstance("JKS");
        KeystoreUtil.loadToExistingKeyStore(keyStore, path, mandatoryServiceProperty);
        return keyStore;
    }

    public CertificateInfo[] getCertificates() {
        return (CertificateInfo[]) this.certificates.values().toArray(new CertificateInfo[0]);
    }

    public Set<String> getFingerprints() {
        return this.certificates.keySet();
    }

    public CertificateInfo getCertificate(@NotNull String str) {
        return this.certificates.get(str);
    }

    public void setCertificate(@NotNull String str, @NotNull CertificateInfo certificateInfo) throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        X509Certificate fromPemFormat = CertificateInfo.fromPemFormat(certificateInfo.getBase64Der());
        String fingerPrint = CertificateInfo.getFingerPrint(fromPemFormat);
        if (!fingerPrint.equals(str)) {
            throw new IllegalArgumentException("Finger print does not match certificate! " + str + " given, but real fingerprint is " + fingerPrint);
        }
        this.keyStore.setCertificateEntry(generateCertificateAlias(fromPemFormat), fromPemFormat);
        saveKeyStore();
        this.certificates.put(str, certificateInfo);
    }

    public static String generateCertificateAlias(@NotNull X509Certificate x509Certificate) {
        return x509Certificate.getIssuerDN().toString() + "-" + x509Certificate.getSerialNumber();
    }

    private void setKeyEntry(@NotNull String str, @NotNull Key key, @NotNull Certificate[] certificateArr) throws KeyStoreException {
        this.keyStore.setKeyEntry(str, key, this.keyStorePassword.toCharArray(), certificateArr);
    }

    public void copyKeyEntryFromAnotherKeyStore(@NotNull String str, @NotNull KeyStore keyStore, @Nullable String str2, @NotNull String str3, @Nullable String str4) throws KeyStoreException, NoSuchAlgorithmException {
        Key keyFromExternalKeyStore = getKeyFromExternalKeyStore(keyStore, str2, str3, str4);
        if (keyFromExternalKeyStore != null) {
            setKeyEntry(str, keyFromExternalKeyStore, keyStore.getCertificateChain(str3));
        }
    }

    public void removeCertificate(@NotNull String str) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        CertificateInfo certificateInfo = this.certificates.get(str);
        if (certificateInfo != null) {
            this.keyStore.deleteEntry(certificateInfo.getIssuer() + "-" + certificateInfo.getSerial());
            saveKeyStore();
            this.certificates.remove(str);
        }
    }

    private void loadKeyStore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeystoreUtil.loadToExistingKeyStore(this.keyStore, this.keyStorePath, this.keyStorePassword);
        Enumeration<String> aliases = this.keyStore.aliases();
        this.certificates.clear();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (this.keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = this.keyStore.getCertificate(nextElement);
                if (certificate instanceof X509Certificate) {
                    CertificateInfo certificateInfo = new CertificateInfo((X509Certificate) certificate);
                    this.certificates.put(certificateInfo.getFingerprintSHA1(), certificateInfo);
                }
            }
        }
    }

    public void importKeyStore(@Nullable Path path, @Nullable String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        importKeyStore(path, str, str);
    }

    public void importKeyStore(@Nullable Path path, @Nullable String str, @Nullable String str2) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        if (path == null || str == null || !Files.exists(path, new LinkOption[0])) {
            return;
        }
        try {
            KeyStore loadKeyStore = KeystoreUtil.loadKeyStore(path, str);
            if (Files.notExists(this.keyStorePath, new LinkOption[0]) && !containsKeyEntry(loadKeyStore)) {
                try {
                    KeystoreUtil.saveKeyStore(loadKeyStore, this.keyStorePath, this.keyStorePassword);
                    loadKeyStore();
                    return;
                } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
                }
            }
            if (this.keyStorePath.equals(path)) {
                return;
            }
            importKeyStoreEntries(loadKeyStore, str, str2);
            saveKeyStore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            this.logger.debug(String.format("Can not load key store from %s", path), e2);
        }
    }

    private void importKeyStoreEntries(@NotNull KeyStore keyStore, @NotNull String str, @Nullable String str2) throws KeyStoreException, NoSuchAlgorithmException, CertificateException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isCertificateEntry(nextElement)) {
                Certificate certificate = keyStore.getCertificate(nextElement);
                this.keyStore.setCertificateEntry(nextElement, certificate);
                if (certificate instanceof X509Certificate) {
                    CertificateInfo certificateInfo = new CertificateInfo((X509Certificate) certificate);
                    this.certificates.put(certificateInfo.getFingerprintSHA1(), certificateInfo);
                }
            }
            if (keyStore.isKeyEntry(nextElement)) {
                copyKeyEntryFromAnotherKeyStore(nextElement, keyStore, str, nextElement, str2);
            }
        }
    }

    private Key getKeyFromExternalKeyStore(@NotNull KeyStore keyStore, @Nullable String str, @NotNull String str2, @Nullable String str3) throws KeyStoreException, NoSuchAlgorithmException {
        char[] charArray;
        Key key;
        if (str3 != null) {
            try {
                charArray = str3.toCharArray();
            } catch (UnrecoverableKeyException e) {
                if (str3 != null) {
                    this.logger.debug(String.format("Key entry with alias %s can not be read with given key entry password", str2), e);
                    key = null;
                } else if (str == null) {
                    this.logger.debug(String.format("Key entry with alias %s can not be read without password", str2), e);
                    key = null;
                } else {
                    try {
                        key = keyStore.getKey(str2, str.toCharArray());
                    } catch (UnrecoverableKeyException e2) {
                        this.logger.debug(String.format("Key entry with alias %s can not be read neither without password nor with keystore password", str2), e2);
                        key = null;
                    }
                }
            }
        } else {
            charArray = null;
        }
        key = keyStore.getKey(str2, charArray);
        return key;
    }

    private boolean containsKeyEntry(@NotNull KeyStore keyStore) {
        try {
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                if (keyStore.isKeyEntry(aliases.nextElement())) {
                    return true;
                }
            }
            return false;
        } catch (KeyStoreException e) {
            this.logger.debug("failed to iterate through keystore aliases", e);
            return false;
        }
    }

    public void saveKeyStore() throws IOException, CertificateException, KeyStoreException, NoSuchAlgorithmException {
        KeystoreUtil.saveKeyStore(this.keyStore, this.keyStorePath, this.keyStorePassword);
    }

    @NotNull
    public KeyStore getKeyStore() {
        return this.keyStore;
    }

    @NotNull
    public Path getKeyStorePath() {
        return this.keyStorePath;
    }

    @NotNull
    public String getKeyStorePassword() {
        return this.keyStorePassword;
    }
}
