package won.cryptography.service;

import java.io.File;
import java.io.IOException;
import java.lang.invoke.MethodHandles;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.util.Collections;
import javax.annotation.PostConstruct;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import won.cryptography.service.keystore.FileBasedKeyStoreService;
import won.cryptography.service.keystore.KeyStoreService;

/* loaded from: input_file:WEB-INF/lib/won-core-0.8.jar:won/cryptography/service/CryptographyService.class */
public class CryptographyService {
    private static final Logger logger = LoggerFactory.getLogger(MethodHandles.lookup().lookupClass());
    private KeyPairService keyPairService;
    private CertificateService certificateService;
    private KeyStoreService keyStoreService;

    @Autowired(required = false)
    private TrustStoreService trustStoreService;
    private String defaultAlias;
    private String keyToTrustFile;
    private String keyToTrustFilePassword;
    private String keyToTrustAlias;
    private String keyToTrustAliasUnder;
    private String keyToTrustProvider;
    private String keyToTrustKeystoreType;

    public CryptographyService(KeyStoreService keyStoreService) {
        this(keyStoreService, null);
    }

    public CryptographyService(KeyStoreService keyStoreService, String str) {
        this(keyStoreService, new KeyPairService(), new CertificateService(), str);
    }

    public CryptographyService(KeyStoreService keyStoreService, KeyPairService keyPairService, CertificateService certificateService, String str) {
        this.keyToTrustAlias = null;
        this.keyToTrustAliasUnder = null;
        this.keyToTrustProvider = null;
        this.keyToTrustKeystoreType = null;
        this.keyStoreService = keyStoreService;
        this.keyPairService = keyPairService;
        this.certificateService = certificateService;
        this.defaultAlias = str;
    }

    @PostConstruct
    public void init() {
        createClientDefaultCertificateIfNotPresent();
    }

    private void createClientDefaultCertificateIfNotPresent() {
        if (this.defaultAlias == null) {
            return;
        }
        logger.debug("checking if the certificate with alias {} is in the keystore", this.defaultAlias);
        if (containsEntry(this.defaultAlias)) {
            logger.info("entry with alias {} found in the keystore", this.defaultAlias);
        } else {
            logger.info("certificate not found under alias {}, creating new one", this.defaultAlias);
            try {
                createNewKeyPair(this.defaultAlias, null);
                logger.info("certificate created");
            } catch (IOException e) {
                throw new RuntimeException("Could not create certificate for " + this.defaultAlias, e);
            }
        }
        if (this.keyToTrustFile == null) {
            logger.info("no additional key configured to be imported into truststore");
            return;
        }
        FileBasedKeyStoreService fileBasedKeyStoreService = new FileBasedKeyStoreService(new File(this.keyToTrustFile), this.keyToTrustFilePassword, this.keyToTrustProvider, this.keyToTrustKeystoreType);
        try {
            fileBasedKeyStoreService.init();
        } catch (Exception e2) {
            logger.info("unable to read key for alias " + this.keyToTrustAlias + " from keystore " + this.keyToTrustFile, (Throwable) e2);
        }
        Certificate certificate = fileBasedKeyStoreService.getCertificate(this.keyToTrustAlias);
        if (certificate == null) {
            try {
                logger.info("no key for alias {} found in keystore {}. Available aliases: {}", new Object[]{this.keyToTrustAlias, this.keyToTrustFile, Collections.list(fileBasedKeyStoreService.getUnderlyingKeyStore().aliases()).stream().reduce((str, str2) -> {
                    return str + "," + str2;
                }).orElse("(none)")});
                return;
            } catch (Exception e3) {
                logger.info("no key for alias " + this.keyToTrustAlias + " found in keystore " + this.keyToTrustFile + "; caught exception while trying to log available aliases", (Throwable) e3);
                return;
            }
        }
        logger.info("certificate with alias {} will be added/overwritten in truststore", this.keyToTrustAliasUnder);
        try {
            this.trustStoreService.addCertificate(this.keyToTrustAliasUnder, certificate, true);
        } catch (Exception e4) {
            logger.info("could not add certificate for alias " + this.keyToTrustAliasUnder + " to truststore", (Throwable) e4);
        }
        logger.info("certificate with alias {} has been added to truststore", this.keyToTrustAliasUnder);
    }

    public KeyPair createNewKeyPair(BigInteger bigInteger, String str, String str2) throws IOException {
        String str3 = str2;
        if (str3 == null) {
            str3 = str;
        }
        KeyPair generateNewKeyPairInSecp384r1 = this.keyPairService.generateNewKeyPairInSecp384r1();
        this.keyStoreService.putKey(str3, generateNewKeyPairInSecp384r1.getPrivate(), new Certificate[]{this.certificateService.createSelfSignedCertificate(bigInteger, generateNewKeyPairInSecp384r1, str, str2)}, false);
        return generateNewKeyPairInSecp384r1;
    }

    public KeyPair createNewKeyPair(String str, String str2) throws IOException {
        return createNewKeyPair(BigInteger.valueOf(1L), str, str2);
    }

    public PrivateKey getPrivateKey(String str) {
        return this.keyStoreService.getPrivateKey(str);
    }

    public PrivateKey getDefaultPrivateKey() {
        return this.keyStoreService.getPrivateKey(this.defaultAlias);
    }

    public String getDefaultPrivateKeyAlias() {
        return this.defaultAlias;
    }

    public PublicKey getPublicKey(String str) {
        return this.keyStoreService.getPublicKey(str);
    }

    public boolean containsEntry(String str) {
        try {
            return this.keyStoreService.getUnderlyingKeyStore().containsAlias(str);
        } catch (KeyStoreException e) {
            return false;
        }
    }

    public void setDefaultAlias(String str) {
        this.defaultAlias = str;
    }

    public void setTrustStoreService(TrustStoreService trustStoreService) {
        this.trustStoreService = trustStoreService;
    }

    public void setKeyToTrustAlias(String str) {
        this.keyToTrustAlias = str;
    }

    public void setKeyToTrustAliasUnder(String str) {
        this.keyToTrustAliasUnder = str;
    }

    public void setKeyToTrustFile(String str) {
        this.keyToTrustFile = str;
    }

    public void setKeyToTrustFilePassword(String str) {
        this.keyToTrustFilePassword = str;
    }

    public void setKeyToTrustKeystoreType(String str) {
        this.keyToTrustKeystoreType = str;
    }

    public void setKeyToTrustProvider(String str) {
        this.keyToTrustProvider = str;
    }
}
