package fi.protonode.reloadingkeystore;

import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.attribute.FileTime;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.ArrayList;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:fi/protonode/reloadingkeystore/ReloadingPemFileKeyStoreSpi.class */
public class ReloadingPemFileKeyStoreSpi extends DelegatingKeyStoreSpi {
    protected static final char[] IN_MEMORY_KEYSTORE_PASSWORD = "".toCharArray();
    private static final Logger log = LoggerFactory.getLogger(ReloadingPemFileKeyStoreSpi.class);
    private final List<KeyFileEntry> keyFileEntries = new ArrayList();
    private final List<CertificateFileEntry> certificateFileEntries = new ArrayList();

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:fi/protonode/reloadingkeystore/ReloadingPemFileKeyStoreSpi$CertificateFileEntry.class */
    public class CertificateFileEntry {
        private final Path certPath;
        private final FileTime certLastModified;

        CertificateFileEntry(Path path) throws IOException {
            this.certPath = path;
            this.certLastModified = Files.getLastModifiedTime(path, new LinkOption[0]);
        }

        boolean needsReload() throws IOException {
            return this.certLastModified.compareTo(Files.getLastModifiedTime(this.certPath, new LinkOption[0])) < 0;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:fi/protonode/reloadingkeystore/ReloadingPemFileKeyStoreSpi$KeyFileEntry.class */
    public class KeyFileEntry {
        private final Path certPath;
        private final Path keyPath;
        private final FileTime certLastModified;
        private final FileTime keyLastModified;

        KeyFileEntry(Path path, Path path2) throws IOException {
            this.certPath = path;
            this.keyPath = path2;
            this.certLastModified = Files.getLastModifiedTime(path, new LinkOption[0]);
            this.keyLastModified = Files.getLastModifiedTime(path2, new LinkOption[0]);
        }

        boolean needsReload() throws IOException {
            return this.certLastModified.compareTo(Files.getLastModifiedTime(this.certPath, new LinkOption[0])) < 0 || this.keyLastModified.compareTo(Files.getLastModifiedTime(this.keyPath, new LinkOption[0])) < 0;
        }
    }

    public void addKeyEntry(Path path, Path path2) throws IOException, KeyStoreException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException {
        this.keyFileEntries.add(new KeyFileEntry(path, path2));
        setKeyStoreDelegate(createKeyStore());
    }

    public void addCertificateEntry(Path path) throws IOException, KeyStoreException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException {
        this.certificateFileEntries.add(new CertificateFileEntry(path));
        setKeyStoreDelegate(createKeyStore());
    }

    @Override // fi.protonode.reloadingkeystore.DelegatingKeyStoreSpi
    void refresh() throws KeyStoreException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException, IOException {
        boolean z = false;
        int i = 0;
        for (KeyFileEntry keyFileEntry : this.keyFileEntries) {
            if (keyFileEntry.needsReload()) {
                this.keyFileEntries.set(i, new KeyFileEntry(keyFileEntry.certPath, keyFileEntry.keyPath));
                z = true;
            }
            i++;
        }
        int i2 = 0;
        for (CertificateFileEntry certificateFileEntry : this.certificateFileEntries) {
            if (certificateFileEntry.needsReload()) {
                this.certificateFileEntries.set(i2, new CertificateFileEntry(certificateFileEntry.certPath));
                z = true;
            }
            i2++;
        }
        if (z) {
            log.debug("Refreshing KeyStore");
            setKeyStoreDelegate(createKeyStore());
        }
    }

    private KeyStore createKeyStore() throws KeyStoreException, InvalidKeySpecException, NoSuchAlgorithmException, CertificateException, IOException {
        log.debug("Creating new in-memory PKCS12 KeyStore.");
        KeyStore keyStore = KeyStore.getInstance("PKCS12");
        keyStore.load(null, null);
        int i = 0;
        for (KeyFileEntry keyFileEntry : this.keyFileEntries) {
            int i2 = i;
            i++;
            String format = String.format("%04d", Integer.valueOf(i2));
            log.debug("Adding key entry with alias {}: {}, {}", new Object[]{format, keyFileEntry.keyPath, keyFileEntry.certPath});
            keyStore.setKeyEntry(format, PemCredentialFactory.generatePrivateKey(keyFileEntry.keyPath), IN_MEMORY_KEYSTORE_PASSWORD, PemCredentialFactory.generateCertificates(keyFileEntry.certPath));
        }
        for (CertificateFileEntry certificateFileEntry : this.certificateFileEntries) {
            int i3 = i;
            i++;
            String format2 = String.format("%04d", Integer.valueOf(i3));
            log.debug("Adding certificate entry with alias {}: {}", format2, certificateFileEntry.certPath);
            for (Certificate certificate : PemCredentialFactory.generateCertificates(certificateFileEntry.certPath)) {
                keyStore.setCertificateEntry(format2, certificate);
            }
        }
        return keyStore;
    }
}
