package org.apache.cayenne.crypto.key;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import org.apache.cayenne.crypto.CayenneCryptoException;
import org.apache.cayenne.crypto.CryptoConstants;
import org.apache.cayenne.di.Inject;

/* loaded from: input_file:org/apache/cayenne/crypto/key/JceksKeySource.class */
public class JceksKeySource implements KeySource {
    private static final String JCEKS_KEYSTORE_TYPE = "jceks";
    private static final Key NULL_KEY = new Key() { // from class: org.apache.cayenne.crypto.key.JceksKeySource.1
        private static final long serialVersionUID = 4755682444381893880L;

        @Override // java.security.Key
        public String getFormat() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.Key
        public byte[] getEncoded() {
            throw new UnsupportedOperationException();
        }

        @Override // java.security.Key
        public String getAlgorithm() {
            throw new UnsupportedOperationException();
        }
    };
    private KeyStore keyStore;
    private char[] keyPassword;
    private String defaultKeyAlias;
    private ConcurrentMap<String, Key> keyCache;

    public JceksKeySource(@Inject("cayenne.crypto.properties") Map<String, String> map, @Inject("cayenne.crypto.properties") Map<String, char[]> map2) {
        String str = map.get(CryptoConstants.KEYSTORE_URL);
        if (str == null) {
            throw new CayenneCryptoException("KeyStore URL is not set. Property name: cayenne.crypto.keystore.url", new Object[0]);
        }
        this.keyPassword = map2.get(CryptoConstants.KEY_PASSWORD);
        try {
            this.keyStore = createKeyStore(str);
            this.defaultKeyAlias = map.get(CryptoConstants.ENCRYPTION_KEY_ALIAS);
            if (this.defaultKeyAlias == null) {
                throw new CayenneCryptoException("Default key alias is not set. Property name: cayenne.crypto.key.enc.alias", new Object[0]);
            }
            this.keyCache = new ConcurrentHashMap();
        } catch (Exception e) {
            throw new CayenneCryptoException("Error loading keystore at " + str, e, new Object[0]);
        }
    }

    private KeyStore createKeyStore(String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(JCEKS_KEYSTORE_TYPE);
        InputStream openStream = new URL(str).openStream();
        try {
            keyStore.load(openStream, null);
            openStream.close();
            return keyStore;
        } catch (Throwable th) {
            openStream.close();
            throw th;
        }
    }

    @Override // org.apache.cayenne.crypto.key.KeySource
    public Key getKey(String str) {
        Key key = this.keyCache.get(str);
        if (key == null) {
            Key createKey = createKey(str);
            Key putIfAbsent = this.keyCache.putIfAbsent(str, createKey);
            key = putIfAbsent != null ? putIfAbsent : createKey;
        }
        if (key == NULL_KEY) {
            return null;
        }
        return key;
    }

    protected Key createKey(String str) {
        try {
            Key key = this.keyStore.getKey(str, this.keyPassword);
            return key != null ? key : NULL_KEY;
        } catch (Exception e) {
            throw new CayenneCryptoException("Error accessing key for alias: " + str, e, new Object[0]);
        }
    }

    @Override // org.apache.cayenne.crypto.key.KeySource
    public String getDefaultKeyAlias() {
        return this.defaultKeyAlias;
    }
}
