package org.forgerock.openam.sdk.org.forgerock.audit.secure;

import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import javax.crypto.SecretKey;

/* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/audit/secure/KeyStoreSecureStorage.class */
public class KeyStoreSecureStorage implements SecureStorage {
    public static final String ENTRY_INITIAL_KEY = "InitialKey";
    public static final String ENTRY_SIGNATURE = "Signature";
    public static final String ENTRY_CURRENT_SIGNATURE = "CurrentSignature";
    public static final String ENTRY_CURRENT_KEY = "CurrentKey";
    public static final String SIGNATURE_ALGORITHM = "SHA256withRSA";
    public static final String HMAC_ALGORITHM = "HmacSHA256";
    public static final String JCEKS_KEYSTORE_TYPE = "JCEKS";
    private KeyStoreHandlerDecorator keyStoreHandler;
    private Signature verifier;
    private Signature signer;

    public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PrivateKey privateKey) {
        this(keyStoreHandler, null, privateKey);
    }

    public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey) {
        this(keyStoreHandler, publicKey, null);
    }

    public KeyStoreSecureStorage(KeyStoreHandler keyStoreHandler, PublicKey publicKey, PrivateKey privateKey) {
        setKeyStoreHandler(keyStoreHandler);
        if (privateKey != null) {
            try {
                this.signer = Signature.getInstance(SIGNATURE_ALGORITHM);
                this.signer.initSign(privateKey);
            } catch (InvalidKeyException | NoSuchAlgorithmException e) {
                throw new IllegalArgumentException(e);
            }
        }
        if (publicKey != null) {
            try {
                this.verifier = Signature.getInstance(SIGNATURE_ALGORITHM);
                this.verifier.initVerify(publicKey);
            } catch (InvalidKeyException | NoSuchAlgorithmException e2) {
                throw new IllegalArgumentException(e2);
            }
        }
    }

    public void setKeyStoreHandler(KeyStoreHandler keyStoreHandler) {
        this.keyStoreHandler = new KeyStoreHandlerDecorator(keyStoreHandler);
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public String getPassword() {
        return this.keyStoreHandler.getPassword();
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public SecretKey readCurrentKey() throws SecureStorageException {
        return this.keyStoreHandler.readSecretKeyFromKeyStore(ENTRY_CURRENT_KEY);
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public SecretKey readInitialKey() throws SecureStorageException {
        return this.keyStoreHandler.readSecretKeyFromKeyStore(ENTRY_INITIAL_KEY);
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public void writeCurrentSignatureKey(SecretKey secretKey) throws SecureStorageException {
        this.keyStoreHandler.writeToKeyStore(secretKey, ENTRY_CURRENT_SIGNATURE, this.keyStoreHandler.getPassword());
        try {
            this.keyStoreHandler.store();
        } catch (Exception e) {
            throw new SecureStorageException(e);
        }
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public void writeCurrentKey(SecretKey secretKey) throws SecureStorageException {
        writeKey(secretKey, ENTRY_CURRENT_KEY);
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public void writeInitialKey(SecretKey secretKey) throws SecureStorageException {
        writeKey(secretKey, ENTRY_INITIAL_KEY);
    }

    private void writeKey(SecretKey secretKey, String str) throws SecureStorageException {
        this.keyStoreHandler.writeToKeyStore(secretKey, str, this.keyStoreHandler.getPassword());
        try {
            this.keyStoreHandler.store();
        } catch (Exception e) {
            throw new SecureStorageException(e);
        }
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public byte[] sign(byte[] bArr) throws SecureStorageException {
        try {
            this.signer.update(bArr);
            return this.signer.sign();
        } catch (SignatureException e) {
            throw new SecureStorageException(e);
        }
    }

    @Override // org.forgerock.openam.sdk.org.forgerock.audit.secure.SecureStorage
    public boolean verify(byte[] bArr, byte[] bArr2) throws SecureStorageException {
        try {
            this.verifier.update(bArr);
            return this.verifier.verify(bArr2);
        } catch (SignatureException e) {
            throw new SecureStorageException(e);
        }
    }
}
