package org.forgerock.openam.sdk.org.forgerock.opendj.security;

import com.sun.identity.shared.Constants;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.util.ArrayList;
import java.util.Date;
import org.forgerock.openam.sdk.com.forgerock.opendj.security.KeystoreMessages;
import org.forgerock.openam.sdk.org.forgerock.i18n.LocalizedIllegalArgumentException;
import org.forgerock.openam.sdk.org.forgerock.opendj.io.ASN1;
import org.forgerock.openam.sdk.org.forgerock.opendj.io.ASN1Reader;
import org.forgerock.openam.sdk.org.forgerock.opendj.io.ASN1Writer;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteString;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.ByteStringBuilder;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.DN;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Entry;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.Functions;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.GeneralizedTime;
import org.forgerock.openam.sdk.org.forgerock.opendj.ldap.LinkedHashMapEntry;

/* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/opendj/security/KeyStoreObject.class */
public final class KeyStoreObject {
    private final String alias;
    private final Date creationDate;
    private final Impl impl;

    /* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/opendj/security/KeyStoreObject$Impl.class */
    private interface Impl {
        void addAttributes(Entry entry);

        Certificate[] getCertificateChain();

        Certificate getCertificate();

        Key toKey(KeyProtector keyProtector, char[] cArr) throws GeneralSecurityException;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/opendj/security/KeyStoreObject$PrivateKeyImpl.class */
    public static final class PrivateKeyImpl implements Impl {
        private final String algorithm;
        private final ByteString protectedKey;
        private final Certificate[] certificateChain;

        private PrivateKeyImpl(String str, ByteString byteString, Certificate[] certificateArr) {
            this.algorithm = str;
            this.protectedKey = byteString;
            this.certificateChain = (Certificate[]) certificateArr.clone();
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public void addAttributes(Entry entry) {
            entry.addAttribute(Constants.OBJECTCLASS, "top", "ds-keystore-object", "ds-keystore-private-key");
            entry.addAttribute("ds-keystore-key-algorithm", this.algorithm);
            entry.addAttribute("ds-keystore-key", this.protectedKey);
            entry.addAttribute("ds-keystore-certificate;binary", KeyStoreObject.encodeCertificate(this.certificateChain[0]));
            if (this.certificateChain.length > 1) {
                entry.addAttribute("ds-keystore-certificate-chain", encodeCertificateChain());
            }
        }

        private ByteString encodeCertificateChain() {
            ByteStringBuilder byteStringBuilder = new ByteStringBuilder();
            ASN1Writer writer = ASN1.getWriter(byteStringBuilder);
            try {
                writer.writeStartSequence();
                for (int i = 1; i < this.certificateChain.length; i++) {
                    writer.writeOctetString(KeyStoreObject.encodeCertificate(this.certificateChain[i]));
                }
                writer.writeEndSequence();
                return byteStringBuilder.toByteString();
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate[] getCertificateChain() {
            return (Certificate[]) this.certificateChain.clone();
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate getCertificate() {
            if (this.certificateChain.length > 0) {
                return this.certificateChain[0];
            }
            return null;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Key toKey(KeyProtector keyProtector, char[] cArr) throws GeneralSecurityException {
            return keyProtector.decodePrivateKey(this.protectedKey, this.algorithm, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/opendj/security/KeyStoreObject$SecretKeyImpl.class */
    public static final class SecretKeyImpl implements Impl {
        private final String algorithm;
        private final ByteString protectedKey;

        private SecretKeyImpl(String str, ByteString byteString) {
            this.algorithm = str;
            this.protectedKey = byteString;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public void addAttributes(Entry entry) {
            entry.addAttribute(Constants.OBJECTCLASS, "top", "ds-keystore-object", "ds-keystore-secret-key");
            entry.addAttribute("ds-keystore-key-algorithm", this.algorithm);
            entry.addAttribute("ds-keystore-key", this.protectedKey);
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate[] getCertificateChain() {
            return null;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate getCertificate() {
            return null;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Key toKey(KeyProtector keyProtector, char[] cArr) throws GeneralSecurityException {
            return keyProtector.decodeSecretKey(this.protectedKey, this.algorithm, cArr);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/forgerock/openam/sdk/org/forgerock/opendj/security/KeyStoreObject$TrustedCertificateImpl.class */
    public static final class TrustedCertificateImpl implements Impl {
        private final Certificate trustedCertificate;

        private TrustedCertificateImpl(Certificate certificate) {
            this.trustedCertificate = certificate;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public void addAttributes(Entry entry) {
            entry.addAttribute(Constants.OBJECTCLASS, "top", "ds-keystore-object", "ds-keystore-trusted-certificate");
            entry.addAttribute("ds-keystore-certificate;binary", KeyStoreObject.encodeCertificate(this.trustedCertificate));
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate[] getCertificateChain() {
            return null;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Certificate getCertificate() {
            return this.trustedCertificate;
        }

        @Override // org.forgerock.openam.sdk.org.forgerock.opendj.security.KeyStoreObject.Impl
        public Key toKey(KeyProtector keyProtector, char[] cArr) {
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStoreObject newTrustedCertificateObject(String str, Certificate certificate) {
        return new KeyStoreObject(str, new Date(), new TrustedCertificateImpl(certificate));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStoreObject newKeyObject(String str, Key key, Certificate[] certificateArr, KeyProtector keyProtector, char[] cArr) throws LocalizedKeyStoreException {
        ByteString encodeKey = keyProtector.encodeKey(key, cArr);
        return new KeyStoreObject(str, new Date(), key instanceof PrivateKey ? new PrivateKeyImpl(key.getAlgorithm(), encodeKey, certificateArr) : new SecretKeyImpl(key.getAlgorithm(), encodeKey));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyStoreObject valueOf(Entry entry) throws LocalizedKeyStoreException {
        Impl valueOfSecretKey;
        try {
            String asString = entry.parseAttribute("ds-keystore-alias").requireValue().asString();
            GeneralizedTime asGeneralizedTime = entry.parseAttribute("modifyTimeStamp").asGeneralizedTime();
            if (asGeneralizedTime == null) {
                asGeneralizedTime = entry.parseAttribute("createTimeStamp").asGeneralizedTime();
            }
            Date date = asGeneralizedTime != null ? asGeneralizedTime.toDate() : new Date();
            if (entry.containsAttribute(Constants.OBJECTCLASS, "ds-keystore-trusted-certificate")) {
                valueOfSecretKey = valueOfTrustedCertificate(entry);
            } else if (entry.containsAttribute(Constants.OBJECTCLASS, "ds-keystore-private-key")) {
                valueOfSecretKey = valueOfPrivateKey(entry);
            } else {
                if (!entry.containsAttribute(Constants.OBJECTCLASS, "ds-keystore-secret-key")) {
                    throw new LocalizedKeyStoreException(KeystoreMessages.KEYSTORE_UNRECOGNIZED_OBJECT_CLASS.get(entry.getName()));
                }
                valueOfSecretKey = valueOfSecretKey(entry);
            }
            return new KeyStoreObject(asString, date, valueOfSecretKey);
        } catch (IOException | LocalizedIllegalArgumentException e) {
            throw new LocalizedKeyStoreException(KeystoreMessages.KEYSTORE_ENTRY_MALFORMED.get(entry.getName()), e);
        }
    }

    private static Impl valueOfSecretKey(Entry entry) {
        return new SecretKeyImpl(entry.parseAttribute("ds-keystore-key-algorithm").requireValue().asString(), entry.parseAttribute("ds-keystore-key").requireValue().asByteString());
    }

    private static Impl valueOfPrivateKey(Entry entry) throws IOException {
        String asString = entry.parseAttribute("ds-keystore-key-algorithm").requireValue().asString();
        ByteString asByteString = entry.parseAttribute("ds-keystore-key").requireValue().asByteString();
        ArrayList arrayList = new ArrayList();
        arrayList.add(entry.parseAttribute("ds-keystore-certificate;binary").requireValue().asCertificate());
        ByteString asByteString2 = entry.parseAttribute("ds-keystore-certificate-chain").asByteString();
        if (asByteString2 != null) {
            ASN1Reader reader = ASN1.getReader(asByteString2);
            reader.readStartSequence();
            while (reader.hasNextElement()) {
                arrayList.add(Functions.byteStringToCertificate().apply(reader.readOctetString()));
            }
            reader.readEndSequence();
        }
        return new PrivateKeyImpl(asString, asByteString, (Certificate[]) arrayList.toArray(new Certificate[0]));
    }

    private static Impl valueOfTrustedCertificate(Entry entry) {
        return new TrustedCertificateImpl(entry.parseAttribute("ds-keystore-certificate;binary").requireValue().asCertificate());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static ByteString encodeCertificate(Certificate certificate) {
        try {
            return ByteString.wrap(certificate.getEncoded());
        } catch (CertificateEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    private KeyStoreObject(String str, Date date, Impl impl) {
        this.alias = str;
        this.creationDate = date;
        this.impl = impl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Date getCreationDate() {
        return this.creationDate;
    }

    public String getAlias() {
        return this.alias;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate[] getCertificateChain() {
        return this.impl.getCertificateChain();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isTrustedCertificate() {
        return this.impl instanceof TrustedCertificateImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Entry toLDAPEntry(DN dn) {
        LinkedHashMapEntry linkedHashMapEntry = new LinkedHashMapEntry(dnOf(dn, this.alias));
        linkedHashMapEntry.addAttribute("ds-keystore-alias", this.alias);
        this.impl.addAttributes(linkedHashMapEntry);
        return linkedHashMapEntry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Certificate getCertificate() {
        return this.impl.getCertificate();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Key getKey(KeyProtector keyProtector, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            return this.impl.toKey(keyProtector, cArr);
        } catch (NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw e;
        } catch (GeneralSecurityException e2) {
            throw new UnrecoverableKeyException(e2.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static DN dnOf(DN dn, String str) {
        return dn.child("ds-keystore-alias", str);
    }
}
