package cern.accsoft.security.rba.keys;

import cern.accsoft.security.rba.spi.Configuration;
import java.io.EOFException;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.io.PushbackInputStream;
import java.net.URL;
import java.security.GeneralSecurityException;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PublicKey;
import java.util.ArrayList;
import java.util.Enumeration;

/* loaded from: input_file:cern/accsoft/security/rba/keys/RBAKeyStore.class */
public class RBAKeyStore {
    public static final String KEYSTORE_TYPE = "JKS";
    private static final String TOKEN_KEYSTORE_PASSWD = "itrustyou";
    private static final String SSL_KEYSTORE_PASSWD = "trustnoone";
    private static final String TOKEN_KEYSTORE_NAME = "cern/accsoft/security/rba/keys/rba-pub.key";
    private static final String SSL_KEYSTORE_NAME = "cern/accsoft/security/rba/keys/rbac-ssl.key";
    private static final Object SSL_KEY_LOCK = new Object();
    private static final Object TOKEN_KEY_LOCK = new Object();
    private static KeyStore sslKeystore = null;
    private static PublicKey[] tokenPubKeys = null;

    public static KeyStore getPublicKeyStore() throws IOException, GeneralSecurityException {
        KeyStore keyStore;
        synchronized (SSL_KEY_LOCK) {
            if (sslKeystore == null) {
                sslKeystore = loadKeyStore(getSslKeystoreName(), getSslKeystorePassword());
            }
            keyStore = sslKeystore;
        }
        return keyStore;
    }

    public static KeyStore newKeyStore(URL url, char[] cArr) throws IOException, GeneralSecurityException {
        String str;
        PushbackInputStream pushbackInputStream = new PushbackInputStream(url.openStream(), 4);
        try {
            byte[] bArr = new byte[4];
            int i = 0;
            while (i < 4) {
                int read = pushbackInputStream.read(bArr, i, 4);
                if (read == -1) {
                    throw new EOFException();
                }
                i += read;
            }
            if (bArr[0] == 48) {
                str = "PKCS12";
            } else {
                if (bArr[0] != -2 || bArr[1] != -19 || bArr[2] != -2 || bArr[3] != -19) {
                    throw new KeyStoreException("Unrecognized store type");
                }
                str = KEYSTORE_TYPE;
            }
            pushbackInputStream.unread(bArr);
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(pushbackInputStream, cArr);
            pushbackInputStream.close();
            return keyStore;
        } catch (Throwable th) {
            pushbackInputStream.close();
            throw th;
        }
    }

    public static PublicKey[] getPublicKeys() throws IOException, GeneralSecurityException {
        PublicKey[] publicKeyArr;
        synchronized (TOKEN_KEY_LOCK) {
            if (tokenPubKeys == null) {
                KeyStore loadKeyStore = loadKeyStore(TOKEN_KEYSTORE_NAME, TOKEN_KEYSTORE_PASSWD);
                ArrayList arrayList = new ArrayList();
                Enumeration<String> aliases = loadKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (loadKeyStore.isCertificateEntry(nextElement)) {
                        arrayList.add(loadKeyStore.getCertificate(nextElement).getPublicKey());
                    }
                }
                if (arrayList.isEmpty()) {
                    throw new KeyManagementException("Public keys not found");
                }
                tokenPubKeys = new PublicKey[arrayList.size()];
                arrayList.toArray(tokenPubKeys);
            }
            publicKeyArr = (PublicKey[]) tokenPubKeys.clone();
        }
        return publicKeyArr;
    }

    private static KeyStore loadKeyStore(String str, String str2) throws IOException, GeneralSecurityException {
        URL resource = Thread.currentThread().getContextClassLoader().getResource(str);
        if (resource == null) {
            throw new FileNotFoundException("Resource not found: '" + str + "'");
        }
        KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
        InputStream openStream = resource.openStream();
        try {
            keyStore.load(openStream, str2.toCharArray());
            openStream.close();
            return keyStore;
        } catch (Throwable th) {
            openStream.close();
            throw th;
        }
    }

    private static String getSslKeystoreName() {
        String sslKeystoreName = Configuration.getInstance().getSslKeystoreName();
        return sslKeystoreName != null ? sslKeystoreName : SSL_KEYSTORE_NAME;
    }

    private static String getSslKeystorePassword() {
        String sslKeystorePass = Configuration.getInstance().getSslKeystorePass();
        return sslKeystorePass != null ? sslKeystorePass : SSL_KEYSTORE_PASSWD;
    }
}
