package org.seedstack.seed.core.internal.crypto;

import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import org.seedstack.seed.SeedException;
import org.seedstack.seed.crypto.CryptoConfig;
import org.seedstack.seed.crypto.EncryptionService;
import org.seedstack.shed.ClassLoaders;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/seedstack/seed/core/internal/crypto/EncryptionServiceFactory.class */
class EncryptionServiceFactory {
    private static final Logger LOGGER = LoggerFactory.getLogger(EncryptionServiceFactory.class);
    private static final String DEFAULT_CERTIFICATE_TYPE = "X.509";
    private final CryptoConfig cryptoConfig;
    private final KeyStore keyStore;

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionServiceFactory(CryptoConfig cryptoConfig, KeyStore keyStore) {
        this.cryptoConfig = cryptoConfig;
        if (keyStore == null) {
            throw SeedException.createNew(CryptoErrorCode.NO_KEYSTORE_CONFIGURED);
        }
        this.keyStore = keyStore;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionService create(String str, char[] cArr) {
        try {
            return new EncryptionServiceImpl(str, getPublicKey(str), this.keyStore.getKey(str, cArr));
        } catch (KeyStoreException e) {
            throw SeedException.wrap(e, CryptoErrorCode.UNEXPECTED_EXCEPTION);
        } catch (NoSuchAlgorithmException e2) {
            throw SeedException.wrap(e2, CryptoErrorCode.ALGORITHM_CANNOT_BE_FOUND);
        } catch (UnrecoverableKeyException e3) {
            throw SeedException.wrap(e3, CryptoErrorCode.UNRECOVERABLE_KEY);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public EncryptionService create(String str) {
        return new EncryptionServiceImpl(str, getPublicKey(str), null);
    }

    private PublicKey getPublicKey(String str) {
        Certificate certificate;
        String certificateLocation = getCertificateLocation(str);
        if (certificateLocation != null) {
            certificate = loadCertificateFromFile(certificateLocation);
        } else {
            try {
                certificate = this.keyStore.getCertificate(str);
            } catch (KeyStoreException e) {
                throw SeedException.createNew(CryptoErrorCode.NO_KEYSTORE_CONFIGURED);
            }
        }
        if (certificate != null) {
            return certificate.getPublicKey();
        }
        return null;
    }

    private String getCertificateLocation(String str) {
        CryptoConfig.CertificateConfig certificateConfig = (CryptoConfig.CertificateConfig) this.cryptoConfig.certificates().get(str);
        if (certificateConfig == null) {
            return null;
        }
        String resource = certificateConfig.getResource();
        if (resource == null) {
            return certificateConfig.getFile();
        }
        URL resource2 = ClassLoaders.findMostCompleteClassLoader(EncryptionServiceFactory.class).getResource(resource);
        if (resource2 == null) {
            throw SeedException.createNew(CryptoErrorCode.CERTIFICATE_NOT_FOUND).put("alias", str).put("certResource", resource);
        }
        return resource2.getFile();
    }

    private Certificate loadCertificateFromFile(String str) {
        Certificate certificate = null;
        if (str != null) {
            FileInputStream fileInputStream = null;
            try {
                try {
                    fileInputStream = new FileInputStream(str);
                    certificate = CertificateFactory.getInstance(DEFAULT_CERTIFICATE_TYPE).generateCertificate(fileInputStream);
                    if (fileInputStream != null) {
                        try {
                            fileInputStream.close();
                        } catch (IOException e) {
                            LOGGER.warn("Unable to close certificate input stream", e);
                        }
                    }
                } catch (Exception e2) {
                    throw SeedException.wrap(e2, CryptoErrorCode.UNABLE_TO_READ_CERTIFICATE).put("location", str);
                }
            } catch (Throwable th) {
                if (fileInputStream != null) {
                    try {
                        fileInputStream.close();
                    } catch (IOException e3) {
                        LOGGER.warn("Unable to close certificate input stream", e3);
                        throw th;
                    }
                }
                throw th;
            }
        }
        return certificate;
    }
}
