package org.opennms.features.scv.jceks;

import com.google.common.base.Throwables;
import com.google.common.collect.Sets;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Collections;
import java.util.Objects;
import java.util.Set;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.opennms.features.scv.api.Credentials;
import org.opennms.features.scv.api.SecureCredentialsVault;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/opennms/features/scv/jceks/JCEKSSecureCredentialsVault.class */
public class JCEKSSecureCredentialsVault implements SecureCredentialsVault {
    public static final Logger LOG = LoggerFactory.getLogger((Class<?>) JCEKSSecureCredentialsVault.class);
    private final KeyStore m_keystore;
    private final File m_keystoreFile;
    private final char[] m_password;
    private final byte[] m_salt;
    private final int m_iterationCount;
    private final int m_keyLength;

    public JCEKSSecureCredentialsVault(String str, String str2) {
        this(str, str2, new byte[]{0, 13, 13, 11, 10, 1, 1});
    }

    public JCEKSSecureCredentialsVault(String str, String str2, byte[] bArr) {
        this(str, str2, bArr, 16, 4096);
    }

    public JCEKSSecureCredentialsVault(String str, String str2, byte[] bArr, int i, int i2) {
        this.m_password = ((String) Objects.requireNonNull(str2)).toCharArray();
        this.m_salt = (byte[]) Objects.requireNonNull(bArr);
        this.m_iterationCount = i;
        this.m_keyLength = i2;
        this.m_keystoreFile = new File(str);
        try {
            this.m_keystore = KeyStore.getInstance("JCEKS");
            if (this.m_keystoreFile.isFile()) {
                LOG.info("Loading existing keystore from: {}", this.m_keystoreFile);
                FileInputStream fileInputStream = new FileInputStream(this.m_keystoreFile);
                Throwable th = null;
                try {
                    try {
                        this.m_keystore.load(fileInputStream, this.m_password);
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } else {
                LOG.info("No existing keystore found at: {}. Using empty keystore.", this.m_keystoreFile);
                this.m_keystore.load(null, this.m_password);
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.opennms.features.scv.api.SecureCredentialsVault
    public Credentials getCredentials(String str) {
        try {
            KeyStore.PasswordProtection passwordProtection = new KeyStore.PasswordProtection(this.m_password);
            SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBE");
            KeyStore.SecretKeyEntry secretKeyEntry = (KeyStore.SecretKeyEntry) this.m_keystore.getEntry(str, passwordProtection);
            if (secretKeyEntry == null) {
                return null;
            }
            return (Credentials) fromBase64EncodedByteArray(new String(((PBEKeySpec) secretKeyFactory.getKeySpec(secretKeyEntry.getSecretKey(), PBEKeySpec.class)).getPassword()).getBytes());
        } catch (IOException | ClassNotFoundException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | InvalidKeySpecException e) {
            throw Throwables.propagate(e);
        }
    }

    @Override // org.opennms.features.scv.api.SecureCredentialsVault
    public void setCredentials(String str, Credentials credentials) {
        try {
            SecretKey generateSecret = SecretKeyFactory.getInstance("PBE").generateSecret(new PBEKeySpec(new String(toBase64EncodedByteArray(credentials)).toCharArray(), this.m_salt, this.m_iterationCount, this.m_keyLength));
            this.m_keystore.setEntry(str, new KeyStore.SecretKeyEntry(generateSecret), new KeyStore.PasswordProtection(this.m_password));
            writeKeystoreToDisk();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw Throwables.propagate(e);
        }
    }

    private void writeKeystoreToDisk() {
        try {
            FileOutputStream fileOutputStream = new FileOutputStream(this.m_keystoreFile);
            Throwable th = null;
            try {
                this.m_keystore.store(fileOutputStream, this.m_password);
                if (fileOutputStream != null) {
                    if (0 != 0) {
                        try {
                            fileOutputStream.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        fileOutputStream.close();
                    }
                }
            } finally {
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw Throwables.propagate(e);
        }
    }

    private static byte[] toBase64EncodedByteArray(Serializable serializable) throws IOException {
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        ObjectOutputStream objectOutputStream = new ObjectOutputStream(byteArrayOutputStream);
        objectOutputStream.writeObject(serializable);
        objectOutputStream.close();
        return Base64.encodeBase64(byteArrayOutputStream.toByteArray());
    }

    private static <T extends Serializable> T fromBase64EncodedByteArray(byte[] bArr) throws IOException, ClassNotFoundException {
        ObjectInputStream objectInputStream = new ObjectInputStream(new ByteArrayInputStream(Base64.decodeBase64(bArr)));
        T t = (T) objectInputStream.readObject();
        objectInputStream.close();
        return t;
    }

    @Override // org.opennms.features.scv.api.SecureCredentialsVault
    public Set<String> getAliases() {
        try {
            return Sets.newHashSet(Collections.list(this.m_keystore.aliases()));
        } catch (KeyStoreException e) {
            throw Throwables.propagate(e);
        }
    }
}
