package com.zollsoft.kvc.security;

import com.zollsoft.kvc.constants.Consts;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.net.URL;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/zollsoft/kvc/security/KVKeystore.class */
public class KVKeystore {
    protected static final Logger LOG = LoggerFactory.getLogger(KVKeystore.class);
    private KeyStore keystore;
    private String name;
    private String password;
    private X509Certificate personalCert = null;
    private String personalCertName = null;
    private CertificateValidity personalCertStatus;
    private int certTimeRemaining;

    /* loaded from: input_file:com/zollsoft/kvc/security/KVKeystore$CertificateValidity.class */
    public enum CertificateValidity {
        EXPIRED,
        VALID,
        EXPIRES_SOON
    }

    public static boolean keystoreFileExists(String str) {
        return new File(str + ".p12").exists();
    }

    public KVKeystore(String str, String str2, boolean z) {
        this.name = str;
        this.password = str2;
        initStore(str, z);
    }

    private void initStore(String str, boolean z) {
        if (z) {
            createKeyStore(str);
        } else {
            loadKeyStore(str);
        }
    }

    private void createKeyStore(String str) {
        try {
            this.keystore = KeyStore.getInstance("PKCS12");
            this.keystore.load(null, null);
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KVKeystoreException(String.format("Keystore konnte nicht erstellt werden: %s", e.toString()));
        }
    }

    private void loadKeyStore(String str) {
        try {
            this.keystore = KeyStore.getInstance("PKCS12");
            this.keystore.load(new FileInputStream(str + ".p12"), this.password.toCharArray());
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KVKeystoreException(String.format("Keystore konnte nicht geladen werden: %s", e.toString()));
        }
    }

    public void addPrivateKey(String str, PrivateKey privateKey) {
        if (this.personalCert != null && this.personalCertStatus == CertificateValidity.VALID) {
            storeKey(str + "_" + this.personalCertName, privateKey);
            return;
        }
        loadCurrentPersonalCertificate();
        if (this.personalCert == null || this.personalCertStatus != CertificateValidity.VALID) {
            return;
        }
        storeKey(str + "_" + this.personalCertName, privateKey);
    }

    public void addPrivateKeyTemp(PrivateKey privateKey) {
        Certificate[] certificateArr = new Certificate[1];
        try {
            certificateArr[0] = this.keystore.getCertificate(Consts.KV_USER_CERT);
            this.keystore.setKeyEntry("tmp_private", privateKey, this.password.toCharArray(), certificateArr);
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KVKeystoreException(String.format("Temporärer PrivateKey konnte dem Keystore nicht hinzugefügt werden: %s", e.toString()));
        }
    }

    private void storeKey(String str, PrivateKey privateKey) {
        try {
            this.keystore.setKeyEntry(str, privateKey, this.password.toCharArray(), makeKvCertificateChain());
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Schlüssel konnte dem Keystore nicht hinzugefügt werden. {}", e.getMessage());
        }
    }

    public void addKeys(String[] strArr, Key[] keyArr) {
        for (int i = 0; i < keyArr.length; i++) {
            try {
                this.keystore.setKeyEntry(strArr[i], keyArr[i], this.password.toCharArray(), null);
            } catch (KeyStoreException e) {
                throw new KVKeystoreException(String.format("Fehler beim Erstellen des Keystore Eintrags: %s", e.toString()));
            }
        }
        try {
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new KVKeystoreException(String.format("Neuer Keystore Eintrag konnte nicht gespeichert werden: %s", e2.toString()));
        }
    }

    protected void persistKeystore() throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        new File(this.name).getAbsoluteFile().getParentFile().mkdirs();
        this.keystore.store(new FileOutputStream(this.name + ".p12"), this.password.toCharArray());
    }

    public boolean addCertificate(X509Certificate x509Certificate, String str) {
        boolean z = false;
        try {
            this.keystore.setCertificateEntry(str, x509Certificate);
            persistKeystore();
            z = true;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LOG.error("Fehler beim Hinzufügen eines neuen Zertifikats. {}", e.getMessage());
        }
        return z;
    }

    public void addCertificates(X509Certificate[] x509CertificateArr, String[] strArr) {
        for (int i = 0; i < x509CertificateArr.length; i++) {
            try {
                this.keystore.setCertificateEntry(strArr[i], x509CertificateArr[i]);
            } catch (KeyStoreException e) {
                throw new KVKeystoreException(String.format("Fehler bei der Erstellung eines neuen Zertifikat Eintrags: %s", e.toString()));
            }
        }
        try {
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new KVKeystoreException(String.format("Neues Zertifikat konnte nicht gespeichert werden: %s", e2.toString()));
        }
    }

    public void addPersonalCertificate(X509Certificate x509Certificate) {
        try {
            String format = new SimpleDateFormat("YYYYMMDDHHmmss").format(x509Certificate.getNotBefore());
            this.personalCert = x509Certificate;
            this.personalCertName = format;
            this.keystore.setCertificateEntry(format, x509Certificate);
            persistKeystore();
            this.personalCertStatus = CertificateValidity.VALID;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new KVKeystoreException(String.format("Speichern eines neuen Zertifkats ist fehlgeschlagen: %s", e.toString()));
        }
    }

    public PrivateKey getPrivateKey(String str) {
        try {
            return (PrivateKey) this.keystore.getKey(str, this.password.toCharArray());
        } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            throw new KVKeystoreException(String.format("PrivateKey konnte nicht geladen werden: %s", e.toString()));
        }
    }

    public PrivateKey loadPrivateKeyByName(String str, PublicKey publicKey) {
        RSAPublicKey rSAPublicKey = (RSAPublicKey) publicKey;
        List<String> extractStoreAliases = extractStoreAliases();
        for (int i = 0; i < extractStoreAliases.size(); i++) {
            String str2 = extractStoreAliases.get(i);
            if (!str2.equals(Consts.KV_USER_CERT) && !str2.equals(Consts.KV_ROOT_CERT) && !str2.equals(Consts.KV_SERVER_CERT) && str2.matches(str)) {
                try {
                    PrivateKey privateKey = (PrivateKey) this.keystore.getKey(str2, this.password.toCharArray());
                    if (privateKey != null) {
                        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
                        if (rSAPublicKey.getModulus().equals(rSAPrivateCrtKey.getModulus()) && rSAPublicKey.getPublicExponent().equals(rSAPrivateCrtKey.getPublicExponent())) {
                            return privateKey;
                        }
                    }
                } catch (KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
                    e.printStackTrace();
                    throw new KVKeystoreException(String.format("PrivateKey konnte nicht geladen werden: %s", e.toString()));
                }
            }
        }
        throw new KVKeystoreException(String.format("Es konnte kein passender private key gefunden werden", new Object[0]));
    }

    public X509Certificate getCertificate(String str) {
        try {
            return (X509Certificate) this.keystore.getCertificate(str);
        } catch (KeyStoreException e) {
            throw new KVKeystoreException(String.format("Zertifikat konnte nicht geladen werden: %s", e.toString()));
        }
    }

    public X509Certificate loadCurrentPersonalCertificate() {
        X509Certificate x509Certificate = null;
        List<String> extractStoreAliases = extractStoreAliases();
        String str = null;
        float f = 0.0f;
        for (int i = 0; i < extractStoreAliases.size(); i++) {
            if (extractStoreAliases.get(i).matches("[0-9]+")) {
                float parseFloat = Float.parseFloat(extractStoreAliases.get(i));
                if (parseFloat > f) {
                    f = parseFloat;
                    str = extractStoreAliases.get(i);
                }
            }
        }
        if (str != null) {
            try {
                x509Certificate = (X509Certificate) this.keystore.getCertificate(str);
                this.personalCert = x509Certificate;
                this.personalCertName = str;
                checkCertValidity(x509Certificate, true);
            } catch (KeyStoreException e) {
                throw new KVKeystoreException(String.format("Zertifikat konnte nicht geladen werden: %s", e.toString()));
            }
        }
        return x509Certificate;
    }

    public X509Certificate loadPersonalCertByName(String str) {
        X509Certificate x509Certificate = null;
        String str2 = "";
        List<String> extractStoreAliases = extractStoreAliases();
        for (int i = 0; i < extractStoreAliases.size(); i++) {
            String str3 = extractStoreAliases.get(i);
            if (!str3.equals(Consts.KV_USER_CERT) && !str3.equals(Consts.KV_ROOT_CERT) && !str3.equals(Consts.KV_SERVER_CERT) && str3.matches(str)) {
                try {
                    X509Certificate x509Certificate2 = (X509Certificate) this.keystore.getCertificate(str3);
                    Date notBefore = x509Certificate2.getNotBefore();
                    if (x509Certificate == null) {
                        x509Certificate = x509Certificate2;
                        str2 = str3;
                    } else if (x509Certificate.getNotBefore().before(notBefore)) {
                        x509Certificate = x509Certificate2;
                        str2 = str3;
                    }
                } catch (KeyStoreException e) {
                    throw new KVKeystoreException(String.format("Zertifikat konnte nicht geladen werden: %s", e.toString()));
                }
            }
        }
        if (x509Certificate == null) {
            throw new KVKeystoreException(String.format("Unbekannter Zertifikat Alias", new Object[0]));
        }
        this.personalCert = x509Certificate;
        this.personalCertName = str2;
        checkCertValidity(x509Certificate, true);
        return x509Certificate;
    }

    public List<String> extractStoreAliases() {
        ArrayList arrayList = new ArrayList();
        try {
            Enumeration<String> aliases = this.keystore.aliases();
            if (aliases != null) {
                while (aliases.hasMoreElements()) {
                    arrayList.add(aliases.nextElement());
                }
            }
            return arrayList;
        } catch (KeyStoreException e) {
            throw new KVKeystoreException(String.format("Konnte die Aliases des Keystores nicht laden. %s", e.toString()));
        }
    }

    private CertificateValidity checkCertValidity(X509Certificate x509Certificate, boolean z) {
        Date date = new Date();
        Calendar calendar = Calendar.getInstance();
        calendar.setTime(date);
        Date notAfter = x509Certificate.getNotAfter();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.setTime(notAfter);
        int dayDifference = dayDifference(calendar, calendar2);
        CertificateValidity certificateValidity = calendar2.get(1) > calendar.get(1) ? dayDifference <= 150 ? CertificateValidity.EXPIRES_SOON : CertificateValidity.VALID : calendar2.get(1) == calendar.get(1) ? calendar2.get(6) <= calendar.get(6) ? CertificateValidity.EXPIRED : dayDifference <= 150 ? CertificateValidity.EXPIRES_SOON : CertificateValidity.VALID : CertificateValidity.EXPIRED;
        if (z) {
            this.certTimeRemaining = dayDifference;
            this.personalCertStatus = certificateValidity;
        }
        return certificateValidity;
    }

    private int dayDifference(Calendar calendar, Calendar calendar2) {
        int i = 0;
        int i2 = 0;
        int i3 = calendar2.get(6);
        while (calendar2.get(1) > calendar.get(1)) {
            calendar2.add(1, -1);
            i += calendar2.getActualMaximum(6);
            i2++;
        }
        int i4 = (i3 + i) - calendar.get(6);
        calendar2.add(1, i2);
        return i4;
    }

    public CertificateValidity[] checkKvCertValidity() {
        CertificateValidity[] certificateValidityArr = new CertificateValidity[3];
        try {
            X509Certificate x509Certificate = (X509Certificate) this.keystore.getCertificate(Consts.KV_USER_CERT);
            X509Certificate x509Certificate2 = (X509Certificate) this.keystore.getCertificate(Consts.KV_SERVER_CERT);
            X509Certificate x509Certificate3 = (X509Certificate) this.keystore.getCertificate(Consts.KV_ROOT_CERT);
            certificateValidityArr[0] = checkCertValidity(x509Certificate, false);
            certificateValidityArr[1] = checkCertValidity(x509Certificate2, false);
            certificateValidityArr[2] = checkCertValidity(x509Certificate3, false);
            return certificateValidityArr;
        } catch (KeyStoreException e) {
            throw new KVKeystoreException(String.format("Fehler beim Laden der Zertifikate: %s", e.toString()));
        }
    }

    private Certificate[] makeKvCertificateChain() {
        Certificate[] certificateArr = new Certificate[2];
        try {
            Certificate certificate = this.keystore.getCertificate(Consts.KV_USER_CERT);
            Certificate certificate2 = this.keystore.getCertificate(this.personalCertName);
            certificateArr[1] = certificate;
            certificateArr[0] = certificate2;
            return certificateArr;
        } catch (KeyStoreException e) {
            throw new KVKeystoreException(String.format("Fehler beim Laden der Zertifikate: %s", e.toString()));
        }
    }

    public void importFromOtherKeyStore(URL url, String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str);
            keyStore.load(url.openStream(), str2.toCharArray());
            Iterator it = Collections.list(keyStore.aliases()).iterator();
            while (it.hasNext()) {
                String str3 = (String) it.next();
                if (keyStore.isCertificateEntry(str3)) {
                    this.keystore.setEntry(str3, keyStore.getEntry(str3, null), null);
                } else {
                    this.keystore.setEntry(str3, keyStore.getEntry(str3, new KeyStore.PasswordProtection(str2.toCharArray())), new KeyStore.PasswordProtection(str2.toCharArray()));
                }
            }
            persistKeystore();
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableEntryException | CertificateException e) {
            throw new RuntimeException(e);
        }
    }

    public KeyStore getKeyStore() {
        return this.keystore;
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keystore = keyStore;
    }

    public X509Certificate getPersonalCert() {
        return this.personalCert;
    }

    public String getPersonalCertName() {
        return this.personalCertName;
    }

    public CertificateValidity getPersonalCertStatus() {
        return this.personalCertStatus;
    }

    public int getCertTimeRemaining() {
        return this.certTimeRemaining;
    }
}
