package de.governikus.bea.beaToolkit.crypto.worker;

import com.google.common.base.Preconditions;
import de.governikus.bea.beaToolkit.crypto.PkiFileExtension;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.commons.io.FilenameUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/governikus/bea/beaToolkit/crypto/worker/SoftTokenWorker.class */
public class SoftTokenWorker extends AbstractCipherWorker {
    private static final Logger log = LoggerFactory.getLogger(SoftTokenWorker.class);
    private static final String CERT_TYPE_X_509 = "X.509";
    private PkiFileExtension pkiFileExtension;
    private byte[] fileBytes;

    public void initWithFile(@Nonnull Path path) throws KeyStoreException, IOException {
        initWithBytes(FilenameUtils.getExtension(path.getFileName().toString()), Files.readAllBytes(path));
    }

    public void initWithBytes(@Nonnull String str, @Nonnull byte[] bArr) throws KeyStoreException {
        this.fileBytes = bArr;
        this.pkiFileExtension = PkiFileExtension.byFileExtension(str).orElseThrow(() -> {
            return new KeyStoreException("Invalid file extension.");
        });
        if (this.pkiFileExtension.isKeyStore()) {
            setKeyStore(KeyStore.getInstance(this.pkiFileExtension.getKeyStoreType().getIdentifier()));
        }
    }

    public boolean isPasswordNeeded() {
        return this.pkiFileExtension.isKeyStore();
    }

    @Override // de.governikus.bea.beaToolkit.crypto.worker.AbstractCipherWorker, de.governikus.bea.beaToolkit.crypto.worker.CipherWorker
    public boolean isPasswordValid() throws NoSuchAlgorithmException, CertificateException, IOException {
        Preconditions.checkState(isPasswordNeeded(), "An unneeded/absent password cannot be determined to be in-/valid.");
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.fileBytes);
            try {
                getKeyStore().load(byteArrayInputStream, getPassword());
                byteArrayInputStream.close();
                return true;
            } finally {
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            log.debug("Cannot load keystore", e);
            return false;
        }
    }

    @Override // de.governikus.bea.beaToolkit.crypto.worker.AbstractCipherWorker, de.governikus.bea.beaToolkit.crypto.worker.CipherWorker
    @Nullable
    public X509Certificate getCertificate(@Nullable String str) {
        if (this.pkiFileExtension != null && !this.pkiFileExtension.isKeyStore()) {
            return retrieveCertificateDirectly();
        }
        return retrieveCertificateFromKeyStore(str);
    }

    @Nullable
    private X509Certificate retrieveCertificateFromKeyStore(@Nonnull String str) {
        try {
            return (X509Certificate) getKeyStore().getCertificate(str);
        } catch (KeyStoreException e) {
            log.error("EDGAR: No Certificate", e);
            return null;
        }
    }

    @Nullable
    private X509Certificate retrieveCertificateDirectly() {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.fileBytes);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance(CERT_TYPE_X_509).generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e) {
            log.error("EDGAR: No Certificate", e);
            return null;
        }
    }

    @Override // de.governikus.bea.beaToolkit.crypto.worker.AbstractCipherWorker, de.governikus.bea.beaToolkit.crypto.worker.CipherWorker
    public void loadKeystore() {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.fileBytes);
            try {
                getKeyStore().load(byteArrayInputStream, getPassword());
                byteArrayInputStream.close();
            } finally {
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            log.error("EDGAR: No Keystore", e);
        }
    }
}
