package com.adobe.granite.keystore.internal;

import com.adobe.granite.crypto.CryptoSupport;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Date;
import java.util.Enumeration;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.sling.api.resource.Resource;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/adobe/granite/keystore/internal/GraniteKeyStoreSpi.class */
public class GraniteKeyStoreSpi extends KeyStoreSpi {
    private static final Logger LOG = LoggerFactory.getLogger(GraniteKeyStoreSpi.class);
    private final Resource resource;
    private final Resource contentResource;
    private final KeyStore keyStore;
    private final String encryptedPassword;
    private final CryptoSupport cryptoSupport;
    private final boolean isIBM;

    public GraniteKeyStoreSpi(Resource resource, KeyStore keyStore, String str, CryptoSupport cryptoSupport) {
        this.resource = resource;
        this.keyStore = keyStore;
        this.encryptedPassword = str;
        this.cryptoSupport = cryptoSupport;
        this.contentResource = resource.getChild("jcr:content");
        if (this.contentResource == null) {
            throw new IllegalArgumentException("Expected a jcr:content child for resource " + resource.getPath());
        }
        if (!"nt:resource".equals(this.contentResource.getResourceType())) {
            throw new IllegalArgumentException("Expected a jcr:content child of type nt:resource for resource " + resource.getPath());
        }
        boolean z = false;
        Provider[] providers = Security.getProviders();
        int length = providers.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            if (providers[i].getName().toLowerCase().contains("ibm")) {
                z = true;
                break;
            }
            i++;
        }
        this.isIBM = z;
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        try {
            return this.keyStore.getKey(str, cArr);
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        try {
            return this.keyStore.getCertificateChain(str);
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        try {
            return this.keyStore.getCertificate(str);
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        try {
            return this.keyStore.getCreationDate(str);
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (this.isIBM) {
            ibmKeyIntegrityCheck(str, key, null, certificateArr, true);
        }
        this.keyStore.setKeyEntry(str, key, cArr, certificateArr);
        persist();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        if (this.isIBM) {
            ibmKeyIntegrityCheck(str, null, bArr, certificateArr, false);
        }
        this.keyStore.setKeyEntry(str, bArr, certificateArr);
        persist();
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        this.keyStore.setCertificateEntry(str, certificate);
        persist();
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        this.keyStore.deleteEntry(str);
        persist();
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        try {
            return this.keyStore.aliases();
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        try {
            return this.keyStore.containsAlias(str);
        } catch (KeyStoreException e) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        try {
            return this.keyStore.size();
        } catch (KeyStoreException e) {
            return 0;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        try {
            return this.keyStore.isKeyEntry(str);
        } catch (KeyStoreException e) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        try {
            return this.keyStore.isCertificateEntry(str);
        } catch (KeyStoreException e) {
            return false;
        }
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        try {
            return this.keyStore.getCertificateAlias(certificate);
        } catch (KeyStoreException e) {
            return null;
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new IOException("Persistence is handled automatically by the SPI.");
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        throw new IOException("Persistence is handled automatically by the SPI.");
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (inputStream != null) {
            throw new IOException("The SPI handles persistence on its own, being backed-up by the resource with which it was initialized. Please call this method with a null stream parameter.");
        }
        try {
            this.keyStore.load(((Node) this.contentResource.adaptTo(Node.class)).getProperty("jcr:data").getBinary().getStream(), cArr);
        } catch (RepositoryException e) {
            LOG.error("Cannot access the jcr:data property on the jcr:content node of the keystore resource.", e);
            throw new IOException((Throwable) e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        this.keyStore.load(loadStoreParameter);
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        return this.keyStore.isCertificateEntry(str) ? new KeyStore.TrustedCertificateEntry(this.keyStore.getCertificate(str)) : this.keyStore.isKeyEntry(str) ? this.keyStore.getEntry(str, protectionParameter) : this.keyStore.getEntry(str, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        this.keyStore.setEntry(str, entry, protectionParameter);
        persist();
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        try {
            return this.keyStore.entryInstanceOf(str, cls);
        } catch (KeyStoreException e) {
            return false;
        }
    }

    private void persist() throws KeyStoreException {
        try {
            if (!this.contentResource.getResourceResolver().isLive()) {
                throw new IOException("The resource resolver used to access resource " + this.resource.getPath() + " was closed.");
            }
            Node node = (Node) this.contentResource.adaptTo(Node.class);
            ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
            this.keyStore.store(byteArrayOutputStream, this.cryptoSupport.unprotect(this.encryptedPassword).toCharArray());
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(byteArrayOutputStream.toByteArray());
            Session session = node.getSession();
            node.setProperty("jcr:data", session.getValueFactory().createBinary(byteArrayInputStream));
            byteArrayInputStream.close();
            byteArrayOutputStream.close();
            session.save();
        } catch (Exception e) {
            if (!(e instanceof KeyStoreException)) {
                throw new KeyStoreException(e);
            }
            throw ((KeyStoreException) e);
        }
    }

    private void ibmKeyIntegrityCheck(String str, Key key, byte[] bArr, Certificate[] certificateArr, boolean z) throws KeyStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance("PKCS12", GraniteSecurityProvider.BASE_PROVIDER_NAME);
            keyStore.load(null, null);
            if (z) {
                keyStore.setKeyEntry(str, key, this.cryptoSupport.unprotect(this.encryptedPassword).toCharArray(), certificateArr);
            } else {
                keyStore.setKeyEntry(str, bArr, certificateArr);
            }
            keyStore.getEntry(str, new KeyStore.PasswordProtection(this.cryptoSupport.unprotect(this.encryptedPassword).toCharArray()));
        } catch (Exception e) {
            throw new KeyStoreException(e);
        }
    }
}
