package com.azure.security.keyvault.jca;

import com.azure.security.keyvault.jca.implementation.certificates.AzureCertificates;
import com.azure.security.keyvault.jca.implementation.certificates.ClasspathCertificates;
import com.azure.security.keyvault.jca.implementation.certificates.JreCertificates;
import com.azure.security.keyvault.jca.implementation.certificates.KeyVaultCertificates;
import com.azure.security.keyvault.jca.implementation.certificates.SpecificPathCertificates;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableEntryException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import java.util.stream.Stream;

/* loaded from: input_file:com/azure/security/keyvault/jca/KeyVaultKeyStore.class */
public final class KeyVaultKeyStore extends KeyStoreSpi {
    public static final String KEY_STORE_TYPE = "AzureKeyVault";
    public static final String ALGORITHM_NAME = "AzureKeyVault";
    private static final Logger LOGGER = Logger.getLogger(KeyVaultKeyStore.class.getName());
    private final JreCertificates jreCertificates;
    private final SpecificPathCertificates wellKnowCertificates;
    private final SpecificPathCertificates customCertificates;
    private final KeyVaultCertificates keyVaultCertificates;
    private final ClasspathCertificates classpathCertificates;
    private final List<AzureCertificates> allCertificates;
    private final Date creationDate;
    private final boolean refreshCertificatesWhenHaveUnTrustCertificate;
    final String wellKnowPath = (String) Optional.ofNullable(System.getProperty("azure.cert-path.well-known")).orElse("/etc/certs/well-known/");
    final String customPath = (String) Optional.ofNullable(System.getProperty("azure.cert-path.custom")).orElse("/etc/certs/custom/");

    public KeyVaultKeyStore() {
        LOGGER.log(Level.FINE, "Constructing KeyVaultKeyStore.");
        this.creationDate = new Date();
        String property = System.getProperty("azure.keyvault.uri");
        String property2 = System.getProperty("azure.keyvault.tenant-id");
        String property3 = System.getProperty("azure.keyvault.client-id");
        String property4 = System.getProperty("azure.keyvault.client-secret");
        String property5 = System.getProperty("azure.keyvault.managed-identity");
        long longValue = getRefreshInterval().longValue();
        this.refreshCertificatesWhenHaveUnTrustCertificate = ((Boolean) Optional.of("azure.keyvault.jca.refresh-certificates-when-have-un-trust-certificate").map(System::getProperty).map(Boolean::parseBoolean).orElse(false)).booleanValue();
        this.jreCertificates = JreCertificates.getInstance();
        LOGGER.log(Level.FINE, String.format("Loaded jre certificates: %s.", this.jreCertificates.getAliases()));
        this.wellKnowCertificates = SpecificPathCertificates.getSpecificPathCertificates(this.wellKnowPath);
        LOGGER.log(Level.FINE, String.format("Loaded well known certificates: %s.", this.wellKnowCertificates.getAliases()));
        this.customCertificates = SpecificPathCertificates.getSpecificPathCertificates(this.customPath);
        LOGGER.log(Level.FINE, String.format("Loaded custom certificates: %s.", this.customCertificates.getAliases()));
        this.keyVaultCertificates = new KeyVaultCertificates(longValue, property, property2, property3, property4, property5);
        LOGGER.log(Level.FINE, String.format("Loaded Key Vault certificates: %s.", this.keyVaultCertificates.getAliases()));
        this.classpathCertificates = new ClasspathCertificates();
        LOGGER.log(Level.FINE, String.format("Loaded classpath certificates: %s.", this.classpathCertificates.getAliases()));
        this.allCertificates = Arrays.asList(this.jreCertificates, this.wellKnowCertificates, this.customCertificates, this.keyVaultCertificates, this.classpathCertificates);
    }

    Long getRefreshInterval() {
        return (Long) Stream.of((Object[]) new String[]{"azure.keyvault.jca.certificates-refresh-interval-in-ms", "azure.keyvault.jca.certificates-refresh-interval"}).map(System::getProperty).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(Long::valueOf).findFirst().orElse(0L);
    }

    public static KeyStore getKeyVaultKeyStoreBySystemProperty() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        KeyStore keyStore = KeyStore.getInstance("AzureKeyVault");
        keyStore.load(new KeyVaultLoadStoreParameter(System.getProperty("azure.keyvault.uri"), System.getProperty("azure.keyvault.tenant-id"), System.getProperty("azure.keyvault.client-id"), System.getProperty("azure.keyvault.client-secret"), System.getProperty("azure.keyvault.managed-identity")));
        return keyStore;
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        return Collections.enumeration(getAllAliases());
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        return engineIsCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) {
        this.allCertificates.forEach(azureCertificates -> {
            azureCertificates.deleteEntry(str);
        });
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        return super.engineEntryInstanceOf(str, cls);
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        Certificate certificate = (Certificate) this.allCertificates.stream().map((v0) -> {
            return v0.getCertificates();
        }).filter(map -> {
            return map.containsKey(str);
        }).findFirst().map(map2 -> {
            return (Certificate) map2.get(str);
        }).orElse(null);
        if (this.refreshCertificatesWhenHaveUnTrustCertificate && certificate == null) {
            this.keyVaultCertificates.refreshCertificates();
            certificate = this.keyVaultCertificates.getCertificates().get(str);
        }
        return certificate;
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        String str = null;
        if (certificate != null) {
            Iterator<String> it = getAllAliases().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String next = it.next();
                if (engineGetCertificate(next).equals(certificate)) {
                    str = next;
                    break;
                }
            }
        }
        if (this.refreshCertificatesWhenHaveUnTrustCertificate && str == null) {
            str = this.keyVaultCertificates.refreshAndGetAliasByCertificate(certificate);
        }
        return str;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        Certificate[] certificateArr = null;
        Certificate engineGetCertificate = engineGetCertificate(str);
        if (engineGetCertificate != null) {
            certificateArr = new Certificate[]{engineGetCertificate};
        }
        return certificateArr;
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        return new Date(this.creationDate.getTime());
    }

    @Override // java.security.KeyStoreSpi
    public KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        return super.engineGetEntry(str, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) {
        return (Key) this.allCertificates.stream().map((v0) -> {
            return v0.getCertificateKeys();
        }).filter(map -> {
            return map.containsKey(str);
        }).findFirst().map(map2 -> {
            return (Key) map2.get(str);
        }).orElse(null);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        return getAllAliases().contains(str);
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        return engineIsCertificateEntry(str);
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) {
        if (loadStoreParameter instanceof KeyVaultLoadStoreParameter) {
            KeyVaultLoadStoreParameter keyVaultLoadStoreParameter = (KeyVaultLoadStoreParameter) loadStoreParameter;
            this.keyVaultCertificates.updateKeyVaultClient(keyVaultLoadStoreParameter.getUri(), keyVaultLoadStoreParameter.getTenantId(), keyVaultLoadStoreParameter.getClientId(), keyVaultLoadStoreParameter.getClientSecret(), keyVaultLoadStoreParameter.getManagedIdentity());
        }
        this.classpathCertificates.loadCertificatesFromClasspath();
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) {
        this.classpathCertificates.loadCertificatesFromClasspath();
    }

    private List<String> getAllAliases() {
        ArrayList arrayList = new ArrayList(this.jreCertificates.getAliases());
        HashMap hashMap = new HashMap();
        hashMap.put("well known certificates", this.wellKnowCertificates.getAliases());
        hashMap.put("custom certificates", this.customCertificates.getAliases());
        hashMap.put("key vault certificates", this.keyVaultCertificates.getAliases());
        hashMap.put("class path certificates", this.classpathCertificates.getAliases());
        hashMap.forEach((str, list) -> {
            list.forEach(str -> {
                if (arrayList.contains(str)) {
                    LOGGER.log(Level.FINE, String.format("The certificate %s under %s already exists", str, str));
                } else {
                    arrayList.add(str);
                }
            });
        });
        return arrayList;
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) {
        if (getAllAliases().contains(str)) {
            LOGGER.log(Level.WARNING, "Cannot overwrite own certificate");
        } else {
            this.classpathCertificates.setCertificateEntry(str, certificate);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        super.engineSetEntry(str, entry, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) {
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return getAllAliases().size();
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) {
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(KeyStore.LoadStoreParameter loadStoreParameter) {
    }
}
