package asia.dbt.thundercrypt.core.utils;

import asia.dbt.thundercrypt.osgi.ErrorResponses;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import kz.gov.pki.kalkan.Storage;
import kz.gov.pki.kalkan.exception.KalkanException;
import kz.gov.pki.kalkan.exception.PCSCCode;
import kz.gov.pki.kalkan.util.io.Streams;
import kz.gov.pki.provider.exception.ProviderUtilException;
import kz.gov.pki.provider.exception.ProviderUtilExceptionCode;
import kz.gov.pki.reference.KeyStoreEntry;

/* loaded from: input_file:asia/dbt/thundercrypt/core/utils/KeyStoreUtil.class */
public class KeyStoreUtil {
    private static List<X509Certificate> caCertificates;

    public static KeyStore getKeyStore(Storage storage, String str, char[] cArr, Provider provider) throws KeyStoreException, NoSuchProviderException, ProviderUtilException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance(storage.getName(), provider.getName());
        try {
            loadKeyStore(storage, str, keyStore, cArr);
            return keyStore;
        } catch (IOException e) {
            String str2 = ErrorResponses.WRONG_PASSWORD;
            if (e.getMessage().contains("password")) {
                throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, -1, str2, e);
            }
            if (e.getCause() instanceof KalkanException) {
                KalkanException cause = e.getCause();
                if (cause.getErrorCode().equals(PCSCCode.WRONG_PIN) || cause.getErrorCode().equals(PCSCCode.INVALID_PIN_VALUE)) {
                    Object obj = cause.get("SW");
                    if (obj != null) {
                        str2 = str2 + " Код: " + obj;
                    }
                    if (cause.get("RetryCount") == null) {
                        throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, -1, str2, cause);
                    }
                    throw new ProviderUtilException(ProviderUtilExceptionCode.WRONG_KEYSTORE_PASSWORD, ((Integer) cause.get("RetryCount")).intValue(), str2, cause);
                }
                if (cause.getErrorCode().equals(PCSCCode.BLOCKED_PIN)) {
                    throw new ProviderUtilException(ProviderUtilExceptionCode.BLOCKED_KEYSTORE_PASSWORD, "Пароль заблокирован.", cause);
                }
            }
            throw e;
        }
    }

    @Deprecated
    public static Map<String, KeyStoreEntry> getKeyStoreEntries(Storage storage, String str, char[] cArr, Provider provider) throws IOException, KeyStoreException, NoSuchProviderException, NoSuchAlgorithmException, CertificateException, ProviderUtilException, UnrecoverableKeyException {
        KeyStore keyStore = getKeyStore(storage, str, cArr, provider);
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                hashMap.put(nextElement, new KeyStoreEntry(nextElement, x509Certificate.getPublicKey().getAlgorithm(), x509Certificate));
            } else {
                hashMap.put(nextElement, new KeyStoreEntry(nextElement, keyStore.getKey(nextElement, cArr).getAlgorithm(), (X509Certificate) null));
            }
        }
        return hashMap;
    }

    public static void setCaCerts(List<X509Certificate> list) {
        caCertificates = list;
    }

    public static List<X509Certificate> getCaCerts() {
        return caCertificates != null ? caCertificates : kz.gov.pki.provider.utils.KeyStoreUtil.getDefaultCACerts();
    }

    private static void loadKeyStore(Storage storage, String str, KeyStore keyStore, char[] cArr) throws NoSuchAlgorithmException, IOException, CertificateException {
        InputStream fileInputStream;
        if (storage.isToken()) {
            fileInputStream = Streams.fromString(str);
        } else {
            if (str == null) {
                keyStore.load(null);
                return;
            }
            fileInputStream = new FileInputStream(str);
        }
        try {
            keyStore.load(fileInputStream, cArr);
        } catch (Exception e) {
            fileInputStream.close();
        }
    }
}
