package com.couchbase.client.encryption;

import com.couchbase.client.encryption.Keyring;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.util.Collections;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.function.Function;
import javax.crypto.spec.SecretKeySpec;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/couchbase/client/encryption/KeyStoreKeyring.class */
public class KeyStoreKeyring implements ListableKeyring {
    private static final Logger log = LoggerFactory.getLogger(KeyStoreKeyring.class);
    private final Map<String, Keyring.Key> keyNameToKey;

    public KeyStoreKeyring(KeyStore keyStore, Function<String, String> function) throws KeyStoreException {
        this.keyNameToKey = Collections.unmodifiableMap(getAllSecretKeys(keyStore, function));
    }

    @Override // com.couchbase.client.encryption.Keyring
    public Optional<Keyring.Key> get(String str) {
        return Optional.ofNullable(this.keyNameToKey.get(str));
    }

    @Override // com.couchbase.client.encryption.ListableKeyring
    public Set<String> keyIds() {
        return this.keyNameToKey.keySet();
    }

    public Map<String, Keyring.Key> getAllSecretKeys(KeyStore keyStore, Function<String, String> function) throws KeyStoreException {
        Objects.requireNonNull(function);
        HashMap hashMap = new HashMap();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                String apply = function.apply(nextElement);
                if (apply == null) {
                    log.debug("Ignoring key '{}' because the password is not known.", nextElement);
                } else {
                    try {
                        KeyStore.Entry entry = keyStore.getEntry(nextElement, new KeyStore.PasswordProtection(apply.toCharArray()));
                        if (entry instanceof KeyStore.SecretKeyEntry) {
                            hashMap.put(nextElement, Keyring.Key.create(nextElement, ((KeyStore.SecretKeyEntry) entry).getSecretKey().getEncoded()));
                        } else {
                            log.debug("Ignoring key '{}' because the KeyStore entry type is not SecretKeyEntry; actual type is {}", nextElement, entry.getClass().getSimpleName());
                        }
                    } catch (Exception e) {
                        log.warn("Ignoring key '{}' because it could not be retrieved (wrong password?)", nextElement, e);
                    }
                }
            }
        }
        return hashMap;
    }

    public static void setSecretKey(KeyStore keyStore, String str, byte[] bArr, char[] cArr) throws KeyStoreException {
        keyStore.setEntry(str, new KeyStore.SecretKeyEntry(new SecretKeySpec(bArr, "OID.1.3.9999.42")), new KeyStore.PasswordProtection(cArr));
    }
}
