package com.unbound.provider;

import com.unbound.common.Log;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.ProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.time.Clock;
import java.util.Collections;
import java.util.Date;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:com/unbound/provider/UBKeyStore.class */
public final class UBKeyStore extends KeyStoreSpi {
    private static final int CACHE_TIMEOUT = 30000;
    private static final Clock clock = Clock.systemUTC();
    private Partition partition;
    private Map<String, Entry> cache = new HashMap();
    private long lastCacheClock = 0;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/unbound/provider/UBKeyStore$Entry.class */
    public static final class Entry {
        UBPrivateKey key;
        UBCertificate cert;
        Certificate[] chain;

        Entry(UBPrivateKey uBPrivateKey, UBCertificate uBCertificate, Certificate[] certificateArr) throws InvalidKeySpecException, CertificateException, IOException {
            this.key = null;
            this.cert = null;
            this.key = uBPrivateKey;
            this.cert = uBCertificate;
            this.chain = certificateArr == null ? uBCertificate.getChain() : certificateArr;
        }

        Entry(UBCertificate uBCertificate) {
            this.key = null;
            this.cert = null;
            this.cert = uBCertificate;
            this.chain = null;
        }

        String getName() {
            return isTrustedCert() ? this.cert.name : this.key.name;
        }

        boolean isTrustedCert() {
            return this.key == null;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public UBKeyStore(Partition partition) {
        this.partition = partition;
    }

    private Entry findEntry(String str) throws InvalidKeySpecException, CertificateException, IOException {
        Entry entry;
        Entry entry2;
        Entry entry3 = null;
        Log end = Log.func("UBKeyStore.findEntry").log("alias", str).end();
        try {
            try {
                synchronized (this) {
                    entry = this.cache.get(str.toUpperCase());
                }
                if (entry != null) {
                    Log leavePrint = end.leavePrint();
                    if (entry != null) {
                        leavePrint.log("entry", entry.getName());
                    }
                    leavePrint.end();
                    return entry;
                }
                UBPrivateKey locate = UBPrivateKey.locate(this.partition, str);
                if (locate == null) {
                    UBCertificate locate2 = UBCertificate.locate(this.partition, str);
                    if (locate2 == null) {
                        Log leavePrint2 = end.leavePrint();
                        if (entry != null) {
                            leavePrint2.log("entry", entry.getName());
                        }
                        leavePrint2.end();
                        return null;
                    }
                    entry2 = new Entry(locate2);
                } else {
                    UBCertificate locateByKeyUid = UBCertificate.locateByKeyUid(this.partition, locate.uid);
                    if (locateByKeyUid == null) {
                        Log leavePrint3 = end.leavePrint();
                        if (entry != null) {
                            leavePrint3.log("entry", entry.getName());
                        }
                        leavePrint3.end();
                        return null;
                    }
                    entry2 = new Entry(locate, locateByKeyUid, null);
                }
                synchronized (this) {
                    this.cache.put(entry2.getName().toUpperCase(), entry2);
                }
                Entry entry4 = entry2;
                Log leavePrint4 = end.leavePrint();
                if (entry2 != null) {
                    leavePrint4.log("entry", entry2.getName());
                }
                leavePrint4.end();
                return entry4;
            } catch (Exception e) {
                end.failed(e);
                throw e;
            }
        } catch (Throwable th) {
            Log leavePrint5 = end.leavePrint();
            if (0 != 0) {
                leavePrint5.log("entry", entry3.getName());
            }
            leavePrint5.end();
            throw th;
        }
    }

    @Override // java.security.KeyStoreSpi
    public Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        if (cArr != null) {
            try {
                if (cArr.length != 0) {
                    this.partition.login(new String(cArr));
                }
            } catch (IOException | CertificateException | InvalidKeySpecException e) {
                throw new ProviderException(e);
            }
        }
        Entry findEntry = findEntry(str);
        if (findEntry == null) {
            return null;
        }
        return findEntry.key;
    }

    @Override // java.security.KeyStoreSpi
    public Certificate[] engineGetCertificateChain(String str) {
        try {
            Entry findEntry = findEntry(str);
            if (findEntry == null) {
                return null;
            }
            return findEntry.chain;
        } catch (Exception e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Certificate engineGetCertificate(String str) {
        try {
            Entry findEntry = findEntry(str);
            if (findEntry == null) {
                return null;
            }
            return findEntry.cert.x509;
        } catch (Exception e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Date engineGetCreationDate(String str) {
        try {
            Entry findEntry = findEntry(str);
            if (findEntry == null) {
                return null;
            }
            long j = findEntry.isTrustedCert() ? findEntry.cert.initialDate : findEntry.key.initialDate;
            if (j < 0) {
                return null;
            }
            return new Date(j * 1000);
        } catch (Exception e) {
            throw new ProviderException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (cArr != null) {
            try {
                if (cArr.length != 0) {
                    this.partition.login(new String(cArr));
                }
            } catch (IOException | CertificateException | InvalidKeySpecException e) {
                throw new KeyStoreException(e);
            }
        }
        UBPrivateKey uBPrivateKey = key instanceof UBPrivateKey ? (UBPrivateKey) key : null;
        Entry findEntry = findEntry(str);
        if (findEntry != null) {
            if (findEntry.isTrustedCert()) {
                throw new KeyStoreException("Trusted certificate entry present");
            }
            if (uBPrivateKey == null) {
                engineDeleteEntry(str);
            }
        }
        if (uBPrivateKey == null) {
            uBPrivateKey = UBPrivateKey.newPrivateKey(this.partition, str, key);
        } else {
            uBPrivateKey.setName(str);
        }
        X509Certificate x509Certificate = (X509Certificate) certificateArr[0];
        UBCertificate locate = UBCertificate.locate(this.partition, x509Certificate);
        if (locate == null) {
            locate = new UBCertificate(this.partition, str, x509Certificate);
        } else {
            locate.setName(str);
        }
        for (int i = 1; i < certificateArr.length; i++) {
            X509Certificate x509Certificate2 = (X509Certificate) certificateArr[1];
            if (UBCertificate.locate(this.partition, x509Certificate2) == null) {
                new UBCertificate(this.partition, str, x509Certificate2);
            }
        }
        Entry entry = new Entry(uBPrivateKey, locate, certificateArr);
        synchronized (this) {
            this.cache.put(str, entry);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new KeyStoreException("Not supported");
    }

    @Override // java.security.KeyStoreSpi
    public void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        try {
            Entry findEntry = findEntry(str);
            if (findEntry != null) {
                if (!findEntry.isTrustedCert()) {
                    throw new KeyStoreException("Private key entry present");
                }
                engineDeleteEntry(str);
            }
            Entry entry = new Entry(new UBCertificate(this.partition, str, (X509Certificate) certificate));
            synchronized (this) {
                this.cache.put(str, entry);
            }
        } catch (IOException | CertificateException | InvalidKeySpecException e) {
            throw new KeyStoreException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineDeleteEntry(String str) throws KeyStoreException {
        try {
            Entry findEntry = findEntry(str);
            if (findEntry == null) {
                return;
            }
            UBObject.delete(this.partition, findEntry.cert, findEntry.key);
            synchronized (this) {
                this.cache.remove(str);
            }
        } catch (IOException | CertificateException | InvalidKeySpecException e) {
            throw new KeyStoreException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public Enumeration<String> engineAliases() {
        synchronized (this) {
            if (clock.millis() < this.lastCacheClock + 30000) {
                return Collections.enumeration(this.cache.keySet());
            }
            try {
                long[] locate = this.partition.locate(4, 4);
                long[] locate2 = this.partition.locate(4, 26);
                long[] jArr = new long[locate.length + locate2.length];
                System.arraycopy(locate, 0, jArr, 0, locate.length);
                System.arraycopy(locate2, 0, jArr, locate.length, locate2.length);
                long[] locate3 = this.partition.locate(1, 0);
                UBObject[] read = UBObject.read(this.partition, jArr);
                UBObject[] read2 = UBObject.read(this.partition, locate3);
                HashMap hashMap = new HashMap();
                for (UBObject uBObject : read) {
                    UBPrivateKey uBPrivateKey = (UBPrivateKey) uBObject;
                    UBCertificate uBCertificate = null;
                    int i = 0;
                    while (true) {
                        if (i >= read2.length) {
                            break;
                        }
                        UBCertificate uBCertificate2 = (UBCertificate) read2[i];
                        if (uBCertificate2 != null && uBCertificate2.match(uBPrivateKey.pub)) {
                            uBCertificate = uBCertificate2;
                            read2[i] = null;
                            break;
                        }
                        i++;
                    }
                    if (uBCertificate != null) {
                        hashMap.put(uBPrivateKey.name.toUpperCase(), new Entry(uBPrivateKey, uBCertificate, uBCertificate.getChain(read2)));
                    }
                }
                synchronized (this) {
                    this.cache = hashMap;
                    this.lastCacheClock = clock.millis();
                }
                return Collections.enumeration(hashMap.keySet());
            } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
                throw new ProviderException(e);
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineContainsAlias(String str) {
        Entry entry = null;
        try {
            entry = findEntry(str);
        } catch (Exception e) {
        }
        return entry != null;
    }

    @Override // java.security.KeyStoreSpi
    public int engineSize() {
        return 0;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsKeyEntry(String str) {
        Entry entry = null;
        try {
            entry = findEntry(str);
        } catch (Exception e) {
        }
        return (entry == null || entry.isTrustedCert()) ? false : true;
    }

    @Override // java.security.KeyStoreSpi
    public boolean engineIsCertificateEntry(String str) {
        Entry entry = null;
        try {
            entry = findEntry(str);
        } catch (Exception e) {
        }
        return entry != null && entry.isTrustedCert();
    }

    @Override // java.security.KeyStoreSpi
    public String engineGetCertificateAlias(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        synchronized (this) {
            for (Entry entry : this.cache.values()) {
                if (entry.cert.x509.equals(certificate)) {
                    return entry.getName();
                }
            }
            try {
                UBCertificate locate = UBCertificate.locate(this.partition, x509Certificate);
                if (locate == null) {
                    return null;
                }
                UBPrivateKey uBPrivateKey = null;
                try {
                    uBPrivateKey = (UBPrivateKey) UBObject.read(this.partition, UBCertificate.getKeyUid(x509Certificate));
                } catch (Exception e) {
                }
                Entry entry2 = uBPrivateKey == null ? new Entry(locate) : new Entry(uBPrivateKey, locate, null);
                synchronized (this) {
                    this.cache.put(entry2.getName().toUpperCase(), entry2);
                }
                return entry2.getName();
            } catch (Exception e2) {
                return null;
            }
        }
    }

    @Override // java.security.KeyStoreSpi
    public void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (cArr == null || cArr.length == 0) {
            return;
        }
        this.partition.login(new String(cArr));
    }
}
