package com.predic8.membrane.core.security;

import com.predic8.membrane.core.config.security.Store;
import com.predic8.membrane.core.resolver.ResolverMap;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.util.Enumeration;
import java.util.Optional;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:WEB-INF/lib/service-proxy-core-5.8.2.jar:com/predic8/membrane/core/security/KeyStoreUtil.class */
public class KeyStoreUtil {
    public static KeyStore filterKeyStoreByAlias(KeyStore keyStore, char[] cArr, String str) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException, UnrecoverableKeyException {
        KeyStore keyStore2 = KeyStore.getInstance(keyStore.getType());
        keyStore2.load(null, cArr);
        keyStore2.setKeyEntry(str, keyStore.getKey(str, cArr), cArr, keyStore.getCertificateChain(str));
        return keyStore2;
    }

    @NotNull
    public static String getDigest(KeyStore keyStore, String str) throws CertificateEncodingException, KeyStoreException, NoSuchAlgorithmException {
        byte[] encoded = keyStore.getCertificate(str).getEncoded();
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(encoded);
        byte[] digest = messageDigest.digest();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < digest.length; i++) {
            if (i > 0) {
                sb.append(':');
            }
            sb.append(Integer.toString((digest[i] & 255) + 256, 16).substring(1));
        }
        return sb.toString();
    }

    @NotNull
    public static KeyStore getAndLoadKeyStore(Store store, ResolverMap resolverMap, String str, String str2, char[] cArr) throws KeyStoreException, NoSuchProviderException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = store.getProvider() != null ? KeyStore.getInstance(str2, store.getProvider()) : KeyStore.getInstance(str2);
        keyStore.load(resolverMap.resolve(ResolverMap.combine(str, store.getLocation())), cArr);
        return keyStore;
    }

    public static String firstAliasOrThrow(KeyStore keyStore) throws KeyStoreException {
        Optional<String> firstCertAlias = getFirstCertAlias(keyStore);
        if (firstCertAlias.isPresent()) {
            return firstCertAlias.get();
        }
        throw new RuntimeException("No certificate available in key store.");
    }

    public static String aliasOrThrow(KeyStore keyStore, String str) throws KeyStoreException {
        if (keyStore.isKeyEntry(str)) {
            return str;
        }
        throw new RuntimeException("Certificate of alias " + str + " not present in key store.");
    }

    public static Optional<String> getFirstCertAlias(KeyStore keyStore) throws KeyStoreException {
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            if (keyStore.isKeyEntry(nextElement)) {
                return Optional.of(nextElement);
            }
        }
        return Optional.empty();
    }
}
