package com.datastax.dse.byos.shade.com.cryptsoft.provider;

import com.datastax.dse.byos.shade.com.cryptsoft.codec.Hex;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.Att;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.KeyBlock;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.Kmip;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.KmipException;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.LocateResponse;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.ManagedObject;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.ResponseMessage;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.SymmetricKey;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.TlsKmipConnection;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.CertificateType;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.CryptographicUsageMask;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.LinkType;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.ObjectType;
import com.datastax.dse.byos.shade.com.cryptsoft.kmip.enm.ResultStatus;
import com.datastax.dse.byos.shade.com.cryptsoft.provider.CryptsoftKmipLoadStoreParameter;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.KeyStoreSpi;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableEntryException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Date;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import java.util.Vector;
import javax.crypto.SecretKey;

/* loaded from: input_file:com/datastax/dse/byos/shade/com/cryptsoft/provider/CryptsoftKmipKeyStore.class */
public final class CryptsoftKmipKeyStore extends KeyStoreSpi {
    private static final Att a = Att.cryptographicUsageMask(CryptographicUsageMask.Verify, CryptographicUsageMask.Encrypt);
    private Kmip b;

    @Override // java.security.KeyStoreSpi
    public final Key engineGetKey(String str, char[] cArr) throws NoSuchAlgorithmException, UnrecoverableKeyException {
        KeyBlock keyBlock;
        try {
            ResponseMessage batchSend = this.b.batchStart().batchOrderOption(true).batchExceptionOnFail(false).locate(1, null, Att.name(str)).get(null).batchSend();
            if (batchSend.getBatchItems().size() < 2 || batchSend.getBatchItems().get(1).getResultStatus() != ResultStatus.Success || (keyBlock = batchSend.getGetResponse(1).getKeyBlock()) == null || !(keyBlock.getTransparentKey() instanceof Key)) {
                return null;
            }
            return (Key) keyBlock.getTransparentKey();
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate[] engineGetCertificateChain(String str) {
        try {
            List<String> uniqueIdentifiers = this.b.locate(1, null, Att.name(str)).getUniqueIdentifiers();
            if (uniqueIdentifiers.size() == 0) {
                return null;
            }
            List<String> uniqueIdentifiers2 = this.b.locate(Att.objectType(ObjectType.Certificate), Att.certificateType(CertificateType.X_509), Att.link(LinkType.PrivateKeyLink, uniqueIdentifiers.get(0))).getUniqueIdentifiers();
            X509Certificate[] x509CertificateArr = new X509Certificate[uniqueIdentifiers2.size()];
            if (x509CertificateArr.length == 0) {
                return x509CertificateArr;
            }
            this.b.batchStart();
            for (int i = 0; i < uniqueIdentifiers2.size(); i++) {
                this.b.get(uniqueIdentifiers2.get(i));
            }
            ResponseMessage batchSend = this.b.batchSend();
            for (int i2 = 0; i2 < uniqueIdentifiers2.size(); i2++) {
                x509CertificateArr[i2] = batchSend.getGetResponse(i2).getManagedObjectCertificate().getX509Certificate();
            }
            return x509CertificateArr;
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Certificate engineGetCertificate(String str) {
        try {
            ResponseMessage batchSend = this.b.batchStart().batchOrderOption(true).batchExceptionOnFail(false).locate(Att.objectType(ObjectType.Certificate), Att.certificateType(CertificateType.X_509), Att.name(str)).get(null).batchSend();
            if (batchSend.getBatchItems().size() < 2 || batchSend.getBatchItems().get(1).getResultStatus() != ResultStatus.Success) {
                return null;
            }
            return batchSend.getGetResponse(1).getManagedObjectCertificate().getX509Certificate();
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Date engineGetCreationDate(String str) {
        try {
            ResponseMessage batchSend = this.b.batchStart().batchOrderOption(true).batchExceptionOnFail(false).locate(Att.name(str)).getAttributes(null, Att.Initial_Date).batchSend();
            if (batchSend.getBatchItems().size() < 2 || batchSend.getBatchItems().get(1).getResultStatus() != ResultStatus.Success) {
                return null;
            }
            return batchSend.getGetAttributesResponse(1).getAtts().get(0).getAttributeValue().getValueDate();
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, Key key, char[] cArr, Certificate[] certificateArr) throws KeyStoreException {
        if (certificateArr != null) {
            for (int i = 0; i < certificateArr.length; i++) {
                if (certificateArr[i] != null && !(certificateArr[i] instanceof X509Certificate)) {
                    throw new KeyStoreException("Only java.security.cert.X509Certificate supported in chain, got: " + certificateArr[i].getClass());
                }
            }
        }
        Att cryptographicUsageMask = Att.cryptographicUsageMask(CryptographicUsageMask.Encrypt, CryptographicUsageMask.Decrypt);
        try {
            ObjectType objectType = null;
            ManagedObject managedObject = null;
            if (key instanceof SecretKey) {
                objectType = ObjectType.SymmetricKey;
                managedObject = SymmetricKey.raw((SecretKey) key);
            } else if ((key instanceof PrivateKey) && ("PKCS#8".equalsIgnoreCase(key.getFormat()) || "PKCS8".equalsIgnoreCase(key.getFormat()))) {
                objectType = ObjectType.PrivateKey;
                com.datastax.dse.byos.shade.com.cryptsoft.kmip.PrivateKey fromPk8 = com.datastax.dse.byos.shade.com.cryptsoft.kmip.PrivateKey.fromPk8(key.getEncoded());
                managedObject = fromPk8;
                cryptographicUsageMask = Att.cryptographicUsageMask(com.datastax.dse.byos.shade.com.cryptsoft.kmip.Certificate.DEFAULT_CRYPTOGRAPHIC_USAGE_MASK);
                if (certificateArr != null) {
                    for (int i2 = 0; i2 < certificateArr.length; i2++) {
                        if (fromPk8.matchesPublicKey(certificateArr[i2].getPublicKey())) {
                            cryptographicUsageMask = Att.cryptographicUsageMask(com.datastax.dse.byos.shade.com.cryptsoft.kmip.Certificate.cryptographicUsageMaskFromKeyUsage((X509Certificate) certificateArr[i2]));
                            break;
                        }
                    }
                }
            } else if (key instanceof PublicKey) {
                objectType = ObjectType.PublicKey;
                if ("PKCS#1".equalsIgnoreCase(key.getFormat()) || "PKCS1".equalsIgnoreCase(key.getFormat())) {
                    managedObject = com.datastax.dse.byos.shade.com.cryptsoft.kmip.PublicKey.fromRsaPk1(key.getEncoded());
                } else if ("X.509".equalsIgnoreCase(key.getFormat()) || "X509".equalsIgnoreCase(key.getFormat())) {
                    managedObject = com.datastax.dse.byos.shade.com.cryptsoft.kmip.PublicKey.fromX509(key.getEncoded());
                }
            }
            if (managedObject == null) {
                throw new KmipException("Cryptsoft Kmip provider only supports keys of type: SecretKey, PrivateKey encoded as PKCS#8 with RSA (1.2.840.113549.1.1.1), DH (1.2.840.113549.1.3.1), DSA (1.2.840.10040.4.1 or 1.2.840.10040.4.2), PublicKey encoded as PKCS#1 or X.509 with RSA, DH or DSA as per PrivateKey, got: " + key.getClass() + " encoded as " + key.getFormat() + " with " + key.getAlgorithm());
            }
            this.b.batchStart().register(objectType, Att.ta(Att.name(str), cryptographicUsageMask), managedObject);
            if (certificateArr != null) {
                for (int i3 = 0; i3 < certificateArr.length; i3++) {
                    if (certificateArr[i3] != null) {
                        this.b.register(ObjectType.Certificate, Att.ta(a), com.datastax.dse.byos.shade.com.cryptsoft.kmip.Certificate.fromX509(certificateArr[i3].getEncoded()));
                    }
                }
            }
            ResponseMessage batchSend = this.b.batchSend();
            String uniqueIdentifier = batchSend.getRegisterResponse(0).getUniqueIdentifier();
            ArrayList<String> arrayList = new ArrayList();
            for (int i4 = 1; i4 < batchSend.getBatchItems().size(); i4++) {
                arrayList.add(batchSend.getRegisterResponse(i4).getUniqueIdentifier());
            }
            if (certificateArr == null || certificateArr.length <= 0) {
                return;
            }
            this.b.batchStart();
            for (String str2 : arrayList) {
                this.b.addAttribute(uniqueIdentifier, Att.link(LinkType.CertificateLink, str2));
                this.b.addAttribute(str2, Att.link(LinkType.PrivateKeyLink, uniqueIdentifier));
            }
            this.b.batchSend();
        } catch (IOException e) {
            throw new KeyStoreException(e);
        } catch (NoSuchAlgorithmException e2) {
            throw new KeyStoreException(e2);
        } catch (CertificateEncodingException e3) {
            throw new KeyStoreException(e3);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetKeyEntry(String str, byte[] bArr, Certificate[] certificateArr) throws KeyStoreException {
        throw new UnsupportedOperationException();
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetCertificateEntry(String str, Certificate certificate) throws KeyStoreException {
        try {
            this.b.register(ObjectType.Certificate, Att.ta(Att.name(str), a), com.datastax.dse.byos.shade.com.cryptsoft.kmip.Certificate.fromX509(certificate.getEncoded()));
        } catch (Exception e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineDeleteEntry(String str) throws KeyStoreException {
        try {
            List<String> uniqueIdentifiers = this.b.locate(Att.name(str)).getUniqueIdentifiers();
            if (uniqueIdentifiers.size() == 0) {
                return;
            }
            this.b.batchStart();
            Iterator<String> it = uniqueIdentifiers.iterator();
            while (it.hasNext()) {
                this.b.destroy(it.next());
            }
            this.b.batchSend();
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final Enumeration<String> engineAliases() {
        return a().elements();
    }

    private Vector<String> a() {
        try {
            Vector<String> vector = new Vector<>();
            LocateResponse locate = this.b.locate(new Att[0]);
            if (locate.getUniqueIdentifiers().size() == 0) {
                return vector;
            }
            this.b.batchStart();
            Iterator<String> it = locate.getUniqueIdentifiers().iterator();
            while (it.hasNext()) {
                this.b.getAttributes(it.next(), Att.Name);
            }
            ResponseMessage batchSend = this.b.batchSend();
            for (int i = 0; i < batchSend.getBatchCount(); i++) {
                Iterator<Att> it2 = batchSend.getGetAttributesResponse(i).getAtts().iterator();
                while (it2.hasNext()) {
                    vector.add(it2.next().getAttributeValue().get(0).getValueUtf8());
                }
            }
            return vector;
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineContainsAlias(String str) {
        try {
            return this.b.locate(1, null, Att.name(str)).getUniqueIdentifiers().size() > 0;
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final int engineSize() {
        return a().size();
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsKeyEntry(String str) {
        try {
            ResponseMessage batchSend = this.b.batchStart().batchExceptionOnFail(false).locate(1, null, Att.name(str), Att.objectType(ObjectType.SymmetricKey)).locate(1, null, Att.name(str), Att.objectType(ObjectType.PrivateKey)).locate(1, null, Att.name(str), Att.objectType(ObjectType.PublicKey)).batchSend();
            if (batchSend.getLocateResponse(0).getUniqueIdentifiers().size() > 0 || batchSend.getLocateResponse(1).getUniqueIdentifiers().size() > 0) {
                return true;
            }
            return batchSend.getLocateResponse(2).getUniqueIdentifiers().size() > 0;
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineIsCertificateEntry(String str) {
        try {
            return this.b.locate(Att.name(str), Att.objectType(ObjectType.Certificate), Att.certificateType(CertificateType.X_509)).getUniqueIdentifiers().size() > 0;
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final String engineGetCertificateAlias(Certificate certificate) {
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        try {
            ResponseMessage batchSend = this.b.batchStart().batchOrderOption(true).batchExceptionOnFail(false).locate(1, null, Att.objectType(ObjectType.Certificate), Att.certificateType(CertificateType.X_509), Att.certificateIdentifier(x509Certificate.getIssuerX500Principal().getName(), Hex.b2s(x509Certificate.getSerialNumber().toByteArray()))).getAttributes(null, Att.Name).batchSend();
            if (batchSend.getBatchItems().size() < 2 || batchSend.getBatchItems().get(1).getResultStatus() != ResultStatus.Success || batchSend.getGetAttributesResponse(1).getAtts().size() == 0) {
                return null;
            }
            return batchSend.getGetAttributesResponse(1).getAtts().get(0).getAttributeValue().get(0).getValueUtf8();
        } catch (IOException e) {
            throw new KmipException(e);
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineStore(OutputStream outputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(InputStream inputStream, char[] cArr) throws IOException, NoSuchAlgorithmException, CertificateException {
        String property = System.getProperty("com.datastax.dse.byos.shade.com.cryptsoft.kmip.properties");
        if (property != null) {
            this.b = new Kmip(new TlsKmipConnection(property));
        } else {
            this.b = new Kmip(new TlsKmipConnection(inputStream));
        }
    }

    @Override // java.security.KeyStoreSpi
    public final void engineLoad(KeyStore.LoadStoreParameter loadStoreParameter) throws IOException, NoSuchAlgorithmException, CertificateException {
        if (!(loadStoreParameter instanceof CryptsoftKmipLoadStoreParameter)) {
            throw new IllegalArgumentException("CryptsoftKmipKeyStore only supports LoadStoreParameter of type " + CryptsoftKmipLoadStoreParameter.class.getName() + ", got type: " + loadStoreParameter.getClass());
        }
        this.b = ((CryptsoftKmipLoadStoreParameter.CryptsoftKmipProtectionParameter) loadStoreParameter.getProtectionParameter()).getKmip();
    }

    @Override // java.security.KeyStoreSpi
    public final KeyStore.Entry engineGetEntry(String str, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException, NoSuchAlgorithmException, UnrecoverableEntryException {
        return super.engineGetEntry(str, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public final void engineSetEntry(String str, KeyStore.Entry entry, KeyStore.ProtectionParameter protectionParameter) throws KeyStoreException {
        super.engineSetEntry(str, entry, protectionParameter);
    }

    @Override // java.security.KeyStoreSpi
    public final boolean engineEntryInstanceOf(String str, Class<? extends KeyStore.Entry> cls) {
        return super.engineEntryInstanceOf(str, cls);
    }
}
