package org.gridgain.internal.encryption.provider.keystore;

import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.NoSuchFileException;
import java.nio.file.Path;
import java.nio.file.StandardOpenOption;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import org.gridgain.internal.encryption.CannotInitKeyProviderException;
import org.gridgain.internal.encryption.InvalidKeyProviderConfigurationException;
import org.gridgain.internal.encryption.provider.DataEncryptionKey;
import org.gridgain.internal.encryption.provider.KeyProvider;
import org.gridgain.internal.encryption.utils.EncryptionUtils;
import org.jetbrains.annotations.Nullable;

/* loaded from: input_file:org/gridgain/internal/encryption/provider/keystore/KeyStoreKeyProvider.class */
public class KeyStoreKeyProvider implements KeyProvider {
    private static final Random RANDOM_INSTANCE = new SecureRandom();
    private final String keyStoreType;
    private final String keyStorePath;
    private final String keyStorePassword;
    private final String activeKekName;
    private final String providerName;
    private final Map<String, Key> localCachedKeys;

    public KeyStoreKeyProvider(String str, String str2, String str3, String str4) {
        this(str, KeyStore.getDefaultType(), str2, str3, str4);
    }

    public KeyStoreKeyProvider(String str, String str2, String str3, String str4, String str5) {
        this.providerName = str;
        this.keyStoreType = str2;
        this.keyStorePath = str3;
        this.keyStorePassword = str4;
        this.activeKekName = str5;
        this.localCachedKeys = new ConcurrentHashMap();
    }

    public static KeyStoreKeyProvider create(String str, String str2, String str3, String str4, String str5) {
        KeyStoreKeyProvider keyStoreKeyProvider = new KeyStoreKeyProvider(str, str2, str3, str4, str5);
        keyStoreKeyProvider.loadKekFromKeystore(str5);
        return keyStoreKeyProvider;
    }

    private Key loadKekFromKeystore(String str) {
        try {
            try {
                try {
                    InputStream newInputStream = Files.newInputStream(Path.of(this.keyStorePath, new String[0]), StandardOpenOption.READ);
                    try {
                        KeyStore keyStore = KeyStore.getInstance(this.keyStoreType);
                        char[] charArray = this.keyStorePassword.toCharArray();
                        keyStore.load(newInputStream, charArray);
                        Key key = keyStore.getKey(str, charArray);
                        if (key == null) {
                            throw new InvalidKeyProviderConfigurationException(this.providerName, "Could not find key for alias: " + str);
                        }
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                        EncryptionUtils.clear(charArray);
                        return key;
                    } catch (Throwable th) {
                        if (newInputStream != null) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (IOException | GeneralSecurityException e) {
                    throw new CannotInitKeyProviderException(this.providerName, e);
                }
            } catch (NoSuchFileException e2) {
                throw new InvalidKeyProviderConfigurationException(this.providerName, String.format("File '%s' not found", e2.getMessage()), e2);
            }
        } catch (Throwable th3) {
            EncryptionUtils.clear((char[]) null);
            throw th3;
        }
    }

    private Key cachedKey(String str) {
        return this.localCachedKeys.computeIfAbsent(str, this::loadKekFromKeystore);
    }

    @Override // org.gridgain.internal.encryption.provider.KeyProvider
    public byte[] encryptKey(DataEncryptionKey dataEncryptionKey) {
        return EncryptionUtils.encryptKey(RANDOM_INSTANCE, dataEncryptionKey, cachedKey(this.activeKekName));
    }

    @Override // org.gridgain.internal.encryption.provider.KeyProvider
    public DataEncryptionKey decryptKey(byte[] bArr, @Nullable String str) {
        return EncryptionUtils.decryptKey(bArr, str == null ? cachedKey(this.activeKekName) : cachedKey(str));
    }

    @Override // org.gridgain.internal.encryption.provider.KeyProvider
    public String getProviderIdentifier() {
        return this.providerName;
    }

    @Override // org.gridgain.internal.encryption.provider.KeyProvider
    public String getActiveKeyIdentifier() {
        return this.activeKekName;
    }
}
