package de.carne.lwjsd.runtime.security;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.SerializationFeature;
import de.carne.boot.logging.Log;
import de.carne.check.Check;
import de.carne.check.Nullable;
import de.carne.lwjsd.runtime.config.Config;
import de.carne.nio.file.attribute.FileAttributes;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.security.GeneralSecurityException;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;

/* loaded from: input_file:de/carne/lwjsd/runtime/security/SecretsStore.class */
public final class SecretsStore {
    private static final Log LOG = new Log();
    private static final ObjectMapper JSON_OBJECT_MAPPER = new ObjectMapper().enable(SerializationFeature.INDENT_OUTPUT);
    private static final String SECRETS_FILE = "lwjsd.secrets.json";
    private static final String DEFAULT_CIPHER = "aes256-cipher";
    private static final String DEFAULT_SIGNATURE = "ec256-signature";
    private final Map<String, Cipher> cipherMap = new HashMap();
    private final Map<String, Signature> signatureMap = new HashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:de/carne/lwjsd/runtime/security/SecretsStore$JsonSecretsStore.class */
    public static final class JsonSecretsStore {

        @Nullable
        private Map<String, String> cipherKeys;

        @Nullable
        private Map<String, String> signatureKeys;

        public JsonSecretsStore() {
        }

        public JsonSecretsStore(Map<String, String> map, Map<String, String> map2) {
            this.cipherKeys = map;
            this.signatureKeys = map2;
        }

        public Map<String, String> getCipherKeys() {
            return Collections.unmodifiableMap((Map) Check.notNull(this.cipherKeys));
        }

        public void setCipherKeys(Map<String, String> map) {
            this.cipherKeys = map;
        }

        public Map<String, String> getSignatureKeys() {
            return Collections.unmodifiableMap((Map) Check.notNull(this.signatureKeys));
        }

        public void setSignatureKeys(Map<String, String> map) {
            this.signatureKeys = map;
        }
    }

    private SecretsStore() {
    }

    public static SecretsStore create(Config config) throws IOException, GeneralSecurityException {
        Path stateDir = config.getStateDir();
        Files.createDirectories(stateDir, FileAttributes.userDirectoryDefault(stateDir));
        Path resolve = stateDir.resolve(SECRETS_FILE);
        LOG.info("Using secrets file ''{0}''...", new Object[]{resolve});
        SecretsStore secretsStore = new SecretsStore();
        if (Files.exists(resolve, new LinkOption[0])) {
            JsonSecretsStore jsonSecretsStore = (JsonSecretsStore) JSON_OBJECT_MAPPER.readValue(resolve.toFile(), JsonSecretsStore.class);
            for (Map.Entry<String, String> entry : jsonSecretsStore.getCipherKeys().entrySet()) {
                String key = entry.getKey();
                secretsStore.cipherMap.put(key, decodeCipher(key, entry.getValue()));
            }
            for (Map.Entry<String, String> entry2 : jsonSecretsStore.getSignatureKeys().entrySet()) {
                String key2 = entry2.getKey();
                secretsStore.signatureMap.put(key2, decodeSignature(key2, entry2.getValue()));
            }
        }
        boolean z = false;
        if (!secretsStore.cipherMap.containsKey("aes256-cipher")) {
            secretsStore.cipherMap.put("aes256-cipher", createDefaultCipher());
            z = true;
        }
        if (!secretsStore.signatureMap.containsKey("ec256-signature")) {
            secretsStore.signatureMap.put("ec256-signature", createDefaultSignature());
            z = true;
        }
        if (z) {
            LOG.info("Creating/updating secrets file ''{0}''...", new Object[]{resolve});
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, Cipher> entry3 : secretsStore.cipherMap.entrySet()) {
                hashMap.put(entry3.getKey(), encodeCipher(entry3.getValue()));
            }
            HashMap hashMap2 = new HashMap();
            for (Map.Entry<String, Signature> entry4 : secretsStore.signatureMap.entrySet()) {
                hashMap2.put(entry4.getKey(), encodeSignature(entry4.getValue()));
            }
            JSON_OBJECT_MAPPER.writeValue(resolve.toFile(), new JsonSecretsStore(hashMap, hashMap2));
            LOG.notice("Created/updated secrets have been written to file ''{0}''...", new Object[]{resolve});
        }
        return secretsStore;
    }

    public Cipher getDefaultCipher() throws NoSuchAlgorithmException {
        return getCipher("aes256-cipher");
    }

    public Cipher getCipher(String str) throws NoSuchAlgorithmException {
        Cipher cipher = this.cipherMap.get(str);
        if (cipher == null) {
            throw new NoSuchAlgorithmException("Unknown cipher: " + str);
        }
        return cipher;
    }

    public Signature getDefaultSignature() throws NoSuchAlgorithmException {
        return getSignature("ec256-signature");
    }

    public Signature getSignature(String str) throws NoSuchAlgorithmException {
        Signature signature = this.signatureMap.get(str);
        if (signature == null) {
            throw new NoSuchAlgorithmException("Unknown signature: " + str);
        }
        return signature;
    }

    private static Cipher createDefaultCipher() throws GeneralSecurityException {
        return CipherFactory.getInstance("aes256-cipher").createCipher();
    }

    private static Signature createDefaultSignature() throws GeneralSecurityException {
        return SignatureFactory.getInstance("ec256-signature").createSignature();
    }

    private static String encodeCipher(Cipher cipher) {
        ByteSecret encoded = cipher.getEncoded();
        Throwable th = null;
        try {
            try {
                String encodeToString = Base64.getEncoder().encodeToString(encoded.get());
                if (encoded != null) {
                    $closeResource(null, encoded);
                }
                return encodeToString;
            } finally {
            }
        } catch (Throwable th2) {
            if (encoded != null) {
                $closeResource(th, encoded);
            }
            throw th2;
        }
    }

    private static String encodeSignature(Signature signature) {
        ByteSecret encoded = signature.getEncoded();
        Throwable th = null;
        try {
            try {
                String encodeToString = Base64.getEncoder().encodeToString(encoded.get());
                if (encoded != null) {
                    $closeResource(null, encoded);
                }
                return encodeToString;
            } finally {
            }
        } catch (Throwable th2) {
            if (encoded != null) {
                $closeResource(th, encoded);
            }
            throw th2;
        }
    }

    private static Cipher decodeCipher(String str, String str2) throws GeneralSecurityException {
        CipherFactory cipherFactory = CipherFactory.getInstance(str);
        ByteSecret wrap = ByteSecret.wrap(Base64.getDecoder().decode(str2));
        Throwable th = null;
        try {
            try {
                Cipher createCipher = cipherFactory.createCipher(wrap);
                if (wrap != null) {
                    $closeResource(null, wrap);
                }
                return createCipher;
            } finally {
            }
        } catch (Throwable th2) {
            if (wrap != null) {
                $closeResource(th, wrap);
            }
            throw th2;
        }
    }

    private static Signature decodeSignature(String str, String str2) throws GeneralSecurityException {
        SignatureFactory signatureFactory = SignatureFactory.getInstance(str);
        ByteSecret wrap = ByteSecret.wrap(Base64.getDecoder().decode(str2));
        Throwable th = null;
        try {
            try {
                Signature createSignature = signatureFactory.createSignature(wrap);
                if (wrap != null) {
                    $closeResource(null, wrap);
                }
                return createSignature;
            } finally {
            }
        } catch (Throwable th2) {
            if (wrap != null) {
                $closeResource(th, wrap);
            }
            throw th2;
        }
    }

    private static /* synthetic */ void $closeResource(Throwable th, AutoCloseable autoCloseable) {
        if (th == null) {
            autoCloseable.close();
            return;
        }
        try {
            autoCloseable.close();
        } catch (Throwable th2) {
            th.addSuppressed(th2);
        }
    }
}
