package ch.elexis.core.data.ssl;

import ch.elexis.core.services.ISSLStoreService;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.Optional;
import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.X509KeyManager;
import javax.net.ssl.X509TrustManager;
import org.osgi.service.component.annotations.Activate;
import org.osgi.service.component.annotations.Component;
import org.slf4j.LoggerFactory;

@Component
/* loaded from: input_file:ch/elexis/core/data/ssl/SSLStoreService.class */
public class SSLStoreService implements ISSLStoreService {
    private CompositeX509KeyManager compositeKeyManager;
    private CompositeX509TrustManager compositeTrustManager;

    @Activate
    public void activate() {
        try {
            X509KeyManager jvmKeyManager = getJvmKeyManager();
            X509TrustManager jvmTrustManager = getJvmTrustManager();
            this.compositeKeyManager = new CompositeX509KeyManager();
            KeyManager[] keyManagerArr = {this.compositeKeyManager};
            this.compositeKeyManager.addKeyManager(jvmKeyManager);
            this.compositeTrustManager = new CompositeX509TrustManager();
            TrustManager[] trustManagerArr = {this.compositeTrustManager};
            this.compositeTrustManager.addTrustManager(jvmTrustManager);
            SSLContext sSLContext = SSLContext.getInstance("SSL");
            sSLContext.init(keyManagerArr, trustManagerArr, null);
            SSLContext.setDefault(sSLContext);
        } catch (KeyManagementException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException e) {
            LoggerFactory.getLogger(getClass()).error("Could not initialize SSL context", e);
        }
    }

    private X509KeyManager getJvmKeyManager() throws NoSuchAlgorithmException, UnrecoverableKeyException, KeyStoreException {
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(null, null);
        return (X509KeyManager) keyManagerFactory.getKeyManagers()[0];
    }

    private X509TrustManager getJvmTrustManager() throws NoSuchAlgorithmException, KeyStoreException {
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init((KeyStore) null);
        return (X509TrustManager) trustManagerFactory.getTrustManagers()[0];
    }

    public Optional<KeyStore> loadKeyStore(InputStream inputStream, String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyStore.load(inputStream, str.toCharArray());
            return Optional.of(keyStore);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            LoggerFactory.getLogger(getClass()).error("Could not load key store", e);
            return Optional.empty();
        }
    }

    public Optional<KeyStore> loadKeyStore(String str, String str2, String str3) {
        Throwable th = null;
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(str);
                try {
                    Optional<KeyStore> loadKeyStore = loadKeyStore(fileInputStream, str2, str3);
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    return loadKeyStore;
                } catch (Throwable th2) {
                    if (fileInputStream != null) {
                        fileInputStream.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (IOException e) {
            LoggerFactory.getLogger(getClass()).error("Could not load key store", e);
            return Optional.empty();
        }
    }

    public void addTrustStore(KeyStore keyStore) {
        try {
            TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
            trustManagerFactory.init(keyStore);
            for (TrustManager trustManager : trustManagerFactory.getTrustManagers()) {
                if (trustManager instanceof X509TrustManager) {
                    this.compositeTrustManager.addTrustManager((X509TrustManager) trustManager);
                }
            }
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            LoggerFactory.getLogger(getClass()).error("Could not add trust store", e);
        }
    }

    public void addKeyStore(KeyStore keyStore, String str) {
        this.compositeKeyManager.addKeyStore(keyStore, str);
    }

    public void removeKeyStore(KeyStore keyStore) {
        this.compositeKeyManager.removeKeyStore(keyStore);
    }
}
