package com.android.tools.build.bundletool.model;

import com.android.tools.build.bundletool.model.AutoValue_SignerConfig;
import com.android.tools.build.bundletool.model.exceptions.CommandExecutionException;
import com.android.tools.build.bundletool.model.utils.files.FilePreconditions;
import com.google.auto.value.AutoValue;
import com.google.common.collect.ImmutableList;
import com.google.errorprone.annotations.Immutable;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import javax.security.auth.DestroyFailedException;

@Immutable
@AutoValue
@AutoValue.CopyAnnotations
/* loaded from: input_file:com/android/tools/build/bundletool/model/SignerConfig.class */
public abstract class SignerConfig {

    @AutoValue.Builder
    /* loaded from: input_file:com/android/tools/build/bundletool/model/SignerConfig$Builder.class */
    public static abstract class Builder {
        public abstract Builder setPrivateKey(PrivateKey privateKey);

        public abstract Builder setCertificates(ImmutableList<X509Certificate> immutableList);

        abstract SignerConfig autoBuild();

        public SignerConfig build() {
            SignerConfig autoBuild = autoBuild();
            autoBuild.getCertificates().forEach(x509Certificate -> {
                if (x509Certificate.getIssuerX500Principal() != null) {
                    x509Certificate.getIssuerX500Principal().getEncoded();
                }
                if (x509Certificate.getPublicKey() != null) {
                    x509Certificate.getPublicKey().getEncoded();
                }
            });
            return autoBuild;
        }
    }

    public abstract PrivateKey getPrivateKey();

    public abstract ImmutableList<X509Certificate> getCertificates();

    public static Builder builder() {
        return new AutoValue_SignerConfig.Builder();
    }

    public static SignerConfig extractFromKeystore(Path path, String str, Optional<Password> optional, Optional<Password> optional2) {
        FilePreconditions.checkFileExistsAndReadable(path);
        try {
            KeyStore keyStore = KeyStore.getInstance("JKS");
            KeyStore.PasswordProtection passwordProtection = null;
            KeyStore.PasswordProtection passwordProtection2 = null;
            try {
                try {
                    InputStream newInputStream = Files.newInputStream(path, new OpenOption[0]);
                    try {
                        KeyStore.PasswordProtection passwordProtection3 = (KeyStore.PasswordProtection) optional.map((v0) -> {
                            return v0.getValue();
                        }).orElseGet(() -> {
                            return new KeyStore.PasswordProtection(System.console().readPassword("Enter keystore password: ", new Object[0]));
                        });
                        try {
                            keyStore.load(newInputStream, passwordProtection3.getPassword());
                            if (optional2.isPresent()) {
                                try {
                                    SignerConfig readSigningConfigFromLoadedKeyStore = readSigningConfigFromLoadedKeyStore(keyStore, str, optional2.get().getValue().getPassword());
                                    if (newInputStream != null) {
                                        newInputStream.close();
                                    }
                                    if (0 != 0) {
                                        try {
                                            passwordProtection2.destroy();
                                        } catch (DestroyFailedException e) {
                                        }
                                    }
                                    if (passwordProtection3 != null) {
                                        passwordProtection3.destroy();
                                    }
                                    return readSigningConfigFromLoadedKeyStore;
                                } catch (UnrecoverableKeyException e2) {
                                    throw CommandExecutionException.builder().withInternalMessage("Incorrect key password.").withCause(e2).build();
                                }
                            }
                            try {
                                SignerConfig readSigningConfigFromLoadedKeyStore2 = readSigningConfigFromLoadedKeyStore(keyStore, str, passwordProtection3.getPassword());
                                if (newInputStream != null) {
                                    newInputStream.close();
                                }
                                if (0 != 0) {
                                    try {
                                        passwordProtection2.destroy();
                                    } catch (DestroyFailedException e3) {
                                    }
                                }
                                if (passwordProtection3 != null) {
                                    passwordProtection3.destroy();
                                }
                                return readSigningConfigFromLoadedKeyStore2;
                            } catch (UnrecoverableKeyException e4) {
                                try {
                                    KeyStore.PasswordProtection passwordProtection4 = new KeyStore.PasswordProtection(System.console().readPassword("Enter password for key '%s': ", str));
                                    SignerConfig readSigningConfigFromLoadedKeyStore3 = readSigningConfigFromLoadedKeyStore(keyStore, str, passwordProtection4.getPassword());
                                    if (newInputStream != null) {
                                        newInputStream.close();
                                    }
                                    if (passwordProtection4 != null) {
                                        try {
                                            passwordProtection4.destroy();
                                        } catch (DestroyFailedException e5) {
                                            return readSigningConfigFromLoadedKeyStore3;
                                        }
                                    }
                                    if (passwordProtection3 != null) {
                                        passwordProtection3.destroy();
                                    }
                                    return readSigningConfigFromLoadedKeyStore3;
                                } catch (UnrecoverableKeyException e6) {
                                    throw CommandExecutionException.builder().withInternalMessage("Incorrect key password.").withCause(e6).build();
                                }
                            }
                        } catch (IOException e7) {
                            if (e7.getCause() instanceof UnrecoverableKeyException) {
                                throw CommandExecutionException.builder().withInternalMessage("Incorrect keystore password.").withCause(e7).build();
                            }
                            throw e7;
                        }
                    } catch (Throwable th) {
                        if (newInputStream != null) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        }
                        throw th;
                    }
                } catch (Throwable th3) {
                    if (0 != 0) {
                        try {
                            passwordProtection2.destroy();
                        } catch (DestroyFailedException e8) {
                            throw th3;
                        }
                    }
                    if (0 != 0) {
                        passwordProtection.destroy();
                    }
                    throw th3;
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e9) {
                throw CommandExecutionException.builder().withCause(e9).withInternalMessage("Error while loading private key and certificates from the keystore.").build();
            }
        } catch (KeyStoreException e10) {
            throw CommandExecutionException.builder().withCause(e10).withInternalMessage("Unable to build a keystore instance: " + e10.getMessage()).build();
        }
    }

    private static SignerConfig readSigningConfigFromLoadedKeyStore(KeyStore keyStore, String str, char[] cArr) throws NoSuchAlgorithmException, KeyStoreException, UnrecoverableKeyException {
        PrivateKey privateKey = (PrivateKey) keyStore.getKey(str, cArr);
        Certificate[] certificateChain = keyStore.getCertificateChain(str);
        if (certificateChain == null) {
            throw CommandExecutionException.builder().withInternalMessage("No key found with alias '%s' in keystore.", str).build();
        }
        return builder().setPrivateKey(privateKey).setCertificates((ImmutableList) Arrays.stream(certificateChain).map(certificate -> {
            return (X509Certificate) certificate;
        }).collect(ImmutableList.toImmutableList())).build();
    }
}
