package de.gematik.test.tiger.common.pki;

import de.gematik.rbellogger.util.CryptoLoader;
import de.gematik.test.tiger.common.config.TigerGlobalConfiguration;
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.stream.Stream;
import lombok.Generated;
import org.apache.commons.io.FileUtils;
import org.apache.commons.io.FilenameUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;

/* loaded from: input_file:BOOT-INF/lib/tiger-common-3.0.4.jar:de/gematik/test/tiger/common/pki/TigerPkiIdentityLoader.class */
public class TigerPkiIdentityLoader {
    private static final String CLASSPATH_PREFIX = "classpath:";
    private static final List<String> DEFAULT_KEYSTORE_PASSWORDS = List.of("00", "123456", "gematik", "changeit");

    /* loaded from: input_file:BOOT-INF/lib/tiger-common-3.0.4.jar:de/gematik/test/tiger/common/pki/TigerPkiIdentityLoader$StoreType.class */
    public enum StoreType {
        PKCS12(true, "P12"),
        JKS(true, new String[0]),
        BKS(true, new String[0]),
        PKCS8(false, new String[0]),
        PKCS1(false, new String[0]);

        private final List<String> names;
        private final boolean isKeystore;

        StoreType(boolean z, String... strArr) {
            ArrayList arrayList = new ArrayList(List.of((Object[]) strArr));
            arrayList.add(name());
            this.names = Collections.unmodifiableList(arrayList);
            this.isKeystore = z;
        }

        static Optional<StoreType> findStoreTypeForString(String str) {
            for (StoreType storeType : values()) {
                Iterator<String> it = storeType.getNames().iterator();
                while (it.hasNext()) {
                    if (it.next().equalsIgnoreCase(str)) {
                        return Optional.of(storeType);
                    }
                }
            }
            return Optional.empty();
        }

        @Generated
        public List<String> getNames() {
            return this.names;
        }

        @Generated
        public boolean isKeystore() {
            return this.isKeystore;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/tiger-common-3.0.4.jar:de/gematik/test/tiger/common/pki/TigerPkiIdentityLoader$TigerPkiIdentityLoaderException.class */
    public static class TigerPkiIdentityLoaderException extends RuntimeException {
        public TigerPkiIdentityLoaderException(String str, Exception exc) {
            super(str, exc);
        }

        public TigerPkiIdentityLoaderException(String str) {
            super(str);
        }
    }

    public static TigerPkiIdentity loadRbelPkiIdentity(String str) {
        return loadRbelPkiIdentity((Optional<File>) Optional.empty(), str);
    }

    public static TigerPkiIdentity loadRbelPkiIdentity(File file, String str) {
        return loadRbelPkiIdentity((Optional<File>) Optional.of(file), str);
    }

    public static TigerPkiIdentity loadRbelPkiIdentityWithGuessedPassword(File file) {
        Pair of = Pair.of(file.getAbsolutePath(), FileUtils.readFileToByteArray(file));
        List<String> allKeystorePasswords = getAllKeystorePasswords();
        Iterator<String> it = allKeystorePasswords.iterator();
        while (it.hasNext()) {
            try {
                return loadKeystoreFrom(of, it.next(), StoreType.PKCS12.name());
            } catch (TigerPkiIdentityLoaderException e) {
            }
        }
        throw new TigerPkiIdentityLoaderException("Unable to decrypt file %s with any of these keystore passwords: %s".formatted(file.getName(), allKeystorePasswords));
    }

    static List<String> getAllKeystorePasswords() {
        ArrayList arrayList = new ArrayList(DEFAULT_KEYSTORE_PASSWORDS);
        arrayList.addAll(TigerGlobalConfiguration.readList(TigerGlobalConfiguration.TIGER_BASEKEY, "lib", "additionalKeyStorePasswords"));
        return arrayList;
    }

    private static TigerPkiIdentity loadRbelPkiIdentity(Optional<File> optional, String str) {
        List list = Stream.concat(Stream.of(optional).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).map((v0) -> {
            return v0.getAbsolutePath();
        }), Stream.of((Object[]) str.split(";"))).map((v0) -> {
            return v0.trim();
        }).toList();
        StoreType orElseThrow = extractStoreType(list).or(() -> {
            return guessStoreType(list);
        }).orElseThrow(() -> {
            return new TigerPkiIdentityLoaderException("Unable to determine store-type for input '" + str + "'!");
        });
        List list2 = (List) optional.map(file -> {
            try {
                return List.of(Pair.of(file.getAbsolutePath(), FileUtils.readFileToByteArray(file)));
            } catch (IOException e) {
                throw new IllegalArgumentException("Error while reading from file '" + file.getAbsolutePath() + "'!", e);
            }
        }).orElseGet(() -> {
            return extractFileNames(list);
        });
        List list3 = list2.stream().map((v0) -> {
            return v0.getLeft();
        }).toList();
        if (list2.isEmpty() || (!orElseThrow.isKeystore() && list2.size() < 2)) {
            throw new IllegalArgumentException("Could not find file information in parameters (maybe the files could not be found?)! (" + str + ")");
        }
        if (orElseThrow.isKeystore()) {
            return loadKeystoreFrom((Pair) list2.get(0), guessPasswordField(list, list3, orElseThrow), orElseThrow.name());
        }
        TigerPkiIdentity loadCertKeyPair = loadCertKeyPair(orElseThrow, list2);
        TigerPkiIdentity tigerPkiIdentity = new TigerPkiIdentity();
        tigerPkiIdentity.setCertificate(loadCertKeyPair.getCertificate());
        tigerPkiIdentity.setPrivateKey(loadCertKeyPair.getPrivateKey());
        tigerPkiIdentity.setKeyId(loadCertKeyPair.getKeyId());
        return tigerPkiIdentity;
    }

    private static String guessPasswordField(List<String> list, List<String> list2, StoreType storeType) {
        return list.stream().filter(str -> {
            return !list2.contains(str);
        }).filter(str2 -> {
            return !storeType.name().equalsIgnoreCase(str2);
        }).findAny().orElseThrow(() -> {
            return new TigerPkiIdentityLoaderException("Unable to guess password from parts " + list);
        });
    }

    private static TigerPkiIdentity loadCertKeyPair(StoreType storeType, List<Pair<String, byte[]>> list) {
        byte[] right = list.get(0).getRight();
        byte[] right2 = list.get(1).getRight();
        if (storeType == StoreType.PKCS1) {
            try {
                return CryptoLoader.getIdentityFromPemAndPkcs1(right, right2);
            } catch (Exception e) {
                return CryptoLoader.getIdentityFromPemAndPkcs1(right2, right);
            }
        }
        try {
            return CryptoLoader.getIdentityFromPemAndPkcs8(right, right2);
        } catch (Exception e2) {
            return CryptoLoader.getIdentityFromPemAndPkcs8(right2, right);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static List<Pair<String, byte[]>> extractFileNames(List<String> list) {
        return list.stream().map(str -> {
            return Pair.of(str, loadFileOrResourceData(str));
        }).filter(pair -> {
            return ((Optional) pair.getValue()).isPresent();
        }).map(pair2 -> {
            return Pair.of((String) pair2.getLeft(), (byte[]) ((Optional) pair2.getRight()).get());
        }).toList();
    }

    private static Optional<StoreType> extractStoreType(List<String> list) {
        return list.stream().map(StoreType::findStoreTypeForString).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findAny();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Optional<StoreType> guessStoreType(List<String> list) {
        return list.stream().flatMap(str -> {
            return Stream.of((Object[]) str.split("\\."));
        }).map(StoreType::findStoreTypeForString).filter((v0) -> {
            return v0.isPresent();
        }).map((v0) -> {
            return v0.get();
        }).findAny();
    }

    private static TigerPkiIdentity loadKeystoreFrom(Pair<String, byte[]> pair, String str, String str2) {
        try {
            KeyStore keyStore = KeyStore.getInstance(str2);
            keyStore.load(new ByteArrayInputStream(pair.getRight()), str.toCharArray());
            TigerPkiIdentity tigerPkiIdentity = new TigerPkiIdentity();
            Iterator<String> asIterator = keyStore.aliases().asIterator();
            while (asIterator.hasNext()) {
                String next = asIterator.next();
                if (keyStore.isKeyEntry(next)) {
                    tigerPkiIdentity.setCertificate((X509Certificate) keyStore.getCertificate(next));
                    tigerPkiIdentity.setPrivateKey((PrivateKey) keyStore.getKey(next, str.toCharArray()));
                    Certificate[] certificateChain = keyStore.getCertificateChain(next);
                    for (int i = 1; i < certificateChain.length; i++) {
                        tigerPkiIdentity.addCertificateToCertificateChain((X509Certificate) certificateChain[i]);
                    }
                } else {
                    tigerPkiIdentity.addCertificateToCertificateChain((X509Certificate) keyStore.getCertificate(next));
                }
            }
            if (tigerPkiIdentity.getPrivateKey() == null) {
                throw new TigerPkiIdentityLoaderException("Error while loading keystore from '" + pair.getLeft() + "': No matching entry found!");
            }
            return tigerPkiIdentity;
        } catch (Exception e) {
            throw new TigerPkiIdentityLoaderException("Error while loading keystore from '" + pair.getLeft() + "'", e);
        }
    }

    private static Optional<byte[]> loadFileOrResourceData(String str) {
        if (StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("Trying to load data from empty location! (value is '" + str + "')");
        }
        String separatorsToSystem = FilenameUtils.separatorsToSystem(str);
        if (str.startsWith("classpath:") || !new File(separatorsToSystem).exists()) {
            return str.startsWith("classpath:") ? loadResourceData(separatorsToSystem.replaceFirst("classpath:", "")) : loadResourceData(separatorsToSystem);
        }
        try {
            return Optional.ofNullable(FileUtils.readFileToByteArray(new File(separatorsToSystem)));
        } catch (IOException e) {
            return Optional.empty();
        }
    }

    private static Optional<byte[]> loadResourceData(String str) {
        try {
            InputStream resourceAsStream = TigerPkiIdentityLoader.class.getClassLoader().getResourceAsStream(str);
            try {
                Optional<byte[]> ofNullable = Optional.ofNullable(resourceAsStream.readAllBytes());
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                return ofNullable;
            } finally {
            }
        } catch (Exception e) {
            return Optional.empty();
        }
    }

    static {
        BouncyCastleJsseProvider bouncyCastleJsseProvider = new BouncyCastleJsseProvider();
        Security.addProvider(new BouncyCastleProvider());
        Security.addProvider(bouncyCastleJsseProvider);
    }
}
