package eu.europa.esig.dss.pki.jaxb;

import eu.europa.esig.dss.enumerations.DigestAlgorithm;
import eu.europa.esig.dss.enumerations.EncryptionAlgorithm;
import eu.europa.esig.dss.enumerations.MaskGenerationFunction;
import eu.europa.esig.dss.enumerations.SignatureAlgorithm;
import eu.europa.esig.dss.model.x509.CertificateToken;
import eu.europa.esig.dss.pki.exception.PKIException;
import eu.europa.esig.dss.pki.jaxb.builder.JAXBCertEntityBuilder;
import eu.europa.esig.dss.pki.jaxb.builder.KeyPairBuilder;
import eu.europa.esig.dss.pki.jaxb.builder.X500NameBuilder;
import eu.europa.esig.dss.pki.jaxb.builder.X509CertificateBuilder;
import eu.europa.esig.dss.pki.jaxb.model.EntityId;
import eu.europa.esig.dss.pki.jaxb.model.JAXBCertEntity;
import eu.europa.esig.dss.pki.jaxb.model.JAXBCertEntityRepository;
import eu.europa.esig.dss.pki.jaxb.property.PKIJaxbProperties;
import eu.europa.esig.dss.spi.DSSSecurityProvider;
import eu.europa.esig.dss.utils.Utils;
import jakarta.xml.bind.JAXBException;
import java.io.File;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.Security;
import java.util.Calendar;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.xml.stream.XMLStreamException;
import org.bouncycastle.asn1.x500.X500Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xml.sax.SAXException;

/* loaded from: input_file:BOOT-INF/lib/dss-pki-factory-jaxb-6.0.jar:eu/europa/esig/dss/pki/jaxb/JAXBPKILoader.class */
public class JAXBPKILoader {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) JAXBPKILoader.class);

    public void persistPKI(JAXBCertEntityRepository jAXBCertEntityRepository, File file) {
        try {
            persistPKI(jAXBCertEntityRepository, PKIJaxbFacade.newFacade().unmarshall(file));
        } catch (JAXBException | IOException | XMLStreamException | SAXException e) {
            throw new PKIException(String.format("Unable to load PKI from file '%s'", file.getName()), e);
        }
    }

    public void persistPKI(JAXBCertEntityRepository jAXBCertEntityRepository, XmlPki xmlPki) {
        LOG.info("PKI {} : {} certificates", xmlPki.getName(), Integer.valueOf(xmlPki.getCertificate().size()));
        HashMap hashMap = new HashMap();
        Map<EntityId, XmlCertificateType> hashMap2 = new HashMap<>();
        Map<EntityId, X500Name> hashMap3 = new HashMap<>();
        Map<EntityId, KeyPair> hashMap4 = new HashMap<>();
        buildEntities(xmlPki.getCertificate(), hashMap, hashMap2, hashMap3, hashMap4);
        for (XmlCertificateType xmlCertificateType : xmlPki.getCertificate()) {
            LOG.info("Init '{}' ...", xmlCertificateType.getSubject());
            JAXBCertEntity issuer = getIssuer(hashMap, xmlCertificateType.getIssuer());
            EntityId entityId = new EntityId(issuer != null ? issuer.getSubject() : xmlCertificateType.getSubject(), Long.valueOf(xmlCertificateType.getSerialNumber()));
            EntityId entityId2 = new EntityId(xmlCertificateType.getIssuer());
            JAXBCertEntity jAXBCertEntity = hashMap.get(entityId);
            try {
                hashMap2.put(entityId, xmlCertificateType);
                KeyPair keyPair = getKeyPair(hashMap4, entityId);
                saveEntity(jAXBCertEntityRepository, buildJaxbCertEntity(xmlCertificateType, jAXBCertEntity, buildX509Certificate(xmlCertificateType, keyPair, getIssuerCertificateType(hashMap2, xmlCertificateType, entityId2), entityId.equals(entityId2) ? keyPair : getKeyPair(hashMap4, entityId2), getX500Name(hashMap3, entityId), getX500Name(hashMap3, entityId2)), keyPair, entityId, entityId2, hashMap, xmlPki.getName()));
            } catch (Exception e) {
                throw new PKIException(String.format("Unable to create a PKI. Reason : %s", e.getMessage()), e);
            }
        }
    }

    private void buildEntities(List<XmlCertificateType> list, Map<EntityId, JAXBCertEntity> map, Map<EntityId, XmlCertificateType> map2, Map<EntityId, X500Name> map3, Map<EntityId, KeyPair> map4) {
        HashMap hashMap = new HashMap();
        for (XmlCertificateType xmlCertificateType : list) {
            EntityId entityId = getEntityId(xmlCertificateType, list, map, hashMap);
            if (map.get(entityId) == null) {
                map.put(entityId, instantiateCertEntity(xmlCertificateType));
            }
            map2.put(entityId, xmlCertificateType);
            buildKeyPair(xmlCertificateType, entityId, map4);
            buildX500NameSubject(xmlCertificateType, entityId, map3);
        }
    }

    private JAXBCertEntity instantiateCertEntity(XmlCertificateType xmlCertificateType) {
        JAXBCertEntity jAXBCertEntity = new JAXBCertEntity();
        jAXBCertEntity.setSubject(xmlCertificateType.getSubject());
        jAXBCertEntity.setSerialNumber(Long.valueOf(xmlCertificateType.getSerialNumber()));
        return jAXBCertEntity;
    }

    private EntityId getEntityId(XmlCertificateType xmlCertificateType, List<XmlCertificateType> list, Map<EntityId, JAXBCertEntity> map, Map<XmlCertificateType, EntityId> map2) {
        JAXBCertEntity findIssuer;
        EntityId entityId = map2.get(xmlCertificateType);
        if (entityId != null) {
            return entityId;
        }
        XmlEntityKey issuer = xmlCertificateType.getIssuer();
        if (issuer.getSerialNumber() != null && issuer.getSerialNumber().longValue() == xmlCertificateType.getSerialNumber() && issuer.getValue().equals(xmlCertificateType.getSubject())) {
            entityId = new EntityId(issuer);
        }
        if (entityId == null && (findIssuer = findIssuer(xmlCertificateType, list, map, map2)) != null) {
            entityId = new EntityId(findIssuer.getSubject(), Long.valueOf(xmlCertificateType.getSerialNumber()));
        }
        map2.put(xmlCertificateType, entityId);
        return entityId;
    }

    private JAXBCertEntity findIssuer(XmlCertificateType xmlCertificateType, List<XmlCertificateType> list, Map<EntityId, JAXBCertEntity> map, Map<XmlCertificateType, EntityId> map2) {
        EntityId entityId = new EntityId(xmlCertificateType.getIssuer());
        for (XmlCertificateType xmlCertificateType2 : list) {
            if (xmlCertificateType != xmlCertificateType2) {
                EntityId entityId2 = getEntityId(xmlCertificateType2, list, map, map2);
                if (entityId.equals(entityId2)) {
                    JAXBCertEntity jAXBCertEntity = map.get(entityId2);
                    if (jAXBCertEntity == null) {
                        jAXBCertEntity = instantiateCertEntity(xmlCertificateType2);
                        map.put(entityId2, jAXBCertEntity);
                    }
                    return jAXBCertEntity;
                }
            }
        }
        return null;
    }

    private JAXBCertEntity buildJaxbCertEntity(XmlCertificateType xmlCertificateType, JAXBCertEntity jAXBCertEntity, CertificateToken certificateToken, KeyPair keyPair, EntityId entityId, EntityId entityId2, Map<EntityId, JAXBCertEntity> map, String str) {
        return new JAXBCertEntityBuilder(jAXBCertEntity).setCertificateToken(certificateToken).setPrivateKey(keyPair.getPrivate().getEncoded()).setIssuer(entityId.equals(entityId2) ? jAXBCertEntity : getEntity(map, entityId2)).setRevocationDate(convert(xmlCertificateType.getRevocation())).setRevocationReason(xmlCertificateType.getRevocation() != null ? xmlCertificateType.getRevocation().getReason() : null).setOcspResponder(getEntity(map, xmlCertificateType.getOcspResponder() != null ? new EntityId(xmlCertificateType.getOcspResponder()) : null)).setTrustAnchor(xmlCertificateType.getTrustAnchor() != null).setPkiName(str).build();
    }

    private CertificateToken buildX509Certificate(XmlCertificateType xmlCertificateType, KeyPair keyPair, XmlCertificateType xmlCertificateType2, KeyPair keyPair2, X500Name x500Name, X500Name x500Name2) {
        try {
            X509CertificateBuilder subject = new X509CertificateBuilder().subject(x500Name, BigInteger.valueOf(xmlCertificateType.getSerialNumber()), keyPair.getPublic());
            EncryptionAlgorithm forKey = EncryptionAlgorithm.forKey(keyPair2.getPrivate());
            DigestAlgorithm digestAlgo = xmlCertificateType2.getDigestAlgo();
            boolean isTrue = Utils.isTrue(xmlCertificateType2.getKeyAlgo().isPss());
            SignatureAlgorithm algorithm = SignatureAlgorithm.getAlgorithm(forKey, digestAlgo, isTrue ? MaskGenerationFunction.MGF1 : null);
            if (algorithm == null) {
                throw new IllegalArgumentException(String.format("Unable to find a SignatureAlgorithm for combination of [EncryptionAlgo: %s, DigestAlgo: %s, Pss: %s]", EncryptionAlgorithm.forKey(keyPair2.getPrivate()), digestAlgo, Boolean.valueOf(isTrue)));
            }
            subject.issuer(x500Name2, keyPair2.getPrivate(), algorithm).notBefore(convert(xmlCertificateType.getNotBefore())).notAfter(convert(xmlCertificateType.getNotAfter())).caIssuers(getCAIssuersUrl(xmlCertificateType.getCaIssuers())).crl(getCrlUrl(xmlCertificateType.getCrl())).ocsp(getOcspUrl(xmlCertificateType.getOcsp())).keyUsages(xmlCertificateType.getKeyUsages() != null ? xmlCertificateType.getKeyUsages().getKeyUsage() : Collections.emptyList()).certificatePolicies(xmlCertificateType.getCertificatePolicies() != null ? xmlCertificateType.getCertificatePolicies().getCertificatePolicy() : Collections.emptyList()).qcStatements(xmlCertificateType.getQcStatementIds() != null ? xmlCertificateType.getQcStatementIds().getQcStatement() : Collections.emptyList()).qcTypes(xmlCertificateType.getQcTypes() != null ? xmlCertificateType.getQcTypes().getQcType() : Collections.emptyList()).qcCClegislations(xmlCertificateType.getQcCClegislation() != null ? xmlCertificateType.getQcCClegislation().getCountryName() : Collections.emptyList());
            if (xmlCertificateType.getCa() != null) {
                subject.ca(true);
            }
            if (xmlCertificateType.getOcspNoCheck() != null) {
                subject.ocspNoCheck(true);
            }
            if (xmlCertificateType.getExtendedKeyUsages() != null) {
                subject.extendedKeyUsages(xmlCertificateType.getExtendedKeyUsages().getExtendedKeyUsage());
            }
            return subject.build();
        } catch (Exception e) {
            throw new PKIException(String.format("Unable to build a certificate token. Reason: %s", e.getMessage()), e);
        }
    }

    private JAXBCertEntity getIssuer(Map<EntityId, JAXBCertEntity> map, XmlEntityKey xmlEntityKey) {
        if (xmlEntityKey.getSerialNumber() != null) {
            return map.get(new EntityId(xmlEntityKey));
        }
        return null;
    }

    private JAXBCertEntity getEntity(Map<EntityId, JAXBCertEntity> map, EntityId entityId) {
        if (entityId == null) {
            return null;
        }
        JAXBCertEntity jAXBCertEntity = map.get(entityId);
        if (jAXBCertEntity == null) {
            throw new IllegalArgumentException("Entity not found " + entityId);
        }
        return jAXBCertEntity;
    }

    private String getCrlUrl(XmlEntityKey xmlEntityKey) {
        if (xmlEntityKey != null) {
            return PKIJaxbProperties.PKI_FACTORY_HOST + PKIJaxbProperties.CRL_PATH + getCertStringUrl(xmlEntityKey) + PKIJaxbProperties.CRL_EXTENSION;
        }
        return null;
    }

    private String getOcspUrl(XmlEntityKey xmlEntityKey) {
        if (xmlEntityKey != null) {
            return PKIJaxbProperties.PKI_FACTORY_HOST + PKIJaxbProperties.OCSP_PATH + getCertStringUrl(xmlEntityKey) + PKIJaxbProperties.OCSP_EXTENSION;
        }
        return null;
    }

    private String getCAIssuersUrl(XmlEntityKey xmlEntityKey) {
        if (xmlEntityKey != null) {
            return PKIJaxbProperties.PKI_FACTORY_HOST + PKIJaxbProperties.CERT_PATH + getCertStringUrl(xmlEntityKey) + PKIJaxbProperties.CERT_EXTENSION;
        }
        return null;
    }

    private String getCertStringUrl(XmlEntityKey xmlEntityKey) {
        return xmlEntityKey.getSerialNumber() != null ? xmlEntityKey.getValue() + "/" + xmlEntityKey.getSerialNumber() : xmlEntityKey.getValue();
    }

    private KeyPair getKeyPair(Map<EntityId, KeyPair> map, EntityId entityId) {
        if (map.containsKey(entityId)) {
            return map.get(entityId);
        }
        throw new IllegalStateException("EntityId not found : " + entityId);
    }

    private X500Name getX500Name(Map<EntityId, X500Name> map, EntityId entityId) {
        if (map.containsKey(entityId)) {
            return map.get(entityId);
        }
        throw new IllegalStateException("EntityId not found : " + entityId);
    }

    private X500Name buildX500NameSubject(XmlCertificateType xmlCertificateType, EntityId entityId, Map<EntityId, X500Name> map) {
        if (map.containsKey(entityId)) {
            return map.get(entityId);
        }
        if (xmlCertificateType.getSubject() == null) {
            throw new IllegalStateException("Missing common name for " + entityId);
        }
        X500Name build = new X500NameBuilder().commonName(xmlCertificateType.getSubject()).pseudo(xmlCertificateType.getPseudo()).country(!Utils.isStringEmpty(xmlCertificateType.getCountry()) ? xmlCertificateType.getCountry() : PKIJaxbProperties.PKI_FACTORY_COUNTRY).organisation(!Utils.isStringEmpty(xmlCertificateType.getOrganization()) ? xmlCertificateType.getOrganization() : PKIJaxbProperties.PKI_FACTORY_ORGANISATION).organisationUnit(PKIJaxbProperties.PKI_FACTORY_ORGANISATION_UNIT).build();
        map.put(entityId, build);
        return build;
    }

    private XmlCertificateType getIssuerCertificateType(Map<EntityId, XmlCertificateType> map, XmlCertificateType xmlCertificateType, EntityId entityId) {
        XmlCertificateType xmlCertificateType2 = map.get(entityId);
        if (xmlCertificateType2 == null) {
            xmlCertificateType2 = xmlCertificateType;
        }
        return xmlCertificateType2;
    }

    private KeyPair buildKeyPair(XmlCertificateType xmlCertificateType, EntityId entityId, Map<EntityId, KeyPair> map) {
        KeyPair keyPair = map.get(entityId);
        if (keyPair == null) {
            keyPair = build(xmlCertificateType.getKeyAlgo(), xmlCertificateType.getDigestAlgo());
            map.put(entityId, keyPair);
        }
        if (xmlCertificateType.getCrossCertificate() != null) {
            map.put(new EntityId(xmlCertificateType.getCrossCertificate()), keyPair);
        }
        return keyPair;
    }

    private KeyPair build(XmlKeyAlgo xmlKeyAlgo, DigestAlgorithm digestAlgorithm) {
        EncryptionAlgorithm encryption = xmlKeyAlgo.getEncryption();
        if (EncryptionAlgorithm.EDDSA == encryption) {
            SignatureAlgorithm algorithm = SignatureAlgorithm.getAlgorithm(xmlKeyAlgo.getEncryption(), digestAlgorithm);
            if (SignatureAlgorithm.ED25519 == algorithm) {
                encryption = EncryptionAlgorithm.X25519;
            } else if (SignatureAlgorithm.ED448 == algorithm) {
                encryption = EncryptionAlgorithm.X448;
            }
        }
        return new KeyPairBuilder(encryption, xmlKeyAlgo.getLength()).build();
    }

    private Date convert(XmlDateDefinitionType xmlDateDefinitionType) {
        if (xmlDateDefinitionType == null) {
            return null;
        }
        Calendar calendar = Calendar.getInstance();
        if (xmlDateDefinitionType.getYear() != null) {
            calendar.add(1, xmlDateDefinitionType.getYear().intValue());
        }
        if (xmlDateDefinitionType.getMonth() != null) {
            calendar.add(2, xmlDateDefinitionType.getMonth().intValue());
        }
        if (xmlDateDefinitionType.getDay() != null) {
            calendar.add(5, xmlDateDefinitionType.getDay().intValue());
        }
        return calendar.getTime();
    }

    private void saveEntity(JAXBCertEntityRepository jAXBCertEntityRepository, JAXBCertEntity jAXBCertEntity) {
        if (jAXBCertEntityRepository.save(jAXBCertEntity)) {
            LOG.info("Creation of '{}' : DONE. Certificate Id : '{}'", jAXBCertEntity.getSubject(), jAXBCertEntity.getCertificateToken().getDSSIdAsString());
        } else {
            LOG.warn("Unable to add cert entity '{}' to the database. Certificate Id: '{}'", jAXBCertEntity.getSubject(), jAXBCertEntity.getCertificateToken().getDSSIdAsString());
        }
    }

    static {
        Security.addProvider(DSSSecurityProvider.getSecurityProvider());
    }
}
