package de.gematik.test.tiger.proxy.tls;

import de.gematik.test.tiger.common.pki.TigerPkiIdentity;
import de.gematik.test.tiger.common.util.TigerSecurityProviderInitialiser;
import de.gematik.test.tiger.mockserver.socket.tls.KeyAndCertificateFactory;
import de.gematik.test.tiger.proxy.exceptions.TigerProxySslException;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Stream;
import javax.security.auth.x500.X500Principal;
import lombok.Generated;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/tiger-proxy-3.5.0.jar:de/gematik/test/tiger/proxy/tls/StaticKeyAndCertificateFactory.class */
public class StaticKeyAndCertificateFactory implements KeyAndCertificateFactory {
    private final List<TigerPkiIdentity> availableIdentities = new ArrayList();

    @Generated
    /* loaded from: input_file:BOOT-INF/lib/tiger-proxy-3.5.0.jar:de/gematik/test/tiger/proxy/tls/StaticKeyAndCertificateFactory$StaticKeyAndCertificateFactoryBuilder.class */
    public static class StaticKeyAndCertificateFactoryBuilder {

        @Generated
        private List<TigerPkiIdentity> availableIdentities;

        @Generated
        StaticKeyAndCertificateFactoryBuilder() {
        }

        @Generated
        public StaticKeyAndCertificateFactoryBuilder availableIdentities(List<TigerPkiIdentity> list) {
            this.availableIdentities = list;
            return this;
        }

        @Generated
        public StaticKeyAndCertificateFactory build() {
            return new StaticKeyAndCertificateFactory(this.availableIdentities);
        }

        @Generated
        public String toString() {
            return "StaticKeyAndCertificateFactory.StaticKeyAndCertificateFactoryBuilder(availableIdentities=" + this.availableIdentities + ")";
        }
    }

    public StaticKeyAndCertificateFactory(List<TigerPkiIdentity> list) {
        if (CollectionUtils.isEmpty(list)) {
            throw new TigerProxySslException("No available identities provided in StaticKeyAndCertificateFactory");
        }
        this.availableIdentities.addAll(list);
    }

    @Override // de.gematik.test.tiger.mockserver.socket.tls.KeyAndCertificateFactory
    public Optional<TigerPkiIdentity> findExactIdentityForHostname(String str) {
        return this.availableIdentities.stream().filter(tigerPkiIdentity -> {
            return matchesHostname(tigerPkiIdentity.getCertificate(), str);
        }).findAny();
    }

    @Override // de.gematik.test.tiger.mockserver.socket.tls.KeyAndCertificateFactory
    public TigerPkiIdentity resolveIdentityForHostname(String str) {
        return findExactIdentityForHostname(str).orElseGet(() -> {
            return this.availableIdentities.get(0);
        });
    }

    private boolean matchesHostname(X509Certificate x509Certificate, String str) {
        try {
            if (StringUtils.isEmpty(str) || subjectMatches(x509Certificate.getSubjectX500Principal(), str)) {
                return true;
            }
            Collection<List<?>> subjectAlternativeNames = x509Certificate.getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                Stream<R> map = subjectAlternativeNames.stream().map((v0) -> {
                    return v0.toString();
                });
                Objects.requireNonNull(str);
                if (map.anyMatch(str::equalsIgnoreCase)) {
                    return true;
                }
            }
            return false;
        } catch (CertificateParsingException e) {
            return false;
        }
    }

    private boolean subjectMatches(X500Principal x500Principal, String str) {
        for (String str2 : x500Principal.getName().split(",")) {
            if (str2.startsWith("CN=")) {
                return str2.substring(3).equalsIgnoreCase(str);
            }
        }
        return false;
    }

    @Generated
    public static StaticKeyAndCertificateFactoryBuilder builder() {
        return new StaticKeyAndCertificateFactoryBuilder();
    }

    static {
        TigerSecurityProviderInitialiser.initialize();
    }
}
