package com.sap.cloud.sdk.cloudplatform.connectivity;

import com.google.common.base.Joiner;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.sap.cloud.sdk.cloudplatform.connectivity.DestinationServiceV1Response;
import com.sap.cloud.sdk.cloudplatform.connectivity.exception.DestinationAccessException;
import io.vavr.control.Option;
import io.vavr.control.Try;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.lang.invoke.SerializedLambda;
import java.nio.charset.StandardCharsets;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.function.BiFunction;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import java.util.stream.Stream;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import lombok.Generated;
import org.apache.commons.io.FilenameUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* JADX INFO: Access modifiers changed from: package-private */
/* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/DestinationKeyStoreExtractor.class */
public class DestinationKeyStoreExtractor {

    @Generated
    private static final Logger log = LoggerFactory.getLogger(DestinationKeyStoreExtractor.class);
    private static final Map<String, BiFunction<String, String, KeyStore>> SUPPORTED_KEY_STORES = ImmutableMap.builder().put("pfx", (str, str2) -> {
        return retrieveExistingKeyStore(str, str2, "PKCS12");
    }).put("p12", (str3, str4) -> {
        return retrieveExistingKeyStore(str3, str4, "PKCS12");
    }).put("jks", (str5, str6) -> {
        return retrieveExistingKeyStore(str5, str6, "JKS");
    }).put("pem", DestinationKeyStoreExtractor::createNewKeyStoreFromPem).build();
    static final Map<String, String> SUPPORTED_KEY_STORE_TYPES_AS_TRUST_STORE = ImmutableMap.of("jks", "JKS");
    static final List<String> SUPPORTED_CERT_FILE_EXTENSIONS_AS_TRUST_STORE = ImmutableList.of("crt", "cer", "der");

    @Nonnull
    private final PropertyKeyExtractor destination;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.sap.cloud.sdk.cloudplatform.connectivity.DestinationKeyStoreExtractor$1, reason: invalid class name */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/DestinationKeyStoreExtractor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$AuthenticationType = new int[AuthenticationType.values().length];

        static {
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$AuthenticationType[AuthenticationType.OAUTH2_SAML_BEARER_ASSERTION.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$AuthenticationType[AuthenticationType.SAML_ASSERTION.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/sap/cloud/sdk/cloudplatform/connectivity/DestinationKeyStoreExtractor$PropertyKeyExtractor.class */
    public interface PropertyKeyExtractor {
        @Nonnull
        <T> Option<T> get(@Nonnull DestinationPropertyKey<T> destinationPropertyKey);
    }

    /* JADX WARN: 'this' call moved to the top of the method (can break code semantics) */
    DestinationKeyStoreExtractor(@Nonnull DestinationProperties destinationProperties) {
        this(destinationProperties::get);
        Objects.requireNonNull(destinationProperties);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Option<KeyStore> getTrustStore() throws DestinationAccessException {
        if (this.destination.get(DestinationProperty.TRUST_STORE_LOCATION).isEmpty()) {
            return Option.none();
        }
        if (log.isDebugEnabled()) {
            log.debug("Properties {} and {} found for destination {}", new Object[]{DestinationProperty.TRUST_STORE_LOCATION.getKeyName(), DestinationProperty.TRUST_STORE_PASSWORD.getKeyName(), this.destination.get(DestinationProperty.NAME).getOrElse("without name")});
        }
        DestinationServiceV1Response.DestinationCertificate destinationCertificateFromProperty = getDestinationCertificateFromProperty(DestinationProperty.TRUST_STORE_LOCATION);
        String str = (String) this.destination.get(DestinationProperty.TRUST_STORE_PASSWORD).getOrNull();
        String extension = FilenameUtils.getExtension(destinationCertificateFromProperty.getName().toLowerCase());
        String str2 = SUPPORTED_KEY_STORE_TYPES_AS_TRUST_STORE.get(extension);
        if (str2 != null) {
            log.debug("Creating a key store of type {} with file extension {}.", str2, extension);
            return Option.some(retrieveExistingKeyStore(destinationCertificateFromProperty.getContent(), str, str2));
        }
        if (SUPPORTED_CERT_FILE_EXTENSIONS_AS_TRUST_STORE.contains(extension)) {
            return Option.some(createKeyStoreFromCertificate(destinationCertificateFromProperty.getContent(), destinationCertificateFromProperty.getName()));
        }
        throw new DestinationAccessException(String.format("Could not create Trust Store from file \"%s\". Supported file extensions: %s", destinationCertificateFromProperty.getName(), Joiner.on(", ").join(SUPPORTED_KEY_STORE_TYPES_AS_TRUST_STORE.keySet(), SUPPORTED_CERT_FILE_EXTENSIONS_AS_TRUST_STORE, new Object[0])));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Nonnull
    public Option<KeyStore> getKeyStore() throws DestinationAccessException {
        if (this.destination.get(DestinationProperty.KEY_STORE_LOCATION).isEmpty() || !authTypeRequiresLoadingKeyMaterial(this.destination)) {
            return Option.none();
        }
        if (log.isDebugEnabled()) {
            log.debug("Properties {} and {} found for destination {}", new Object[]{DestinationProperty.KEY_STORE_LOCATION.getKeyName(), DestinationProperty.KEY_STORE_PASSWORD.getKeyName(), this.destination.get(DestinationProperty.NAME).getOrElse("without name")});
        }
        DestinationServiceV1Response.DestinationCertificate destinationCertificateFromProperty = getDestinationCertificateFromProperty(DestinationProperty.KEY_STORE_LOCATION);
        return Option.some(getKeyStoreTransformerByFileName(destinationCertificateFromProperty.getName()).apply(destinationCertificateFromProperty.getContent(), (String) this.destination.get(DestinationProperty.KEY_STORE_PASSWORD).getOrNull()));
    }

    @Nonnull
    private DestinationServiceV1Response.DestinationCertificate getDestinationCertificateFromProperty(@Nonnull DestinationPropertyKey<String> destinationPropertyKey) {
        String str = (String) this.destination.get(destinationPropertyKey).get();
        List list = (List) this.destination.get(DestinationProperty.CERTIFICATES).getOrElse(Collections::emptyList);
        log.debug("Considering Key Store Location {}. Found {} key store certificates.", str, Integer.valueOf(list.size()));
        Stream stream = list.stream();
        Class<DestinationServiceV1Response.DestinationCertificate> cls = DestinationServiceV1Response.DestinationCertificate.class;
        Objects.requireNonNull(DestinationServiceV1Response.DestinationCertificate.class);
        Stream filter = stream.filter(cls::isInstance);
        Class<DestinationServiceV1Response.DestinationCertificate> cls2 = DestinationServiceV1Response.DestinationCertificate.class;
        Objects.requireNonNull(DestinationServiceV1Response.DestinationCertificate.class);
        Optional findFirst = filter.map(cls2::cast).filter(destinationCertificate -> {
            return hasCertificateName(str, destinationCertificate.getName());
        }).filter(destinationCertificate2 -> {
            return hasCertificateContent(destinationCertificate2.getContent());
        }).findFirst();
        if (findFirst.isEmpty()) {
            throw new DestinationAccessException(String.format("Failed to resolve key store '%s' in destination '%s' as no matching certificate was found.", str, this.destination.get(DestinationProperty.NAME).getOrElse("without name")));
        }
        log.trace("Loaded destination certificate: {}", findFirst);
        return (DestinationServiceV1Response.DestinationCertificate) findFirst.get();
    }

    @Nonnull
    private static BiFunction<String, String, KeyStore> getKeyStoreTransformerByFileName(@Nonnull String str) {
        String extension = FilenameUtils.getExtension(str.toLowerCase());
        BiFunction<String, String, KeyStore> biFunction = SUPPORTED_KEY_STORES.get(extension);
        if (biFunction == null) {
            throw new DestinationAccessException(String.format("Could not create Key Store with file extension: %s. Supported extensions: " + SUPPORTED_KEY_STORES.keySet(), extension));
        }
        return biFunction;
    }

    @Nonnull
    private static KeyStore createKeyStoreFromCertificate(@Nonnull String str, String str2) {
        String defaultType = KeyStore.getDefaultType();
        log.debug("Creating a key store of type {}.", defaultType);
        KeyStore keyStore = (KeyStore) Try.of(() -> {
            return KeyStore.getInstance(defaultType);
        }).getOrElseThrow(th -> {
            return new DestinationAccessException("Failed to load key store.", th);
        });
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str));
            try {
                Certificate generateCertificate = CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                keyStore.load(null, null);
                keyStore.setCertificateEntry(str2, generateCertificate);
                byteArrayInputStream.close();
                return keyStore;
            } catch (Throwable th2) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th3) {
                    th2.addSuppressed(th3);
                }
                throw th2;
            }
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            throw new DestinationAccessException("Failed to load key store.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    @Nonnull
    public static KeyStore retrieveExistingKeyStore(@Nonnull String str, @Nullable String str2, @Nonnull String str3) {
        log.debug("Creating a key store of type {}.", str3);
        KeyStore keyStore = (KeyStore) Try.of(() -> {
            return KeyStore.getInstance(str3);
        }).getOrElseThrow(th -> {
            return new DestinationAccessException("Failed to load key store.", th);
        });
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.getDecoder().decode(str));
            try {
                keyStore.load(byteArrayInputStream, str2 == null ? new char[0] : str2.toCharArray());
                byteArrayInputStream.close();
                return keyStore;
            } finally {
            }
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new DestinationAccessException("Failed to load key store.", e);
        }
    }

    @Nonnull
    static KeyStore createNewKeyStoreFromPem(@Nonnull String str, @Nullable String str2) {
        try {
            String trim = new String(Base64.getDecoder().decode(str), StandardCharsets.UTF_8).trim();
            Matcher matcher = Pattern.compile("-+BEGIN CERTIFICATE-+.*-+END CERTIFICATE-+", 32).matcher(trim);
            if (!matcher.find()) {
                throw new IllegalArgumentException("PEM format cannot be parsed: No certificate entry found.");
            }
            String trim2 = (trim.substring(0, matcher.start()) + trim.substring(matcher.end())).trim();
            if (trim2.isEmpty()) {
                throw new IllegalArgumentException("PEM format cannot be parsed: No private key entry found.");
            }
            return KeyStoreReader.createKeyStore("1", Strings.isNullOrEmpty(str2) ? new char[0] : str2.toCharArray(), new StringReader(matcher.group()), new StringReader(trim2));
        } catch (Exception e) {
            throw new DestinationAccessException("Failed to instantiate new KeyStore.", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasCertificateName(String str, @Nullable String str2) {
        return str2 != null && str2.equals(str);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static boolean hasCertificateContent(@Nullable String str) {
        return str != null;
    }

    private static boolean authTypeRequiresLoadingKeyMaterial(@Nonnull PropertyKeyExtractor propertyKeyExtractor) {
        switch (AnonymousClass1.$SwitchMap$com$sap$cloud$sdk$cloudplatform$connectivity$AuthenticationType[((AuthenticationType) propertyKeyExtractor.get(DestinationProperty.AUTH_TYPE).getOrElse(AuthenticationType.NO_AUTHENTICATION)).ordinal()]) {
            case 1:
            case 2:
                return false;
            default:
                return true;
        }
    }

    @Generated
    public DestinationKeyStoreExtractor(@Nonnull PropertyKeyExtractor propertyKeyExtractor) {
        if (propertyKeyExtractor == null) {
            throw new NullPointerException("destination is marked non-null but is null");
        }
        this.destination = propertyKeyExtractor;
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 338642191:
                if (implMethodName.equals("lambda$retrieveExistingKeyStore$e7e417eb$1")) {
                    z = false;
                    break;
                }
                break;
            case 1177061874:
                if (implMethodName.equals("lambda$createKeyStoreFromCertificate$15c77761$1")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/DestinationKeyStoreExtractor") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/security/KeyStore;")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return KeyStore.getInstance(str);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("io/vavr/CheckedFunction0") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("()Ljava/lang/Object;") && serializedLambda.getImplClass().equals("com/sap/cloud/sdk/cloudplatform/connectivity/DestinationKeyStoreExtractor") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;)Ljava/security/KeyStore;")) {
                    String str2 = (String) serializedLambda.getCapturedArg(0);
                    return () -> {
                        return KeyStore.getInstance(str2);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
