package cern.c2mon.daq.opcua.security;

import cern.c2mon.daq.opcua.config.AppConfigProperties;
import cern.c2mon.daq.opcua.exceptions.ConfigurationException;
import cern.c2mon.daq.opcua.exceptions.ExceptionContext;
import io.netty.util.internal.StringUtil;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.AbstractMap;
import java.util.Map;
import java.util.stream.Stream;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:cern/c2mon/daq/opcua/security/PkiUtil.class */
public class PkiUtil {
    private static final Logger log = LoggerFactory.getLogger(PkiUtil.class);

    public static boolean isKeystoreConfigured(AppConfigProperties.KeystoreConfig keystoreConfig) {
        return keystoreConfig != null && Stream.of((Object[]) new String[]{keystoreConfig.getType(), keystoreConfig.getPath(), keystoreConfig.getAlias()}).noneMatch(StringUtil::isNullOrEmpty) && Paths.get(keystoreConfig.getPath(), new String[0]).toFile().exists();
    }

    public static boolean isPkiConfigured(AppConfigProperties.PKIConfig pKIConfig) {
        return (pKIConfig != null && !StringUtil.isNullOrEmpty(pKIConfig.getCertificatePath()) && !StringUtil.isNullOrEmpty(pKIConfig.getPrivateKeyPath())) && Paths.get(pKIConfig.getCertificatePath(), new String[0]).toFile().exists() && Paths.get(pKIConfig.getPrivateKeyPath(), new String[0]).toFile().exists();
    }

    public static Map.Entry<X509Certificate, KeyPair> loadFromPfx(AppConfigProperties.KeystoreConfig keystoreConfig) throws ConfigurationException {
        if (isKeystoreConfigured(keystoreConfig)) {
            try {
                InputStream newInputStream = Files.newInputStream(Paths.get(keystoreConfig.getPath(), new String[0]), new OpenOption[0]);
                try {
                    KeyStore keyStore = KeyStore.getInstance(keystoreConfig.getType());
                    char[] charArray = (keystoreConfig.getPassword() == null ? "" : keystoreConfig.getPassword()).toCharArray();
                    keyStore.load(newInputStream, charArray);
                    Key key = keyStore.getKey(keystoreConfig.getAlias(), charArray);
                    if (key instanceof PrivateKey) {
                        X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(keystoreConfig.getAlias());
                        AbstractMap.SimpleEntry simpleEntry = new AbstractMap.SimpleEntry(x509Certificate, new KeyPair(x509Certificate.getPublicKey(), (PrivateKey) key));
                        if (newInputStream != null) {
                            newInputStream.close();
                        }
                        return simpleEntry;
                    }
                    if (newInputStream != null) {
                        newInputStream.close();
                    }
                } finally {
                }
            } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
                throw new ConfigurationException(ExceptionContext.SECURITY, e);
            }
        }
        throw new ConfigurationException(ExceptionContext.SECURITY);
    }

    public static Map.Entry<X509Certificate, KeyPair> loadFromPki(AppConfigProperties.PKIConfig pKIConfig) throws ConfigurationException {
        if (!isPkiConfigured(pKIConfig)) {
            throw new ConfigurationException(ExceptionContext.SECURITY);
        }
        PrivateKey loadPrivateKey = loadPrivateKey(pKIConfig.getPrivateKeyPath());
        X509Certificate loadCertificate = loadCertificate(pKIConfig.getCertificatePath());
        return new AbstractMap.SimpleEntry(loadCertificate, new KeyPair(loadCertificate.getPublicKey(), loadPrivateKey));
    }

    private static PrivateKey loadPrivateKey(String str) throws ConfigurationException {
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(getPemObject(str).getContent()));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new ConfigurationException(ExceptionContext.SECURITY, e);
        }
    }

    private static X509Certificate loadCertificate(String str) throws ConfigurationException {
        try {
            FileInputStream fileInputStream = new FileInputStream(str);
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(fileInputStream);
                fileInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException | CertificateException e) {
            throw new ConfigurationException(ExceptionContext.SECURITY, e);
        }
    }

    private static PemObject getPemObject(String str) throws IOException {
        FileInputStream fileInputStream = new FileInputStream(str);
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(fileInputStream, StandardCharsets.UTF_8);
            try {
                PemReader pemReader = new PemReader(inputStreamReader);
                try {
                    PemObject readPemObject = pemReader.readPemObject();
                    if (readPemObject == null || readPemObject.getContent() == null) {
                        throw new IOException();
                    }
                    pemReader.close();
                    inputStreamReader.close();
                    fileInputStream.close();
                    return readPemObject;
                } catch (Throwable th) {
                    try {
                        pemReader.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                    throw th;
                }
            } finally {
            }
        } catch (Throwable th3) {
            try {
                fileInputStream.close();
            } catch (Throwable th4) {
                th3.addSuppressed(th4);
            }
            throw th3;
        }
    }

    private PkiUtil() {
    }
}
