package cern.c2mon.daq.opcua.security;

import cern.c2mon.daq.opcua.config.AppConfigProperties;
import cern.c2mon.daq.opcua.exceptions.ConfigurationException;
import cern.c2mon.daq.opcua.scope.EquipmentScoped;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.Map;
import org.eclipse.milo.opcua.stack.core.security.SecurityPolicy;
import org.eclipse.milo.opcua.stack.core.types.structured.EndpointDescription;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@EquipmentScoped
/* loaded from: input_file:cern/c2mon/daq/opcua/security/CertificateLoader.class */
public class CertificateLoader extends CertifierBase {
    private static final Logger log = LoggerFactory.getLogger(CertificateLoader.class);
    private final AppConfigProperties.KeystoreConfig keystoreConfig;
    private final AppConfigProperties.PKIConfig pkiConfig;

    @Override // cern.c2mon.daq.opcua.security.Certifier
    public boolean supportsAlgorithm(EndpointDescription endpointDescription) {
        return canCertify(endpointDescription);
    }

    @Override // cern.c2mon.daq.opcua.security.Certifier
    public boolean canCertify(EndpointDescription endpointDescription) {
        if (this.certificate == null || this.keyPair == null) {
            loadCertificateAndKeypair();
        }
        return SecurityPolicy.fromUriSafe(endpointDescription.getSecurityPolicyUri()).filter(this::existingCertificateMatchesSecurityPolicy).isPresent();
    }

    @Override // cern.c2mon.daq.opcua.security.CertifierBase, cern.c2mon.daq.opcua.security.Certifier
    public boolean isSevereError(long j) {
        return j == 2148728832L || j == 2148663296L || super.isSevereError(j);
    }

    private void loadCertificateAndKeypair() {
        Map.Entry<X509Certificate, KeyPair> entry = null;
        if (PkiUtil.isKeystoreConfigured(this.keystoreConfig)) {
            log.info("Loading from pfx");
            try {
                entry = PkiUtil.loadFromPfx(this.keystoreConfig);
            } catch (ConfigurationException e) {
                log.error("An error occurred loading the certificate and keypair from pfx. ", e);
            }
        }
        if (entry == null && PkiUtil.isPkiConfigured(this.pkiConfig)) {
            log.info("Loading from PEM files");
            try {
                entry = PkiUtil.loadFromPki(this.pkiConfig);
            } catch (ConfigurationException e2) {
                log.error("An error occurred loading certificate and private key. ", e2);
            }
        }
        if (entry != null) {
            this.certificate = entry.getKey();
            this.keyPair = entry.getValue();
        }
    }

    public CertificateLoader(AppConfigProperties.KeystoreConfig keystoreConfig, AppConfigProperties.PKIConfig pKIConfig) {
        this.keystoreConfig = keystoreConfig;
        this.pkiConfig = pKIConfig;
    }
}
