package com.sap.cloud.security.mtls;

import com.sap.cloud.security.config.ClientCertificate;
import com.sap.cloud.security.config.ClientIdentity;
import com.sap.cloud.security.xsuaa.Assertions;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.spec.KeySpec;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Base64;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/sap/cloud/security/mtls/SSLContextFactory.class */
public class SSLContextFactory {
    private static final char[] noPassword = "".toCharArray();
    private static final SSLContextFactory instance = new SSLContextFactory();
    private final Logger logger = LoggerFactory.getLogger(getClass());

    private SSLContextFactory() {
    }

    public static SSLContextFactory getInstance() {
        return instance;
    }

    public SSLContext create(String str, String str2) throws GeneralSecurityException, IOException {
        Assertions.assertHasText(str, "x509Certificate is required");
        Assertions.assertHasText(str2, "rsaPrivateKey is required");
        return create(new ClientCertificate(str, str2, (String) null));
    }

    public SSLContext create(ClientIdentity clientIdentity) throws GeneralSecurityException, IOException {
        Assertions.assertNotNull(clientIdentity, "clientIdentity must not be null");
        Assertions.assertHasText(clientIdentity.getCertificate(), "clientIdentity.getCertificate() must not return null");
        Assertions.assertHasText(clientIdentity.getKey(), "clientIdentity.getKey() must not return null");
        KeyStore createKeyStore = createKeyStore(clientIdentity);
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance("SunX509");
        keyManagerFactory.init(createKeyStore, noPassword);
        SSLContext createDefaultSSLContext = createDefaultSSLContext();
        createDefaultSSLContext.init(keyManagerFactory.getKeyManagers(), null, null);
        return createDefaultSSLContext;
    }

    public KeyStore createKeyStore(ClientIdentity clientIdentity) throws GeneralSecurityException, IOException {
        Assertions.assertNotNull(clientIdentity, "clientIdentity must not be null");
        Assertions.assertHasText(clientIdentity.getCertificate(), "clientIdentity.getCertificate() must not return null");
        Assertions.assertHasText(clientIdentity.getKey(), "clientIdentity.getKey() must not return null");
        return initializeKeyStore(getPrivateKeyFromString(clientIdentity.getKey()), getCertificatesFromString(clientIdentity.getCertificate()));
    }

    private KeyStore initializeKeyStore(PrivateKey privateKey, Certificate[] certificateArr) throws KeyStoreException, IOException, NoSuchAlgorithmException, CertificateException {
        KeyStore keyStore = KeyStore.getInstance("jks");
        keyStore.load(null);
        int i = 0;
        for (Certificate certificate : certificateArr) {
            int i2 = i;
            i++;
            keyStore.setCertificateEntry("cert-alias-" + i2, certificate);
        }
        keyStore.setKeyEntry("key-alias", privateKey, noPassword, certificateArr);
        return keyStore;
    }

    private SSLContext createDefaultSSLContext() throws NoSuchAlgorithmException {
        return SSLContext.getInstance("TLS");
    }

    private PrivateKey getPrivateKeyFromString(String str) throws GeneralSecurityException {
        String replace = str.replace("-----BEGIN RSA PRIVATE KEY-----", "").replace("-----END RSA PRIVATE KEY-----", "").replace("\n", "").replace("\\n", "");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("privateKeyPem: '{}...{}'", replace.substring(0, 7), replace.substring(replace.length() - 7));
        }
        return KeyFactory.getInstance("RSA").generatePrivate(parseDERPrivateKey(Base64.getDecoder().decode(replace)));
    }

    private Certificate[] getCertificatesFromString(String str) throws CertificateException {
        return (Certificate[]) CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.replace("\\n", "\n").getBytes())).toArray(new Certificate[0]);
    }

    private KeySpec parseDERPrivateKey(byte[] bArr) throws GeneralSecurityException {
        MinimalDERParser minimalDERParser = new MinimalDERParser(bArr);
        try {
            minimalDERParser.getSequence();
            if (minimalDERParser.getBigInteger().equals(BigInteger.ZERO)) {
                return new RSAPrivateCrtKeySpec(minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger(), minimalDERParser.getBigInteger());
            }
            throw new IllegalArgumentException("Only version 0 supported for PKCS1 decoding.");
        } catch (IOException e) {
            throw new GeneralSecurityException("Exception during parsing DER encoded private key", e);
        }
    }
}
