package org.eclipse.kura.core.keystore.util;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.DSAPublicKey;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.ECParameterSpec;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.security.auth.x500.X500Principal;
import javax.ws.rs.WebApplicationException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.core.keystore.request.CsrReadRequest;
import org.eclipse.kura.security.keystore.KeystoreInfo;
import org.eclipse.kura.security.keystore.KeystoreService;
import org.osgi.framework.BundleContext;
import org.osgi.framework.Filter;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.framework.ServiceReference;
import org.osgi.service.component.ComponentContext;
import org.osgi.util.tracker.ServiceTracker;
import org.osgi.util.tracker.ServiceTrackerCustomizer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/core/keystore/util/KeystoreRemoteService.class */
public class KeystoreRemoteService {
    public static final String BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
    public static final String END_CERT = "-----END CERTIFICATE-----";
    protected Map<String, KeystoreService> keystoreServices = new HashMap();
    protected BundleContext bundleContext;
    private ServiceTrackerCustomizer<KeystoreService, KeystoreService> keystoreServiceTrackerCustomizer;
    private ServiceTracker<KeystoreService, KeystoreService> keystoreServiceTracker;
    private static final Logger logger = LoggerFactory.getLogger(KeystoreRemoteService.class);
    public static final String LINE_SEPARATOR = System.getProperty("line.separator");

    /* loaded from: input_file:org/eclipse/kura/core/keystore/util/KeystoreRemoteService$KeystoreServiceTrackerCustomizer.class */
    private final class KeystoreServiceTrackerCustomizer implements ServiceTrackerCustomizer<KeystoreService, KeystoreService> {
        private static final String KURA_SERVICE_PID = "kura.service.pid";

        private KeystoreServiceTrackerCustomizer() {
        }

        public KeystoreService addingService(ServiceReference<KeystoreService> serviceReference) {
            String str = (String) serviceReference.getProperty(KURA_SERVICE_PID);
            KeystoreRemoteService.this.keystoreServices.put(str, (KeystoreService) KeystoreRemoteService.this.bundleContext.getService(serviceReference));
            return KeystoreRemoteService.this.keystoreServices.get(str);
        }

        public void modifiedService(ServiceReference<KeystoreService> serviceReference, KeystoreService keystoreService) {
            KeystoreRemoteService.this.keystoreServices.put((String) serviceReference.getProperty(KURA_SERVICE_PID), (KeystoreService) KeystoreRemoteService.this.bundleContext.getService(serviceReference));
        }

        public void removedService(ServiceReference<KeystoreService> serviceReference, KeystoreService keystoreService) {
            KeystoreRemoteService.this.keystoreServices.remove((String) serviceReference.getProperty(KURA_SERVICE_PID));
        }

        public /* bridge */ /* synthetic */ void modifiedService(ServiceReference serviceReference, Object obj) {
            modifiedService((ServiceReference<KeystoreService>) serviceReference, (KeystoreService) obj);
        }

        public /* bridge */ /* synthetic */ void removedService(ServiceReference serviceReference, Object obj) {
            removedService((ServiceReference<KeystoreService>) serviceReference, (KeystoreService) obj);
        }

        /* renamed from: addingService, reason: collision with other method in class */
        public /* bridge */ /* synthetic */ Object m14addingService(ServiceReference serviceReference) {
            return addingService((ServiceReference<KeystoreService>) serviceReference);
        }

        /* synthetic */ KeystoreServiceTrackerCustomizer(KeystoreRemoteService keystoreRemoteService, KeystoreServiceTrackerCustomizer keystoreServiceTrackerCustomizer) {
            this();
        }
    }

    public void activate(ComponentContext componentContext) {
        this.bundleContext = componentContext.getBundleContext();
        this.keystoreServiceTrackerCustomizer = new KeystoreServiceTrackerCustomizer(this, null);
        initKeystoreServiceTracking();
    }

    public void deactivate(ComponentContext componentContext) {
        if (this.keystoreServiceTracker != null) {
            this.keystoreServiceTracker.close();
        }
    }

    public static KeyStore.TrustedCertificateEntry createCertificateEntry(String str) throws CertificateException {
        return new KeyStore.TrustedCertificateEntry((X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8))));
    }

    public static KeyStore.PrivateKeyEntry createPrivateKey(String str, String str2) throws IOException, GeneralSecurityException {
        PrivateKey privateKey;
        X509Certificate[] parsePublicCertificates = parsePublicCertificates(str2);
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pEMParser = new PEMParser(new StringReader(str));
        Object readObject = pEMParser.readObject();
        pEMParser.close();
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
        if (readObject instanceof org.bouncycastle.asn1.pkcs.PrivateKeyInfo) {
            privateKey = provider.getPrivateKey((org.bouncycastle.asn1.pkcs.PrivateKeyInfo) readObject);
        } else {
            if (!(readObject instanceof PEMKeyPair)) {
                throw new IOException("PrivateKey not recognized.");
            }
            privateKey = provider.getKeyPair((PEMKeyPair) readObject).getPrivate();
        }
        return new KeyStore.PrivateKeyEntry(privateKey, parsePublicCertificates);
    }

    public static X509Certificate[] parsePublicCertificates(String str) throws CertificateException {
        Collection<? extends Certificate> generateCertificates = CertificateFactory.getInstance("X.509").generateCertificates(new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8)));
        ArrayList arrayList = new ArrayList();
        for (Certificate certificate : generateCertificates) {
            if (!(certificate instanceof X509Certificate)) {
                throw new CertificateException("Provided certificate is not a X509Certificate");
            }
            arrayList.add((X509Certificate) certificate);
        }
        return (X509Certificate[]) arrayList.toArray(new X509Certificate[arrayList.size()]);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<KeystoreInfo> listKeystoresInternal() {
        ArrayList arrayList = new ArrayList();
        this.keystoreServices.entrySet().stream().forEach(entry -> {
            try {
                if (((KeystoreService) entry.getValue()).getKeyStore() != null) {
                    arrayList.add(buildKeystoreInfo((String) entry.getKey(), ((KeystoreService) entry.getValue()).getKeyStore()));
                }
            } catch (KuraException | KeyStoreException e) {
                throw new WebApplicationException(e);
            }
        });
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<EntryInfo> getKeysInternal() {
        ArrayList arrayList = new ArrayList();
        this.keystoreServices.entrySet().stream().forEach(entry -> {
            if (entry != null) {
                try {
                    ((KeystoreService) entry.getValue()).getEntries().entrySet().stream().forEach(entry -> {
                        if (entry.getValue() instanceof KeyStore.PrivateKeyEntry) {
                            arrayList.add(buildPrivateKeyInfo((String) entry.getKey(), (String) entry.getKey(), (KeyStore.PrivateKeyEntry) entry.getValue(), false));
                        } else if (entry.getValue() instanceof KeyStore.TrustedCertificateEntry) {
                            arrayList.add(buildCertificateInfo((String) entry.getKey(), (String) entry.getKey(), (KeyStore.TrustedCertificateEntry) entry.getValue(), false));
                        }
                    });
                } catch (KuraException e) {
                    throw new WebApplicationException(e);
                }
            }
        });
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<EntryInfo> getKeysByPidInternal(String str) {
        ArrayList arrayList = new ArrayList();
        KeystoreService keystoreService = this.keystoreServices.get(str);
        if (keystoreService == null) {
            throw new WebApplicationException(404);
        }
        try {
            keystoreService.getEntries().entrySet().stream().forEach(entry -> {
                if (entry.getValue() instanceof KeyStore.PrivateKeyEntry) {
                    arrayList.add(buildPrivateKeyInfo(str, (String) entry.getKey(), (KeyStore.PrivateKeyEntry) entry.getValue(), true));
                } else if (entry.getValue() instanceof KeyStore.TrustedCertificateEntry) {
                    arrayList.add(buildCertificateInfo(str, (String) entry.getKey(), (KeyStore.TrustedCertificateEntry) entry.getValue(), true));
                }
            });
            return arrayList;
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public List<EntryInfo> getKeysByAliasInternal(String str) {
        ArrayList arrayList = new ArrayList();
        this.keystoreServices.entrySet().stream().filter(entry -> {
            try {
                return ((KeystoreService) entry.getValue()).getAliases().contains(str);
            } catch (KuraException e) {
                throw new WebApplicationException(e);
            }
        }).forEach(entry2 -> {
            try {
                KeyStore.Entry entry2 = ((KeystoreService) entry2.getValue()).getEntry(str);
                if (entry2 instanceof KeyStore.PrivateKeyEntry) {
                    arrayList.add(buildPrivateKeyInfo((String) entry2.getKey(), str, (KeyStore.PrivateKeyEntry) entry2, true));
                } else {
                    if (!(entry2 instanceof KeyStore.TrustedCertificateEntry)) {
                        throw new WebApplicationException(404);
                    }
                    arrayList.add(buildCertificateInfo((String) entry2.getKey(), str, (KeyStore.TrustedCertificateEntry) entry2, true));
                }
            } catch (KuraException e) {
                throw new WebApplicationException(e);
            }
        });
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public EntryInfo getKeyInternal(String str, String str2) {
        KeystoreService keystoreService = this.keystoreServices.get(str);
        if (keystoreService == null) {
            throw new WebApplicationException(404);
        }
        try {
            KeyStore.Entry entry = keystoreService.getEntry(str2);
            if (entry instanceof KeyStore.PrivateKeyEntry) {
                return buildPrivateKeyInfo(str, str2, (KeyStore.PrivateKeyEntry) entry, true);
            }
            if (entry instanceof KeyStore.TrustedCertificateEntry) {
                return buildCertificateInfo(str, str2, (KeyStore.TrustedCertificateEntry) entry, true);
            }
            throw new WebApplicationException(404);
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCSRInternal(CsrInfo csrInfo) {
        try {
            return this.keystoreServices.get(csrInfo.getKeystoreServicePid()).getCSR(csrInfo.getAlias(), new X500Principal(csrInfo.getAttributes()), csrInfo.getSignatureAlgorithm());
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getCSRInternal(CsrReadRequest csrReadRequest) {
        try {
            return this.keystoreServices.get(csrReadRequest.getKeystoreServicePid()).getCSR(csrReadRequest.getAlias(), new X500Principal(csrReadRequest.getAttributes()), csrReadRequest.getSignatureAlgorithm());
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeTrustedCertificateEntryInternal(CertificateInfo certificateInfo) {
        try {
            this.keystoreServices.get(certificateInfo.getKeystoreServicePid()).setEntry(certificateInfo.getAlias(), createCertificateEntry(certificateInfo.getCertificate()));
        } catch (GeneralSecurityException | KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storeKeyPairEntryInternal(KeyPairInfo keyPairInfo) {
        try {
            this.keystoreServices.get(keyPairInfo.getKeystoreServicePid()).createKeyPair(keyPairInfo.getAlias(), keyPairInfo.getAlgorithm(), keyPairInfo.getSize(), keyPairInfo.getSignatureAlgorithm(), keyPairInfo.getAttributes());
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void storePrivateKeyEntryInternal(PrivateKeyInfo privateKeyInfo) throws KuraException, IOException, GeneralSecurityException {
        KeystoreService keystoreService = (KeystoreService) Optional.ofNullable(this.keystoreServices.get(privateKeyInfo.getKeystoreServicePid())).orElseThrow(() -> {
            return new KuraException(KuraErrorCode.NOT_FOUND, new Object[]{"KeystoreService not found"});
        });
        if (privateKeyInfo.getPrivateKey() == null) {
            updatePrivateKeyEntryCertificateChain(keystoreService, privateKeyInfo);
        } else {
            createPrivateKeyEntry(keystoreService, privateKeyInfo);
        }
    }

    private void updatePrivateKeyEntryCertificateChain(KeystoreService keystoreService, PrivateKeyInfo privateKeyInfo) throws KuraException, CertificateException {
        KeyStore.Entry entry = (KeyStore.Entry) Optional.ofNullable(keystoreService.getEntry(privateKeyInfo.getAlias())).orElseThrow(() -> {
            return new KuraException(KuraErrorCode.NOT_FOUND, new Object[]{"Entry not found"});
        });
        if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
            throw new KuraException(KuraErrorCode.BAD_REQUEST, new Object[]{"Target entry is not a PrivateKeyEntry"});
        }
        keystoreService.setEntry(privateKeyInfo.getAlias(), new KeyStore.PrivateKeyEntry(((KeyStore.PrivateKeyEntry) entry).getPrivateKey(), parsePublicCertificates((String) Arrays.stream(privateKeyInfo.getCertificateChain()).collect(Collectors.joining("\n")))));
    }

    private void createPrivateKeyEntry(KeystoreService keystoreService, PrivateKeyInfo privateKeyInfo) throws IOException, GeneralSecurityException, KuraException {
        keystoreService.setEntry(privateKeyInfo.getAlias(), createPrivateKey(privateKeyInfo.getPrivateKey(), (String) Arrays.stream(privateKeyInfo.getCertificateChain()).collect(Collectors.joining("\n"))));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteKeyEntryInternal(String str, String str2) {
        try {
            this.keystoreServices.get(str).deleteEntry(str2);
        } catch (KuraException e) {
            throw new WebApplicationException(e);
        }
    }

    private KeystoreInfo buildKeystoreInfo(String str, KeyStore keyStore) throws KeyStoreException {
        KeystoreInfo keystoreInfo = new KeystoreInfo(str);
        keystoreInfo.setType(keyStore.getType());
        keystoreInfo.setSize(keyStore.size());
        return keystoreInfo;
    }

    private CertificateInfo buildCertificateInfo(String str, String str2, KeyStore.TrustedCertificateEntry trustedCertificateEntry, boolean z) {
        CertificateInfo certificateInfo = new CertificateInfo(str, str2);
        if (trustedCertificateEntry != null && (trustedCertificateEntry.getTrustedCertificate() instanceof X509Certificate)) {
            X509Certificate x509Certificate = (X509Certificate) trustedCertificateEntry.getTrustedCertificate();
            certificateInfo.setSubjectDN(x509Certificate.getSubjectDN().getName());
            certificateInfo.setIssuer(x509Certificate.getIssuerX500Principal().getName());
            certificateInfo.setStartDate(x509Certificate.getNotBefore().getTime());
            certificateInfo.setExpirationDate(x509Certificate.getNotAfter().getTime());
            certificateInfo.setAlgorithm(x509Certificate.getSigAlgName());
            certificateInfo.setSize(getSize(x509Certificate.getPublicKey()));
            try {
                certificateInfo.setSubjectAN(x509Certificate.getSubjectAlternativeNames());
            } catch (CertificateParsingException e) {
                logger.error("Cannot parse certificate subject alternative names", e);
            }
            if (z) {
                Base64.Encoder mimeEncoder = Base64.getMimeEncoder(64, LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
                StringBuilder sb = new StringBuilder();
                sb.append(BEGIN_CERT);
                sb.append(LINE_SEPARATOR);
                try {
                    sb.append(mimeEncoder.encodeToString(x509Certificate.getEncoded()));
                } catch (CertificateEncodingException e2) {
                    logger.error("Cannot encode certificate", e2);
                }
                sb.append(LINE_SEPARATOR);
                sb.append(END_CERT);
                certificateInfo.setCertificate(sb.toString());
            }
        }
        return certificateInfo;
    }

    private PrivateKeyInfo buildPrivateKeyInfo(String str, String str2, KeyStore.PrivateKeyEntry privateKeyEntry, boolean z) {
        PrivateKeyInfo privateKeyInfo = new PrivateKeyInfo(str, str2);
        if (privateKeyEntry != null) {
            privateKeyInfo.setAlgorithm(privateKeyEntry.getPrivateKey().getAlgorithm());
            privateKeyInfo.setSize(getSize(privateKeyEntry.getCertificate().getPublicKey()));
            if (z) {
                Base64.Encoder mimeEncoder = Base64.getMimeEncoder(64, LINE_SEPARATOR.getBytes(StandardCharsets.UTF_8));
                String[] strArr = new String[privateKeyEntry.getCertificateChain().length];
                for (int i = 0; i < strArr.length; i++) {
                    StringBuilder sb = new StringBuilder();
                    sb.append(BEGIN_CERT);
                    sb.append(LINE_SEPARATOR);
                    try {
                        sb.append(mimeEncoder.encodeToString(privateKeyEntry.getCertificateChain()[i].getEncoded()));
                    } catch (CertificateEncodingException e) {
                        logger.error("Cannot encode certificate", e);
                    }
                    sb.append(LINE_SEPARATOR);
                    sb.append(END_CERT);
                    strArr[i] = sb.toString();
                }
                privateKeyInfo.setCertificateChain(strArr);
            }
        }
        return privateKeyInfo;
    }

    private int getSize(Key key) {
        int i = 0;
        if (key instanceof RSAPublicKey) {
            i = ((RSAPublicKey) key).getModulus().bitLength();
        } else if (key instanceof ECPublicKey) {
            ECParameterSpec params = ((ECPublicKey) key).getParams();
            if (params != null) {
                i = params.getOrder().bitLength();
            }
        } else if (key instanceof DSAPublicKey) {
            DSAPublicKey dSAPublicKey = (DSAPublicKey) key;
            i = dSAPublicKey.getParams() != null ? dSAPublicKey.getParams().getP().bitLength() : dSAPublicKey.getY().bitLength();
        }
        return i;
    }

    private void initKeystoreServiceTracking() {
        Filter filter = null;
        try {
            filter = this.bundleContext.createFilter(String.format("(&(%s=%s))", "objectClass", KeystoreService.class.getName()));
        } catch (InvalidSyntaxException e) {
            logger.error("Filter setup exception ", e);
        }
        this.keystoreServiceTracker = new ServiceTracker<>(this.bundleContext, filter, this.keystoreServiceTrackerCustomizer);
        this.keystoreServiceTracker.open();
    }
}
