package be.iminds.ilabt.jfed.lowlevel;

import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityFinder;
import be.iminds.ilabt.jfed.lowlevel.authority.SfaAuthority;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.IOUtils;
import be.iminds.ilabt.jfed.util.KeyUtil;
import ch.qos.logback.classic.ClassicConstants;
import java.io.File;
import java.io.IOException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/SimpleGeniUser.class */
public class SimpleGeniUser implements GeniUser {
    private static final Logger LOG = LoggerFactory.getLogger(SimpleGeniUser.class);
    private List<X509Certificate> certificateChain;
    private PrivateKey privateKey;
    private SfaAuthority authority;
    private GeniUrn userUrn;
    private File certificateKeyFile;
    private File privateKeyFile;
    private String keyCertContent;

    public SimpleGeniUser(SfaAuthority sfaAuthority, GeniUrn geniUrn, String str, char[] cArr, File file, File file2) {
        this.authority = sfaAuthority;
        this.userUrn = geniUrn;
        this.certificateKeyFile = file;
        this.privateKeyFile = file2;
        this.keyCertContent = str;
        try {
            this.privateKey = KeyUtil.pemToAnyPrivateKey(str, cArr);
            if (this.privateKey == null) {
                throw new RuntimeException("ERROR: PEM key and certificate does not contain a key:" + str);
            }
            this.certificateChain = KeyUtil.pemToX509CertificateChain(str);
            if (this.certificateChain == null || this.certificateChain.isEmpty()) {
                throw new RuntimeException("ERROR: PEM key and certificate does not contain a X509 certificate:" + str);
            }
        } catch (KeyUtil.PEMDecodingException e) {
            this.privateKey = null;
            throw new RuntimeException("ERROR reading PEM key:" + str + " -> " + e.getMessage(), e);
        }
    }

    public SimpleGeniUser(SfaAuthority sfaAuthority, GeniUrn geniUrn, List<X509Certificate> list, PrivateKey privateKey, File file, File file2) {
        this.authority = sfaAuthority;
        this.userUrn = geniUrn;
        this.privateKey = privateKey;
        this.certificateChain = list;
        this.certificateKeyFile = file;
        this.privateKeyFile = file2;
    }

    public SimpleGeniUser(GeniUser geniUser) {
        this.certificateChain = geniUser.getClientCertificateChain();
        this.privateKey = geniUser.getPrivateKey();
        this.authority = geniUser.getUserAuthority();
        this.userUrn = GeniUrn.parse(geniUser.getUserUrnString());
        this.certificateKeyFile = geniUser.getCertificateFile();
        this.privateKeyFile = geniUser.getPrivateKeyFile();
    }

    public SimpleGeniUser(SimpleGeniUser simpleGeniUser) {
        this.certificateChain = simpleGeniUser.certificateChain;
        this.privateKey = simpleGeniUser.privateKey;
        this.authority = simpleGeniUser.authority;
        this.userUrn = simpleGeniUser.userUrn;
        this.certificateKeyFile = simpleGeniUser.certificateKeyFile;
        this.privateKeyFile = simpleGeniUser.privateKeyFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public List<X509Certificate> getClientCertificateChain() {
        return this.certificateChain;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public PublicKey getPublicKey() {
        List<X509Certificate> clientCertificateChain = getClientCertificateChain();
        if (clientCertificateChain == null || clientCertificateChain.isEmpty()) {
            return null;
        }
        return clientCertificateChain.get(0).getPublicKey();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public SfaAuthority getUserAuthority() {
        return this.authority;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public GeniUrn getUserUrn() {
        return this.userUrn;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getPrivateKeyFile() {
        return this.privateKeyFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getCertificateFile() {
        return this.certificateKeyFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public String getUserUrnString() {
        return this.userUrn.toString();
    }

    public void deriveUserAndAuthFromPemContent(AuthorityFinder authorityFinder) {
        GeniUrn parse;
        String str = this.keyCertContent;
        if (str == null) {
            try {
                str = IOUtils.fileToString(this.privateKeyFile);
            } catch (IOException e) {
                return;
            }
        }
        if (str == null || this.certificateChain == null || this.certificateChain.isEmpty()) {
            return;
        }
        try {
            Collection<List<?>> subjectAlternativeNames = this.certificateChain.get(0).getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 6 && (parse = GeniUrn.parse((String) list.get(1))) != null && parse.getEncodedResourceType().equals(ClassicConstants.USER_MDC_KEY)) {
                        parse.getEncodedResourceName();
                        if (this.userUrn == null) {
                            this.userUrn = parse;
                        } else if (!this.userUrn.equals(parse)) {
                            LOG.error("deriveUserAndAuthFromPemContent-> derived userurn \"" + parse + "\" differs from already known userUrn \"" + this.userUrn + "\"");
                        }
                    }
                }
            }
            if (this.userUrn == null || authorityFinder == null || this.authority != null) {
                return;
            }
            this.authority = authorityFinder.findByAnyUrn(this.userUrn, AuthorityFinder.Purpose.FIND_USERAUTH);
        } catch (CertificateParsingException e2) {
        }
    }
}
