package be.iminds.ilabt.jfed.lowlevel.userloginmodel;

import be.iminds.ilabt.jfed.lowlevel.GeniUser;
import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityFinder;
import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityListModel;
import be.iminds.ilabt.jfed.lowlevel.authority.SfaAuthority;
import be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModelManager;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.IOUtils;
import be.iminds.ilabt.jfed.util.KeyUtil;
import ch.qos.logback.classic.ClassicConstants;
import java.io.BufferedReader;
import java.io.File;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.MalformedURLException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Collection;
import java.util.List;
import javanet.staxutils.Indentation;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.internal.Parameters;
import org.testng.reporters.XMLConstants;

/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/userloginmodel/KeyCertUserLoginModel.class */
public class KeyCertUserLoginModel implements UserLoginModel {
    private static final Logger LOG;
    private static final String PREFS_KEY_CERT_FILE_URI = "keyCertFileURI";
    private static final String PREFS_KEY_SOURCE = "source";
    private static final String PREFS_KEY_FILE = "file";
    private static final String PREFS_KEY_CERT_FILE_CONTENT = "keyCertFileContent";
    protected URL keyCertUrl;
    protected List<X509Certificate> certificateChain;
    protected PrivateKey privateKey;
    protected RSAPublicKey publicKey;
    protected boolean passwordRequired;
    protected AuthorityListModel authorityListModel;
    protected AuthorityFinder authorityFinder;
    protected UserLoginModelManager userLoginModelManager;
    static final /* synthetic */ boolean $assertionsDisabled;
    protected File keyCertFile = null;
    private PemSource pemSource = PemSource.FILE;
    protected String keyCertContent = null;
    protected SfaAuthority authority = null;
    protected String authorityUrn = null;
    protected GeniUrn userUrn = null;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/userloginmodel/KeyCertUserLoginModel$PemSource.class */
    public enum PemSource {
        FILE,
        URL,
        STRING
    }

    public KeyCertUserLoginModel(AuthorityListModel authorityListModel, AuthorityFinder authorityFinder, UserLoginModelManager userLoginModelManager) {
        this.authorityListModel = authorityListModel;
        this.authorityFinder = authorityFinder;
        this.userLoginModelManager = userLoginModelManager;
    }

    public void setKeyCertPemFile(File file) throws InvalidLoginException {
        reset();
        if (file == null) {
            return;
        }
        if (!file.exists()) {
            throw new InvalidLoginException("Key and Certificate file does not exist: \"" + file.getPath() + "\"\n");
        }
        try {
            this.keyCertFile = file;
            this.keyCertContent = IOUtils.fileToString(file);
            if (LOG.isDebugEnabled()) {
                String str = this.keyCertContent == null ? Parameters.NULL_VALUE : "empty";
                if (this.keyCertContent != null && !this.keyCertContent.isEmpty()) {
                    try {
                        str = Base64.encodeBase64String(MessageDigest.getInstance("MD5").digest(this.keyCertContent.getBytes("UTF-8")));
                    } catch (NoSuchAlgorithmException e) {
                        LOG.debug("Error creating read PEM MD5", (Throwable) e);
                        str = XMLConstants.ERROR;
                    }
                }
                LOG.debug("Read RSA Private key and certificate data from PEM file \"" + file.getAbsolutePath() + "\". len=" + (this.keyCertContent == null ? Parameters.NULL_VALUE : Integer.valueOf(this.keyCertContent.length())) + " md5=" + str);
            }
            if (!$assertionsDisabled && this.keyCertFile == null) {
                throw new AssertionError();
            }
            processPemContent();
        } catch (IOException e2) {
            throw new InvalidLoginException("Error reading \"" + this.keyCertFile.getPath() + "\": " + e2.getMessage() + Indentation.NORMAL_END_OF_LINE, e2);
        }
    }

    /* JADX WARN: Finally extract failed */
    public void setKeyCertPemUrl(URL url) throws InvalidLoginException {
        if (!$assertionsDisabled && url == null) {
            throw new AssertionError();
        }
        reset();
        this.pemSource = PemSource.URL;
        this.keyCertUrl = url;
        try {
            BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(url.openConnection().getInputStream()));
            StringBuilder sb = new StringBuilder();
            while (true) {
                try {
                    String readLine = bufferedReader.readLine();
                    if (readLine == null) {
                        break;
                    }
                    sb.append(readLine);
                    sb.append(Indentation.NORMAL_END_OF_LINE);
                } catch (Throwable th) {
                    bufferedReader.close();
                    throw th;
                }
            }
            bufferedReader.close();
            String sb2 = sb.toString();
            if (sb2.isEmpty()) {
                throw new InvalidLoginException("Could not read key-certificate pair from the provided URL. Got null");
            }
            this.keyCertContent = sb2;
            processPemContent();
        } catch (IOException e) {
            LOG.error("Could not fetch key-certificate-pair", (Throwable) e);
            throw new InvalidLoginException("Could not fetch key-certificate-pair", e);
        }
    }

    public void setKeyCertPemString(String str) throws InvalidLoginException {
        if (!$assertionsDisabled && str == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && str.isEmpty()) {
            throw new AssertionError();
        }
        reset();
        this.pemSource = PemSource.STRING;
        this.keyCertContent = str;
        processPemContent();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void processBasicPemContent() throws InvalidLoginException {
        this.authority = null;
        this.authorityUrn = null;
        this.userUrn = null;
        if (this.keyCertContent == null) {
            throw new InvalidLoginException("Key and Certificate PEM is empty");
        }
        if (!this.keyCertContent.trim().startsWith("-----BEGIN")) {
            throw new InvalidLoginException("Key and Certificate PEM does not have expected content");
        }
        this.certificateChain = KeyUtil.pemToX509CertificateChain(this.keyCertContent);
        if (this.certificateChain == null) {
            throw new InvalidLoginException("Error parsing certificate PEM");
        }
        if (!KeyUtil.hasAnyPrivateKey(this.keyCertContent)) {
            throw new InvalidLoginException("No private key found in PEM");
        }
        boolean hasEncryptedRsaPrivateKey = KeyUtil.hasEncryptedRsaPrivateKey(this.keyCertContent);
        this.passwordRequired = hasEncryptedRsaPrivateKey;
        if (hasEncryptedRsaPrivateKey) {
            return;
        }
        try {
            this.privateKey = KeyUtil.pemToAnyPrivateKey(this.keyCertContent, null);
        } catch (KeyUtil.PEMDecodingException e) {
            throw new InvalidLoginException("Error reading private key", e);
        }
    }

    protected void processPemContent() throws InvalidLoginException {
        processBasicPemContent();
        deriveFromPemContent();
    }

    protected void deriveFromPemContent() throws InvalidLoginException {
        if (!$assertionsDisabled && this.certificateChain == null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.certificateChain.isEmpty()) {
            throw new AssertionError();
        }
        try {
            Collection<List<?>> subjectAlternativeNames = this.certificateChain.get(0).getSubjectAlternativeNames();
            if (subjectAlternativeNames != null) {
                for (List<?> list : subjectAlternativeNames) {
                    if (((Integer) list.get(0)).intValue() == 6) {
                        String str = (String) list.get(1);
                        GeniUrn parse = GeniUrn.parse(str);
                        if (parse == null || !(parse.getEncodedResourceType().equals(ClassicConstants.USER_MDC_KEY) || parse.getEncodedResourceType().equals("tool"))) {
                            LOG.warn("Certificate alternative name URI is not a valid user or tool urn: '{}' (will be ignored)", str);
                        } else {
                            this.userUrn = parse;
                            this.authority = this.authorityFinder.findByAnyUrn(this.userUrn, AuthorityFinder.Purpose.FIND_USERAUTH);
                            if (this.authority != null) {
                                break;
                            } else {
                                LOG.warn("User authority found '{}', but no authority info about it is known. Try adding authority info to the internal list and try again.", parse);
                            }
                        }
                    }
                }
            } else {
                LOG.warn("No alternative names in certificate");
            }
            if (this.authority == null) {
                throw new InvalidLoginException("ERROR: Did not find info about user (urn and authority) in certificate.");
            }
            if (this.authorityUrn == null) {
                this.authorityUrn = this.authority.getUrnString();
            }
        } catch (CertificateParsingException e) {
            throw new InvalidLoginException("Error processing certificate alternate names", e);
        }
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void save(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) {
        LOG.trace("KeyCertUserLoginModel.save(prefs)");
        if (!$assertionsDisabled && this.pemSource == null) {
            throw new AssertionError();
        }
        userLoginModelPreferences.put(PREFS_KEY_SOURCE, this.pemSource.name());
        if (this.pemSource == PemSource.FILE) {
            userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_CONTENT);
            if (this.keyCertFile != null) {
                userLoginModelPreferences.put(PREFS_KEY_CERT_FILE_URI, this.keyCertFile.toURI().toString());
                return;
            } else {
                userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_URI);
                return;
            }
        }
        if (this.pemSource == PemSource.URL) {
            userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_CONTENT);
            if (this.keyCertUrl != null) {
                userLoginModelPreferences.put(PREFS_KEY_CERT_FILE_URI, this.keyCertUrl.toExternalForm());
                return;
            } else {
                userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_URI);
                return;
            }
        }
        if (!$assertionsDisabled && this.pemSource != PemSource.STRING) {
            throw new AssertionError();
        }
        userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_URI);
        userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_CONTENT);
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void reset() {
        this.keyCertFile = null;
        this.keyCertUrl = null;
        this.pemSource = PemSource.FILE;
        this.keyCertContent = null;
        this.authority = null;
        this.authorityUrn = null;
        this.userUrn = null;
        this.privateKey = null;
        this.publicKey = null;
        this.certificateChain = null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void defaults() {
        reset();
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.userloginmodel.UserLoginModel
    public void load(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) throws InvalidLoginException {
        reset();
        if (!userLoginModelPreferences.contains(PREFS_KEY_SOURCE)) {
            if (userLoginModelPreferences.getBoolean("file", true).booleanValue()) {
                loadFromFile(userLoginModelPreferences);
            }
        } else if (userLoginModelPreferences.get(PREFS_KEY_SOURCE).equals(PemSource.FILE.name())) {
            loadFromFile(userLoginModelPreferences);
        } else if (userLoginModelPreferences.get(PREFS_KEY_SOURCE).equals(PemSource.URL.name())) {
            loadFromUrl(userLoginModelPreferences);
        } else if (!$assertionsDisabled && !userLoginModelPreferences.get(PREFS_KEY_SOURCE).equals(PemSource.STRING.name())) {
            throw new AssertionError();
        }
    }

    private void loadFromFile(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) throws InvalidLoginException {
        if (userLoginModelPreferences.contains(PREFS_KEY_CERT_FILE_URI)) {
            try {
                setKeyCertPemFile(new File(new URI(userLoginModelPreferences.get(PREFS_KEY_CERT_FILE_URI))));
            } catch (URISyntaxException e) {
                LOG.warn("Stored file URI is not a valid URI. It will be deleted from the settings", (Throwable) e);
                userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_URI);
            }
        }
    }

    private void loadFromUrl(UserLoginModelManager.UserLoginModelPreferences userLoginModelPreferences) throws InvalidLoginException {
        if (userLoginModelPreferences.contains(PREFS_KEY_CERT_FILE_URI)) {
            try {
                setKeyCertPemUrl(new URL(userLoginModelPreferences.get(PREFS_KEY_CERT_FILE_URI)));
            } catch (MalformedURLException e) {
                LOG.warn("Stored URL is not a valid. It will be deleted from the settings", (Throwable) e);
                userLoginModelPreferences.remove(PREFS_KEY_CERT_FILE_URI);
            }
        }
    }

    public boolean unlock(String str) {
        return unlock(str.toCharArray());
    }

    public boolean unlock(char[] cArr) {
        if (this.keyCertContent == null) {
            return false;
        }
        try {
            this.privateKey = KeyUtil.pemToAnyPrivateKey(this.keyCertContent, cArr);
            if (this.privateKey instanceof RSAPrivateCrtKey) {
                this.publicKey = KeyUtil.rsaPrivateKeyToRsaPublicKey((RSAPrivateCrtKey) this.privateKey);
                if (this.publicKey == null) {
                    LOG.warn("rsaPrivateKeyToRsaPublicKey failed! Converting private key to public key using fallback pemToRsaKeyPair");
                    KeyPair pemToRsaKeyPair = KeyUtil.pemToRsaKeyPair(this.keyCertContent, cArr);
                    if (pemToRsaKeyPair == null) {
                        LOG.error("ERROR: decoded private RSA key, but failed to create key pair. privateKey class = " + this.privateKey.getClass().getName());
                        this.publicKey = null;
                        this.privateKey = null;
                    } else if (pemToRsaKeyPair.getPublic() == null || !(pemToRsaKeyPair.getPublic() instanceof RSAPublicKey)) {
                        LOG.error("ERROR: decoded private RSA key, but key pair public key is not RSAPublicKey: " + (pemToRsaKeyPair == null ? null : pemToRsaKeyPair.getClass().getName()) + "  privateKey class=" + this.privateKey.getClass().getName());
                        this.publicKey = null;
                        this.privateKey = null;
                    } else {
                        this.publicKey = (RSAPublicKey) pemToRsaKeyPair.getPublic();
                    }
                }
            }
            if (this.privateKey == null) {
                LOG.trace("ERROR: Failed to decode private key using password");
            }
        } catch (KeyUtil.PEMDecodingException e) {
            LOG.trace("ERROR: Failed to decode private key using password", (Throwable) e);
            this.privateKey = null;
        }
        return this.privateKey != null;
    }

    public boolean isPemGiven() {
        return (this.keyCertContent == null && this.keyCertFile == null) ? false : true;
    }

    public boolean isFromFile() {
        return this.pemSource == PemSource.FILE;
    }

    public boolean isFromString() {
        return this.pemSource == PemSource.STRING;
    }

    public boolean isFromURL() {
        return this.pemSource == PemSource.URL;
    }

    public boolean isPasswordRequired() {
        return this.passwordRequired;
    }

    public File getKeyCertFile() {
        return this.keyCertFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getPrivateKeyFile() {
        return this.keyCertFile;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public File getCertificateFile() {
        return this.keyCertFile;
    }

    public String getKeyCertContent() {
        return this.keyCertContent;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public GeniUrn getUserUrn() {
        return this.userUrn;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public String getUserUrnString() {
        if (this.userUrn != null) {
            return this.userUrn.getValue();
        }
        return null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public PrivateKey getPrivateKey() {
        return this.privateKey;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public List<X509Certificate> getClientCertificateChain() {
        return this.certificateChain;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public SfaAuthority getUserAuthority() {
        return this.authority;
    }

    public String getUserAuthorityUrn() {
        return this.authorityUrn;
    }

    public boolean isValid() {
        return (this.authority == null || this.userUrn == null || this.keyCertContent == null || this.privateKey == null || this.certificateChain == null || this.certificateChain.isEmpty()) ? false : true;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUser
    public RSAPublicKey getPublicKey() {
        return this.publicKey;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUserProvider
    public GeniUser getLoggedInGeniUser() {
        if (isValid()) {
            return this;
        }
        return null;
    }

    @Override // be.iminds.ilabt.jfed.lowlevel.GeniUserProvider
    public boolean isUserLoggedIn() {
        return isValid();
    }

    public boolean equals(Object obj) {
        throw new UnsupportedOperationException();
    }

    public int hashCode() {
        throw new UnsupportedOperationException();
    }

    public URL getKeyCertURL() {
        return this.keyCertUrl;
    }

    static {
        $assertionsDisabled = !KeyCertUserLoginModel.class.desiredAssertionStatus();
        LOG = LoggerFactory.getLogger((Class<?>) KeyCertUserLoginModel.class);
    }
}
