package be.iminds.ilabt.jfed.lowlevel.user;

import be.iminds.ilabt.jfed.fedmon.webapi.service.json.Server;
import be.iminds.ilabt.jfed.lowlevel.AnyCredential;
import be.iminds.ilabt.jfed.lowlevel.GeniUser;
import be.iminds.ilabt.jfed.lowlevel.SimpleGeniUser;
import be.iminds.ilabt.jfed.lowlevel.SimpleGeniUserWithSpeaksFor;
import be.iminds.ilabt.jfed.lowlevel.authority.AuthorityFinder;
import be.iminds.ilabt.jfed.lowlevel.userloginmodel.InvalidLoginException;
import be.iminds.ilabt.jfed.lowlevel.userloginmodel.InvalidPasswordException;
import be.iminds.ilabt.jfed.util.GeniUrn;
import be.iminds.ilabt.jfed.util.IOUtils;
import be.iminds.ilabt.jfed.util.KeyUtil;
import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.StandardCharsets;
import java.security.cert.CertificateParsingException;
import java.security.cert.X509Certificate;
import java.util.Collection;
import java.util.List;
import java.util.Objects;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.inject.Inject;
import javax.inject.Singleton;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:be/iminds/ilabt/jfed/lowlevel/user/GeniUserFactory.class */
public class GeniUserFactory {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) GeniUserFactory.class);

    @Nullable
    private final AuthorityFinder authorityFinder;

    @Inject
    public GeniUserFactory(@Nullable AuthorityFinder authorityFinder) {
        this.authorityFinder = authorityFinder;
    }

    @Nullable
    public static GeniUrn deriveUserUrnFromCertificateChain(@Nonnull List<X509Certificate> list) throws CertificateParsingException {
        GeniUrn parse;
        Collection<List<?>> subjectAlternativeNames = list.get(0).getSubjectAlternativeNames();
        if (subjectAlternativeNames == null) {
            return null;
        }
        for (List<?> list2 : subjectAlternativeNames) {
            if (((Integer) list2.get(0)).intValue() == 6 && (parse = GeniUrn.parse((String) list2.get(1))) != null && Objects.equals(parse.getEncodedResourceType(), "user")) {
                return parse;
            }
        }
        return null;
    }

    @Nonnull
    public GeniUser createGeniUser(@Nonnull String str, @Nullable char[] cArr, @Nullable File file, @Nullable File file2, @Nullable List<AnyCredential> list) throws InvalidLoginException, SimpleGeniUserWithSpeaksFor.InvalidSpeaksForException {
        GeniUser createGeniUser = createGeniUser(str, cArr, file, file2);
        return (list == null || list.isEmpty()) ? createGeniUser : new SimpleGeniUserWithSpeaksFor(createGeniUser.getUserAuthorityServer(), createGeniUser.getUserUrn(), createGeniUser.getClientCertificateChain(), createGeniUser.getPrivateKey(), createGeniUser.getCertificateFile(), createGeniUser.getPrivateKeyFile(), list);
    }

    @Nonnull
    public GeniUser createGeniUser(@Nonnull String str, @Nullable char[] cArr, @Nullable File file, @Nullable File file2) throws InvalidLoginException {
        try {
            if (KeyUtil.pemToAnyPrivateKey(str, cArr) == null) {
                throw new InvalidLoginException("ERROR: PEM key and certificate does not contain a key:" + str);
            }
            List<X509Certificate> pemToX509CertificateChain = KeyUtil.pemToX509CertificateChain(str);
            if (pemToX509CertificateChain == null || pemToX509CertificateChain.isEmpty()) {
                throw new InvalidLoginException("ERROR: PEM key and certificate does not contain a X509 certificate:" + str);
            }
            try {
                GeniUrn deriveUserUrnFromCertificateChain = deriveUserUrnFromCertificateChain(pemToX509CertificateChain);
                if (deriveUserUrnFromCertificateChain == null) {
                    throw new InvalidLoginException("Could not find user URN in certificate");
                }
                Server findByAnyUrn = this.authorityFinder != null ? this.authorityFinder.findByAnyUrn(deriveUserUrnFromCertificateChain, AuthorityFinder.Purpose.FIND_USERAUTH) : null;
                if (findByAnyUrn == null) {
                    LOG.warn("Could not find user authority server for {}", deriveUserUrnFromCertificateChain);
                }
                return new SimpleGeniUser(findByAnyUrn, deriveUserUrnFromCertificateChain, str, cArr, file, file2);
            } catch (CertificateParsingException e) {
                throw new InvalidLoginException("Could not parse certificate to extract user URN", e);
            }
        } catch (KeyUtil.PEMDecodingException e2) {
            throw new InvalidPasswordException("ERROR reading PEM key:" + str + " -> " + e2.getMessage(), e2);
        }
    }

    @Nonnull
    public GeniUser createGeniUser(@Nonnull File file, @Nullable char[] cArr) throws InvalidLoginException {
        if (!file.exists()) {
            throw new InvalidLoginException("Key and Certificate file does not exist: \"" + file.getPath() + "\"\n");
        }
        try {
            return createGeniUser(IOUtils.fileToString(file), cArr, file, file);
        } catch (IOException e) {
            throw new InvalidLoginException("Could not read certificate file", e);
        }
    }

    @Nonnull
    public GeniUser createGeniUser(@Nonnull URL url, @Nullable char[] cArr) throws InvalidLoginException {
        try {
            String urlToString = IOUtils.urlToString(url, StandardCharsets.UTF_8);
            if (urlToString.isEmpty()) {
                throw new InvalidLoginException("Could not read key-certificate pair from the provided URL.");
            }
            return createGeniUser(urlToString, cArr, null, null);
        } catch (IOException e) {
            LOG.error("Could not fetch key-certificate-pair", (Throwable) e);
            throw new InvalidLoginException("Could not fetch key-certificate-pair", e);
        }
    }
}
