package org.n52.security.common.crypto;

import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FilenameFilter;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.KeySpec;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import org.apache.commons.codec.binary.Base64InputStream;
import org.n52.security.common.util.FileFinder;

/* loaded from: input_file:org/n52/security/common/crypto/FilesystemKeyPairProvider.class */
public class FilesystemKeyPairProvider implements KeyPairProvider {
    private String m_filePath = "";
    private Map<String, String> m_passphrasesByAlias = new HashMap();
    private File m_keyPairsDirectory;

    public void init() {
        this.m_keyPairsDirectory = new FileFinder(this.m_filePath).getFile();
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveByAlias(String str, char[] cArr) throws KeyPairResolvingException {
        char[] lookupPasswordIfNotSpecified = lookupPasswordIfNotSpecified(str, cArr);
        File file = new File(this.m_keyPairsDirectory, str + ".cer");
        assertFileExists(file);
        try {
            X509Certificate readCert = readCert(file);
            return createKeyPair(str, readPrivateKey(str, lookupPasswordIfNotSpecified, readCert.getPublicKey().getAlgorithm()), readCert);
        } catch (Exception e) {
            throw new KeyPairResolvingException("", e);
        }
    }

    private char[] lookupPasswordIfNotSpecified(String str, char[] cArr) {
        String str2 = this.m_passphrasesByAlias.get(str);
        return (str2 == null || cArr != null) ? cArr : str2.toCharArray();
    }

    private DefaultKeyPair createKeyPair(String str, PrivateKey privateKey, Certificate certificate) {
        DefaultKeyPair defaultKeyPair = new DefaultKeyPair();
        defaultKeyPair.setAlias(str);
        defaultKeyPair.setPrivateKey(privateKey);
        defaultKeyPair.setCertificate(certificate);
        return defaultKeyPair;
    }

    private PrivateKey readPrivateKey(String str, char[] cArr, String str2) throws IOException, GeneralSecurityException {
        File file = new File(this.m_keyPairsDirectory, str + ".key");
        if (!file.exists()) {
            return null;
        }
        byte[] decodeBase64 = decodeBase64(file);
        KeySpec pKCS8EncodedKeySpec = new PKCS8EncodedKeySpec(decodeBase64);
        if (cArr != null) {
            pKCS8EncodedKeySpec = decode(decodeBase64, cArr);
        }
        return KeyFactory.getInstance(str2).generatePrivate(pKCS8EncodedKeySpec);
    }

    private X509Certificate readCert(File file) throws CertificateException, IOException {
        return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new Base64InputStream(new FileInputStream(file)));
    }

    private KeySpec decode(byte[] bArr, char[] cArr) throws GeneralSecurityException, IOException {
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr)), encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    private byte[] decodeBase64(File file) throws IOException {
        Base64InputStream base64InputStream = new Base64InputStream(new FileInputStream(file));
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream(((int) file.length()) * 2);
        byte[] bArr = new byte[1024];
        while (true) {
            int read = base64InputStream.read(bArr);
            if (read == -1) {
                return byteArrayOutputStream.toByteArray();
            }
            byteArrayOutputStream.write(bArr, 0, read);
        }
    }

    private void assertFileExists(File file) throws IllegalArgumentException {
        if (!file.exists()) {
            throw new IllegalArgumentException("There is no file <" + file.getAbsolutePath() + ">");
        }
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveBySerialIssuer(String str, BigInteger bigInteger, char[] cArr) {
        File findMatchingCertificateFile = findMatchingCertificateFile(str, bigInteger);
        if (findMatchingCertificateFile == null) {
            return null;
        }
        return resolveByAlias(findMatchingCertificateFile.getName().replaceAll("\\.cer$", ""), cArr);
    }

    private File[] getAllCertificateFiles() {
        return this.m_keyPairsDirectory.listFiles(new FilenameFilter() { // from class: org.n52.security.common.crypto.FilesystemKeyPairProvider.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file, String str) {
                return str.endsWith(".cer");
            }
        });
    }

    private File findMatchingCertificateFile(String str, BigInteger bigInteger) {
        for (File file : getAllCertificateFiles()) {
            try {
                X509Certificate readCert = readCert(file);
                if (new X509Name(readCert.getIssuerDN().getName()).equals(new X509Name(str)) && readCert.getSerialNumber().equals(bigInteger)) {
                    return file;
                }
            } catch (Exception e) {
                throw new KeyPairResolvingException("", e);
            }
        }
        return null;
    }

    @Override // org.n52.security.common.crypto.KeyPairProvider
    public KeyPair resolveByCertificate(Certificate certificate, char[] cArr) throws KeyPairResolvingException {
        if (!(certificate instanceof X509Certificate)) {
            return null;
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        return resolveBySerialIssuer(x509Certificate.getIssuerDN().getName(), x509Certificate.getSerialNumber(), cArr);
    }

    public String getFilePath() {
        return this.m_filePath;
    }

    public void setFilePath(String str) {
        this.m_filePath = str;
    }

    public void setPassphrasesByAlias(Map<String, String> map) {
        this.m_passphrasesByAlias = map;
    }

    public Map<String, String> getPassphrasesByAlias() {
        return this.m_passphrasesByAlias;
    }
}
