package com.evolveum.midpoint.authentication.impl.module.configuration;

import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractKeyStoreKeyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractSimpleKeyType;
import com.evolveum.prism.xml.ns._public.types_3.ProtectedStringType;
import java.io.ByteArrayInputStream;
import java.io.CharArrayReader;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Optional;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.lang3.StringUtils;
import org.apache.cxf.common.util.Base64Exception;
import org.apache.cxf.common.util.Base64Utility;
import org.apache.tomcat.util.net.jsse.PEMFile;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JceOpenSSLPKCS8DecryptorProviderBuilder;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.pkcs.PKCS8EncryptedPrivateKeyInfo;
import org.bouncycastle.pkcs.PKCSException;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/module/configuration/RemoteModuleWebSecurityConfiguration.class */
public class RemoteModuleWebSecurityConfiguration extends ModuleWebSecurityConfigurationImpl {
    static Protector protector = PrismContext.get().getDefaultProtector();

    /* JADX INFO: Access modifiers changed from: protected */
    public static Certificate getCertificate(AbstractSimpleKeyType abstractSimpleKeyType, Protector protector2) throws EncryptionException, CertificateException, Base64Exception {
        if (abstractSimpleKeyType == null || abstractSimpleKeyType.getCertificate() == null) {
            return null;
        }
        return getCertificate(abstractSimpleKeyType.getCertificate(), protector2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Certificate getCertificate(ProtectedStringType protectedStringType, Protector protector2) throws EncryptionException, CertificateException, Base64Exception {
        byte[] bytes;
        String decryptString = protector2.decryptString(protectedStringType);
        if (StringUtils.isNotEmpty(decryptString) && decryptString.startsWith(PEMFile.Part.FINISH_BOUNDARY)) {
            String replaceFirst = decryptString.replaceFirst(PEMFile.Part.FINISH_BOUNDARY, "");
            String replaceFirst2 = replaceFirst.substring(replaceFirst.indexOf(PEMFile.Part.FINISH_BOUNDARY)).replaceFirst(PEMFile.Part.FINISH_BOUNDARY, "");
            decryptString = replaceFirst2.substring(0, replaceFirst2.indexOf(PEMFile.Part.FINISH_BOUNDARY)).replaceFirst("^\\s*", "").replaceFirst("\\s++$", "");
        }
        if (Base64.isBase64(decryptString)) {
            bytes = Base64Utility.decode(decryptString, decryptString.contains("-") || decryptString.contains("_"));
        } else {
            bytes = decryptString.getBytes();
        }
        return CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bytes));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static Certificate getCertificate(AbstractKeyStoreKeyType abstractKeyStoreKeyType, Protector protector2) throws EncryptionException, CertificateException, KeyStoreException, IOException, NoSuchAlgorithmException {
        if (abstractKeyStoreKeyType == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(abstractKeyStoreKeyType.getKeyStorePath()), protector2.decryptString(abstractKeyStoreKeyType.getKeyStorePassword()).toCharArray());
        return keyStore.getCertificate(abstractKeyStoreKeyType.getKeyAlias());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static PrivateKey getPrivateKey(AbstractSimpleKeyType abstractSimpleKeyType, Protector protector2) throws EncryptionException, IOException, PKCSException, OperatorCreationException {
        if (abstractSimpleKeyType == null) {
            return null;
        }
        PrivateKey privateKey = null;
        String decryptString = protector2.decryptString(abstractSimpleKeyType.getPrivateKey());
        String decryptString2 = protector2.decryptString(abstractSimpleKeyType.getPassphrase());
        if (org.springframework.util.StringUtils.hasText(decryptString)) {
            PEMParser pEMParser = new PEMParser(new CharArrayReader(decryptString.toCharArray()));
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            JcaPEMKeyConverter jcaPEMKeyConverter = new JcaPEMKeyConverter();
            if (readObject == null) {
                throw new EncryptionException("Unable to decode PEM key");
            }
            if (readObject instanceof PEMEncryptedKeyPair) {
                privateKey = jcaPEMKeyConverter.getKeyPair(((PEMEncryptedKeyPair) readObject).decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(((String) Optional.ofNullable(decryptString2).orElse("")).toCharArray()))).getPrivate();
            } else if (readObject instanceof PEMKeyPair) {
                privateKey = jcaPEMKeyConverter.getKeyPair((PEMKeyPair) readObject).getPrivate();
            } else if (readObject instanceof PrivateKeyInfo) {
                privateKey = jcaPEMKeyConverter.getPrivateKey((PrivateKeyInfo) readObject);
            } else {
                if (!(readObject instanceof PKCS8EncryptedPrivateKeyInfo)) {
                    throw new EncryptionException("Unable get private key from " + readObject);
                }
                privateKey = jcaPEMKeyConverter.getPrivateKey(((PKCS8EncryptedPrivateKeyInfo) readObject).decryptPrivateKeyInfo(new JceOpenSSLPKCS8DecryptorProviderBuilder().build(((String) Optional.ofNullable(decryptString2).orElse("")).toCharArray())));
            }
        }
        return privateKey;
    }

    public static PrivateKey getPrivateKey(AbstractKeyStoreKeyType abstractKeyStoreKeyType, Protector protector2) throws KeyStoreException, IOException, EncryptionException, NoSuchAlgorithmException, UnrecoverableKeyException, CertificateException {
        if (abstractKeyStoreKeyType == null) {
            return null;
        }
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(new FileInputStream(abstractKeyStoreKeyType.getKeyStorePath()), protector2.decryptString(abstractKeyStoreKeyType.getKeyStorePassword()).toCharArray());
        Key key = keyStore.getKey(abstractKeyStoreKeyType.getKeyAlias(), protector2.decryptString(abstractKeyStoreKeyType.getKeyPassword()).toCharArray());
        if (key instanceof PrivateKey) {
            return (PrivateKey) key;
        }
        throw new EncryptionException("Alias " + abstractKeyStoreKeyType.getKeyAlias() + " don't return key of PrivateKey type.");
    }
}
