package org.zowe.apiml.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.message.yaml.YamlMessageServiceInstance;
import org.zowe.apiml.security.HttpsConfigError;

/* loaded from: input_file:BOOT-INF/lib/common-service-core-1.26.20.jar:org/zowe/apiml/security/SecurityUtils.class */
public final class SecurityUtils {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityUtils.class);
    private static ApimlLogger apimlLog = ApimlLogger.of(SecurityUtils.class, YamlMessageServiceInstance.getInstance());
    public static final String SAFKEYRING = "safkeyring";

    public static Key loadKey(HttpsConfig httpsConfig) {
        if (!StringUtils.isNotEmpty(httpsConfig.getKeyStore())) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            char[] keyPassword = httpsConfig.getKeyPassword();
            if (httpsConfig.getKeyAlias() != null) {
                return loadKeyStore.getKey(httpsConfig.getKeyAlias(), keyPassword);
            }
            throw new KeyStoreException("No key alias provided.");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingSecretKey", e.getMessage());
            throw new HttpsConfigError(e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static RSAPrivateKey readPemPrivateKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.getDecoder().decode("-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCOkSanuY2fHxuL\n+cXaWosSQ3VzFSfWotq9TYQDLvReZf2tlLHWGUDWTxK3VqkPrvygj45vfwxpv69O\nueT2e8mCzp7rua2ybTQ4/WakYfNBJjZYPADk4Yu/70V4MjodOEAfVwTPXjylEG2I\n31WRUz47NXb6+ofmFc7a+dKd5SeciUxVnX4nsblYg8ksPGh1dYWqd7yXnpJghFbP\nratMrQfB7SCEAyuyJPPR5UqB9Wvvqs/SEhhkzALdvVvF+GPBQ65DGMR5gyHaMQv7\nk2/YhwR87NdgQ4L8isP+stribid8Gz4kmLDiE6Ae+PN03P0TNXQP4dJasicdcR3+\nBaMOfiwXAgMBAAECggEAMU1xGL/KgiS32gheq8x0G7TIgSvnwwo+qwiLhq5OQ/bx\na33ooinJilN+HXkSriHNq5j5oQVGvatUbN1MmRDl9x6NRufHcdTiInM/c8mL3hPg\n51KY3I5DTfTpCVAVWNWDF1N4jl4AivTLbHIPnVo0QzWSF+lb5e3Uw1VxyLjeofs0\nRFNQacxhAE8TK1kAx5HXpmbB20MuX+rkvKXKoQ/ppaj4gWifdl1pKz7xPL6okcYz\ngoXIShdtAL4IDOvyE7A8jhjBH9Bf3Vftn1umzUxvTUrAZgSI7FYGIUEKBcw+3ygG\nbLy5j8tSsWJTeLykVEc+ZwjZee6VCUMFNn+9my4QQQKBgQDVNYJYDazUiTg8Sqh7\n941etnimZOjYFfbcBww2qid6Rw6MxvAGo5fOnBqqbgvttFDw6mKkPzvEbjx0fySS\nS+ZfMB1Nqd5xhSxgm2Jrsr1wT/9HsPbOi316E4EDePyy9bpt9NSI5vwcteHU8Wpt\nmkaQzjXm+/+OXoyDru9p6veqewKBgQCrLh38qEmg++8RsDEzPXKwNm6AiH+U2H/f\nXRHJI0LVb9DFrsjbJp+VtJIBzzyobT7h+B3vw/lY0eAMHJUeACMFiXq0bsGy+nnt\nh6p8UgdtB1BDrijXrG7DYCJxUG6Z5aJDhu53LbsLFVthE6qedlzUdNNnC9Vl9o5p\nxDt/OliQFQKBgQDIOn9ViEo2M0Pfw1FlUn+uYfj+cygEvuPdkLTUpYl7mT290Zpa\n8cnAW/Pi+IQ1UTDuf3/xtfzAJbKayUikJ6mK3Vm3tP7VZ3bcpzCP6gVkc4xPXI78\nPB2zxptTkozm2ESjvNjYVOyRXfJfE/WaRtdcaHxQl3pRztNxW5k1xFeg/wKBgFu9\nbH7C5irrujVdmxCeBwAfO9uQy+dGnElmBKkqR6BBu76mLKkeqvo9et6TZSvS2Jec\nNNcRzWlnmU6EZvpcEmjeRC+9B/xWts+xHJJiF+67s62CAguMMxRsSik2dP/vjKXq\nA5VFoe+Ps5h0RMWGI7wNHFsmgWiS2cIfU8+cwmf9AoGAR3vutUBt0+pMqPlAREPQ\nBHUjZXhYrxHoD2kvxFkDVlMvPP9GVy6lgjEt1S28oRNjiES2AZWoSoqEbe0ZHg7t\nOfsydqmJqfwJaLoAkRzxdqJ66KH2m/BEOBapxMr8B79hfcjpMf2O+T76+6hMFF6j\nRIpBLV1t4pDsd7fvwxpR3vA=\n-----END PRIVATE KEY-----\n".replace("-----BEGIN PRIVATE KEY-----", "").replaceAll(StringUtils.LF, "").replace("-----END PRIVATE KEY-----", ""))));
    }

    public static RSAPublicKey readPemPublicKey() throws NoSuchAlgorithmException, InvalidKeySpecException {
        return (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(Base64.getDecoder().decode("-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpEmp7mNnx8bi/nF2lqL\nEkN1cxUn1qLavU2EAy70XmX9rZSx1hlA1k8St1apD678oI+Ob38Mab+vTrnk9nvJ\ngs6e67mtsm00OP1mpGHzQSY2WDwA5OGLv+9FeDI6HThAH1cEz148pRBtiN9VkVM+\nOzV2+vqH5hXO2vnSneUnnIlMVZ1+J7G5WIPJLDxodXWFqne8l56SYIRWz62rTK0H\nwe0ghAMrsiTz0eVKgfVr76rP0hIYZMwC3b1bxfhjwUOuQxjEeYMh2jEL+5Nv2IcE\nfOzXYEOC/IrD/rLa4m4nfBs+JJiw4hOgHvjzdNz9EzV0D+HSWrInHXEd/gWjDn4s\nFwIDAQAB\n-----END PUBLIC KEY-----".replace("-----BEGIN PUBLIC KEY-----", "").replaceAll(StringUtils.LF, "").replace("-----END PUBLIC KEY-----", ""))));
    }

    public static Set<String> readApimlCertChainPemPublicKeys() {
        String replace = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjo7rxDzO51tfSmqahMbY\n6lsXLO+/tXYk1ZcIufsh5L+UMs5StHlfSglbiRgWhfdJDTZb9R760klXL7QRYwBc\nYn3yhdYTsTB0+RJddPlTQzxAx45xV7b+fCtsQqBFZk5aes/TduyHCHXQRl+iLos1\n3isrl5LSB66ohKxMtflPBeqTM/ptNBbq72XqFCQIZClClvMMYnxrW2FNfftxpLQb\neFu3KN/8V4gcQoSUvE8YU8PYbVUnuhURActywrxHpke5q/tYQR8iDb6D1ZwLU8+/\nrTrnPbZq+O2DP7vRyBP9pHS/WNSxY1sTnz7gQ2OlUL+BEQLgRXRPc5ev1kwn0kVd\n8QIDAQAB\n-----END PUBLIC KEY-----".replace("-----BEGIN PUBLIC KEY-----", "").replaceAll(StringUtils.LF, "").replace("-----END PUBLIC KEY-----", "");
        HashSet hashSet = new HashSet();
        hashSet.add(replace);
        return hashSet;
    }

    public static Certificate[] loadCertificateChain(HttpsConfig httpsConfig) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        return StringUtils.isNotEmpty(httpsConfig.getKeyStore()) ? loadKeyStore(httpsConfig).getCertificateChain(httpsConfig.getKeyAlias()) : new Certificate[0];
    }

    public static Set<String> loadCertificateChainBase64(HttpsConfig httpsConfig) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        HashSet hashSet = new HashSet();
        for (Certificate certificate : loadCertificateChain(httpsConfig)) {
            hashSet.add(Base64.getEncoder().encodeToString(certificate.getPublicKey().getEncoded()));
        }
        return hashSet;
    }

    public static PublicKey loadPublicKey(HttpsConfig httpsConfig) {
        if (!StringUtils.isNotEmpty(httpsConfig.getKeyStore())) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            Certificate certificate = null;
            if (httpsConfig.getKeyAlias() != null) {
                certificate = loadKeyStore.getCertificate(httpsConfig.getKeyAlias());
            } else {
                Enumeration<String> aliases = loadKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    certificate = loadKeyStore.getCertificate(aliases.nextElement());
                    if (certificate != null) {
                        break;
                    }
                }
            }
            if (certificate != null) {
                return certificate.getPublicKey();
            }
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingPublicKey", e.getMessage());
            throw new HttpsConfigError(e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static Key findPrivateKeyByPublic(HttpsConfig httpsConfig, byte[] bArr) {
        if (!StringUtils.isNotEmpty(httpsConfig.getKeyStore())) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            char[] keyPassword = httpsConfig.getKeyPassword();
            Key key = null;
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (Arrays.equals(loadKeyStore.getCertificate(nextElement).getPublicKey().getEncoded(), bArr)) {
                    key = loadKeyStore.getKey(nextElement, keyPassword);
                    if (key != null) {
                        break;
                    }
                }
            }
            return key;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingSecretKey", e.getMessage());
            throw new HttpsConfigError("Error loading secret key: " + e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static KeyStore loadKeyStore(HttpsConfig httpsConfig) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(httpsConfig.getKeyStoreType());
        keyStore.load(httpsConfig.getKeyStore().startsWith(SAFKEYRING) ? keyRingUrl(httpsConfig.getKeyStore(), httpsConfig.getTrustStore()).openStream() : new FileInputStream(new File(httpsConfig.getKeyStore())), httpsConfig.getKeyStorePassword());
        return keyStore;
    }

    public static URL keyRingUrl(String str, String str2) throws MalformedURLException {
        if (str.startsWith("safkeyring:////")) {
            return new URL(replaceFourSlashes(str));
        }
        throw new MalformedURLException("Incorrect key ring format: " + str2 + ". Make sure you use format safkeyring:////userId/keyRing");
    }

    public static String replaceFourSlashes(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceFirst("////", "//");
    }

    public static KeyPair generateKeyPair(String str, int i) {
        KeyPair keyPair = null;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(i);
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            log.debug("An error occurred while generating keypair: {}", e.getMessage());
        }
        return keyPair;
    }

    @Generated
    private SecurityUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
