package org.zowe.apiml.security;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.security.Key;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.Arrays;
import java.util.Base64;
import java.util.Enumeration;
import java.util.HashSet;
import java.util.Set;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.zowe.apiml.message.log.ApimlLogger;
import org.zowe.apiml.message.yaml.YamlMessageServiceInstance;
import org.zowe.apiml.security.HttpsConfigError;

/* loaded from: input_file:BOOT-INF/lib/common-service-core-1.21.8.jar:org/zowe/apiml/security/SecurityUtils.class */
public final class SecurityUtils {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityUtils.class);
    private static ApimlLogger apimlLog = ApimlLogger.of(SecurityUtils.class, YamlMessageServiceInstance.getInstance());
    public static final String SAFKEYRING = "safkeyring";

    public static Key loadKey(HttpsConfig httpsConfig) {
        if (httpsConfig.getKeyStore() == null) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            char[] keyPassword = httpsConfig.getKeyPassword();
            if (httpsConfig.getKeyAlias() != null) {
                return loadKeyStore.getKey(httpsConfig.getKeyAlias(), keyPassword);
            }
            throw new KeyStoreException("No key alias provided.");
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingSecretKey", e.getMessage());
            throw new HttpsConfigError(e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static Certificate[] loadCertificateChain(HttpsConfig httpsConfig) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        return httpsConfig.getKeyStore() != null ? loadKeyStore(httpsConfig).getCertificateChain(httpsConfig.getKeyAlias()) : new Certificate[0];
    }

    public static Set<String> loadCertificateChainBase64(HttpsConfig httpsConfig) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException {
        HashSet hashSet = new HashSet();
        for (Certificate certificate : loadCertificateChain(httpsConfig)) {
            hashSet.add(Base64.getEncoder().encodeToString(certificate.getPublicKey().getEncoded()));
        }
        return hashSet;
    }

    public static PublicKey loadPublicKey(HttpsConfig httpsConfig) {
        if (httpsConfig.getKeyStore() == null) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            Certificate certificate = null;
            if (httpsConfig.getKeyAlias() != null) {
                certificate = loadKeyStore.getCertificate(httpsConfig.getKeyAlias());
            } else {
                Enumeration<String> aliases = loadKeyStore.aliases();
                while (aliases.hasMoreElements()) {
                    certificate = loadKeyStore.getCertificate(aliases.nextElement());
                    if (certificate != null) {
                        break;
                    }
                }
            }
            if (certificate != null) {
                return certificate.getPublicKey();
            }
            return null;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingPublicKey", e.getMessage());
            throw new HttpsConfigError(e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static Key findPrivateKeyByPublic(HttpsConfig httpsConfig, byte[] bArr) {
        if (httpsConfig.getKeyStore() == null) {
            return null;
        }
        try {
            KeyStore loadKeyStore = loadKeyStore(httpsConfig);
            char[] keyPassword = httpsConfig.getKeyPassword();
            Key key = null;
            Enumeration<String> aliases = loadKeyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (Arrays.equals(loadKeyStore.getCertificate(nextElement).getPublicKey().getEncoded(), bArr)) {
                    key = loadKeyStore.getKey(nextElement, keyPassword);
                    if (key != null) {
                        break;
                    }
                }
            }
            return key;
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e) {
            apimlLog.log("org.zowe.apiml.common.errorLoadingSecretKey", e.getMessage());
            throw new HttpsConfigError("Error loading secret key: " + e.getMessage(), e, HttpsConfigError.ErrorCode.HTTP_CLIENT_INITIALIZATION_FAILED, httpsConfig);
        }
    }

    public static KeyStore loadKeyStore(HttpsConfig httpsConfig) throws KeyStoreException, IOException, CertificateException, NoSuchAlgorithmException {
        KeyStore keyStore = KeyStore.getInstance(httpsConfig.getKeyStoreType());
        keyStore.load(httpsConfig.getKeyStore().startsWith("safkeyring") ? keyRingUrl(httpsConfig.getKeyStore(), httpsConfig.getTrustStore()).openStream() : new FileInputStream(new File(httpsConfig.getKeyStore())), httpsConfig.getKeyStorePassword());
        return keyStore;
    }

    public static URL keyRingUrl(String str, String str2) throws MalformedURLException {
        if (str.startsWith("safkeyring:////")) {
            return new URL(replaceFourSlashes(str));
        }
        throw new MalformedURLException("Incorrect key ring format: " + str2 + ". Make sure you use format safkeyring:////userId/keyRing");
    }

    public static String replaceFourSlashes(String str) {
        if (str == null) {
            return null;
        }
        return str.replaceFirst("////", "//");
    }

    public static KeyPair generateKeyPair(String str, int i) {
        KeyPair keyPair = null;
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(str);
            keyPairGenerator.initialize(i);
            keyPair = keyPairGenerator.generateKeyPair();
        } catch (NoSuchAlgorithmException e) {
            log.debug("An error occurred while generating keypair: {}", e.getMessage());
        }
        return keyPair;
    }

    @Generated
    private SecurityUtils() {
        throw new UnsupportedOperationException("This is a utility class and cannot be instantiated");
    }
}
