package io.mosip.kernel.keymanagerservice.util;

import io.mosip.kernel.core.crypto.spi.CryptoCoreSpec;
import io.mosip.kernel.core.keymanager.exception.KeystoreProcessingException;
import io.mosip.kernel.core.keymanager.model.CertificateEntry;
import io.mosip.kernel.core.keymanager.model.CertificateParameters;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.core.util.CryptoUtil;
import io.mosip.kernel.core.util.DateUtils;
import io.mosip.kernel.keygenerator.bouncycastle.KeyGenerator;
import io.mosip.kernel.keymanager.hsm.constant.KeymanagerErrorCode;
import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant;
import io.mosip.kernel.keymanagerservice.constant.KeymanagerErrorConstant;
import io.mosip.kernel.keymanagerservice.dto.CSRGenerateRequestDto;
import io.mosip.kernel.keymanagerservice.dto.KeyPairGenerateRequestDto;
import io.mosip.kernel.keymanagerservice.entity.BaseEntity;
import io.mosip.kernel.keymanagerservice.entity.KeyAlias;
import io.mosip.kernel.keymanagerservice.exception.KeymanagerServiceException;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.StringReader;
import java.io.StringWriter;
import java.nio.charset.StandardCharsets;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateFactory;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.time.format.DateTimeFormatter;
import java.util.Arrays;
import java.util.Date;
import java.util.Objects;
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.security.auth.DestroyFailedException;
import javax.security.auth.x500.X500Principal;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.io.IOUtils;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.encoders.Hex;
import org.bouncycastle.util.io.pem.PemObject;
import org.bouncycastle.util.io.pem.PemReader;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/mosip/kernel/keymanagerservice/util/KeymanagerUtil.class */
public class KeymanagerUtil {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(KeymanagerUtil.class);
    private static final String UTC_DATETIME_PATTERN = "yyyy-MM-dd'T'HH:mm:ss.SSS'Z'";

    @Value("${mosip.kernel.keygenerator.asymmetric-algorithm-name}")
    private String asymmetricAlgorithmName;

    @Value("${mosip.kernel.data-key-splitter}")
    private String keySplitter;

    @Value("${mosip.kernel.keymanager.certificate.default.common-name}")
    private String commonName;

    @Value("${mosip.kernel.keymanager.certificate.default.organizational-unit}")
    private String organizationUnit;

    @Value("${mosip.kernel.keymanager.certificate.default.organization}")
    private String organization;

    @Value("${mosip.kernel.keymanager.certificate.default.location}")
    private String location;

    @Value("${mosip.kernel.keymanager.certificate.default.state}")
    private String state;

    @Value("${mosip.kernel.keymanager.certificate.default.country}")
    private String country;

    @Value("${mosip.kernel.crypto.symmetric-algorithm-name}")
    private String symmetricAlgorithmName;

    @Value("${mosip.kernel.certificate.sign.algorithm:SHA256withRSA}")
    private String signAlgorithm;

    @Autowired
    KeyGenerator keyGenerator;

    @Autowired
    private CryptoCoreSpec<byte[], byte[], SecretKey, PublicKey, PrivateKey, String> cryptoCore;

    public boolean isValidTimestamp(LocalDateTime localDateTime, KeyAlias keyAlias, int i) {
        return localDateTime.isEqual(keyAlias.getKeyGenerationTime()) || localDateTime.isEqual(keyAlias.getKeyExpiryTime()) || (localDateTime.isAfter(keyAlias.getKeyGenerationTime()) && localDateTime.isBefore(keyAlias.getKeyExpiryTime().minusDays((long) i)));
    }

    public boolean isOverlapping(LocalDateTime localDateTime, LocalDateTime localDateTime2, LocalDateTime localDateTime3, LocalDateTime localDateTime4) {
        return (localDateTime.isAfter(localDateTime4) || localDateTime3.isAfter(localDateTime2)) ? false : true;
    }

    public boolean isValidReferenceId(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public <T extends BaseEntity> T setMetaData(T t) {
        LocalDateTime now = LocalDateTime.now(ZoneId.of("UTC"));
        t.setCreatedBy("SYSTEM");
        t.setCreatedtimes(now);
        t.setIsDeleted(false);
        return t;
    }

    public byte[] encryptKey(PrivateKey privateKey, PublicKey publicKey) {
        SecretKey symmetricKey = this.keyGenerator.getSymmetricKey();
        return CryptoUtil.combineByteArray((byte[]) this.cryptoCore.symmetricEncrypt(symmetricKey, privateKey.getEncoded(), (Object) null), (byte[]) this.cryptoCore.asymmetricEncrypt(publicKey, symmetricKey.getEncoded()), this.keySplitter);
    }

    public byte[] decryptKey(byte[] bArr, PrivateKey privateKey, PublicKey publicKey) {
        return decryptKey(bArr, privateKey, publicKey, null);
    }

    public byte[] decryptKey(byte[] bArr, PrivateKey privateKey, PublicKey publicKey, String str) {
        int length = bArr.length;
        int length2 = this.keySplitter.length();
        int splitterIndex = CryptoUtil.getSplitterIndex(bArr, 0, this.keySplitter);
        byte[] copyOfRange = Arrays.copyOfRange(bArr, 0, splitterIndex);
        byte[] copyOfRange2 = Arrays.copyOfRange(bArr, splitterIndex + length2, length);
        byte[] bArr2 = (byte[]) this.cryptoCore.asymmetricDecrypt(privateKey, publicKey, copyOfRange, str);
        return (byte[]) this.cryptoCore.symmetricDecrypt(new SecretKeySpec(bArr2, 0, bArr2.length, this.symmetricAlgorithmName), copyOfRange2, (Object) null);
    }

    public LocalDateTime parseToLocalDateTime(String str) {
        return LocalDateTime.parse(str, DateTimeFormatter.ofPattern(UTC_DATETIME_PATTERN));
    }

    public void isCertificateValid(CertificateEntry<X509Certificate, PrivateKey> certificateEntry, Date date) {
        try {
            ((X509Certificate[]) certificateEntry.getChain())[0].checkValidity(date);
        } catch (CertificateExpiredException | CertificateNotYetValidException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.CERTIFICATE_PROCESSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public PrivateKey privateKeyExtractor(InputStream inputStream) {
        try {
            StringWriter stringWriter = new StringWriter();
            IOUtils.copy(inputStream, stringWriter, StandardCharsets.UTF_8);
            return KeyFactory.getInstance(this.asymmetricAlgorithmName).generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(stringWriter.toString())));
        } catch (IOException | NoSuchAlgorithmException | InvalidKeySpecException e) {
            throw new KeystoreProcessingException(KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorCode(), KeymanagerErrorCode.KEYSTORE_PROCESSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public boolean isValidResponseType(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public boolean isValidApplicationId(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public boolean isValidCertificateData(String str) {
        return (str == null || str.trim().isEmpty()) ? false : true;
    }

    public Certificate convertToCertificate(String str) {
        try {
            PemObject readPemObject = new PemReader(new StringReader(str)).readPemObject();
            if (Objects.isNull(readPemObject)) {
                LOGGER.error(KeymanagerConstant.SESSIONID, KeymanagerConstant.CERTIFICATE_PARSE, KeymanagerConstant.CERTIFICATE_PARSE, "Error Parsing Certificate.");
                throw new KeymanagerServiceException(KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorCode(), KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorMessage());
            }
            return CertificateFactory.getInstance(KeymanagerConstant.CERTIFICATE_TYPE).generateCertificate(new ByteArrayInputStream(readPemObject.getContent()));
        } catch (IOException | CertificateException e) {
            throw new KeymanagerServiceException(KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorCode(), KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public Certificate convertToCertificate(byte[] bArr) {
        try {
            return CertificateFactory.getInstance(KeymanagerConstant.CERTIFICATE_TYPE).generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new KeymanagerServiceException(KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorCode(), KeymanagerErrorConstant.CERTIFICATE_PARSING_ERROR.getErrorMessage() + e.getMessage());
        }
    }

    public String getPEMFormatedData(Object obj) {
        StringWriter stringWriter = new StringWriter();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            try {
                jcaPEMWriter.writeObject(obj);
                jcaPEMWriter.flush();
                String stringWriter2 = stringWriter.toString();
                jcaPEMWriter.close();
                return stringWriter2;
            } finally {
            }
        } catch (IOException e) {
            throw new KeymanagerServiceException(KeymanagerErrorConstant.INTERNAL_SERVER_ERROR.getErrorCode(), KeymanagerErrorConstant.INTERNAL_SERVER_ERROR.getErrorMessage(), e);
        }
    }

    public CertificateParameters getCertificateParameters(X500Principal x500Principal, LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        CertificateParameters certificateParameters = new CertificateParameters();
        X500Name x500Name = new X500Name(x500Principal.getName());
        certificateParameters.setCommonName(IETFUtils.valueToString(x500Name.getRDNs(BCStyle.CN)[0].getFirst().getValue()));
        certificateParameters.setOrganizationUnit(getParamValue(getAttributeIfExist(x500Name, BCStyle.OU), this.organizationUnit));
        certificateParameters.setOrganization(getParamValue(getAttributeIfExist(x500Name, BCStyle.O), this.organization));
        certificateParameters.setLocation(getParamValue(getAttributeIfExist(x500Name, BCStyle.L), this.location));
        certificateParameters.setState(getParamValue(getAttributeIfExist(x500Name, BCStyle.ST), this.state));
        certificateParameters.setCountry(getParamValue(getAttributeIfExist(x500Name, BCStyle.C), this.country));
        certificateParameters.setNotBefore(localDateTime);
        certificateParameters.setNotAfter(localDateTime2);
        return certificateParameters;
    }

    private static String getAttributeIfExist(X500Name x500Name, ASN1ObjectIdentifier aSN1ObjectIdentifier) {
        RDN[] rDNs = x500Name.getRDNs(aSN1ObjectIdentifier);
        return rDNs.length == 0 ? "" : IETFUtils.valueToString(rDNs[0].getFirst().getValue());
    }

    public CertificateParameters getCertificateParameters(KeyPairGenerateRequestDto keyPairGenerateRequestDto, LocalDateTime localDateTime, LocalDateTime localDateTime2, String str) {
        CertificateParameters certificateParameters = new CertificateParameters();
        certificateParameters.setCommonName(getParamValue(keyPairGenerateRequestDto.getCommonName(), this.commonName + " (" + str.toUpperCase() + ")"));
        certificateParameters.setOrganizationUnit(getParamValue(keyPairGenerateRequestDto.getOrganizationUnit(), this.organizationUnit));
        certificateParameters.setOrganization(getParamValue(keyPairGenerateRequestDto.getOrganization(), this.organization));
        certificateParameters.setLocation(getParamValue(keyPairGenerateRequestDto.getLocation(), this.location));
        certificateParameters.setState(getParamValue(keyPairGenerateRequestDto.getState(), this.state));
        certificateParameters.setCountry(getParamValue(keyPairGenerateRequestDto.getCountry(), this.country));
        certificateParameters.setNotBefore(localDateTime);
        certificateParameters.setNotAfter(localDateTime2);
        return certificateParameters;
    }

    public CertificateParameters getCertificateParameters(CSRGenerateRequestDto cSRGenerateRequestDto, LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        CertificateParameters certificateParameters = new CertificateParameters();
        certificateParameters.setCommonName(getParamValue(cSRGenerateRequestDto.getCommonName(), this.commonName));
        certificateParameters.setOrganizationUnit(getParamValue(cSRGenerateRequestDto.getOrganizationUnit(), this.organizationUnit));
        certificateParameters.setOrganization(getParamValue(cSRGenerateRequestDto.getOrganization(), this.organization));
        certificateParameters.setLocation(getParamValue(cSRGenerateRequestDto.getLocation(), this.location));
        certificateParameters.setState(getParamValue(cSRGenerateRequestDto.getState(), this.state));
        certificateParameters.setCountry(getParamValue(cSRGenerateRequestDto.getCountry(), this.country));
        certificateParameters.setNotBefore(localDateTime);
        certificateParameters.setNotAfter(localDateTime2);
        return certificateParameters;
    }

    public CertificateParameters getCertificateParameters(String str, LocalDateTime localDateTime, LocalDateTime localDateTime2) {
        CertificateParameters certificateParameters = new CertificateParameters();
        certificateParameters.setCommonName(getParamValue(str, this.commonName));
        certificateParameters.setOrganizationUnit(getParamValue("", this.organizationUnit));
        certificateParameters.setOrganization(getParamValue("", this.organization));
        certificateParameters.setLocation(getParamValue("", this.location));
        certificateParameters.setState(getParamValue("", this.state));
        certificateParameters.setCountry(getParamValue("", this.country));
        certificateParameters.setNotBefore(localDateTime);
        certificateParameters.setNotAfter(localDateTime2);
        return certificateParameters;
    }

    private String getParamValue(String str, String str2) {
        return (!Objects.nonNull(str) || str.trim().isEmpty()) ? str2 : str;
    }

    public String getCSR(PrivateKey privateKey, PublicKey publicKey, CertificateParameters certificateParameters) {
        try {
            X500Principal x500Principal = new X500Principal("CN=" + certificateParameters.getCommonName() + ", OU=" + certificateParameters.getOrganizationUnit() + ", O=" + certificateParameters.getOrganization() + ", L=" + certificateParameters.getLocation() + ", S=" + certificateParameters.getState() + ", C=" + certificateParameters.getCountry());
            return getPEMFormatedData(new JcaPKCS10CertificationRequestBuilder(x500Principal, publicKey).build(new JcaContentSignerBuilder(this.signAlgorithm).build(privateKey)));
        } catch (OperatorCreationException e) {
            throw new KeymanagerServiceException(KeymanagerErrorConstant.INTERNAL_SERVER_ERROR.getErrorCode(), KeymanagerErrorConstant.INTERNAL_SERVER_ERROR.getErrorMessage(), e);
        }
    }

    public void destoryKey(PrivateKey privateKey) {
        try {
            privateKey.destroy();
        } catch (DestroyFailedException e) {
            LOGGER.warn(KeymanagerConstant.SESSIONID, "", "", "Warning - while destorying Private Key Object.");
        }
    }

    public void destoryKey(SecretKey secretKey) {
        try {
            secretKey.destroy();
        } catch (DestroyFailedException e) {
            LOGGER.warn(KeymanagerConstant.SESSIONID, "", "", "Warning - while destorying Secret Key Object.");
        }
    }

    /* JADX WARN: Type inference failed for: r0v3, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r0v5, types: [java.time.ZonedDateTime] */
    /* JADX WARN: Type inference failed for: r0v7, types: [java.time.LocalDateTime] */
    public LocalDateTime convertToUTC(Date date) {
        return DateUtils.parseDateToLocalDateTime(date).atZone(ZoneId.systemDefault()).withZoneSameInstant(ZoneOffset.UTC).toLocalDateTime();
    }

    public String getUniqueIdentifier(String str) {
        return Hex.toHexString(DigestUtils.sha1(str)).toUpperCase();
    }
}
