package com.helger.peppol.smpserver.security;

import com.helger.commons.annotation.UsedViaReflection;
import com.helger.commons.exception.InitializationException;
import com.helger.commons.scope.singleton.AbstractGlobalSingleton;
import com.helger.peppol.smpserver.SMPServerConfiguration;
import com.helger.peppol.utils.KeyStoreHelper;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.concurrent.atomic.AtomicBoolean;
import javax.annotation.Nonnull;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.DigestMethodParameterSpec;
import javax.xml.crypto.dsig.spec.SignatureMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.eclipse.persistence.jpa.jpql.parser.Expression;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;

/* loaded from: input_file:WEB-INF/lib/peppol-smp-server-library-4.0.0.jar:com/helger/peppol/smpserver/security/SMPKeyManager.class */
public final class SMPKeyManager extends AbstractGlobalSingleton {
    private static final Logger s_aLogger = LoggerFactory.getLogger((Class<?>) SMPKeyManager.class);
    private static final AtomicBoolean s_aCertificateValid = new AtomicBoolean(false);
    private final KeyStore.PrivateKeyEntry m_aKeyEntry;

    @Deprecated
    @UsedViaReflection
    public SMPKeyManager() {
        try {
            String keystorePath = SMPServerConfiguration.getKeystorePath();
            String keystorePassword = SMPServerConfiguration.getKeystorePassword();
            String keystoreKeyAlias = SMPServerConfiguration.getKeystoreKeyAlias();
            KeyStore.Entry entry = KeyStoreHelper.loadKeyStore(keystorePath, keystorePassword).getEntry(keystoreKeyAlias, new KeyStore.PasswordProtection(SMPServerConfiguration.getKeystoreKeyPassword()));
            if (entry == null) {
                throw new InitializationException("Failed to find key store alias '" + keystoreKeyAlias + "' in keystore '" + keystorePath + "'. Does the alias exist? Is the key password correct?");
            }
            if (!(entry instanceof KeyStore.PrivateKeyEntry)) {
                throw new InitializationException("The keystore alias '" + keystoreKeyAlias + "' was found in keystore '" + keystorePath + "' but it is not a private key! The internal type is " + entry.getClass().getName());
            }
            this.m_aKeyEntry = (KeyStore.PrivateKeyEntry) entry;
            s_aLogger.info("SMPKeyManager initialized with keystore '" + keystorePath + "' and alias '" + keystoreKeyAlias + Expression.QUOTE);
        } catch (IOException e) {
            throw new InitializationException("Error in constructor of SMPKeyManager", e);
        } catch (GeneralSecurityException e2) {
            throw new InitializationException("Error in constructor of SMPKeyManager", e2);
        }
    }

    @Nonnull
    public static SMPKeyManager getInstance() {
        return (SMPKeyManager) getGlobalSingleton(SMPKeyManager.class);
    }

    @Nonnull
    private PrivateKey _getPrivateKey() {
        return this.m_aKeyEntry.getPrivateKey();
    }

    @Nonnull
    private X509Certificate _getCertificate() {
        return (X509Certificate) this.m_aKeyEntry.getCertificate();
    }

    public void signXML(@Nonnull Element element) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {
        XMLSignatureFactory xMLSignatureFactory = XMLSignatureFactory.getInstance("DOM");
        SignedInfo newSignedInfo = xMLSignatureFactory.newSignedInfo(xMLSignatureFactory.newCanonicalizationMethod("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), xMLSignatureFactory.newSignatureMethod("http://www.w3.org/2000/09/xmldsig#rsa-sha1", (SignatureMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newReference("", xMLSignatureFactory.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", (DigestMethodParameterSpec) null), Collections.singletonList(xMLSignatureFactory.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature", (TransformParameterSpec) null)), (String) null, (String) null)));
        KeyInfoFactory keyInfoFactory = xMLSignatureFactory.getKeyInfoFactory();
        ArrayList arrayList = new ArrayList();
        arrayList.add(_getCertificate().getSubjectX500Principal().getName());
        arrayList.add(_getCertificate());
        KeyInfo newKeyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(keyInfoFactory.newX509Data(arrayList)));
        xMLSignatureFactory.newXMLSignature(newSignedInfo, newKeyInfo).sign(new DOMSignContext(_getPrivateKey(), element));
    }

    public static void markCertificateValid() {
        s_aCertificateValid.set(true);
    }

    public static boolean isCertificateValid() {
        return s_aCertificateValid.get();
    }
}
