package network.oxalis.commons.security;

import ch.qos.logback.core.net.ssl.SSL;
import com.google.inject.Provides;
import com.google.inject.Singleton;
import com.google.inject.name.Named;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import network.oxalis.api.lang.OxalisLoadingException;
import network.oxalis.api.model.AccessPointIdentifier;
import network.oxalis.api.settings.Settings;
import network.oxalis.commons.guice.OxalisModule;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/oxalis-commons-6.3.0.jar:network/oxalis/commons/security/CertificateModule.class */
public class CertificateModule extends OxalisModule {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateModule.class);

    @Override // com.google.inject.AbstractModule
    protected void configure() {
        bindSettings(KeyStoreConf.class);
        bind(KeyStore.PrivateKeyEntry.class).toProvider(PrivateKeyEntryProvider.class).asEagerSingleton();
    }

    @Singleton
    @Provides
    protected KeyStore getKeyStore(Settings<KeyStoreConf> settings, @Named("conf") Path path) {
        Path path2 = settings.getPath(KeyStoreConf.PATH, path);
        try {
            KeyStore keyStore = KeyStore.getInstance(SSL.DEFAULT_KEYSTORE_TYPE);
            if (Files.notExists(path2, new LinkOption[0])) {
                throw new OxalisLoadingException(String.format("Unable to find keystore at '%s'.", path2));
            }
            InputStream newInputStream = Files.newInputStream(path2, new OpenOption[0]);
            try {
                keyStore.load(newInputStream, settings.getString(KeyStoreConf.PASSWORD).toCharArray());
                if (newInputStream != null) {
                    newInputStream.close();
                }
                return keyStore;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (IOException e) {
            throw new OxalisLoadingException(String.format("Error during reading of '%s'.", path2), e);
        } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException e2) {
            throw new OxalisLoadingException("Something went wrong during handling of key store.", e2);
        }
    }

    @Singleton
    @Provides
    protected PrivateKey getPrivateKeyEntry(KeyStore keyStore, Settings<KeyStoreConf> settings) {
        try {
            if (!keyStore.containsAlias(settings.getString(KeyStoreConf.KEY_ALIAS))) {
                throw new OxalisLoadingException(String.format("Key alias '%s' is not found in the key store.", settings.getString(KeyStoreConf.KEY_ALIAS)));
            }
            PrivateKey privateKey = (PrivateKey) keyStore.getKey(settings.getString(KeyStoreConf.KEY_ALIAS), settings.getString(KeyStoreConf.KEY_PASSWORD).toCharArray());
            if (privateKey == null) {
                throw new OxalisLoadingException("Unable to load private key due to wrong password.");
            }
            return privateKey;
        } catch (KeyStoreException | NoSuchAlgorithmException e) {
            throw new OxalisLoadingException("Something went wrong during handling of key store.", e);
        } catch (UnrecoverableKeyException e2) {
            throw new OxalisLoadingException("Unable to load private key due to wrong password.", e2);
        }
    }

    @Singleton
    @Provides
    protected X509Certificate getCertificate(KeyStore keyStore, Settings<KeyStoreConf> settings) {
        try {
            if (!keyStore.containsAlias(settings.getString(KeyStoreConf.KEY_ALIAS))) {
                throw new OxalisLoadingException(String.format("Key alias '%s' is not found in the key store.", settings.getString(KeyStoreConf.KEY_ALIAS)));
            }
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(settings.getString(KeyStoreConf.KEY_ALIAS));
            log.info("Certificate subject: {}", x509Certificate.getSubjectX500Principal().toString());
            log.info("Certificate issuer: {}", x509Certificate.getIssuerX500Principal().toString());
            return x509Certificate;
        } catch (KeyStoreException e) {
            throw new OxalisLoadingException("Something went wrong during handling of key store.", e);
        }
    }

    @Singleton
    @Provides
    protected AccessPointIdentifier provideOurAccessPointIdentifier(X509Certificate x509Certificate) {
        return new AccessPointIdentifier(CertificateUtils.extractCommonName(x509Certificate));
    }
}
