package org.gluu.oxauth.fido2.service;

import com.fasterxml.jackson.databind.JsonNode;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.DirectoryStream;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.annotation.PostConstruct;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.event.Observes;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.cryptoutils.CryptoUtils;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.gluu.oxauth.model.configuration.AppConfiguration;
import org.gluu.oxauth.model.configuration.Fido2Configuration;
import org.gluu.service.cdi.event.ApplicationInitialized;
import org.gluu.util.StringHelper;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/CertificateSelector.class */
public class CertificateSelector {

    @Inject
    private Logger log;

    @Inject
    private DataMapperService dataMapperService;

    @Inject
    private CryptoUtils cryptoUtils;

    @Inject
    private AppConfiguration appConfiguration;
    private Map<String, List<X509Certificate>> certMapping;

    @PostConstruct
    public void create() {
        this.certMapping = new HashMap();
    }

    public void init(@Observes @ApplicationInitialized(ApplicationScoped.class) Object obj) {
        this.certMapping.putAll(parseMapping());
    }

    public List<X509Certificate> selectRootCertificate(X509Certificate x509Certificate) {
        ArrayList arrayList = new ArrayList();
        Fido2Configuration fido2Configuration = this.appConfiguration.getFido2Configuration();
        if (fido2Configuration == null) {
            this.log.warn("Fido2 authenticator folder with certificates is not specified");
            return arrayList;
        }
        if (StringHelper.isEmpty(fido2Configuration.getAuthenticatorCertsFolder())) {
            this.log.warn("Fido2 authenticator folder with certificates is not specified");
            return arrayList;
        }
        List<X509Certificate> list = this.certMapping.get(x509Certificate.getIssuerDN().getName().toLowerCase());
        if (list != null) {
            arrayList.addAll(list);
        } else {
            arrayList.addAll(arrayList);
        }
        if (arrayList.size() != 0) {
            return arrayList;
        }
        this.log.warn("Fido2 authenticator with issuer Dn: '{}' not registered in mapping file");
        return arrayList;
    }

    /* JADX WARN: Finally extract failed */
    private Map<String, List<X509Certificate>> parseMapping() {
        HashMap hashMap = new HashMap();
        if (this.appConfiguration.getFido2Configuration() == null) {
            this.log.warn("Fido2 authenticator folder with certificates is not specified");
            return hashMap;
        }
        String authenticatorCertsFolder = this.appConfiguration.getFido2Configuration().getAuthenticatorCertsFolder();
        if (StringHelper.isEmpty(authenticatorCertsFolder)) {
            this.log.warn("Fido2 authenticator folder with certificates is not specified");
            return hashMap;
        }
        DirectoryStream<Path> directoryStream = null;
        try {
            try {
                directoryStream = Files.newDirectoryStream(FileSystems.getDefault().getPath(authenticatorCertsFolder, new String[0]), "*.json");
                Iterator<Path> it = directoryStream.iterator();
                while (it.hasNext()) {
                    BufferedReader bufferedReader = null;
                    try {
                        try {
                            bufferedReader = Files.newBufferedReader(it.next());
                            Iterator it2 = this.dataMapperService.readTree(bufferedReader).iterator();
                            while (it2.hasNext()) {
                                JsonNode jsonNode = (JsonNode) it2.next();
                                if (jsonNode.hasNonNull("issuer") && jsonNode.hasNonNull("cert_file")) {
                                    String lowerCase = jsonNode.get("issuer").asText().toLowerCase();
                                    String asText = jsonNode.get("cert_file").asText();
                                    List list = (List) hashMap.get(lowerCase);
                                    if (list == null) {
                                        list = new ArrayList();
                                        hashMap.put(lowerCase, list);
                                    }
                                    list.add(getCertificate(authenticatorCertsFolder, asText));
                                }
                            }
                            if (bufferedReader != null) {
                                try {
                                    bufferedReader.close();
                                } catch (IOException e) {
                                    this.log.warn("Unable to close reader {}", bufferedReader);
                                }
                            }
                        } catch (Throwable th) {
                            if (bufferedReader != null) {
                                try {
                                    bufferedReader.close();
                                } catch (IOException e2) {
                                    this.log.warn("Unable to close reader {}", bufferedReader);
                                }
                            }
                            throw th;
                        }
                    } catch (IOException e3) {
                        this.log.info("Unable to read authenticator certificates mapping file {} ", e3.getMessage(), e3);
                        if (bufferedReader != null) {
                            try {
                                bufferedReader.close();
                            } catch (IOException e4) {
                                this.log.warn("Unable to close reader {}", bufferedReader);
                            }
                        }
                    }
                }
                if (directoryStream != null) {
                    try {
                        directoryStream.close();
                    } catch (IOException e5) {
                        this.log.warn("Something wrong with directory stream", e5);
                    }
                }
            } catch (IOException e6) {
                this.log.warn("Something wrong with path ", e6);
                if (directoryStream != null) {
                    try {
                        directoryStream.close();
                    } catch (IOException e7) {
                        this.log.warn("Something wrong with directory stream", e7);
                    }
                }
            }
            return hashMap;
        } catch (Throwable th2) {
            if (directoryStream != null) {
                try {
                    directoryStream.close();
                } catch (IOException e8) {
                    this.log.warn("Something wrong with directory stream", e8);
                }
            }
            throw th2;
        }
    }

    private X509Certificate getCertificate(String str, String str2) {
        try {
            InputStream newInputStream = Files.newInputStream(FileSystems.getDefault().getPath(str, new String[0]).resolve(str2), new OpenOption[0]);
            try {
                X509Certificate certificate = this.cryptoUtils.getCertificate(newInputStream);
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (IOException e) {
                        this.log.warn("Unable to close reader {}", newInputStream);
                    }
                }
                return certificate;
            } catch (Throwable th) {
                if (newInputStream != null) {
                    try {
                        newInputStream.close();
                    } catch (IOException e2) {
                        this.log.warn("Unable to close reader {}", newInputStream);
                    }
                }
                throw th;
            }
        } catch (IOException e3) {
            this.log.info("Problem {} ", e3.getMessage(), e3);
            throw new Fido2RPRuntimeException("Can't load authenticator certificate. Certificate doen't exist!");
        }
    }
}
