package org.gluu.oxauth.fido2.service;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.DirectoryStream;
import java.nio.file.FileSystems;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Path;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import org.gluu.oxauth.fido2.exception.Fido2RPRuntimeException;
import org.slf4j.Logger;

@ApplicationScoped
/* loaded from: input_file:org/gluu/oxauth/fido2/service/CertificateService.class */
public class CertificateService {

    @Inject
    private Logger log;

    @Inject
    private Base64Service base64Service;

    public X509Certificate getCertificate(String str) {
        return getCertificate(new ByteArrayInputStream(this.base64Service.decode(str)));
    }

    public X509Certificate getCertificate(InputStream inputStream) {
        try {
            X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(inputStream);
            x509Certificate.checkValidity();
            return x509Certificate;
        } catch (CertificateException e) {
            throw new Fido2RPRuntimeException(e.getMessage(), e);
        }
    }

    public List<X509Certificate> getCertificates(List<String> list) {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
            return (List) list.parallelStream().map(str -> {
                try {
                    return (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(this.base64Service.decode(str)));
                } catch (CertificateException e) {
                    throw new Fido2RPRuntimeException(e.getMessage(), e);
                }
            }).filter(x509Certificate -> {
                try {
                    x509Certificate.checkValidity();
                    return true;
                } catch (CertificateException e) {
                    this.log.warn("Certificate not valid {}", x509Certificate.getIssuerDN().getName());
                    throw new Fido2RPRuntimeException("Certificate not valid", e);
                }
            }).collect(Collectors.toList());
        } catch (CertificateException e) {
            throw new Fido2RPRuntimeException(e.getMessage(), e);
        }
    }

    public Map<String, X509Certificate> getCertificatesMap(String str) {
        List<X509Certificate> certificates = getCertificates(str);
        HashMap hashMap = new HashMap(certificates.size());
        for (X509Certificate x509Certificate : certificates) {
            hashMap.put(x509Certificate.getSubjectDN().getName().toLowerCase(), x509Certificate);
        }
        return hashMap;
    }

    public List<X509Certificate> getCertificates(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            DirectoryStream<Path> newDirectoryStream = Files.newDirectoryStream(FileSystems.getDefault().getPath(str, new String[0]));
            Throwable th = null;
            try {
                try {
                    Iterator<Path> it = newDirectoryStream.iterator();
                    while (it.hasNext()) {
                        arrayList.add(getCertificate(Files.newInputStream(it.next(), new OpenOption[0])));
                    }
                    if (newDirectoryStream != null) {
                        if (0 != 0) {
                            try {
                                newDirectoryStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newDirectoryStream.close();
                        }
                    }
                } finally {
                }
            } finally {
            }
        } catch (Exception e) {
            this.log.error("Failed to load cert from folder: '{}'", str, e);
        }
        return arrayList;
    }

    public X509Certificate getCertificate(String str, String str2) {
        Path resolve = FileSystems.getDefault().getPath(str, new String[0]).resolve(str2);
        try {
            InputStream newInputStream = Files.newInputStream(resolve, new OpenOption[0]);
            Throwable th = null;
            try {
                try {
                    X509Certificate certificate = getCertificate(newInputStream);
                    if (newInputStream != null) {
                        if (0 != 0) {
                            try {
                                newInputStream.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            newInputStream.close();
                        }
                    }
                    return certificate;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            this.log.error("Faield to load certificates from folder {} with name {}", new Object[]{resolve, str2, e});
            throw new Fido2RPRuntimeException("Can't load authenticator certificate. Certificate doen't exist!");
        }
    }

    public List<X509Certificate> selectRootCertificates(Map<String, X509Certificate> map, List<X509Certificate> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<X509Certificate> it = list.iterator();
        while (it.hasNext()) {
            String lowerCase = it.next().getIssuerDN().getName().toLowerCase();
            if (map.containsKey(lowerCase)) {
                arrayList.add(map.get(lowerCase));
            }
        }
        return arrayList;
    }
}
