package be.ehealth.technicalconnector.service.etee;

import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.Configuration;
import be.ehealth.technicalconnector.exception.ConfigurationException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.service.sts.security.Credential;
import be.ehealth.technicalconnector.session.Session;
import be.ehealth.technicalconnector.session.SessionItem;
import be.ehealth.technicalconnector.utils.ConfigurableFactoryHelper;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.utils.KeyStoreManager;
import be.fgov.ehealth.etee.crypto.policies.OCSPOption;
import be.fgov.ehealth.etee.crypto.policies.OCSPPolicy;
import be.fgov.ehealth.etee.crypto.policies.SigningOption;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertStore;
import java.security.cert.CertificateException;
import java.security.cert.CollectionCertStoreParameters;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/etee/CryptoFactory.class */
public final class CryptoFactory {
    private static final String TIMESTAMP_SIGNATURE_KEYSTORE_PWD = "timestamp.signature.keystore.pwd";
    private static final String TIMESTAMP_SIGNATURE_KEYSTORE_PATH = "timestamp.signature.keystore.path";
    public static final String SIGNING_TIME_EXPIRATION = "be.fgov.ehealth.etee.crypto.policies.SigningOption.SIGNING_TIME_EXPIRATION";
    public static final String SIGNING_CLOCK_SKEW = "be.fgov.ehealth.etee.crypto.policies.SigningOption.CLOCK_SKEW";
    public static final String SIGNING_TIME_TRUST_IMPLICIT = "be.fgov.ehealth.etee.crypto.policies.SigningOption.SIGNING_TIME_TRUST_IMPLICIT";
    public static final String SIGNING_TSA_CERT_STORE = "be.fgov.ehealth.etee.crypto.policies.SigningOption.TSA_CERT_STORE";
    public static final String OCSP_URI = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.OCSP_URI";
    public static final String OCSP_INJECT_RESPONSE = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.INJECT_RESPONSE";
    public static final String OCSP_CLOCK_SKEW = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.CLOCK_SKEW";
    public static final String OCSP_CONNECTION_TIMEOUT = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.CONNECTION_TIMEOUT";
    public static final String OCSP_CERT_STORE = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.CERT_STORE";
    public static final String OCSP_READ_TIMEOUT = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.READ_TIMEOUT";
    public static final String OCSP_CONNECTION_USER_INTERACTION = "be.fgov.ehealth.etee.crypto.policies.OCSPOption.CONNECTION_USER_INTERACTION";
    private static final String PROP_CAKEYSTORE_PATH = "CAKEYSTORE_LOCATION";
    private static final String PROP_CAKEYSTORE_PASSWORD = "CAKEYSTORE_PASSWORD";
    private static final String PROP_KEYSTORE_DIR = "KEYSTORE_DIR";
    private static final Logger LOG = LoggerFactory.getLogger(CryptoFactory.class);
    private static Configuration configuration = ConfigFactory.getConfigValidator();
    public static final String PROPS_CRYPTO_CLASS = "crypto.classname";
    private static final String DEFAULT_CERT_CHECKER_CLASS = "be.ehealth.technicalconnector.service.etee.impl.CryptoImpl";
    private static ConfigurableFactoryHelper<Crypto> helper = new ConfigurableFactoryHelper<>(PROPS_CRYPTO_CLASS, DEFAULT_CERT_CHECKER_CLASS);

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/ehealth/technicalconnector/service/etee/CryptoFactory$OCSPOptionHolder.class */
    public static class OCSPOptionHolder {
        private static Map<OCSPOption, Object> ocspOptionMap;

        private OCSPOptionHolder() {
        }

        public static void init() {
            ocspOptionMap = new HashMap();
            ocspOptionMap.put(OCSPOption.OCSP_URI, CryptoFactory.configuration.getProperty(CryptoFactory.OCSP_URI));
            KeyStore caCertificateStore = CryptoFactory.getCaCertificateStore();
            ocspOptionMap.put(OCSPOption.TRUST_STORE, caCertificateStore);
            ocspOptionMap.put(OCSPOption.CERT_STORE, CryptoFactory.generateCertStore(CryptoFactory.OCSP_CERT_STORE, caCertificateStore));
            ocspOptionMap.put(OCSPOption.INJECT_RESPONSE, CryptoFactory.configuration.getBooleanProperty(CryptoFactory.OCSP_INJECT_RESPONSE, Boolean.FALSE));
            ocspOptionMap.put(OCSPOption.CLOCK_SKEW, CryptoFactory.configuration.getLongProperty(CryptoFactory.OCSP_CLOCK_SKEW, 300000L));
            ocspOptionMap.put(OCSPOption.CONNECTION_TIMEOUT, CryptoFactory.configuration.getIntegerProperty(CryptoFactory.OCSP_CONNECTION_TIMEOUT, 3000));
            ocspOptionMap.put(OCSPOption.READ_TIMEOUT, CryptoFactory.configuration.getIntegerProperty(CryptoFactory.OCSP_READ_TIMEOUT, 3000));
            ocspOptionMap.put(OCSPOption.CONNECTION_USER_INTERACTION, CryptoFactory.configuration.getBooleanProperty(CryptoFactory.OCSP_CONNECTION_USER_INTERACTION, Boolean.FALSE));
        }

        public static Map<OCSPOption, Object> getOcspOptionMap() {
            return ocspOptionMap;
        }

        static {
            init();
        }
    }

    private CryptoFactory() {
    }

    public static Crypto getCrypto(Credential credential, Map<String, PrivateKey> map, String str) throws TechnicalConnectorException {
        HashMap hashMap = new HashMap();
        hashMap.put(Crypto.DATASEALER_CREDENTIAL, credential);
        hashMap.put(Crypto.DATAUNSEALER_PKMAP, map);
        hashMap.put(Crypto.OCSP_POLICY, OCSPPolicy.valueOf(str));
        HashMap hashMap2 = new HashMap();
        hashMap2.put(SigningOption.SIGNING_TIME_EXPIRATION, configuration.getIntegerProperty(SIGNING_TIME_EXPIRATION, 5));
        hashMap2.put(SigningOption.CLOCK_SKEW, configuration.getLongProperty(SIGNING_CLOCK_SKEW, 300000L));
        hashMap2.put(SigningOption.SIGNING_TIME_TRUST_IMPLICIT, configuration.getBooleanProperty(SIGNING_TIME_TRUST_IMPLICIT, Boolean.FALSE));
        hashMap2.put(SigningOption.TSA_TRUST_STORE, getKeyStore(TIMESTAMP_SIGNATURE_KEYSTORE_PATH, TIMESTAMP_SIGNATURE_KEYSTORE_PWD));
        hashMap2.put(SigningOption.TSA_CERT_STORE, generateCertStore(SIGNING_TSA_CERT_STORE, new KeyStore[0]));
        hashMap.put(Crypto.SIGNING_OPTIONMAP, hashMap2);
        hashMap.put(Crypto.OCSP_OPTIONMAP, getOCSPOptions());
        return helper.getImplementation(hashMap);
    }

    public static Map<OCSPOption, Object> getOCSPOptions() throws TechnicalConnectorException {
        return OCSPOptionHolder.getOcspOptionMap();
    }

    public static void resetOCSPOptions() {
        OCSPOptionHolder.init();
    }

    public static KeyStore getCaCertificateStore() {
        return getKeyStore(PROP_CAKEYSTORE_PATH, PROP_CAKEYSTORE_PASSWORD);
    }

    private static KeyStore getKeyStore(String str, String str2) {
        try {
            KeyStore keyStore = null;
            char[] charArray = configuration.getProperty(str2, "").toCharArray();
            String property = configuration.getProperty(str, "");
            if (StringUtils.isNotBlank(property)) {
                try {
                    keyStore = new KeyStoreManager(configuration.getProperty(PROP_KEYSTORE_DIR, "") + property, charArray).getKeyStore();
                } catch (TechnicalConnectorException e) {
                    LOG.info("Unable to load keystore.", e);
                }
            }
            if (keyStore == null) {
                keyStore = KeyStore.getInstance("JKS");
                keyStore.load(null, str2.toCharArray());
            }
            return keyStore;
        } catch (Exception e2) {
            throw new ConfigurationException(e2);
        }
    }

    public static Crypto getCrypto(Credential credential, Map<String, PrivateKey> map) throws TechnicalConnectorException {
        return getCrypto(credential, map, "NONE");
    }

    public static Crypto getCryptoFromSession() throws TechnicalConnectorException {
        SessionItem session = Session.getInstance().getSession();
        return getCrypto(session.getEncryptionCredential(), session.getEncryptionPrivateKeys());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static CertStore generateCertStore(String str, KeyStore... keyStoreArr) {
        try {
            ArrayList arrayList = new ArrayList();
            for (KeyStore keyStore : keyStoreArr) {
                try {
                    Enumeration<String> aliases = keyStore.aliases();
                    while (aliases.hasMoreElements()) {
                        arrayList.add(keyStore.getCertificate(aliases.nextElement()));
                    }
                    LOG.info("Added truststore in CertStore.");
                } catch (KeyStoreException e) {
                    LOG.warn("Unable to add truststore to CertStore", e);
                }
            }
            java.security.cert.CertificateFactory certificateFactory = java.security.cert.CertificateFactory.getInstance("X.509");
            for (String str2 : configuration.getMatchingProperties(str + ".CERT")) {
                InputStream inputStream = null;
                try {
                    try {
                        inputStream = ConnectorIOUtils.getResourceAsStream(str2);
                        arrayList.add(certificateFactory.generateCertificate(inputStream));
                        LOG.info("Added " + str2 + " as CERT in CertStore.");
                        ConnectorIOUtils.closeQuietly(inputStream);
                    } catch (Exception e2) {
                        LOG.error(e2.getClass().getName() + ":" + e2.getMessage(), e2);
                        ConnectorIOUtils.closeQuietly(inputStream);
                    }
                } finally {
                }
            }
            for (String str3 : configuration.getMatchingProperties(str + ".CRL")) {
                InputStream inputStream2 = null;
                try {
                    try {
                        inputStream2 = ConnectorIOUtils.getResourceAsStream(str3);
                        arrayList.add(certificateFactory.generateCRL(inputStream2));
                        LOG.info("Added " + str3 + " as CRL in CertStore.");
                        ConnectorIOUtils.closeQuietly(inputStream2);
                    } finally {
                    }
                } catch (Exception e3) {
                    LOG.error(e3.getClass().getName() + ":" + e3.getMessage(), e3);
                    ConnectorIOUtils.closeQuietly(inputStream2);
                }
            }
            return CertStore.getInstance("Collection", new CollectionCertStoreParameters(arrayList));
        } catch (InvalidAlgorithmParameterException e4) {
            LOG.error(e4.getClass().getName() + ":" + e4.getMessage(), e4);
            return null;
        } catch (NoSuchAlgorithmException e5) {
            LOG.error(e5.getClass().getName() + ":" + e5.getMessage(), e5);
            return null;
        } catch (CertificateException e6) {
            LOG.error(e6.getClass().getName() + ":" + e6.getMessage(), e6);
            return null;
        }
    }
}
