package be.ehealth.technicalconnector.service.sts.security.impl;

import be.ehealth.technicalconnector.beid.BeIDFactory;
import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.exception.CredentialException;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Enumeration;
import javax.security.auth.x500.X500Principal;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/ehealth/technicalconnector/service/sts/security/impl/BeIDCredential.class */
public final class BeIDCredential extends AbstractExtendedCredential {
    public static final String PROP_USE_CACHE = "be.ehealth.technicalconnector.service.sts.security.impl.beidcredential.cache";
    public static final String EID_AUTH_ALIAS = "Authentication";
    public static final String EID_SIGN_ALIAS = "Signature";
    private String eidAlias;
    private boolean useCache;
    private String cacheKey;

    @Deprecated
    public static final String OID_LASTNAME = BCStyle.SURNAME.getId();

    @Deprecated
    public static final String OID_GIVENNAME = BCStyle.GIVENNAME.getId();

    @Deprecated
    public static final String OID_SERIALNUMBER = BCStyle.SN.getId();
    private static final Logger LOG = LoggerFactory.getLogger(BeIDCredential.class);

    private BeIDCredential(String str, boolean z, String str2) {
        this.eidAlias = str;
        this.useCache = z;
        this.cacheKey = str2;
    }

    public static BeIDCredential getInstance(String str, String str2) {
        return new BeIDCredential(str2, ConfigFactory.getConfigValidator().getBooleanProperty(PROP_USE_CACHE, Boolean.FALSE).booleanValue(), str + "-" + str2);
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public PrivateKey getPrivateKey() {
        try {
            String alias = getAlias();
            if (!getKeyStore().isKeyEntry(alias)) {
                LOG.error("No Private key '{}' in the keystore", alias);
            }
            return (PrivateKey) getKeyStore().getKey(alias, null);
        } catch (Exception e) {
            LOG.error(e.getMessage());
            throw new CredentialException(e);
        }
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public PublicKey getPublicKey() {
        X509Certificate certificate = getCertificate();
        if (certificate != null) {
            return certificate.getPublicKey();
        }
        LOG.error("Unable to read the certificate of the EID");
        return null;
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public X509Certificate getCertificate() {
        X509Certificate x509Certificate = null;
        try {
            x509Certificate = (X509Certificate) getKeyStore().getCertificate(getAlias());
        } catch (Exception e) {
            LOG.warn("getCertificate()", e);
        }
        return x509Certificate;
    }

    private String getAlias() {
        String str = null;
        try {
            Enumeration<String> aliases = getKeyStore().aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                if (getKeyStore().isKeyEntry(nextElement) && nextElement.equalsIgnoreCase(this.eidAlias)) {
                    str = nextElement;
                    break;
                }
            }
        } catch (Exception e) {
            LOG.warn("Unable to deterimine alias", e);
        }
        return str;
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public String getIssuer() {
        X509Certificate certificate = getCertificate();
        if (certificate == null) {
            LOG.error("Unable to read the certificate of the EID");
            return null;
        }
        X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
        if (issuerX500Principal == null) {
            LOG.error("Unable to read the SubjectDN of the EID");
            return null;
        }
        String name = issuerX500Principal.getName("RFC1779");
        logDebug("getIssuer: (RFC1779)" + name);
        return name;
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public String getIssuerQualifier() {
        X509Certificate certificate = getCertificate();
        if (certificate == null) {
            LOG.error("Unable to read the certificate of the EID");
            return null;
        }
        X500Principal issuerX500Principal = certificate.getIssuerX500Principal();
        if (issuerX500Principal == null) {
            LOG.error("Unable to read the certificate/IssuerX500Principal of the EID");
            return null;
        }
        String name = issuerX500Principal.getName("RFC1779");
        logDebug("getIssuerQualifier: (RFC1779)" + name);
        return name;
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public KeyStore getKeyStore() throws TechnicalConnectorException {
        return BeIDFactory.getKeyStore(this.cacheKey, this.useCache);
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public String getProviderName() throws TechnicalConnectorException {
        return getKeyStore().getProvider().getName();
    }

    private void logDebug(String str) {
        if (LOG.isDebugEnabled()) {
            LOG.debug(str);
        }
    }

    @Override // be.ehealth.technicalconnector.service.sts.security.Credential
    public Certificate[] getCertificateChain() {
        try {
            return getKeyStore().getCertificateChain(getAlias());
        } catch (TechnicalConnectorException e) {
            LOG.error(e.getMessage());
            throw new CredentialException(e);
        } catch (KeyStoreException e2) {
            LOG.error(e2.getMessage());
            throw new CredentialException(e2);
        }
    }
}
