package eu.unicore.security.canl;

import eu.emi.security.authn.x509.X509Credential;
import eu.emi.security.authn.x509.impl.CertificateUtils;
import eu.emi.security.authn.x509.impl.DERCredential;
import eu.emi.security.authn.x509.impl.FormatMode;
import eu.emi.security.authn.x509.impl.KeystoreCredential;
import eu.emi.security.authn.x509.impl.PEMCredential;
import eu.emi.security.authn.x509.impl.X500NameUtils;
import eu.unicore.util.Log;
import eu.unicore.util.configuration.ConfigurationException;
import eu.unicore.util.configuration.PropertiesHelper;
import eu.unicore.util.configuration.PropertyMD;
import java.io.File;
import java.io.IOException;
import java.security.KeyStoreException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.Properties;
import org.apache.log4j.Logger;

/* loaded from: input_file:eu/unicore/security/canl/CredentialProperties.class */
public class CredentialProperties extends PropertiesHelper {
    private static final long WEEK = 604800000;
    public static final String DEFAULT_PREFIX = "credential.";
    public static final String PROP_FORMAT = "format";
    public static final String PROP_LOCATION = "path";
    public static final String PROP_PASSWORD = "password";
    public static final String PROP_KEY_LOCATION = "keyPath";
    public static final String PROP_KS_ALIAS = "keyAlias";
    public static final String PROP_KS_KEY_PASSWORD = "keyPassword";
    private CredentialFormat type;
    private String credPath;
    private X509Credential credential;
    private PasswordCallback passwordCallback;
    private static final Logger log = Log.getLogger(Log.CONFIGURATION, CredentialProperties.class);
    public static final Map<String, PropertyMD> META = new HashMap();

    /* loaded from: input_file:eu/unicore/security/canl/CredentialProperties$CredentialFormat.class */
    public enum CredentialFormat {
        jks,
        pkcs12,
        der,
        pem
    }

    public CredentialProperties(Properties properties) throws ConfigurationException {
        this(properties, null, DEFAULT_PREFIX);
    }

    public CredentialProperties(Properties properties, String str) throws ConfigurationException {
        this(properties, null, str);
    }

    public CredentialProperties(Properties properties, PasswordCallback passwordCallback) throws ConfigurationException {
        this(properties, passwordCallback, DEFAULT_PREFIX);
    }

    public CredentialProperties(Properties properties, PasswordCallback passwordCallback, String str) throws ConfigurationException {
        super(str, properties, META, log);
        this.passwordCallback = passwordCallback;
        createCredentialSafe();
    }

    public X509Credential getCredential() {
        return this.credential;
    }

    protected void createCredentialSafe() throws ConfigurationException {
        try {
            createCredential();
            X509Certificate certificate = this.credential.getCertificate();
            try {
                certificate.checkValidity();
                try {
                    certificate.checkValidity(new Date(System.currentTimeMillis() + WEEK));
                } catch (CertificateExpiredException e) {
                    log.warn("Credential certificate with DN " + X500NameUtils.getReadableForm(certificate.getSubjectX500Principal()) + " will soon expire. The validity period ends " + certificate.getNotAfter().toString());
                }
            } catch (CertificateExpiredException e2) {
                throw new ConfigurationException("Certificate loaded from " + this.credPath + " (" + CertificateUtils.format(certificate, FormatMode.COMPACT_ONE_LINE) + ")  is EXPIRED: " + e2.getMessage());
            } catch (CertificateNotYetValidException e3) {
                throw new ConfigurationException("Certificate loaded from " + this.credPath + " (" + CertificateUtils.format(certificate, FormatMode.COMPACT_ONE_LINE) + ")  is NOT YED VALID: " + e3.getMessage());
            }
        } catch (ConfigurationException e4) {
            throw e4;
        } catch (Exception e5) {
            throw new ConfigurationException("There was a problem loading the credential " + this.credPath + " (type: " + this.type + "): " + e5.getMessage(), e5);
        }
    }

    protected void createCredential() throws ConfigurationException, KeyStoreException, IOException, CertificateException {
        this.credPath = getFileValueAsString(PROP_LOCATION, false);
        File file = new File(this.credPath);
        if (!file.exists() || !file.canRead() || !file.isFile()) {
            throw new ConfigurationException("Credential specified in the property " + this.prefix + PROP_LOCATION + " must be an EXISTING, READABLE file: " + this.credPath);
        }
        boolean z = this.passwordCallback != null && this.passwordCallback.ignoreProperties();
        char[] cArr = null;
        if (!z) {
            String value = getValue("password");
            cArr = value == null ? null : value.toCharArray();
        }
        if (cArr == null && this.passwordCallback != null) {
            cArr = this.passwordCallback.getPassword("credential", this.credPath);
        }
        String fileValueAsString = getFileValueAsString(PROP_KEY_LOCATION, false);
        String value2 = getValue(PROP_KS_ALIAS);
        char[] cArr2 = null;
        if (!z) {
            String value3 = getValue(PROP_KS_KEY_PASSWORD);
            cArr2 = value3 == null ? null : value3.toCharArray();
        }
        this.type = (CredentialFormat) getEnumValue(PROP_FORMAT, CredentialFormat.class);
        if (this.type == null) {
            this.type = autodetectType(this.credPath, cArr, fileValueAsString, value2, cArr2);
            log.info("Will use autodetected credential type >" + this.type + "< for " + this.credPath);
        }
        if (this.type.equals(CredentialFormat.jks) || this.type.equals(CredentialFormat.pkcs12)) {
            log.debug("Credential keystore alias: " + (value2 == null ? "NOT-SET" : value2));
            if (cArr == null) {
                throw new ConfigurationException("For " + this.type + " credential, the " + this.prefix + "password property must be set and provide a keystore password");
            }
            if (cArr2 == null && this.passwordCallback != null && this.passwordCallback.askForSeparateKeyPassword()) {
                cArr2 = this.passwordCallback.getPassword("credential's key", this.credPath);
            }
            if (cArr2 == null) {
                log.debug("Using keystore password as key's password");
                cArr2 = cArr;
            }
            this.credential = new KeystoreCredential(this.credPath, cArr, cArr2, value2, this.type.name());
            return;
        }
        if (this.type.equals(CredentialFormat.pem)) {
            if (fileValueAsString == null) {
                this.credential = new PEMCredential(this.credPath, cArr);
                return;
            } else {
                this.credential = new PEMCredential(fileValueAsString, this.credPath, cArr);
                return;
            }
        }
        if (!this.type.equals(CredentialFormat.der)) {
            throw new ConfigurationException("Unknown type of credential used: " + this.type + " must be one of: " + Arrays.toString(CredentialFormat.values()));
        }
        if (fileValueAsString == null) {
            throw new ConfigurationException("For " + CredentialFormat.der + " credential, the " + this.prefix + PROP_KEY_LOCATION + " property must be set and point at the DER encoded private key.");
        }
        this.credential = new DERCredential(fileValueAsString, this.credPath, cArr);
    }

    protected CredentialFormat autodetectType(String str, char[] cArr, String str2, String str3, char[] cArr2) {
        String str4 = "Credential type was not set with the property " + this.prefix + PROP_FORMAT;
        if (str2 != null && (str3 != null || cArr2 != null)) {
            new ConfigurationException(str4 + " and settings for both " + CredentialFormat.pem + " and JKS/PKCS12 keystore are present. Either set the type explicitely or delete settings of not used credential type (" + PROP_KEY_LOCATION + " or " + PROP_KS_ALIAS + " and " + PROP_KS_KEY_PASSWORD + ")");
        }
        if (str3 == null && cArr2 == null && str2 != null) {
            return (str.endsWith("der") || (str2 != null && str2.endsWith("der")) || str.endsWith("pkcs8") || str.endsWith("pk8")) ? CredentialFormat.der : CredentialFormat.pem;
        }
        if (str.toLowerCase().endsWith("pem")) {
            return CredentialFormat.pem;
        }
        try {
            String autodetectType = KeystoreCredential.autodetectType(str, cArr);
            if (autodetectType.equalsIgnoreCase("jks")) {
                return CredentialFormat.jks;
            }
            if (autodetectType.equalsIgnoreCase("pkcs12")) {
                return CredentialFormat.pkcs12;
            }
            throw new ConfigurationException("Unknown keystore type found: " + autodetectType);
        } catch (IOException e) {
            throw new ConfigurationException(str4 + ". Tried to load JKS/PKCS12 keystore as settings for those types are present, but it was not possible. Try to set the credential format explicitely and/or to review other credential settings. Cause: " + e.toString());
        } catch (KeyStoreException e2) {
            throw new ConfigurationException(str4 + ". Tried to load JKS/PKCS12 keystore as settings for those types are present, but it was not possible. Try to set the credential format explicitely and/or to review other credential settings.");
        }
    }

    @Override // eu.unicore.util.configuration.PropertiesHelper
    /* renamed from: clone */
    public CredentialProperties mo278clone() {
        CredentialProperties credentialProperties = new CredentialProperties(this.properties, this.passwordCallback, this.prefix);
        super.cloneTo(credentialProperties);
        return credentialProperties;
    }

    static {
        META.put(PROP_LOCATION, new PropertyMD().setMandatory().setSortKey("1").setDescription("Credential location. In case of 'jks', 'pkcs12' and 'pem' store it is the only location required. In case when credential is provided in two files, it is the certificate file path.").setPath());
        META.put(PROP_FORMAT, new PropertyMD().setEnum(CredentialFormat.jks).setSortKey("2").setDescription("Format of the credential. It is guessed when not given. Note that 'pem' might be either a PEM keystore with certificates and keys (in PEM format) or a pair of PEM files (one with certificate and second with private key)."));
        META.put("password", new PropertyMD().setSecret().setSortKey("3").setDescription("Password required to load the credential."));
        META.put(PROP_KEY_LOCATION, new PropertyMD().setSortKey("4").setDescription("Location of the private key if stored separately from the main credential (applicable for 'pem' and 'der' types only),"));
        META.put(PROP_KS_KEY_PASSWORD, new PropertyMD().setSecret().setSortKey("5").setDescription("Private key password, which might be needed only for 'jks' or 'pkcs12', if key is encrypted with different password then the main credential password."));
        META.put(PROP_KS_ALIAS, new PropertyMD().setSortKey("6").setDescription("Keystore alias of the key entry to be used. Can be ignored if the keystore contains only one key entry. Only applicable for 'jks' and 'pkcs12'."));
    }
}
