package io.cellery.security.cell.sts.server.jwks;

import io.cellery.security.cell.sts.server.core.CellStsUtils;
import java.io.FileInputStream;
import java.io.IOException;
import java.net.URL;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.security.KeyFactory;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPrivateCrtKeySpec;
import java.util.Base64;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import sun.security.util.DerInputStream;
import sun.security.util.DerValue;

/* loaded from: input_file:io/cellery/security/cell/sts/server/jwks/FileBasedKeyResolver.class */
public class FileBasedKeyResolver extends StaticKeyResolver {
    private static final String SERVER_CERTS_LOCATION = "/etc/certs/";
    private static final String PRIVATE_KEY_FILE_NAME = "key.pem";
    private static final String CERTIFICATE_FILE_NAME = "cert.pem";
    private static final String START_RSA_PRIVATE_KEY = "-----BEGIN RSA PRIVATE KEY-----";
    private static final String END_RSA_PRIVATE_KEY = "-----END RSA PRIVATE KEY-----";
    private static PublicKey publicKey;
    private static PrivateKey privateKey;
    private static X509Certificate certificate;
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) FileBasedKeyResolver.class);
    private static String privateKeyPath = "/etc/certs/key.pem";
    private static String publicKeyPath = "/etc/certs/cert.pem";

    public FileBasedKeyResolver() {
        try {
            if (CellStsUtils.isRunningInDebugMode()) {
                overridePaths();
            }
            readPrivateKeyPKCS1PEM(privateKeyPath);
            readCertificate(publicKeyPath);
        } catch (IOException | NoSuchAlgorithmException | CertificateException | InvalidKeySpecException e) {
            LOG.error("Error while building keys from files", e);
        }
    }

    private void overridePaths() {
        privateKeyPath = ((URL) Objects.requireNonNull(FileBasedKeyResolver.class.getClassLoader().getResource(PRIVATE_KEY_FILE_NAME))).getPath();
        publicKeyPath = ((URL) Objects.requireNonNull(FileBasedKeyResolver.class.getClassLoader().getResource(CERTIFICATE_FILE_NAME))).getPath();
    }

    @Override // io.cellery.security.cell.sts.server.jwks.KeyResolver
    public PrivateKey getPrivateKey() throws KeyResolverException {
        if (privateKey != null) {
            return privateKey;
        }
        throw new KeyResolverException("No private key found");
    }

    @Override // io.cellery.security.cell.sts.server.jwks.KeyResolver
    public PublicKey getPublicKey() throws KeyResolverException {
        if (publicKey != null) {
            return publicKey;
        }
        throw new KeyResolverException("No public key found");
    }

    @Override // io.cellery.security.cell.sts.server.jwks.KeyResolver
    public X509Certificate getCertificate() throws KeyResolverException {
        if (certificate != null) {
            return certificate;
        }
        throw new KeyResolverException("No certificate found");
    }

    private void readPrivateKeyPKCS1PEM(String str) throws IOException, NoSuchAlgorithmException, InvalidKeySpecException {
        DerValue[] sequence = new DerInputStream(Base64.getDecoder().decode(new String(Files.readAllBytes(Paths.get(str, new String[0])), Charset.forName("UTF-8")).replaceAll("\\n", "").replace(START_RSA_PRIVATE_KEY, "").replace(END_RSA_PRIVATE_KEY, ""))).getSequence(0);
        privateKey = KeyFactory.getInstance("RSA").generatePrivate(new RSAPrivateCrtKeySpec(sequence[1].getBigInteger(), sequence[2].getBigInteger(), sequence[3].getBigInteger(), sequence[4].getBigInteger(), sequence[5].getBigInteger(), sequence[6].getBigInteger(), sequence[7].getBigInteger(), sequence[8].getBigInteger()));
    }

    private void readCertificate(String str) throws CertificateException, IOException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        FileInputStream fileInputStream = new FileInputStream(str);
        Throwable th = null;
        try {
            certificate = (X509Certificate) certificateFactory.generateCertificate(fileInputStream);
            publicKey = certificate.getPublicKey();
            if (fileInputStream != null) {
                if (0 == 0) {
                    fileInputStream.close();
                    return;
                }
                try {
                    fileInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (fileInputStream != null) {
                if (0 != 0) {
                    try {
                        fileInputStream.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    fileInputStream.close();
                }
            }
            throw th3;
        }
    }
}
