package org.wso2.choreo.connect.enforcer.security.mtls;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.Objects;
import org.apache.commons.codec.binary.Base64;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.wso2.choreo.connect.discovery.api.Certificate;
import org.wso2.choreo.connect.enforcer.constants.APIConstants;

/* loaded from: input_file:org/wso2/choreo/connect/enforcer/security/mtls/MtlsUtils.class */
public class MtlsUtils {
    private static final Logger log = LogManager.getLogger(MtlsUtils.class);

    public static boolean isPublicCertificate(String str) {
        return str.contains(APIConstants.BEGIN_CERTIFICATE_STRING) && str.contains(APIConstants.END_CERTIFICATE_STRING);
    }

    public static String getCertContent(String str) {
        return getCertContent(str, false);
    }

    public static String getCertContent(String str, boolean z) {
        if (z) {
            try {
                str = URLDecoder.decode(str, "UTF-8");
            } catch (UnsupportedEncodingException e) {
                log.debug("Provided client certificate is unable to decode.");
                throw new SecurityException(e);
            }
        }
        if (isPublicCertificate(str)) {
            return str.replaceAll(APIConstants.BEGIN_CERTIFICATE_STRING, "").replaceAll(APIConstants.END_CERTIFICATE_STRING, "").trim();
        }
        log.debug("Provided client certificate is not a public certificate.");
        return "";
    }

    public static KeyStore createTrustStore(List<Certificate> list) throws KeyStoreException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        try {
            keyStore.load(null, null);
            for (Certificate certificate : list) {
                try {
                    keyStore.setCertificateEntry(certificate.getAlias(), getX509Cert(getCertContent(certificate.getContent().toStringUtf8())));
                } catch (CertificateException e) {
                    throw new SecurityException(e);
                }
            }
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e2) {
            log.debug("Creating the client certificate truststore was unsuccessful.");
            throw new SecurityException(e2);
        }
    }

    public static X509Certificate getX509Cert(String str) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(Base64.decodeBase64(str));
            try {
                X509Certificate x509Certificate = (X509Certificate) certificateFactory.generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } finally {
            }
        } catch (IOException e) {
            log.error("Unable to generate x509 certificate format.");
            throw new CertificateException(e);
        }
    }

    public static String getMatchedCertificateAliasFromTrustStore(X509Certificate x509Certificate, KeyStore keyStore) throws CertificateException {
        String str = null;
        try {
            if (Objects.isNull(keyStore)) {
                log.debug("The API truststore has not been initialized.");
            } else {
                str = keyStore.getCertificateAlias(x509Certificate);
            }
            return str;
        } catch (KeyStoreException e) {
            log.debug("Error occurred while checking the API truststore.");
            throw new CertificateException(e);
        }
    }
}
