package org.gluu.casa.plugins.cert.service;

import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.OpenOption;
import java.nio.file.Paths;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.gluu.casa.core.model.BasePerson;
import org.gluu.casa.core.model.IdentityPerson;
import org.gluu.casa.misc.Utils;
import org.gluu.casa.plugins.cert.model.CertPerson;
import org.gluu.casa.service.IPersistenceService;
import org.gluu.oxauth.cert.fingerprint.FingerprintHelper;
import org.gluu.oxauth.model.util.CertUtils;
import org.gluu.search.filter.Filter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/gluu/casa/plugins/cert/service/CertService.class */
public class CertService {
    private static final String ACR = "cert";
    private static final int DEFAULT_CRL_MAX_RESPONSE_SIZE = 5242880;
    private static final String CERT_PREFIX = "cert:";
    private static CertService singleton;
    private Logger logger = LoggerFactory.getLogger(getClass());
    private ObjectMapper mapper = new ObjectMapper();
    private IPersistenceService persistenceService = (IPersistenceService) Utils.managedBean(IPersistenceService.class);
    private Map<String, String> scriptProperties;
    private int crlMaxResponseSize;
    private List<X509Certificate> chainCerts;
    private boolean hasValidProperties;

    public static CertService getInstance() {
        if (singleton == null) {
            singleton = new CertService();
        }
        return singleton;
    }

    public boolean isHasValidProperties() {
        return this.hasValidProperties;
    }

    public void reloadConfiguration() {
        this.scriptProperties = this.persistenceService.getCustScriptConfigProperties("cert");
        if (this.scriptProperties == null) {
            this.logger.warn("Config. properties for custom script '{}' could not be read!!.", "cert");
            return;
        }
        try {
            this.crlMaxResponseSize = Integer.valueOf(this.scriptProperties.get("crl_max_response_size")).intValue();
        } catch (Exception e) {
            this.logger.error(e.getMessage());
            this.logger.warn("Using default value of {} for '{}'", Integer.valueOf(DEFAULT_CRL_MAX_RESPONSE_SIZE), "crl_max_response_size");
        }
        this.logger.info("Scanning cert chains specified in '{}' param...", "chain_cert_file_path");
        try {
            InputStream newInputStream = Files.newInputStream(Paths.get(this.scriptProperties.get("chain_cert_file_path"), new String[0]), new OpenOption[0]);
            try {
                Stream<? extends Certificate> stream = CertificateFactory.getInstance("X.509").generateCertificates(newInputStream).stream();
                Class<X509Certificate> cls = X509Certificate.class;
                Objects.requireNonNull(X509Certificate.class);
                this.chainCerts = (List) stream.map((v1) -> {
                    return r2.cast(v1);
                }).collect(Collectors.toList());
                this.logger.info("{} certs loaded", Integer.valueOf(this.chainCerts.size()));
                this.hasValidProperties = true;
                if (newInputStream != null) {
                    newInputStream.close();
                }
            } finally {
            }
        } catch (Exception e2) {
            this.logger.error(e2.getMessage(), e2);
        }
    }

    /* JADX WARN: Can't fix incorrect switch cases order, some code will duplicate */
    /* JADX WARN: Code restructure failed: missing block: B:12:0x00ca, code lost:
    
        r0 = r14.validate(r6, r5.chainCerts, r0).getValidity();
     */
    /* JADX WARN: Code restructure failed: missing block: B:13:0x00e4, code lost:
    
        if (r0.equals(org.gluu.oxauth.cert.validation.model.ValidationStatus.CertificateValidity.VALID) != false) goto L22;
     */
    /* JADX WARN: Code restructure failed: missing block: B:15:0x00e7, code lost:
    
        r7 = false;
        r5.logger.warn("Certificate validity is: {}", r0);
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public boolean validate(java.security.cert.X509Certificate r6) {
        /*
            r5 = this;
            r0 = 1
            r7 = r0
            java.util.Date r0 = new java.util.Date
            r1 = r0
            r1.<init>()
            r8 = r0
            r0 = r5
            org.slf4j.Logger r0 = r0.logger
            java.lang.String r1 = "Validating certificate"
            r0.info(r1)
            org.gluu.casa.plugins.cert.service.VerifierType[] r0 = org.gluu.casa.plugins.cert.service.VerifierType.values()
            r9 = r0
            r0 = r9
            int r0 = r0.length
            r10 = r0
            r0 = 0
            r11 = r0
        L22:
            r0 = r11
            r1 = r10
            if (r0 >= r1) goto Lff
            r0 = r9
            r1 = r11
            r0 = r0[r1]
            r12 = r0
            r0 = r5
            java.util.Map<java.lang.String, java.lang.String> r0 = r0.scriptProperties
            r1 = r12
            java.lang.String r1 = r1.getParam()
            java.lang.Object r0 = r0.get(r1)
            java.lang.String r0 = (java.lang.String) r0
            r13 = r0
            r0 = r13
            java.util.Optional r0 = java.util.Optional.ofNullable(r0)
            boolean r1 = java.lang.Boolean::valueOf
            java.util.Optional r0 = r0.map(r1)
            r1 = 0
            java.lang.Boolean r1 = java.lang.Boolean.valueOf(r1)
            java.lang.Object r0 = r0.orElse(r1)
            java.lang.Boolean r0 = (java.lang.Boolean) r0
            boolean r0 = r0.booleanValue()
            if (r0 == 0) goto Lf9
            r0 = 0
            r14 = r0
            r0 = r5
            org.slf4j.Logger r0 = r0.logger
            java.lang.String r1 = "Applying '{}' validator"
            r2 = r12
            r0.info(r1, r2)
            int[] r0 = org.gluu.casa.plugins.cert.service.CertService.AnonymousClass1.$SwitchMap$org$gluu$casa$plugins$cert$service$VerifierType
            r1 = r12
            int r1 = r1.ordinal()
            r0 = r0[r1]
            switch(r0) {
                case 1: goto L98;
                case 2: goto La4;
                case 3: goto Lb1;
                case 4: goto Lbd;
                default: goto Lca;
            }
        L98:
            org.gluu.oxauth.cert.validation.GenericCertificateVerifier r0 = new org.gluu.oxauth.cert.validation.GenericCertificateVerifier
            r1 = r0
            r1.<init>()
            r14 = r0
            goto Lca
        La4:
            org.gluu.oxauth.cert.validation.PathCertificateVerifier r0 = new org.gluu.oxauth.cert.validation.PathCertificateVerifier
            r1 = r0
            r2 = 1
            r1.<init>(r2)
            r14 = r0
            goto Lca
        Lb1:
            org.gluu.oxauth.cert.validation.OCSPCertificateVerifier r0 = new org.gluu.oxauth.cert.validation.OCSPCertificateVerifier
            r1 = r0
            r1.<init>()
            r14 = r0
            goto Lca
        Lbd:
            org.gluu.oxauth.cert.validation.CRLCertificateVerifier r0 = new org.gluu.oxauth.cert.validation.CRLCertificateVerifier
            r1 = r0
            r2 = r5
            int r2 = r2.crlMaxResponseSize
            r1.<init>(r2)
            r14 = r0
        Lca:
            r0 = r14
            r1 = r6
            r2 = r5
            java.util.List<java.security.cert.X509Certificate> r2 = r2.chainCerts
            r3 = r8
            org.gluu.oxauth.cert.validation.model.ValidationStatus r0 = r0.validate(r1, r2, r3)
            org.gluu.oxauth.cert.validation.model.ValidationStatus$CertificateValidity r0 = r0.getValidity()
            r15 = r0
            r0 = r15
            org.gluu.oxauth.cert.validation.model.ValidationStatus$CertificateValidity r1 = org.gluu.oxauth.cert.validation.model.ValidationStatus.CertificateValidity.VALID
            boolean r0 = r0.equals(r1)
            if (r0 != 0) goto Lf9
            r0 = 0
            r7 = r0
            r0 = r5
            org.slf4j.Logger r0 = r0.logger
            java.lang.String r1 = "Certificate validity is: {}"
            r2 = r15
            r0.warn(r1, r2)
            goto Lff
        Lf9:
            int r11 = r11 + 1
            goto L22
        Lff:
            r0 = r7
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.gluu.casa.plugins.cert.service.CertService.validate(java.security.cert.X509Certificate):boolean");
    }

    public UserCertificateMatch processMatch(X509Certificate x509Certificate, String str, boolean z) {
        UserCertificateMatch userCertificateMatch;
        try {
            this.logger.info("Matching certificate and user. Enrollment is {}", Boolean.valueOf(z));
            CertPerson certPerson = (CertPerson) this.persistenceService.get(CertPerson.class, this.persistenceService.getPersonDn(str));
            if (certPerson == null) {
                userCertificateMatch = UserCertificateMatch.UNKNOWN_USER;
            } else {
                this.logger.debug("Generating certificate fingerprint...");
                String format = String.format("%s%s", CERT_PREFIX, getFingerPrint(x509Certificate));
                List find = this.persistenceService.find(BasePerson.class, this.persistenceService.getPeopleDn(), Filter.createEqualityFilter("oxExternalUid", format).multiValued(), 0, 1);
                if (find.size() > 0) {
                    if (str.equals(((BasePerson) find.get(0)).getInum())) {
                        userCertificateMatch = z ? UserCertificateMatch.CERT_ENROLLED_ALREADY : UserCertificateMatch.SUCCESS;
                    } else {
                        userCertificateMatch = UserCertificateMatch.CERT_ENROLLED_OTHER_USER;
                    }
                } else if (z) {
                    this.logger.info("Associating presented cert to user");
                    ArrayList arrayList = new ArrayList((Collection) Optional.ofNullable(certPerson.getOxExternalUid()).orElse(Collections.emptyList()));
                    arrayList.add(format);
                    certPerson.setOxExternalUid(arrayList);
                    userCertificateMatch = UserCertificateMatch.SUCCESS;
                } else {
                    this.logger.info("Certificate not associated to an existing account yet");
                    userCertificateMatch = UserCertificateMatch.CERT_NOT_RECOGNIZED;
                }
            }
            if (userCertificateMatch.equals(UserCertificateMatch.SUCCESS) || userCertificateMatch.equals(UserCertificateMatch.CERT_ENROLLED_ALREADY)) {
                updateUserX509Certificates(certPerson, x509Certificate);
                userCertificateMatch = this.persistenceService.modify(certPerson) ? userCertificateMatch : UserCertificateMatch.UNKNOWN_ERROR;
            }
            this.logger.info("Operation result is {}", userCertificateMatch.toString());
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
            userCertificateMatch = UserCertificateMatch.UNKNOWN_ERROR;
        }
        return userCertificateMatch;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v16, types: [java.util.List] */
    public List<org.gluu.casa.plugins.cert.model.Certificate> getUserCerts(String str) {
        ArrayList arrayList = new ArrayList();
        try {
            CertPerson certPerson = (CertPerson) this.persistenceService.get(CertPerson.class, this.persistenceService.getPersonDn(str));
            List<org.gluu.oxtrust.model.scim2.user.X509Certificate> scimX509Certificates = getScimX509Certificates((List) Optional.ofNullable(certPerson.getX509Certificates()).orElse(Collections.emptyList()));
            arrayList = (List) certPerson.getOxExternalUid().stream().filter(str2 -> {
                return str2.startsWith(CERT_PREFIX);
            }).map(str3 -> {
                return getExtraCertsInfo(str3, scimX509Certificates);
            }).collect(Collectors.toList());
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
        return arrayList;
    }

    public int getDevicesTotal(String str) {
        int i = 0;
        try {
            i = (int) ((IdentityPerson) this.persistenceService.get(IdentityPerson.class, this.persistenceService.getPersonDn(str))).getOxExternalUid().stream().filter(str2 -> {
                return str2.startsWith(CERT_PREFIX);
            }).count();
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
        return i;
    }

    private org.gluu.casa.plugins.cert.model.Certificate getExtraCertsInfo(String str, List<org.gluu.oxtrust.model.scim2.user.X509Certificate> list) {
        X509Certificate x509CertificateFromPem;
        String replace = str.replace(CERT_PREFIX, "");
        org.gluu.casa.plugins.cert.model.Certificate certificate = new org.gluu.casa.plugins.cert.model.Certificate();
        certificate.setFingerPrint(replace);
        for (org.gluu.oxtrust.model.scim2.user.X509Certificate x509Certificate : list) {
            try {
                x509CertificateFromPem = CertUtils.x509CertificateFromPem(x509Certificate.getValue());
            } catch (Exception e) {
                this.logger.error(e.getMessage());
            }
            if (replace.equals(getFingerPrint(x509CertificateFromPem))) {
                Map map = (Map) Arrays.stream(x509Certificate.getDisplay().split(",\\s*")).collect(Collectors.toMap(str2 -> {
                    return str2.substring(0, str2.indexOf(61)).toLowerCase();
                }, str3 -> {
                    return str3.substring(str3.indexOf(61) + 1);
                }));
                String str4 = (String) map.get("cn");
                String str5 = (String) map.getOrDefault("ou", "");
                String str6 = (String) map.getOrDefault("o", "");
                if (Utils.isNotEmpty(str5)) {
                    if (Utils.isNotEmpty(str6)) {
                        str5 = str5 + ", " + str6;
                    }
                } else if (Utils.isNotEmpty(str6)) {
                    str5 = str6;
                }
                String str7 = (String) map.getOrDefault("l", "");
                String str8 = (String) map.getOrDefault("st", "");
                String str9 = (String) map.getOrDefault("c", "");
                certificate.setCommonName(str4);
                certificate.setOrganization(str5);
                certificate.setLocation(String.format("%s %s %s", str7, str8, str9).trim());
                certificate.setFormattedName(str4 + (Utils.isEmpty(str5) ? "" : String.format(" (%s)", str5)));
                long time = x509CertificateFromPem.getNotAfter().getTime();
                certificate.setExpirationDate(time);
                certificate.setExpired(time < System.currentTimeMillis());
                break;
            }
            continue;
        }
        return certificate;
    }

    public boolean removeFromUser(String str, String str2) throws Exception {
        CertPerson certPerson = (CertPerson) this.persistenceService.get(CertPerson.class, this.persistenceService.getPersonDn(str2));
        List<org.gluu.oxtrust.model.scim2.user.X509Certificate> scimX509Certificates = getScimX509Certificates((List) Optional.ofNullable(certPerson.getX509Certificates()).orElse(new ArrayList()));
        boolean z = false;
        int i = 0;
        while (i < scimX509Certificates.size() && !z) {
            z = getFingerPrint(CertUtils.x509CertificateFromPem(scimX509Certificates.get(i).getValue())).equals(str);
            i++;
        }
        if (z) {
            certPerson.getX509Certificates().remove(i - 1);
        }
        certPerson.getOxExternalUid().stream().filter(str3 -> {
            return str3.equals(CERT_PREFIX + str);
        }).findFirst().ifPresent(str4 -> {
            certPerson.getOxExternalUid().remove(str4);
        });
        return this.persistenceService.modify(certPerson);
    }

    private List<org.gluu.oxtrust.model.scim2.user.X509Certificate> getScimX509Certificates(List<String> list) {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            try {
                arrayList.add((org.gluu.oxtrust.model.scim2.user.X509Certificate) this.mapper.readValue(str, org.gluu.oxtrust.model.scim2.user.X509Certificate.class));
            } catch (Exception e) {
                this.logger.error("Unable to convert value '{}' to expected SCIM format", str);
                this.logger.error(e.getMessage());
            }
        }
        return arrayList;
    }

    private void updateUserX509Certificates(CertPerson certPerson, X509Certificate x509Certificate) {
        try {
            boolean z = false;
            String name = x509Certificate.getSubjectX500Principal().getName();
            this.logger.info("Reading user's stored X509 certificates");
            List<String> list = (List) Optional.ofNullable(certPerson.getX509Certificates()).orElse(new ArrayList());
            Iterator<org.gluu.oxtrust.model.scim2.user.X509Certificate> it = getScimX509Certificates(list).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                String display = it.next().getDisplay();
                if (Utils.isNotEmpty(display) && display.equals(name)) {
                    this.logger.debug("The certificate presented is already in user's profile");
                    z = true;
                    break;
                }
            }
            if (!z) {
                org.gluu.oxtrust.model.scim2.user.X509Certificate x509Certificate2 = new org.gluu.oxtrust.model.scim2.user.X509Certificate();
                x509Certificate2.setValue(new String(Base64.getEncoder().encode(x509Certificate.getEncoded()), StandardCharsets.UTF_8));
                x509Certificate2.setDisplay(name);
                this.logger.debug("Updating user's oxTrustx509Certificate attribute");
                list.add(this.mapper.writeValueAsString(x509Certificate2));
                certPerson.setX509Certificates(list);
            }
        } catch (Exception e) {
            this.logger.error(e.getMessage(), e);
        }
    }

    private String getFingerPrint(X509Certificate x509Certificate) throws Exception {
        return FingerprintHelper.getPublicKeySshFingerprint(x509Certificate.getPublicKey());
    }

    private CertService() {
        reloadConfiguration();
    }
}
