package com.zollsoft.kvc.certificate;

import com.zollsoft.kvc.constants.Consts;
import com.zollsoft.kvc.rest.KVConnectRestException;
import com.zollsoft.kvc.rest.RESTClient;
import com.zollsoft.kvc.security.Crypto;
import com.zollsoft.kvc.security.KVKeystore;
import com.zollsoft.kvc.security.RSAKey;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.util.Date;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/zollsoft/kvc/certificate/MakePersonalCertificate.class */
public class MakePersonalCertificate {
    protected static final Logger LOG = LoggerFactory.getLogger(MakePersonalCertificate.class);
    private Crypto crypto;
    private RESTClient rest;

    public MakePersonalCertificate(Crypto crypto, RESTClient rESTClient) {
        this.crypto = crypto;
        this.rest = rESTClient;
    }

    private String sendCSR(String str, String str2, int i) throws KVConnectRestException {
        KeyPair keys = new RSAKey(i).getKeys();
        return sendRestCsr(str, str2, keys.getPublic(), keys.getPrivate());
    }

    private String sendRestCsr(String str, String str2, PublicKey publicKey, PrivateKey privateKey) throws KVConnectRestException {
        Response response = null;
        try {
            Response sendCertificateSigningRequest = this.rest.sendCertificateSigningRequest(this.crypto.createCSR(str, str2, publicKey, privateKey));
            if (sendCertificateSigningRequest.getStatus() != 201) {
                throw new KVConnectRestException("CSR konnte nicht an den Server gesendet werden.", sendCertificateSigningRequest);
            }
            String str3 = (String) sendCertificateSigningRequest.readEntity(String.class);
            String substring = str3.substring(str3.lastIndexOf("/") + 1, str3.length());
            savePrivateKeyTemp(privateKey);
            if (sendCertificateSigningRequest != null) {
                sendCertificateSigningRequest.close();
            }
            return substring;
        } catch (Throwable th) {
            if (0 != 0) {
                response.close();
            }
            throw th;
        }
    }

    private void savePrivateKeyTemp(PrivateKey privateKey) {
        this.crypto.getKvKeystore().addPrivateKeyTemp(privateKey);
    }

    private boolean csrSucceeded(String str) throws KVConnectRestException {
        Response response = null;
        try {
            Response cSRStatus = this.rest.getCSRStatus(str);
            int status = cSRStatus.getStatus();
            if (status != 200) {
                LOG.error("CSR-Status konnte nicht abgefragt werden. Antwort-Code: {}. Antwort-Inhalt: {}", Integer.valueOf(status), cSRStatus.readEntity(String.class));
                if (cSRStatus != null) {
                    cSRStatus.close();
                }
                return false;
            }
            CSRStatus cSRStatus2 = (CSRStatus) cSRStatus.readEntity(CSRStatus.class);
            String str2 = cSRStatus2.statusEntries.statusEntries.get(0).state;
            String str3 = cSRStatus2.statusEntries.statusEntries.get(0).status;
            if (str2.equals("Erfolgreich") && str3.equals("999")) {
                if (cSRStatus != null) {
                    cSRStatus.close();
                }
                return true;
            }
            if (str3.startsWith("9")) {
                throw new KVConnectRestException(String.format("CSR wurde vom Server abgelehnt: %s", str2), cSRStatus);
            }
            if (cSRStatus != null) {
                cSRStatus.close();
            }
            return false;
        } catch (Throwable th) {
            if (0 != 0) {
                response.close();
            }
            throw th;
        }
    }

    private void addCertAndKey(String str) throws KVConnectRestException {
        PrivateKey privateKey = this.crypto.getKvKeystore().getPrivateKey("tmp_private");
        Response response = null;
        try {
            Response certificate = this.rest.getCertificate(str);
            if (certificate.getStatus() != 200) {
                throw new KVConnectRestException("Persönliches Zertifikat konnte nicht geladen werden.", certificate);
            }
            X509Certificate makeCertificate = makeCertificate((CertData) certificate.readEntity(CertData.class));
            if (!checkCertValidity(makeCertificate)) {
                throw new KVConnectRestException("Das gewünschte Zertifikat ist nicht mehr valide.");
            }
            if (!checkKeyValidity(privateKey, makeCertificate)) {
                throw new KVConnectRestException("Zertifikat und Private-Key passen nicht zueinander");
            }
            addToKeyStore(privateKey, makeCertificate);
            if (certificate != null) {
                certificate.close();
            }
        } catch (Throwable th) {
            if (0 != 0) {
                response.close();
            }
            throw th;
        }
    }

    private void addToKeyStore(PrivateKey privateKey, X509Certificate x509Certificate) {
        KVKeystore kvKeystore = this.crypto.getKvKeystore();
        kvKeystore.addPersonalCertificate(x509Certificate);
        kvKeystore.addPrivateKey("private", privateKey);
    }

    private X509Certificate makeCertificate(CertData certData) {
        return new KVCertificate(certData.certFile).getSingleCertificate();
    }

    private boolean checkKeyValidity(PrivateKey privateKey, X509Certificate x509Certificate) {
        boolean z = false;
        PublicKey publicKey = x509Certificate.getPublicKey();
        PublicKey generatePublicKey = generatePublicKey(privateKey, "RSA");
        if (generatePublicKey != null) {
            z = publicKey.equals(generatePublicKey);
        }
        return z;
    }

    private PublicKey generatePublicKey(PrivateKey privateKey, String str) {
        RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) privateKey;
        PublicKey publicKey = null;
        try {
            publicKey = KeyFactory.getInstance(str).generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent()));
        } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
            e.printStackTrace();
        }
        return publicKey;
    }

    private boolean checkCertValidity(X509Certificate x509Certificate) {
        Date date = new Date();
        return date.after(x509Certificate.getNotBefore()) && date.before(x509Certificate.getNotAfter());
    }

    public void sendCSR(String str, String str2, int i, int i2) throws KVConnectRestException {
        String sendCSR = sendCSR(str, Consts.SIGNING_ALGORITHM, Consts.RSA_KEY_LENGTH);
        int i3 = 1;
        while (i3 < i) {
            if (csrSucceeded(sendCSR)) {
                addCertAndKey(str2);
                return;
            }
            i3++;
            try {
                Thread.sleep(i2);
            } catch (InterruptedException e) {
                throw new KVConnectRestException("Erstellung eines Zertifikats abgebrochen", e);
            }
        }
        throw new KVConnectRestException(String.format("Erstellung eines Zertifikats wurde nicht innerhalb der konfigurierten Zeit von %d Sekunden abgeschlossen.", Integer.valueOf((i * i2) / 1000)));
    }
}
