package com.dawex.weaver.trustframework.vc.core.jose;

import com.dawex.weaver.trustframework.vc.core.jose.exception.KeyCreationException;
import com.dawex.weaver.trustframework.vc.core.jose.exception.KeyParsingException;
import com.dawex.weaver.trustframework.vc.core.jose.exception.MissingCertificateException;
import com.nimbusds.jose.JOSEException;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.RSAKey;
import com.nimbusds.jose.util.IOUtils;
import com.nimbusds.jose.util.X509CertChainUtils;
import com.nimbusds.jose.util.X509CertUtils;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.Reader;
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import java.lang.runtime.ObjectMethods;
import java.math.BigInteger;
import java.net.URI;
import java.security.GeneralSecurityException;
import java.security.InvalidParameterException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.RSAPublicKeySpec;
import java.text.ParseException;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.time.ZoneOffset;
import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;

/* loaded from: input_file:com/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils.class */
public class JwkSetUtils {
    private static final int RSA_KEY_SIZE = 2048;
    private static final String SIGNATURE_ALGORITHM = "SHA256withRSA";

    /* loaded from: input_file:com/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys.class */
    public static final class CreatedKeys extends Record {
        private final JWKSet jwkSet;
        private final List<String> certificates;

        public CreatedKeys(JWKSet jWKSet, List<String> list) {
            this.jwkSet = jWKSet;
            this.certificates = list;
        }

        @Override // java.lang.Record
        public final String toString() {
            return (String) ObjectMethods.bootstrap(MethodHandles.lookup(), "toString", MethodType.methodType(String.class, CreatedKeys.class), CreatedKeys.class, "jwkSet;certificates", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->jwkSet:Lcom/nimbusds/jose/jwk/JWKSet;", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->certificates:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final int hashCode() {
            return (int) ObjectMethods.bootstrap(MethodHandles.lookup(), "hashCode", MethodType.methodType(Integer.TYPE, CreatedKeys.class), CreatedKeys.class, "jwkSet;certificates", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->jwkSet:Lcom/nimbusds/jose/jwk/JWKSet;", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->certificates:Ljava/util/List;").dynamicInvoker().invoke(this) /* invoke-custom */;
        }

        @Override // java.lang.Record
        public final boolean equals(Object obj) {
            return (boolean) ObjectMethods.bootstrap(MethodHandles.lookup(), "equals", MethodType.methodType(Boolean.TYPE, CreatedKeys.class, Object.class), CreatedKeys.class, "jwkSet;certificates", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->jwkSet:Lcom/nimbusds/jose/jwk/JWKSet;", "FIELD:Lcom/dawex/weaver/trustframework/vc/core/jose/JwkSetUtils$CreatedKeys;->certificates:Ljava/util/List;").dynamicInvoker().invoke(this, obj) /* invoke-custom */;
        }

        public JWKSet jwkSet() {
            return this.jwkSet;
        }

        public List<String> certificates() {
            return this.certificates;
        }
    }

    private JwkSetUtils() {
    }

    public static JWKSet parseJwkSet(Map<String, Object> map) {
        try {
            return JWKSet.parse(map);
        } catch (ParseException e) {
            throw new KeyParsingException(e);
        }
    }

    public static CreatedKeys createKeysWithSelfSignedCertificate(String str, String str2, int i) {
        try {
            KeyPair generateRsaKey = generateRsaKey();
            X509Certificate selfSignedX509Certificate = getSelfSignedX509Certificate(generateRsaKey, str2, i);
            return new CreatedKeys(new JWKSet(buildRsaKey(str, selfSignedX509Certificate, (RSAPrivateKey) generateRsaKey.getPrivate())), List.of(X509CertUtils.toPEMString(selfSignedX509Certificate)));
        } catch (OperatorCreationException | CertificateException | JOSEException e) {
            throw new KeyCreationException("The key pair and/or the X.509 certificate cannot be created", e);
        }
    }

    public static CreatedKeys importKeysWithSelfSignedCertificate(InputStream inputStream, String str, String str2, int i) {
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
            try {
                KeyPair parseRsaPrivateKey = parseRsaPrivateKey(inputStreamReader);
                X509Certificate selfSignedX509Certificate = getSelfSignedX509Certificate(parseRsaPrivateKey, str2, i);
                CreatedKeys createdKeys = new CreatedKeys(new JWKSet(buildRsaKey(str, selfSignedX509Certificate, (RSAPrivateKey) parseRsaPrivateKey.getPrivate())), List.of(X509CertUtils.toPEMString(selfSignedX509Certificate)));
                inputStreamReader.close();
                return createdKeys;
            } catch (Throwable th) {
                try {
                    inputStreamReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (JOSEException | IOException | OperatorCreationException | GeneralSecurityException e) {
            throw new KeyCreationException("The key pair cannot be imported and/or the X.509 certificate cannot be created", e);
        }
    }

    public static CreatedKeys importKeysAndCertificate(InputStream inputStream, InputStream inputStream2, String str) {
        try {
            InputStreamReader inputStreamReader = new InputStreamReader(inputStream);
            try {
                KeyPair parseRsaPrivateKey = parseRsaPrivateKey(inputStreamReader);
                List<X509Certificate> x509Certificates = getX509Certificates(inputStream2);
                CreatedKeys createdKeys = new CreatedKeys(new JWKSet(buildRsaKey(str, x509Certificates.get(0), (RSAPrivateKey) parseRsaPrivateKey.getPrivate())), x509Certificates.stream().map(X509CertUtils::toPEMString).toList());
                inputStreamReader.close();
                return createdKeys;
            } catch (Throwable th) {
                try {
                    inputStreamReader.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (GeneralSecurityException | JOSEException | MissingCertificateException | IOException e) {
            throw new KeyCreationException("The key pair and/or the X.509 certificate cannot be imported", e);
        }
    }

    private static X509Certificate getSelfSignedX509Certificate(KeyPair keyPair, String str, int i) throws OperatorCreationException, CertificateException {
        X500Name x500Name = new X500Name("CN=%s".formatted(str));
        BigInteger valueOf = BigInteger.valueOf(new SecureRandom().nextLong(0L, Long.MAX_VALUE));
        OffsetDateTime atOffset = LocalDate.now().atStartOfDay().atOffset(ZoneOffset.UTC);
        return new JcaX509CertificateConverter().setProvider(new BouncyCastleProvider()).getCertificate(new JcaX509v3CertificateBuilder(x500Name, valueOf, Date.from(atOffset.toInstant()), Date.from(atOffset.plusMonths(i).toInstant()), x500Name, keyPair.getPublic()).build(new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).build(keyPair.getPrivate())));
    }

    private static List<X509Certificate> getX509Certificates(InputStream inputStream) throws IOException, CertificateException, MissingCertificateException {
        List<X509Certificate> parse = X509CertChainUtils.parse(IOUtils.readInputStreamToString(inputStream));
        if (parse.isEmpty()) {
            throw new MissingCertificateException();
        }
        Iterator<X509Certificate> it = parse.iterator();
        while (it.hasNext()) {
            it.next().checkValidity();
        }
        return parse;
    }

    private static KeyPair generateRsaKey() {
        try {
            KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");
            keyPairGenerator.initialize(RSA_KEY_SIZE);
            return keyPairGenerator.generateKeyPair();
        } catch (InvalidParameterException | NoSuchAlgorithmException e) {
            throw new KeyCreationException("The RSA key pair cannot be generated", e);
        }
    }

    private static KeyPair parseRsaPrivateKey(Reader reader) throws InvalidKeySpecException, IOException, NoSuchAlgorithmException {
        PEMParser pEMParser = new PEMParser(reader);
        try {
            Object readObject = pEMParser.readObject();
            pEMParser.close();
            RSAPrivateCrtKey rSAPrivateCrtKey = (RSAPrivateCrtKey) new JcaPEMKeyConverter().getPrivateKey(readObject instanceof PEMKeyPair ? ((PEMKeyPair) readObject).getPrivateKeyInfo() : PrivateKeyInfo.getInstance(readObject));
            return new KeyPair(KeyFactory.getInstance("RSA").generatePublic(new RSAPublicKeySpec(rSAPrivateCrtKey.getModulus(), rSAPrivateCrtKey.getPublicExponent())), rSAPrivateCrtKey);
        } catch (Throwable th) {
            try {
                pEMParser.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    private static RSAKey buildRsaKey(String str, X509Certificate x509Certificate, RSAPrivateKey rSAPrivateKey) throws JOSEException {
        String uuid = UUID.randomUUID().toString();
        return new RSAKey.Builder(RSAKey.parse(x509Certificate)).keyID(uuid).privateKey(rSAPrivateKey).algorithm(JsonWebSignatureUtils.JWS_ALGORITHM).x509CertURL((URI) Optional.ofNullable(str).map(str2 -> {
            return URI.create(str2.formatted(uuid));
        }).orElse(null)).build();
    }
}
