package com.identityx.clientSDK.credentialsProviders;

import com.identityx.auth.impl.keys.PrivateApiKey;
import com.identityx.auth.impl.keys.PublicApiKey;
import com.identityx.auth.util.CertsUtil;
import com.identityx.clientSDK.def.ICredentialsProvider;
import com.identityx.clientSDK.exceptions.ClientInitializationException;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.List;
import java.util.Properties;
import org.apache.commons.codec.binary.Base64;

/* loaded from: input_file:com/identityx/clientSDK/credentialsProviders/AsymCredentialsProvider.class */
public class AsymCredentialsProvider implements ICredentialsProvider {
    protected static String defaultCredentialsFileName = "credentials.properties";
    private String baseUrl;
    private PrivateApiKey apiKey;
    private PublicApiKey responseApiKey;
    private X509Certificate serverCACert;
    private String serverCertDN;
    private boolean revocationEnabled = true;
    private boolean ocspEnabled = true;

    /* loaded from: input_file:com/identityx/clientSDK/credentialsProviders/AsymCredentialsProvider$AsymCredentialsProviderBuilder.class */
    public static class AsymCredentialsProviderBuilder {
        private X509Certificate serverCACert = null;
        private String serverCertDN = null;
        private boolean revocationEnabled = false;
        private boolean ocspEnabled = false;
        private String baseUrl = null;
        private String tokenId = null;
        private PrivateApiKey apiKey = null;
        private String jksPassword = null;
        private String keyAlias = null;
        private String keyPassword = null;
        private InputStream jksInputStream = null;
        private InputStream credentialsInputStream = null;

        public AsymCredentialsProviderBuilder setServerCACert(X509Certificate x509Certificate) {
            this.serverCACert = x509Certificate;
            return this;
        }

        public AsymCredentialsProviderBuilder setRevocationEnabled(boolean z) {
            this.revocationEnabled = z;
            return this;
        }

        public AsymCredentialsProviderBuilder setBaseUrl(String str) {
            this.baseUrl = str;
            return this;
        }

        public AsymCredentialsProviderBuilder setTokenId(String str) {
            this.tokenId = str;
            return this;
        }

        public AsymCredentialsProviderBuilder setJksInputStream(InputStream inputStream) {
            this.jksInputStream = inputStream;
            return this;
        }

        public AsymCredentialsProviderBuilder setJksPassword(String str) {
            this.jksPassword = str;
            return this;
        }

        public AsymCredentialsProviderBuilder setKeyAlias(String str) {
            this.keyAlias = str;
            return this;
        }

        public AsymCredentialsProviderBuilder setKeyPassword(String str) {
            this.keyPassword = str;
            return this;
        }

        public AsymCredentialsProviderBuilder setCredentialsInputStream(InputStream inputStream) {
            this.credentialsInputStream = inputStream;
            return this;
        }

        public AsymCredentialsProviderBuilder setApiKey(PrivateApiKey privateApiKey) {
            this.apiKey = privateApiKey;
            return this;
        }

        public AsymCredentialsProviderBuilder setOCSPEnabled(boolean z) {
            if (z) {
                this.revocationEnabled = true;
            }
            this.ocspEnabled = z;
            return this;
        }

        public AsymCredentialsProviderBuilder setServerCertDN(String str) {
            this.serverCertDN = str;
            return this;
        }

        public AsymCredentialsProvider build() {
            List certsFromString;
            try {
                Properties properties = new Properties();
                if ((this.apiKey == null || this.tokenId == null || this.baseUrl == null || this.serverCACert == null || this.serverCertDN == null) && this.credentialsInputStream != null) {
                    properties.load(this.credentialsInputStream);
                }
                X509Certificate x509Certificate = null;
                String property = properties.getProperty("validationCerts");
                if (property != null && !property.isEmpty() && (certsFromString = CertsUtil.certsFromString(property)) != null && certsFromString.size() != 0) {
                    x509Certificate = (X509Certificate) certsFromString.get(0);
                }
                if (this.apiKey == null) {
                    if (this.jksInputStream == null) {
                        throw new IllegalStateException("No api key: an api key is extracted from a file specified by jksInputStream or provided directly by setting the apiKey parameter");
                    }
                    Key extractKeyFromJksInputStream = AsymCredentialsProvider.extractKeyFromJksInputStream(this.jksInputStream, this.jksPassword, this.keyAlias, this.keyPassword);
                    if (this.tokenId == null) {
                        if (this.credentialsInputStream == null) {
                            throw new IllegalStateException("No tokenId: a tokenId is extracted from a file specified by credentialsInputStream or provided directly by setting the tokenId parameter");
                        }
                        this.tokenId = properties.getProperty("tokenId");
                    }
                    if (x509Certificate != null) {
                        RSAPublicKey rSAPublicKey = (RSAPublicKey) x509Certificate.getPublicKey();
                        RSAPrivateKey rSAPrivateKey = (RSAPrivateKey) extractKeyFromJksInputStream;
                        if (!(rSAPublicKey.getModulus().equals(rSAPrivateKey.getModulus()) && BigInteger.valueOf(2L).modPow(rSAPublicKey.getPublicExponent().multiply(rSAPrivateKey.getPrivateExponent()).subtract(BigInteger.ONE), rSAPublicKey.getModulus()).equals(BigInteger.ONE))) {
                            throw new IllegalStateException("The client cert specified by credentialsInputStream does not match the private key");
                        }
                    }
                    this.apiKey = new PrivateApiKey(this.tokenId, extractKeyFromJksInputStream);
                }
                if (this.baseUrl == null) {
                    if (this.credentialsInputStream == null) {
                        throw new IllegalStateException("No baseUrl: baseUrl is extracted from a file specified by credentialsInputStream or provided directly by setting the baseUrl parameter");
                    }
                    this.baseUrl = properties.getProperty("serviceUrl");
                }
                if (this.serverCACert == null) {
                    if (this.credentialsInputStream == null) {
                        throw new IllegalStateException("No serverCACert: serverCACert is extracted from a file specified by credentialsInputStream or provided directly by setting the serverCACert parameter");
                    }
                    String property2 = properties.getProperty("serverCACert");
                    if (property2 == null) {
                        throw new IllegalStateException("No serverCACert: serverCACert cannot be extracted from the file specified by credentialsInputStream and is not provided directly by setting the serverCACert parameter");
                    }
                    this.serverCACert = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(property2)));
                }
                if (this.serverCertDN == null) {
                    if (this.credentialsInputStream == null) {
                        throw new IllegalStateException("No serverCertDN: serverCertDN is extracted from a file specified by credentialsInputStream or provided directly by setting the serverCertDN parameter");
                    }
                    this.serverCertDN = properties.getProperty("serverCertDN").trim();
                }
                AsymCredentialsProvider asymCredentialsProvider = new AsymCredentialsProvider(this.baseUrl, this.apiKey, this.serverCACert, this.serverCertDN);
                asymCredentialsProvider.setRevocationEnabled(this.revocationEnabled);
                asymCredentialsProvider.setOcspEnabled(this.ocspEnabled);
                return asymCredentialsProvider;
            } catch (Exception e) {
                throw new RuntimeException("An error has occurred while trying to build the AsymCredentialsProvider object", e);
            }
        }
    }

    public AsymCredentialsProvider(String str, PrivateApiKey privateApiKey, X509Certificate x509Certificate, String str2) {
        this.baseUrl = str;
        this.apiKey = privateApiKey;
        if (x509Certificate != null) {
            setServerCACert(x509Certificate);
        }
        if (str2 != null) {
            this.serverCertDN = str2;
        }
    }

    public AsymCredentialsProvider(InputStream inputStream, String str, String str2, String str3, InputStream inputStream2, X509Certificate x509Certificate, String str4) throws ClientInitializationException {
        init(inputStream, str, str2, str3, inputStream2);
        if (x509Certificate != null) {
            setServerCACert(x509Certificate);
        }
        if (str4 != null) {
            this.serverCertDN = str4;
        }
    }

    protected void init(InputStream inputStream, String str, String str2, String str3, InputStream inputStream2) throws ClientInitializationException {
        if (inputStream == null) {
            throw new IllegalArgumentException("Param jksInputStream cannot be null");
        }
        if (inputStream2 == null) {
            throw new IllegalArgumentException("Param credentialsInputStream cannot be null");
        }
        if (str == null) {
            throw new IllegalArgumentException("Param password cannot be null");
        }
        Properties properties = new Properties();
        try {
            properties.load(inputStream2);
            String property = properties.getProperty("tokenId");
            this.baseUrl = properties.getProperty("serviceUrl");
            this.serverCertDN = properties.getProperty("serverCertDN");
            this.apiKey = new PrivateApiKey(property, extractKeyFromJksInputStream(inputStream, str, str2, str3));
        } catch (Exception e) {
            throw new ClientInitializationException("Failed to initialize the Credential Provider", e);
        }
    }

    protected static Key extractKeyFromJksInputStream(InputStream inputStream, String str, String str2, String str3) {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
            keyStore.load(inputStream, str.toCharArray());
            String str4 = str2;
            if (str4 == null) {
                while (true) {
                    if (!keyStore.aliases().hasMoreElements()) {
                        break;
                    }
                    String nextElement = keyStore.aliases().nextElement();
                    if (keyStore.isKeyEntry(nextElement)) {
                        str4 = nextElement;
                        break;
                    }
                }
            }
            if (str4 == null) {
                throw new Exception("Failed to find a private key in the supplied jks file");
            }
            if (str3 == null) {
                str3 = str;
            }
            return keyStore.getKey(str4, str3.toCharArray());
        } catch (Exception e) {
            throw new RuntimeException("An error has occurred while extracting the key from the provided stream", e);
        }
    }

    @Override // com.identityx.clientSDK.def.ICredentialsProvider
    /* renamed from: getApiKey, reason: merged with bridge method [inline-methods] */
    public PrivateApiKey mo3getApiKey() {
        return this.apiKey;
    }

    public void setApiKey(PrivateApiKey privateApiKey) {
        this.apiKey = privateApiKey;
    }

    @Override // com.identityx.clientSDK.def.ICredentialsProvider
    public String getBaseUrl() {
        return this.baseUrl;
    }

    public void setBaseUrl(String str) {
        this.baseUrl = str;
    }

    @Override // com.identityx.clientSDK.def.ICredentialsProvider
    /* renamed from: getResponseApiKey, reason: merged with bridge method [inline-methods] */
    public PublicApiKey mo2getResponseApiKey() {
        if (this.responseApiKey == null) {
            this.responseApiKey = new PublicApiKey((String) null, this.serverCACert, this.serverCertDN);
            this.responseApiKey.setRevocationEnabled(this.revocationEnabled);
            if (this.ocspEnabled) {
                this.responseApiKey.setOcspEnabled(this.ocspEnabled);
                this.responseApiKey.setRevocationEnabled(true);
            }
        }
        return this.responseApiKey;
    }

    public X509Certificate getServerCert() {
        return this.serverCACert;
    }

    public void setServerCACert(X509Certificate x509Certificate) {
        this.serverCACert = x509Certificate;
    }

    public boolean isRevocationEnabled() {
        return this.revocationEnabled;
    }

    public void setRevocationEnabled(boolean z) {
        this.revocationEnabled = z;
        if (z) {
            return;
        }
        this.ocspEnabled = false;
    }

    public boolean isOcspEnabled() {
        return this.ocspEnabled;
    }

    public void setOcspEnabled(boolean z) {
        this.ocspEnabled = z;
        if (z) {
            this.revocationEnabled = true;
        }
    }
}
