package org.bdware.doip.core.crypto;

import io.netty.channel.ChannelHandlerContext;
import io.netty.handler.ssl.SslHandler;
import java.io.FileInputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.log4j.Logger;
import org.bdware.doip.core.codec.packet.PacketMessageCodecImpl;
import org.bdware.doip.core.crypto.signature.JWK;
import org.bdware.doip.core.doipMessage.DoipMessage;
import org.bdware.doip.core.doipMessage.MessageCredential;
import org.bdware.doip.core.model.handleRecord.UserHandleRecord;
import org.bdware.doip.core.utils.GlobalConfigurations;
import org.bdware.doip.endpoint.irpClient.GlobalIrpClient;

/* loaded from: input_file:org/bdware/doip/core/crypto/GlobalCertifications.class */
public class GlobalCertifications {
    public static String certPath;
    public static String certPassword;
    public static KeyPair localKeypair;
    public static KeyStore localKeyStore;
    static Logger logger = Logger.getLogger(GlobalIrpClient.class);
    public static String signAlg = "SHA256withRSA";
    public static String keysAlg = "RSA";
    public static boolean needAuthentication = false;
    public static boolean secureMode = false;

    public static KeyPair getGlobalKeypair() {
        if (localKeypair == null) {
            logger.error("keyPair not initialized yet! ");
        }
        return localKeypair;
    }

    public static KeyStore getGlobalKeyStore() {
        if (localKeyStore == null) {
            logger.error("keyPair not initialized yet! ");
        }
        return localKeyStore;
    }

    public static void loadKeysFromJKS(String str, String str2) throws Exception {
        localKeyStore = KeyStore.getInstance("JKS");
        localKeyStore.load(new FileInputStream(str), str2.toCharArray());
        localKeypair = new KeyPair(localKeyStore.getCertificate("myKey").getPublicKey(), (PrivateKey) localKeyStore.getKey("myKey", str2.toCharArray()));
        certPassword = str2;
        certPath = str;
    }

    public static void setBase64Codec(ByteStringCodec byteStringCodec) {
        CertUtils.setKeysCodec(byteStringCodec);
    }

    public static String getUserIDByContext(ChannelHandlerContext channelHandlerContext) {
        try {
            return ((SslHandler) channelHandlerContext.pipeline().get(SslHandler.class)).engine().getSession().getPeerCertificateChain()[0].getSubjectDN().getName();
        } catch (Exception e) {
            logger.debug("unable to get client ID from Context");
            return "anonymous";
        }
    }

    public static void signDoipMessage(DoipMessage doipMessage) throws Exception {
        if (doipMessage.credential != null) {
            logger.debug("message has been signed, return.");
            return;
        }
        doipMessage.header.setIsCertified(true);
        MessageCredential messageCredential = new MessageCredential(GlobalConfigurations.User_Handle, signAlg);
        messageCredential.signature = CertUtils.Sign(new PacketMessageCodecImpl().MessageToBytes(doipMessage), getGlobalKeypair().getPrivate());
        doipMessage.credential = messageCredential;
    }

    public static PublicKey getSenderPublicKey(DoipMessage doipMessage) throws Exception {
        PublicKey decodePublicKey;
        JWK load;
        if (doipMessage.credential == null) {
            logger.debug("null message credential");
            return null;
        }
        String asString = new UserHandleRecord(GlobalIrpClient.getGlobalClient().resolve(doipMessage.credential.getSigner())).handleValues.get("pubkey").getAsString();
        if (asString == null) {
            logger.debug("unable to retrieve pk from handle record.");
            return null;
        }
        logger.debug("pubkey handle value: " + asString);
        try {
            load = JWK.load(asString);
        } catch (Exception e) {
            logger.debug("not a JWK format, try to decode as RSA: " + asString);
            decodePublicKey = CertUtils.decodePublicKey(asString, "RSA");
        }
        if (load != null) {
            decodePublicKey = load.getPublicKey();
            return decodePublicKey;
        }
        logger.debug("unsupported key algorithm");
        return null;
    }

    public static boolean verifyDoipMessage(DoipMessage doipMessage) throws Exception {
        if (doipMessage.credential == null) {
            logger.debug("null message credential");
            return false;
        }
        String algorithm = doipMessage.credential.getAlgorithm();
        DoipMessage doipMessage2 = new DoipMessage("", "");
        doipMessage2.header = doipMessage.header;
        doipMessage2.body = doipMessage.body;
        doipMessage2.credential = null;
        PacketMessageCodecImpl packetMessageCodecImpl = new PacketMessageCodecImpl();
        PublicKey senderPublicKey = getSenderPublicKey(doipMessage);
        if (senderPublicKey != null) {
            return CertUtils.verify(packetMessageCodecImpl.MessageToBytes(doipMessage2), doipMessage.credential.signature, senderPublicKey, algorithm);
        }
        logger.debug("unable to retrieve pk from credential.");
        return false;
    }
}
