package org.apache.james.jmap.draft.crypto;

import com.google.common.annotations.VisibleForTesting;
import com.google.common.base.Preconditions;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Optional;
import javax.inject.Inject;
import nl.altindag.ssl.pem.exception.PemParseException;
import nl.altindag.ssl.pem.util.PemUtils;
import nl.altindag.ssl.util.KeyStoreUtils;
import org.apache.commons.io.IOUtils;
import org.apache.james.filesystem.api.FileSystem;
import org.apache.james.jmap.draft.JMAPDraftConfiguration;
import org.apache.james.jwt.PublicKeyReader;

/* loaded from: input_file:org/apache/james/jmap/draft/crypto/SecurityKeyLoader.class */
public class SecurityKeyLoader {
    private static final String ALIAS = "james";
    private final FileSystem fileSystem;
    private final JMAPDraftConfiguration jmapDraftConfiguration;

    @Inject
    @VisibleForTesting
    SecurityKeyLoader(FileSystem fileSystem, JMAPDraftConfiguration jMAPDraftConfiguration) {
        this.fileSystem = fileSystem;
        this.jmapDraftConfiguration = jMAPDraftConfiguration;
    }

    public AsymmetricKeys load() throws Exception {
        Preconditions.checkState(this.jmapDraftConfiguration.isEnabled(), "JMAP is not enabled");
        return this.jmapDraftConfiguration.getKeystore().isPresent() ? loadFromKeystore() : loadFromPEM();
    }

    private AsymmetricKeys loadFromKeystore() throws Exception {
        Preconditions.checkState(this.jmapDraftConfiguration.getKeystore().isPresent());
        Preconditions.checkState(this.jmapDraftConfiguration.getSecret().isPresent());
        char[] charArray = this.jmapDraftConfiguration.getSecret().get().toCharArray();
        KeyStore loadKeyStore = KeyStoreUtils.loadKeyStore(this.fileSystem.getResource(this.jmapDraftConfiguration.getKeystore().get()), charArray);
        PublicKey publicKey = ((Certificate) Optional.ofNullable(loadKeyStore.getCertificate(ALIAS)).orElseThrow(() -> {
            return new KeyStoreException("Alias 'james' keystore can't be found");
        })).getPublicKey();
        Key key = loadKeyStore.getKey(ALIAS, charArray);
        if (key instanceof PrivateKey) {
            return new AsymmetricKeys((PrivateKey) key, publicKey);
        }
        throw new KeyStoreException("Provided key is not a PrivateKey");
    }

    private AsymmetricKeys loadFromPEM() throws Exception {
        Preconditions.checkState(this.jmapDraftConfiguration.getCertificates().isPresent());
        Preconditions.checkState(this.jmapDraftConfiguration.getPrivateKey().isPresent());
        return new AsymmetricKeys(PemUtils.loadPrivateKey(this.fileSystem.getResource(this.jmapDraftConfiguration.getPrivateKey().get()), (char[]) this.jmapDraftConfiguration.getSecret().map((v0) -> {
            return v0.toCharArray();
        }).orElse(null)), loadPublicKey());
    }

    private PublicKey loadPublicKey() throws IOException {
        try {
            return ((X509Certificate) PemUtils.loadCertificate(new InputStream[]{this.fileSystem.getResource(this.jmapDraftConfiguration.getCertificates().get())}).get(0)).getPublicKey();
        } catch (PemParseException e) {
            return (PublicKey) new PublicKeyReader().fromPEM(IOUtils.toString(this.fileSystem.getResource(this.jmapDraftConfiguration.getCertificates().get()), StandardCharsets.US_ASCII)).orElseThrow(() -> {
                return new IllegalArgumentException("Key must either be a valid certificate or a public key");
            });
        }
    }
}
