package de.rub.nds.tlsattacker.core.config.delegate;

import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParameterException;
import de.rub.nds.tlsattacker.core.certificate.CertificateKeyPair;
import de.rub.nds.tlsattacker.core.certificate.PemUtil;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.crypto.keys.CustomPrivateKey;
import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
import de.rub.nds.tlsattacker.core.util.CertificateUtils;
import de.rub.nds.tlsattacker.core.util.JKSLoader;
import de.rub.nds.tlsattacker.core.util.KeyStoreGenerator;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import de.rub.nds.tlsattacker.util.KeystoreHandler;
import java.io.File;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Set;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.crypto.tls.Certificate;

/* loaded from: input_file:de/rub/nds/tlsattacker/core/config/delegate/CertificateDelegate.class */
public class CertificateDelegate extends Delegate {

    @Parameter(names = {"-cert"}, description = "PEM encoded certificate file")
    private String certificate = null;

    @Parameter(names = {"-key"}, description = "PEM encoded private key")
    private String key = null;

    @Parameter(names = {"-keystore"}, description = "Java Key Store (JKS) file to use as a certificate")
    private String keystore = null;

    @Parameter(names = {"-password"}, description = "Java Key Store (JKS) file password")
    private String password = null;

    @Parameter(names = {"-alias"}, description = "Alias of the key to be used from Java Key Store (JKS)")
    private String alias = null;

    public String getKeystore() {
        return this.keystore;
    }

    public void setKeystore(String str) {
        this.keystore = str;
    }

    public String getPassword() {
        return this.password;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public String getAlias() {
        return this.alias;
    }

    public void setAlias(String str) {
        this.alias = str;
    }

    public String getCertificate() {
        return this.certificate;
    }

    public void setCertificate(String str) {
        this.certificate = str;
    }

    public String getKey() {
        return this.key;
    }

    public void setKey(String str) {
        this.key = str;
    }

    @Override // de.rub.nds.tlsattacker.core.config.delegate.Delegate
    public void applyDelegate(Config config) {
        ConnectionEndType connectionEndType;
        HashMap hashMap = new HashMap();
        hashMap.put("keystore", this.keystore);
        hashMap.put(KeyStoreGenerator.PASSWORD, this.password);
        hashMap.put(KeyStoreGenerator.ALIAS, this.alias);
        PrivateKey privateKey = null;
        if (this.key != null) {
            LOGGER.debug("Loading private key");
            try {
                privateKey = PemUtil.readPrivateKey(new File(this.key));
                CustomPrivateKey parseCustomPrivateKey = CertificateUtils.parseCustomPrivateKey(privateKey);
                parseCustomPrivateKey.adjustInConfig(config, ConnectionEndType.CLIENT);
                parseCustomPrivateKey.adjustInConfig(config, ConnectionEndType.SERVER);
            } catch (IOException e) {
                LOGGER.warn("Could not read private key", e);
            }
        }
        if (this.certificate != null) {
            LOGGER.debug("Loading certificate");
            try {
                Certificate readCertificate = PemUtil.readCertificate(new File(this.certificate));
                if (privateKey != null) {
                    config.setDefaultExplicitCertificateKeyPair(new CertificateKeyPair(readCertificate, privateKey));
                } else {
                    config.setDefaultExplicitCertificateKeyPair(new CertificateKeyPair(readCertificate));
                }
                config.setAutoSelectCertificate(false);
            } catch (Exception e2) {
                LOGGER.warn("Could not read certificate", e2);
            }
        }
        ArrayList arrayList = new ArrayList();
        for (String str : hashMap.keySet()) {
            if (hashMap.get(str) == null) {
                arrayList.add(str);
            }
        }
        if (arrayList.size() == 3) {
            return;
        }
        if (!arrayList.isEmpty()) {
            throw new ParameterException("The following parameters are required for loading a keystore: " + StringUtils.join(new Set[]{hashMap.keySet()}));
        }
        try {
            switch (config.getDefaultRunningMode()) {
                case CLIENT:
                    connectionEndType = ConnectionEndType.CLIENT;
                    break;
                case MITM:
                    throw new ConfigurationException("CertificateDelegate is not allowed for MitM running mode");
                case SERVER:
                    connectionEndType = ConnectionEndType.SERVER;
                    break;
                default:
                    throw new ConfigurationException("Unknown RunningMode");
            }
            KeyStore loadKeyStore = KeystoreHandler.loadKeyStore(this.keystore, this.password);
            new CertificateKeyPair(JKSLoader.loadTLSCertificate(loadKeyStore, this.alias), (PrivateKey) loadKeyStore.getKey(this.alias, this.password.toCharArray())).adjustInConfig(config, connectionEndType);
            config.setAutoSelectCertificate(false);
        } catch (IOException | KeyStoreException | NoSuchAlgorithmException | UnrecoverableKeyException | CertificateException e3) {
            throw new ConfigurationException("Could not load private Key from Keystore", e3);
        }
    }
}
