package org.openfact.keys;

import java.lang.annotation.Annotation;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Comparator;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import javax.ejb.Stateless;
import javax.enterprise.inject.Any;
import javax.enterprise.inject.Instance;
import javax.inject.Inject;
import org.jboss.logging.Logger;
import org.openfact.component.ComponentModel;
import org.openfact.components.utils.ComponentProviderLiteral;
import org.openfact.components.utils.ComponentUtil;
import org.openfact.components.utils.RsaKeyProviderLiteral;
import org.openfact.jose.jws.AlgorithmType;
import org.openfact.keys.KeyMetadata;
import org.openfact.keys.qualifiers.RsaKeyType;
import org.openfact.models.ComponentProvider;
import org.openfact.models.KeyManager;
import org.openfact.models.OrganizationModel;

@Stateless
/* loaded from: input_file:org/openfact/keys/DefaultKeyManager.class */
public class DefaultKeyManager implements KeyManager {
    private static final Logger logger = Logger.getLogger(DefaultKeyManager.class);

    @Inject
    @Any
    private Instance<KeyProviderFactory> keyProviderFactories;

    @Inject
    private ComponentProvider componentProvider;

    @Inject
    private ComponentUtil componentUtil;

    @Inject
    @Any
    private Instance<KeyProviderFactory> getKeyProviderFactories;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/openfact/keys/DefaultKeyManager$ProviderComparator.class */
    public class ProviderComparator implements Comparator<ComponentModel> {
        private ProviderComparator() {
        }

        @Override // java.util.Comparator
        public int compare(ComponentModel componentModel, ComponentModel componentModel2) {
            int compare = Long.compare(componentModel2.get(Attributes.PRIORITY_KEY, 0L), componentModel.get(Attributes.PRIORITY_KEY, 0L));
            return compare != 0 ? compare : componentModel.getId().compareTo(componentModel2.getId());
        }
    }

    public KeyManager.ActiveRsaKey getActiveRsaKey(OrganizationModel organizationModel) {
        Iterator<KeyProvider> it = getProviders(organizationModel).iterator();
        while (it.hasNext()) {
            RsaKeyProvider rsaKeyProvider = (KeyProvider) it.next();
            if (rsaKeyProvider.getType().equals(AlgorithmType.RSA)) {
                RsaKeyProvider rsaKeyProvider2 = rsaKeyProvider;
                if (rsaKeyProvider2.getKid() != null && rsaKeyProvider2.getPrivateKey() != null) {
                    if (logger.isTraceEnabled()) {
                        logger.tracev("Active key organization={0} kid={1}", organizationModel.getName(), rsaKeyProvider.getKid());
                    }
                    String kid = rsaKeyProvider.getKid();
                    return new KeyManager.ActiveRsaKey(kid, rsaKeyProvider2.getPrivateKey(), rsaKeyProvider2.getPublicKey(kid), rsaKeyProvider2.getCertificate(kid));
                }
            }
        }
        throw new RuntimeException("Failed to get RSA keys");
    }

    public PublicKey getRsaPublicKey(OrganizationModel organizationModel, String str) {
        PublicKey publicKey;
        if (str == null) {
            logger.warnv("KID is null, can't find public key", organizationModel.getName(), str);
            return null;
        }
        Iterator<KeyProvider> it = getProviders(organizationModel).iterator();
        while (it.hasNext()) {
            RsaKeyProvider rsaKeyProvider = (KeyProvider) it.next();
            if (rsaKeyProvider.getType().equals(AlgorithmType.RSA) && (publicKey = rsaKeyProvider.getPublicKey(str)) != null) {
                if (logger.isTraceEnabled()) {
                    logger.tracev("Found public key realm={0} kid={1}", organizationModel.getName(), str);
                }
                return publicKey;
            }
        }
        if (!logger.isTraceEnabled()) {
            return null;
        }
        logger.tracev("Failed to find public key realm={0} kid={1}", organizationModel.getName(), str);
        return null;
    }

    public Certificate getRsaCertificate(OrganizationModel organizationModel, String str) {
        X509Certificate certificate;
        if (str == null) {
            logger.warnv("KID is null, can't find public key", organizationModel.getName(), str);
            return null;
        }
        Iterator<KeyProvider> it = getProviders(organizationModel).iterator();
        while (it.hasNext()) {
            RsaKeyProvider rsaKeyProvider = (KeyProvider) it.next();
            if (rsaKeyProvider.getType().equals(AlgorithmType.RSA) && (certificate = rsaKeyProvider.getCertificate(str)) != null) {
                if (logger.isTraceEnabled()) {
                    logger.tracev("Found certificate realm={0} kid={1}", organizationModel.getName(), str);
                }
                return certificate;
            }
        }
        if (!logger.isTraceEnabled()) {
            return null;
        }
        logger.tracev("Failed to find certificate realm={0} kid={1}", organizationModel.getName(), str);
        return null;
    }

    public List<RsaKeyMetadata> getRsaKeys(OrganizationModel organizationModel, boolean z) {
        LinkedList linkedList = new LinkedList();
        for (KeyProvider keyProvider : getProviders(organizationModel)) {
            if (keyProvider instanceof RsaKeyProvider) {
                if (z) {
                    linkedList.addAll(keyProvider.getKeyMetadata());
                } else {
                    keyProvider.getKeyMetadata().stream().filter(rsaKeyMetadata -> {
                        return rsaKeyMetadata.getStatus() != KeyMetadata.Status.DISABLED;
                    }).forEach(rsaKeyMetadata2 -> {
                        linkedList.add(rsaKeyMetadata2);
                    });
                }
            }
        }
        return linkedList;
    }

    private List<KeyProvider> getProviders(OrganizationModel organizationModel) {
        Optional<RsaKeyType> findByProviderId;
        LinkedList linkedList = new LinkedList();
        LinkedList<ComponentModel> linkedList2 = new LinkedList(this.componentProvider.getComponents(organizationModel, organizationModel.getId(), KeyProvider.class.getName()));
        linkedList2.sort(new ProviderComparator());
        boolean z = false;
        for (ComponentModel componentModel : linkedList2) {
            try {
                findByProviderId = RsaKeyType.findByProviderId(componentModel.getProviderId());
            } catch (Throwable th) {
                logger.errorv(th, "Failed to load provider {0}", componentModel.getId());
            }
            if (!findByProviderId.isPresent()) {
                return null;
            }
            RsaKeyProvider create = ((KeyProviderFactory) this.getKeyProviderFactories.select(new Annotation[]{new ComponentProviderLiteral(KeyProvider.class), new RsaKeyProviderLiteral(findByProviderId.get())}).get()).create(organizationModel, componentModel);
            linkedList.add(create);
            if (create.getType().equals(AlgorithmType.RSA)) {
                RsaKeyProvider rsaKeyProvider = create;
                if (rsaKeyProvider.getKid() != null && rsaKeyProvider.getPrivateKey() != null) {
                    z = true;
                }
            }
        }
        if (!z) {
            linkedList.add(new FailsafeRsaKeyProvider());
        }
        return linkedList;
    }
}
