package at.gv.egiz.bku.spring;

import at.gv.egiz.bku.conf.IAIKLogAdapterFactory;
import at.gv.egiz.bku.conf.MoccaConfigurationFacade;
import at.gv.egiz.bku.utils.ConfigurationUtil;
import iaik.logging.LogConfigurationException;
import iaik.logging.LogFactory;
import iaik.logging.LoggerConfig;
import iaik.logging.impl.TransactionIdImpl;
import iaik.pki.Configurator;
import iaik.pki.DefaultPKIConfiguration;
import iaik.pki.DefaultPKIProfile;
import iaik.pki.PKIException;
import iaik.pki.PKIFactory;
import iaik.pki.PKIProfile;
import iaik.pki.revocation.RevocationSourceTypes;
import iaik.pki.store.certstore.CertStoreParameters;
import iaik.pki.store.certstore.directory.DefaultDirectoryCertStoreParameters;
import iaik.pki.store.certstore.utils.DirectoryCertStoreConverter;
import iaik.pki.store.truststore.DefaultTrustStoreProfile;
import iaik.pki.store.truststore.TrustStoreProfile;
import java.io.File;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Properties;
import org.apache.commons.configuration.CompositeConfiguration;
import org.apache.commons.configuration.Configuration;
import org.apache.commons.configuration.FileConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.FactoryBean;
import org.springframework.context.ResourceLoaderAware;
import org.springframework.core.io.ResourceLoader;

/* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/spring/PKIProfileFactoryBean.class */
public class PKIProfileFactoryBean implements FactoryBean, ResourceLoaderAware {
    protected static final Logger log = LoggerFactory.getLogger(PKIProfileFactoryBean.class);
    protected final ConfigurationFacade configurationFacade = new ConfigurationFacade();
    private ResourceLoader resourceLoader;
    protected String trustProfileId;

    /* loaded from: input_file:BKULocal.war:WEB-INF/lib/bkucommon-1.4.1.jar:at/gv/egiz/bku/spring/PKIProfileFactoryBean$ConfigurationFacade.class */
    public class ConfigurationFacade implements MoccaConfigurationFacade {
        private Configuration configuration;
        public static final String SSL_CERT_DIRECTORY = "SSL.certDirectory";
        public static final String SSL_CERT_DIRECTORY_DEFAULT = "classpath:at/gv/egiz/bku/certs/certStore";
        public static final String SSL_CA_DIRECTORY = "SSL.caDirectory";
        public static final String SSL_CA_DIRECTORY_DEFAULT = "classpath:at/gv/egiz/bku/certs/trustStore";
        public static final String SSL_REVOCATION_SERVICE_ORDER = "SSL.revocationServiceOrder";

        public ConfigurationFacade() {
        }

        public URL getCertDirectory() throws MalformedURLException {
            return getURL(SSL_CERT_DIRECTORY);
        }

        public URL getCaDirectory() throws MalformedURLException {
            return getURL(SSL_CA_DIRECTORY);
        }

        public List<String> getRevocationServiceOrder() throws Exception {
            return ConfigurationUtil.getStringListFromObjectList(this.configuration.getList(SSL_REVOCATION_SERVICE_ORDER));
        }

        private URL getURL(String str) throws MalformedURLException {
            String string = this.configuration.getString(str);
            if (string == null || string.isEmpty()) {
                return null;
            }
            return new URL(getBasePath(str), this.configuration.getString(str));
        }

        private URL getBasePath(String str) {
            Configuration configuration = this.configuration;
            if (configuration instanceof CompositeConfiguration) {
                CompositeConfiguration compositeConfiguration = (CompositeConfiguration) configuration;
                int i = 0;
                while (true) {
                    if (i >= compositeConfiguration.getNumberOfConfigurations()) {
                        break;
                    }
                    if (compositeConfiguration.getConfiguration(i).containsKey(str)) {
                        configuration = compositeConfiguration.getConfiguration(i);
                        break;
                    }
                    i++;
                }
            }
            if (configuration instanceof FileConfiguration) {
                return ((FileConfiguration) configuration).getURL();
            }
            return null;
        }
    }

    @Override // org.springframework.context.ResourceLoaderAware
    public void setResourceLoader(ResourceLoader resourceLoader) {
        this.resourceLoader = resourceLoader;
    }

    public Configuration getConfiguration() {
        return this.configurationFacade.configuration;
    }

    public void setConfiguration(Configuration configuration) {
        this.configurationFacade.configuration = configuration;
    }

    public String getTrustProfileId() {
        return this.trustProfileId;
    }

    public void setTrustProfileId(String str) {
        this.trustProfileId = str;
    }

    protected File getDirectory(String str) throws IOException {
        File file = this.resourceLoader.getResource(str).getFile();
        if (file.exists() || file.isDirectory()) {
            return file;
        }
        throw new IOException("URL '" + str + "' is not a directory.");
    }

    protected void configureIAIKLogging() {
        LogFactory.configure(new LoggerConfig() { // from class: at.gv.egiz.bku.spring.PKIProfileFactoryBean.1
            @Override // iaik.logging.LoggerConfig
            public Properties getProperties() throws LogConfigurationException {
                return null;
            }

            @Override // iaik.logging.LoggerConfig
            public String getNodeId() {
                return "pki";
            }

            @Override // iaik.logging.LoggerConfig
            public String getFactory() {
                return IAIKLogAdapterFactory.class.getName();
            }
        });
    }

    protected void configurePkiFactory() throws MalformedURLException, PKIException, IOException {
        URL certDirectory = this.configurationFacade.getCertDirectory();
        File directory = certDirectory != null ? getDirectory(certDirectory.toString()) : getDirectory(ConfigurationFacade.SSL_CERT_DIRECTORY_DEFAULT);
        DefaultPKIConfiguration defaultPKIConfiguration = new DefaultPKIConfiguration(new CertStoreParameters[]{new DefaultDirectoryCertStoreParameters("CS", directory.getAbsolutePath(), true, false)});
        if (certDirectory != null && certDirectory.toString().contains("file")) {
            File file = this.resourceLoader.getResource(new URL(certDirectory.toString() + "/subjectdn").toString()).getFile();
            if (!file.exists() && !file.isDirectory()) {
                log.info("Certificate Store is being converted");
                new DirectoryCertStoreConverter().convert(directory.getAbsolutePath(), directory.getAbsolutePath(), true, true, null, null);
            }
        }
        TransactionIdImpl transactionIdImpl = new TransactionIdImpl("Configure-PKI");
        Configurator.initCommon(null, transactionIdImpl);
        if (PKIFactory.getInstance().isAlreadyConfigured()) {
            log.info("PKIfactory is already configured.");
        } else {
            PKIFactory.getInstance().configure(defaultPKIConfiguration, transactionIdImpl);
        }
    }

    protected TrustStoreProfile createDirectoryTrustStoreProfile() throws MalformedURLException, IOException {
        URL caDirectory = this.configurationFacade.getCaDirectory();
        return new DefaultTrustStoreProfile(this.trustProfileId, "directory", (caDirectory != null ? getDirectory(caDirectory.toString()) : getDirectory(ConfigurationFacade.SSL_CA_DIRECTORY_DEFAULT)).getAbsolutePath());
    }

    protected String[] createRevocationServiceOrder() throws Exception {
        List<String> revocationServiceOrder = this.configurationFacade.getRevocationServiceOrder();
        if (revocationServiceOrder != null) {
            ArrayList arrayList = new ArrayList(2);
            for (String str : revocationServiceOrder) {
                if ("OCSP".equals(str)) {
                    arrayList.add(RevocationSourceTypes.OCSP);
                } else {
                    if (!"CRL".equals(str)) {
                        throw new Exception("Unsupported revocation service type " + str);
                    }
                    arrayList.add("crl");
                }
            }
            if (!arrayList.isEmpty()) {
                log.info("configure revocation service type order: {}", arrayList);
                return (String[]) arrayList.toArray(new String[arrayList.size()]);
            }
        }
        log.info("configure default revocation service type order: [CRL, OCSP]");
        return new String[]{"crl", RevocationSourceTypes.OCSP};
    }

    @Override // org.springframework.beans.factory.FactoryBean
    public Object getObject() throws Exception {
        configureIAIKLogging();
        if (!PKIFactory.getInstance().isAlreadyConfigured()) {
            configurePkiFactory();
        }
        DefaultPKIProfile defaultPKIProfile = new DefaultPKIProfile(createDirectoryTrustStoreProfile());
        defaultPKIProfile.setAutoAddCertificates(1);
        defaultPKIProfile.setPreferredServiceOrder(createRevocationServiceOrder());
        return defaultPKIProfile;
    }

    @Override // org.springframework.beans.factory.FactoryBean
    public Class<?> getObjectType() {
        return PKIProfile.class;
    }

    @Override // org.springframework.beans.factory.FactoryBean
    public boolean isSingleton() {
        return false;
    }
}
