package com.exasol.containers.tls;

import com.exasol.config.ClusterConfiguration;
import com.exasol.containers.ContainerFileOperations;
import com.exasol.containers.ExasolContainer;
import com.exasol.containers.ExasolContainerException;
import com.exasol.errorreporting.ExaError;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Optional;
import java.util.function.Supplier;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/exasol/containers/tls/CertificateProvider.class */
public class CertificateProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(CertificateProvider.class);
    private final Supplier<Optional<ClusterConfiguration>> configProvider;
    private final ContainerFileOperations fileOperations;

    public CertificateProvider(Supplier<Optional<ClusterConfiguration>> supplier, ContainerFileOperations containerFileOperations) {
        this.configProvider = supplier;
        this.fileOperations = containerFileOperations;
    }

    CertificateProvider(ExasolContainer<? extends ExasolContainer<?>> exasolContainer, ContainerFileOperations containerFileOperations) {
        this((Supplier<Optional<ClusterConfiguration>>) () -> {
            return Optional.of(exasolContainer.getClusterConfiguration());
        }, containerFileOperations);
    }

    public Optional<X509Certificate> getCertificate() {
        return readCertificate().map(this::parseCertificate);
    }

    private Optional<String> readCertificate() {
        Optional<ClusterConfiguration> optional = this.configProvider.get();
        if (optional.isEmpty()) {
            return Optional.empty();
        }
        try {
            return Optional.of(this.fileOperations.readFile(optional.get().getTlsCertificatePath(), StandardCharsets.UTF_8));
        } catch (ExasolContainerException e) {
            LOGGER.info("Certificate does not exist yet, returning empty Optional. {} {}", e.getClass().getName(), e.getMessage());
            return Optional.empty();
        }
    }

    private X509Certificate parseCertificate(String str) {
        try {
            ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(str.getBytes(StandardCharsets.UTF_8));
            try {
                X509Certificate x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(byteArrayInputStream);
                byteArrayInputStream.close();
                return x509Certificate;
            } catch (Throwable th) {
                try {
                    byteArrayInputStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
                throw th;
            }
        } catch (IOException | CertificateException e) {
            throw new IllegalStateException(ExaError.messageBuilder("F-ETC-7").message("Error parsing certificate {{certificateContent}}.", new Object[]{str}).ticketMitigation().toString(), e);
        }
    }

    public Optional<String> getSha256Fingerprint() {
        return getEncodedCertificate().map(CertificateProvider::sha256).map(bArr -> {
            return bytesToHexWithPadding(bArr, 32);
        });
    }

    private Optional<byte[]> getEncodedCertificate() {
        Optional<X509Certificate> certificate = getCertificate();
        if (certificate.isEmpty()) {
            return Optional.empty();
        }
        try {
            return Optional.of(certificate.get().getEncoded());
        } catch (CertificateEncodingException e) {
            throw new IllegalStateException(ExaError.messageBuilder("F-ETC-8").message("Unable get encoded certificate for {{certificate}}.", new Object[]{certificate.get()}).ticketMitigation().toString(), e);
        }
    }

    static byte[] sha256(byte[] bArr) {
        try {
            MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
            messageDigest.update(bArr);
            return messageDigest.digest();
        } catch (NoSuchAlgorithmException e) {
            throw new IllegalStateException(ExaError.messageBuilder("F-ETC-9").message("Unable to calculate SHA-256 of certificate content.", new Object[0]).ticketMitigation().toString(), e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static String bytesToHexWithPadding(byte[] bArr, int i) {
        String bytesToHex = bytesToHex(bArr);
        return bytesToHex.length() >= i * 2 ? bytesToHex : "0".repeat((i * 2) - bytesToHex.length()) + bytesToHex;
    }

    static String bytesToHex(byte[] bArr) {
        String bigInteger = new BigInteger(1, bArr).toString(16);
        return bigInteger.length() % 2 == 0 ? bigInteger : "0" + bigInteger;
    }
}
