package de.mhus.karaf.crypt;

import de.mhus.lib.core.MLog;
import de.mhus.lib.core.cfg.CfgString;
import de.mhus.lib.core.crypt.pem.PemBlock;
import de.mhus.lib.core.crypt.pem.PemBlockList;
import de.mhus.lib.core.crypt.pem.PemPriv;
import de.mhus.lib.core.crypt.pem.PemPub;
import de.mhus.lib.core.crypt.pem.PemUtil;
import de.mhus.lib.core.util.SecureString;
import de.mhus.lib.errors.MException;
import de.mhus.lib.errors.NotFoundException;
import de.mhus.osgi.api.services.MOsgi;
import de.mhus.osgi.crypt.api.CryptApi;
import de.mhus.osgi.crypt.api.CryptException;
import de.mhus.osgi.crypt.api.NotDecryptedException;
import de.mhus.osgi.crypt.api.PemProcessContext;
import de.mhus.osgi.crypt.api.SignNotValidException;
import de.mhus.osgi.crypt.api.cipher.CipherProvider;
import de.mhus.osgi.crypt.api.signer.SignerProvider;
import org.osgi.service.component.annotations.Component;

@Component
/* loaded from: input_file:de/mhus/karaf/crypt/CryptApiImpl.class */
public class CryptApiImpl extends MLog implements CryptApi {
    private static final CfgString DEFAULT_SIGN = new CfgString(CryptApi.class, "defaultSigner", "DSA-JCE");
    private static final CfgString DEFAUL_CIPHER = new CfgString(CryptApi.class, "defaultCipher", "RSA-JCE");

    public CipherProvider getCipher(String str) throws NotFoundException {
        return (CipherProvider) MOsgi.getService(CipherProvider.class, "(cipher=" + normalizeName(str) + ")");
    }

    public CipherProvider getDefaultCipher() throws NotFoundException {
        return getCipher((String) DEFAUL_CIPHER.value());
    }

    public PemBlock sign(PemPriv pemPriv, String str, String str2) throws MException {
        return getSigner(pemPriv.getMethod()).sign(pemPriv, str, str2);
    }

    public boolean validate(PemPub pemPub, String str, PemBlock pemBlock) throws MException {
        return getSigner(pemPub.getMethod()).validate(pemPub, str, pemBlock);
    }

    public SignerProvider getDefaultSigner() throws NotFoundException {
        return getSigner((String) DEFAULT_SIGN.value());
    }

    public SignerProvider getSigner(String str) throws NotFoundException {
        return (SignerProvider) MOsgi.getService(SignerProvider.class, "(signer=" + normalizeName(str) + ")");
    }

    private String normalizeName(String str) {
        return str.trim().toUpperCase();
    }

    public void processPemBlocks(PemProcessContext pemProcessContext, PemBlockList pemBlockList) throws MException {
        for (int i = 0; i < pemBlockList.size(); i++) {
            PemBlock pemBlock = (PemBlock) pemBlockList.get(i);
            log().t(new Object[]{"process", pemBlock});
            Object processPemBlock = processPemBlock(pemProcessContext, pemBlock);
            if (PemUtil.isCipher(pemBlock) && pemBlock.getBoolean("Embedded", false)) {
                if (processPemBlock == null) {
                    throw new NotDecryptedException(pemBlock);
                }
                PemBlockList pemBlockList2 = new PemBlockList(((SecureString) processPemBlock).value());
                log().t(new Object[]{"insert", pemBlockList2});
                pemBlockList.addAll(i + 1, pemBlockList2);
            } else if (PemUtil.isSign(pemBlock) && pemBlock.getBoolean("Embedded", false)) {
                if (processPemBlock == null) {
                    throw new CryptException("sign key not found", pemBlock);
                }
                if (!getSigner(pemBlock.getString("Method")).validate((PemPub) processPemBlock, pemBlockList.toString(i + 1, Integer.MAX_VALUE), pemBlock)) {
                    throw new SignNotValidException(pemBlock);
                }
                pemProcessContext.foundValidated(pemBlock);
            } else if (PemUtil.isSign(pemBlock) && pemBlock.getString("Embedded", "").equals("next")) {
                if (processPemBlock == null) {
                    throw new CryptException("sign key not found", pemBlock);
                }
                if (!getSigner(pemBlock.getString("Method")).validate((PemPub) processPemBlock, ((PemBlock) pemBlockList.get(i + 1)).toString(), pemBlock)) {
                    throw new SignNotValidException(pemBlock);
                }
                pemProcessContext.foundValidated(pemBlock);
            }
        }
    }

    public Object processPemBlock(PemProcessContext pemProcessContext, PemBlock pemBlock) throws MException {
        String string;
        if (PemUtil.isCipher(pemBlock)) {
            if (pemBlock.getBoolean("Symmetric", pemBlock.isProperty("Key"))) {
                string = pemBlock.getString("Key", (String) null);
                if (string == null) {
                    log().d(new Object[]{"key id not found", pemBlock});
                    pemProcessContext.errorKeyNotFound(pemBlock);
                    return null;
                }
            } else {
                string = pemBlock.getString("PrivateKey", (String) null);
                if (string == null) {
                    String string2 = pemBlock.getString("PublicKey", (String) null);
                    if (string2 == null) {
                        log().d(new Object[]{"public key not found", pemBlock});
                        pemProcessContext.errorKeyNotFound(pemBlock);
                        return null;
                    }
                    string = pemProcessContext.getPrivateIdForPublicKeyId(string2);
                    if (string == null) {
                        log().d(new Object[]{"private key not found for public key", pemBlock});
                        pemProcessContext.errorKeyNotFound(pemBlock);
                        return null;
                    }
                }
            }
            PemPriv privateKey = pemProcessContext.getPrivateKey(string);
            if (privateKey == null) {
                log().d(new Object[]{"private key not found", pemBlock});
                pemProcessContext.errorKeyNotFound(pemBlock);
                return null;
            }
            SecureString secureString = new SecureString(getCipher(pemBlock.getString("Method")).decrypt(privateKey, pemBlock, pemProcessContext.getPassphrase(string, pemBlock)));
            pemProcessContext.foundSecret(pemBlock, secureString);
            return secureString;
        }
        if (!PemUtil.isSign(pemBlock)) {
            if (PemUtil.isPubKey(pemBlock)) {
                pemProcessContext.foundPublicKey(pemBlock);
                return pemBlock;
            }
            if (PemUtil.isPrivKey(pemBlock)) {
                pemProcessContext.foundPrivateKey(pemBlock);
                return pemBlock;
            }
            if (PemUtil.isHash(pemBlock)) {
                pemProcessContext.foundHash(pemBlock);
                return null;
            }
            if (PemUtil.isContent(pemBlock)) {
                return null;
            }
            log().w(new Object[]{"unknown block type", pemBlock.getName()});
            return null;
        }
        String string3 = pemBlock.getString("PublicKey", (String) null);
        if (string3 == null) {
            String string4 = pemBlock.getString("PrivateKey", (String) null);
            if (string4 == null) {
                log().d(new Object[]{"private key not found", pemBlock});
                pemProcessContext.errorKeyNotFound(pemBlock);
                return null;
            }
            string3 = pemProcessContext.getPrivateIdForPublicKeyId(string4);
            if (string3 == null) {
                log().d(new Object[]{"public key not found for private key", pemBlock});
                pemProcessContext.errorKeyNotFound(pemBlock);
                return null;
            }
        }
        PemPub publicKey = pemProcessContext.getPublicKey(string3);
        if (publicKey != null) {
            return publicKey;
        }
        log().d(new Object[]{"public key not found", pemBlock});
        pemProcessContext.errorKeyNotFound(pemBlock);
        return null;
    }
}
