package org.thingsboard.rule.engine.mqtt.credentials;

import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
import io.netty.handler.ssl.ClientAuth;
import io.netty.handler.ssl.SslContext;
import io.netty.handler.ssl.SslContextBuilder;
import java.io.ByteArrayInputStream;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.interfaces.RSAPrivateKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.Optional;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.TrustManagerFactory;
import org.apache.commons.codec.binary.Base64;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMEncryptedKeyPair;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.thingsboard.mqtt.MqttClientConfig;

@JsonIgnoreProperties(ignoreUnknown = true)
/* loaded from: input_file:org/thingsboard/rule/engine/mqtt/credentials/CertPemClientCredentials.class */
public class CertPemClientCredentials implements MqttClientCredentials {
    private static final Logger log = LoggerFactory.getLogger(CertPemClientCredentials.class);
    private static final String TLS_VERSION = "TLSv1.2";
    private String caCert;
    private String cert;
    private String privateKey;
    private String password;

    @Override // org.thingsboard.rule.engine.mqtt.credentials.MqttClientCredentials
    public Optional<SslContext> initSslContext() {
        try {
            Security.addProvider(new BouncyCastleProvider());
            return Optional.of(SslContextBuilder.forClient().keyManager(createAndInitKeyManagerFactory()).trustManager(createAndInitTrustManagerFactory()).clientAuth(ClientAuth.REQUIRE).build());
        } catch (Exception e) {
            log.error("[{}:{}] Creating TLS factory failed!", new Object[]{this.caCert, this.cert, e});
            throw new RuntimeException("Creating TLS factory failed!", e);
        }
    }

    @Override // org.thingsboard.rule.engine.mqtt.credentials.MqttClientCredentials
    public void configure(MqttClientConfig mqttClientConfig) {
    }

    private KeyManagerFactory createAndInitKeyManagerFactory() throws Exception {
        PrivateKey privateKey;
        X509Certificate readCertFile = readCertFile(this.cert);
        PEMEncryptedKeyPair readPrivateKeyFile = readPrivateKeyFile(this.privateKey);
        char[] charArray = "".toCharArray();
        if (!StringUtils.isEmpty(this.password)) {
            charArray = this.password.toCharArray();
        }
        JcaPEMKeyConverter provider = new JcaPEMKeyConverter().setProvider("BC");
        if (readPrivateKeyFile instanceof PEMEncryptedKeyPair) {
            privateKey = provider.getKeyPair(readPrivateKeyFile.decryptKeyPair(new JcePEMDecryptorProviderBuilder().build(charArray))).getPrivate();
        } else if (readPrivateKeyFile instanceof PEMKeyPair) {
            privateKey = provider.getKeyPair((PEMKeyPair) readPrivateKeyFile).getPrivate();
        } else {
            if (!(readPrivateKeyFile instanceof PrivateKey)) {
                throw new RuntimeException("Unable to get private key from object: " + readPrivateKeyFile.getClass());
            }
            privateKey = (PrivateKey) readPrivateKeyFile;
        }
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("cert", readCertFile);
        keyStore.setKeyEntry("private-key", privateKey, charArray, new Certificate[]{readCertFile});
        KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
        keyManagerFactory.init(keyStore, charArray);
        return keyManagerFactory;
    }

    private TrustManagerFactory createAndInitTrustManagerFactory() throws Exception {
        X509Certificate readCertFile = readCertFile(this.caCert);
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(null, null);
        keyStore.setCertificateEntry("caCert-cert", readCertFile);
        TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private X509Certificate readCertFile(String str) throws Exception {
        X509Certificate x509Certificate = null;
        if (str != null && !str.trim().isEmpty()) {
            x509Certificate = (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(Base64.decodeBase64(str.replace("-----BEGIN CERTIFICATE-----", "").replace("-----END CERTIFICATE-----", "").replaceAll("\\s", ""))));
        }
        return x509Certificate;
    }

    private PrivateKey readPrivateKeyFile(String str) throws Exception {
        RSAPrivateKey rSAPrivateKey = null;
        if (str != null && !str.isEmpty()) {
            rSAPrivateKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(Base64.decodeBase64(str.replaceAll(".*BEGIN.*PRIVATE KEY.*", "").replaceAll(".*END.*PRIVATE KEY.*", "").replaceAll("\\s", ""))));
        }
        return rSAPrivateKey;
    }

    public String getCaCert() {
        return this.caCert;
    }

    public String getCert() {
        return this.cert;
    }

    public String getPrivateKey() {
        return this.privateKey;
    }

    public String getPassword() {
        return this.password;
    }

    public void setCaCert(String str) {
        this.caCert = str;
    }

    public void setCert(String str) {
        this.cert = str;
    }

    public void setPrivateKey(String str) {
        this.privateKey = str;
    }

    public void setPassword(String str) {
        this.password = str;
    }

    public boolean equals(Object obj) {
        if (obj == this) {
            return true;
        }
        if (!(obj instanceof CertPemClientCredentials)) {
            return false;
        }
        CertPemClientCredentials certPemClientCredentials = (CertPemClientCredentials) obj;
        if (!certPemClientCredentials.canEqual(this)) {
            return false;
        }
        String caCert = getCaCert();
        String caCert2 = certPemClientCredentials.getCaCert();
        if (caCert == null) {
            if (caCert2 != null) {
                return false;
            }
        } else if (!caCert.equals(caCert2)) {
            return false;
        }
        String cert = getCert();
        String cert2 = certPemClientCredentials.getCert();
        if (cert == null) {
            if (cert2 != null) {
                return false;
            }
        } else if (!cert.equals(cert2)) {
            return false;
        }
        String privateKey = getPrivateKey();
        String privateKey2 = certPemClientCredentials.getPrivateKey();
        if (privateKey == null) {
            if (privateKey2 != null) {
                return false;
            }
        } else if (!privateKey.equals(privateKey2)) {
            return false;
        }
        String password = getPassword();
        String password2 = certPemClientCredentials.getPassword();
        return password == null ? password2 == null : password.equals(password2);
    }

    protected boolean canEqual(Object obj) {
        return obj instanceof CertPemClientCredentials;
    }

    public int hashCode() {
        String caCert = getCaCert();
        int hashCode = (1 * 59) + (caCert == null ? 43 : caCert.hashCode());
        String cert = getCert();
        int hashCode2 = (hashCode * 59) + (cert == null ? 43 : cert.hashCode());
        String privateKey = getPrivateKey();
        int hashCode3 = (hashCode2 * 59) + (privateKey == null ? 43 : privateKey.hashCode());
        String password = getPassword();
        return (hashCode3 * 59) + (password == null ? 43 : password.hashCode());
    }

    public String toString() {
        return "CertPemClientCredentials(caCert=" + getCaCert() + ", cert=" + getCert() + ", privateKey=" + getPrivateKey() + ", password=" + getPassword() + ")";
    }
}
