package com.gitflic.keysretriever.service;

import com.gitflic.keysretriever.dto.RsaKeyPairDto;
import com.gitflic.keysretriever.utils.AESUtil;
import java.io.File;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.nio.file.FileAlreadyExistsException;
import java.nio.file.Files;
import java.nio.file.LinkOption;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.nio.file.StandardOpenOption;
import java.nio.file.attribute.AclEntry;
import java.nio.file.attribute.AclEntryPermission;
import java.nio.file.attribute.AclEntryType;
import java.nio.file.attribute.AclFileAttributeView;
import java.nio.file.attribute.PosixFilePermissions;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateCrtKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Base64;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:com/gitflic/keysretriever/service/RsaKeysRetriever.class */
public class RsaKeysRetriever {
    private static final String PUBLIC_KEY_PREFIX = "-----BEGIN PUBLIC KEY-----";
    private static final String PUBLIC_KEY_SUFFIX = "-----END PUBLIC KEY-----";
    private static final String PRIVATE_KEY_PREFIX = "-----BEGIN PRIVATE KEY-----";
    private static final String PRIVATE_KEY_SUFFIX = "-----END PRIVATE KEY-----";
    private static final String PRIVATE_KEY_NAME = "private_key.pem";
    private static final String PUBLIC_KEY_NAME = "public_key.pem";
    private String key;

    public void retrieveRsaKeys(RsaKeyPairDto rsaKeyPairDto, String str) {
        this.key = str;
        if (readKeysFromDbAnsSaveToFS(rsaKeyPairDto, new File(System.getProperty("user.dir")).toPath()) != null) {
            System.out.println("Ключи сохранены");
        }
    }

    private KeyPair readKeysFromDbAnsSaveToFS(RsaKeyPairDto rsaKeyPairDto, Path path) {
        try {
            KeyPair retrieveKeysFromDb = retrieveKeysFromDb(rsaKeyPairDto);
            if (retrieveKeysFromDb == null) {
                System.out.println("Ключи отсутствуют в базе данных");
            }
            return saveRsKeysToFs(retrieveKeysFromDb, path);
        } catch (InvalidKeySpecException e) {
            return null;
        }
    }

    private KeyPair saveRsKeysToFs(KeyPair keyPair, Path path) {
        try {
            if (Objects.nonNull(keyPair)) {
                String lowerCase = System.getProperty("os.name").toLowerCase();
                PrivateKey privateKey = keyPair.getPrivate();
                PublicKey publicKey = keyPair.getPublic();
                Path path2 = Paths.get(path.toString(), PRIVATE_KEY_NAME);
                Path path3 = Paths.get(path.toString(), PUBLIC_KEY_NAME);
                String str = "-----BEGIN PRIVATE KEY-----\n" + Base64.getMimeEncoder().encodeToString(privateKey.getEncoded()) + "\n-----END PRIVATE KEY-----\n";
                String str2 = "-----BEGIN PUBLIC KEY-----\n" + Base64.getMimeEncoder().encodeToString(publicKey.getEncoded()) + "\n-----END PUBLIC KEY-----\n";
                setFilePermissions(Files.write(path2, str.getBytes(StandardCharsets.UTF_8), StandardOpenOption.CREATE_NEW), lowerCase);
                setFilePermissions(Files.write(path3, str2.getBytes(StandardCharsets.UTF_8), StandardOpenOption.CREATE_NEW), lowerCase);
            }
            return keyPair;
        } catch (FileAlreadyExistsException e) {
            System.out.println("Ошибка сохранения ключей, ключи уже сохранены, путь: " + e.getFile());
            return null;
        } catch (IOException e2) {
            System.out.println("Ошибка сохранения RSA ключей (возможно отсутствует доступ к файловой системе или недостаточно прав) попробуйте добавить ключи самостоятельно указав пути gitflic.vault.cert.privateKey и gitflic.vault.cert.publicKey в application.properties");
            return null;
        }
    }

    private void setFilePermissions(Path path, String str) throws IOException {
        AclFileAttributeView aclFileAttributeView;
        if (str.contains("nix") || str.contains("nux") || str.contains("aix") || str.contains("mac")) {
            Files.setPosixFilePermissions(path, PosixFilePermissions.fromString("rw-------"));
        } else {
            if (!str.contains("win") || (aclFileAttributeView = (AclFileAttributeView) Files.getFileAttributeView(path, AclFileAttributeView.class, new LinkOption[0])) == null) {
                return;
            }
            aclFileAttributeView.setAcl(List.of(AclEntry.newBuilder().setType(AclEntryType.ALLOW).setPrincipal(Files.getOwner(path, new LinkOption[0])).setPermissions(AclEntryPermission.READ_DATA, AclEntryPermission.WRITE_DATA, AclEntryPermission.DELETE).build()));
        }
    }

    private KeyPair retrieveKeysFromDb(RsaKeyPairDto rsaKeyPairDto) throws InvalidKeySpecException {
        if (rsaKeyPairDto == null) {
            return null;
        }
        try {
            KeyFactory keyFactory = KeyFactory.getInstance("RSA");
            return new KeyPair(readX509PublicKey(keyFactory, AESUtil.decrypt(rsaKeyPairDto.getPublicKey(), this.key)), readPKCS8PrivateKey(keyFactory, AESUtil.decrypt(rsaKeyPairDto.getPrivateKey(), this.key)));
        } catch (NoSuchAlgorithmException e) {
            throw new RuntimeException(e);
        }
    }

    private RSAPublicKey readX509PublicKey(KeyFactory keyFactory, byte[] bArr) throws InvalidKeySpecException {
        return (RSAPublicKey) keyFactory.generatePublic(new X509EncodedKeySpec(bArr));
    }

    private RSAPrivateCrtKey readPKCS8PrivateKey(KeyFactory keyFactory, byte[] bArr) throws InvalidKeySpecException {
        return (RSAPrivateCrtKey) keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }
}
