package com.normation.rudder.domain.nodes;

import com.normation.box$;
import com.normation.inventory.domain.Certificate;
import com.normation.inventory.domain.PublicKey;
import com.normation.inventory.domain.SecurityToken$;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import net.liftweb.common.Box;
import net.liftweb.common.Box$;
import net.liftweb.common.Failure$;
import net.liftweb.common.Full;
import net.liftweb.util.Helpers$;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.encoders.Hex;
import scala.MatchError;
import scala.Option$;
import scala.Tuple2;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;

/* compiled from: NodeInfo.scala */
/* loaded from: input_file:WEB-INF/lib/rudder-core-6.2.16.jar:com/normation/rudder/domain/nodes/CFEngineKey$.class */
public final class CFEngineKey$ {
    public static final CFEngineKey$ MODULE$ = new CFEngineKey$();

    public Box<String> getCfengineMD5Digest(PublicKey publicKey) {
        return getCfengineDigestFromCfeKey(publicKey, MessageDigestAlgorithms.MD5);
    }

    public Box<String> getCfengineSHA256Digest(PublicKey publicKey) {
        return getCfengineDigestFromCfeKey(publicKey, "SHA-256");
    }

    public Box<String> getCfengineMD5CertDigest(Certificate certificate) {
        return box$.MODULE$.IOToBox(certificate.cert()).toBox().flatMap(x509CertificateHolder -> {
            return MODULE$.getCfengineDigest(x509CertificateHolder.getSubjectPublicKeyInfo(), MessageDigestAlgorithms.MD5).map(str -> {
                return str;
            });
        });
    }

    public Box<String> getCfengineSHA256CertDigest(Certificate certificate) {
        return box$.MODULE$.IOToBox(certificate.cert()).toBox().flatMap(x509CertificateHolder -> {
            return MODULE$.getCfengineDigest(x509CertificateHolder.getSubjectPublicKeyInfo(), "SHA-256").map(str -> {
                return str;
            });
        });
    }

    public Box<String> getCfengineDigestFromCfeKey(PublicKey publicKey, String str) {
        return Box$.MODULE$.apply(Option$.MODULE$.apply(new PEMParser(new StringReader(publicKey.key())))).flatMap(pEMParser -> {
            return Helpers$.MODULE$.tryo(() -> {
                return (SubjectPublicKeyInfo) pEMParser.readObject();
            }).flatMap(subjectPublicKeyInfo -> {
                return (subjectPublicKeyInfo == null ? Failure$.MODULE$.apply("Error when reading key (it is likely malformed)") : new Full(BoxedUnit.UNIT)).flatMap(boxedUnit -> {
                    return MODULE$.getCfengineDigest(subjectPublicKeyInfo, str).map(str2 -> {
                        return str2;
                    });
                });
            });
        });
    }

    public Box<String> getCfengineDigest(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) {
        ASN1ObjectIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
        ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.rsaEncryption;
        return ((aSN1ObjectIdentifier != null ? !aSN1ObjectIdentifier.equals((Object) algorithm) : algorithm != null) ? Failure$.MODULE$.apply(new StringBuilder(79).append("The CFEngine public key used an unsupported algorithm '").append(algorithm).append("'. Only RSA is supported").toString()) : new Full(KeyFactory.getInstance("RSA"))).flatMap(keyFactory -> {
            return Helpers$.MODULE$.tryo(() -> {
                return new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
            }).flatMap(x509EncodedKeySpec -> {
                return Helpers$.MODULE$.tryo(() -> {
                    return (RSAPublicKey) keyFactory.generatePublic(x509EncodedKeySpec);
                }).flatMap(rSAPublicKey -> {
                    return Helpers$.MODULE$.tryo(() -> {
                        return MessageDigest.getInstance(str);
                    }).map(messageDigest -> {
                        messageDigest.update(Hex.decode(rSAPublicKey.getModulus().toString(16)));
                        messageDigest.update(rSAPublicKey.getPublicExponent().toByteArray());
                        return Hex.toHexString(messageDigest.digest());
                    });
                });
            });
        });
    }

    public Box<String> getSha256Digest(PublicKey publicKey) {
        return Box$.MODULE$.apply(Option$.MODULE$.apply(new PEMParser(new StringReader(publicKey.key())))).flatMap(pEMParser -> {
            return Helpers$.MODULE$.tryo(() -> {
                return (SubjectPublicKeyInfo) pEMParser.readObject();
            }).flatMap(subjectPublicKeyInfo -> {
                return (subjectPublicKeyInfo == null ? Failure$.MODULE$.apply("Error when reading key (it is likely malformed)") : new Full(BoxedUnit.UNIT)).flatMap(boxedUnit -> {
                    return Helpers$.MODULE$.tryo(() -> {
                        return MessageDigest.getInstance("SHA-256");
                    }).map(messageDigest -> {
                        messageDigest.update(subjectPublicKeyInfo.getEncoded());
                        return Hex.toHexString(messageDigest.digest());
                    });
                });
            });
        });
    }

    public Box<String> getSha256Digest(Certificate certificate) {
        return box$.MODULE$.IOToBox(SecurityToken$.MODULE$.parseCertificate(certificate)).toBox().withFilter(tuple2 -> {
            return BoxesRunTime.boxToBoolean($anonfun$getSha256Digest$7(tuple2));
        }).flatMap(tuple22 -> {
            if (tuple22 == null) {
                throw new MatchError(tuple22);
            }
            java.security.PublicKey publicKey = (java.security.PublicKey) tuple22.mo8650_1();
            return (publicKey == null ? Failure$.MODULE$.apply("Error when reading certificate (it is likely malformed)") : new Full(BoxedUnit.UNIT)).flatMap(boxedUnit -> {
                return Helpers$.MODULE$.tryo(() -> {
                    return MessageDigest.getInstance("SHA-256");
                }).map(messageDigest -> {
                    messageDigest.update(publicKey.getEncoded());
                    return Hex.toHexString(messageDigest.digest());
                });
            });
        });
    }

    public static final /* synthetic */ boolean $anonfun$getSha256Digest$7(Tuple2 tuple2) {
        return tuple2 != null;
    }

    private CFEngineKey$() {
    }
}
