package com.normation.inventory.domain;

import com.normation.inventory.domain.InventoryError;
import com.normation.inventory.services.provisioning.ParsedSecurityToken$;
import java.io.Serializable;
import java.security.cert.X509Certificate;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.springframework.beans.propertyeditors.StringArrayPropertyEditor;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Product;
import scala.Some;
import scala.Tuple2;
import scala.collection.ArrayOps$;
import scala.collection.Iterator;
import scala.collection.immutable.List;
import scala.collection.immutable.Nil$;
import scala.reflect.ClassTag$;
import scala.runtime.BoxedUnit;
import scala.runtime.BoxesRunTime;
import scala.runtime.ModuleSerializationProxy;
import scala.runtime.Statics;
import zio.CanFail$;
import zio.IO$;
import zio.UIO$;
import zio.ZIO;
import zio.syntax$;

/* compiled from: DataTypes.scala */
/* loaded from: input_file:WEB-INF/lib/inventory-api-7.2.2.jar:com/normation/inventory/domain/SecurityToken$.class */
public final class SecurityToken$ implements Product, Serializable {
    public static final SecurityToken$ MODULE$ = new SecurityToken$();

    static {
        Product.$init$(MODULE$);
    }

    @Override // scala.Product
    public Iterator<Object> productIterator() {
        Iterator<Object> productIterator;
        productIterator = productIterator();
        return productIterator;
    }

    @Override // scala.Product
    public String productElementName(int i) {
        String productElementName;
        productElementName = productElementName(i);
        return productElementName;
    }

    @Override // scala.Product
    public Iterator<String> productElementNames() {
        Iterator<String> productElementNames;
        productElementNames = productElementNames();
        return productElementNames;
    }

    public String kind(SecurityToken securityToken) {
        if (securityToken instanceof PublicKey) {
            return PublicKey$.MODULE$.kind();
        }
        if (securityToken instanceof Certificate) {
            return Certificate$.MODULE$.kind();
        }
        throw new MatchError(securityToken);
    }

    public ZIO<Object, InventoryError, Tuple2<java.security.PublicKey, List<Tuple2<String, String>>>> parseCertificate(Certificate certificate) {
        return certificate.cert().flatMap(x509CertificateHolder -> {
            return IO$.MODULE$.effect(() -> {
                X509Certificate certificate2 = new JcaX509CertificateConverter().getCertificate(x509CertificateHolder);
                return new Tuple2(certificate2.getPublicKey(), Predef$.MODULE$.wrapRefArray((Object[]) ArrayOps$.MODULE$.flatMap$extension(Predef$.MODULE$.refArrayOps(x509CertificateHolder.getSubject().getRDNs()), rdn -> {
                    return (Tuple2[]) ArrayOps$.MODULE$.flatMap$extension(Predef$.MODULE$.refArrayOps(rdn.getTypesAndValues()), attributeTypeAndValue -> {
                        return Nil$.MODULE$.$colon$colon(new Tuple2(attributeTypeAndValue.getType().toString(), attributeTypeAndValue.getValue().toString()));
                    }, ClassTag$.MODULE$.apply(Tuple2.class));
                }, tuple2Arr -> {
                    return Predef$.MODULE$.wrapRefArray(tuple2Arr);
                }, ClassTag$.MODULE$.apply(Tuple2.class))).toList());
            }).mapError(th -> {
                return new InventoryError.CryptoEx("Error when trying to parse agent certificate information", th);
            }, CanFail$.MODULE$.canFail());
        });
    }

    public ZIO<Object, InventoryError, BoxedUnit> checkCertificateSubject(String str, List<Tuple2<String, String>> list) {
        Tuple2 tuple2;
        Option<Tuple2<String, String>> find = list.find(tuple22 -> {
            return BoxesRunTime.boxToBoolean($anonfun$checkCertificateSubject$2(tuple22));
        });
        if (None$.MODULE$.equals(find)) {
            return syntax$.MODULE$.ToZio(new InventoryError.SecurityToken("Certificate subject doesn't contain node ID in 'UID' attribute: " + formatSubject$1(list))).fail();
        }
        if (!(find instanceof Some) || (tuple2 = (Tuple2) ((Some) find).value()) == null) {
            throw new MatchError(find);
        }
        return ((String) tuple2.mo13169_2()).trim().equalsIgnoreCase(str) ? UIO$.MODULE$.unit() : syntax$.MODULE$.ToZio(new InventoryError.SecurityToken("Certificate subject doesn't contain same node ID in 'UID' attribute as inventory node ID: " + formatSubject$1(list))).fail();
    }

    public ZIO<Object, InventoryError, BoxedUnit> checkCertificateForNode(String str, Certificate certificate) {
        return parseCertificate(certificate).flatMap(tuple2 -> {
            return MODULE$.checkCertificateSubject(str, (List) tuple2.mo13169_2()).map(boxedUnit -> {
                BoxedUnit.UNIT;
                return BoxedUnit.UNIT;
            });
        });
    }

    @Override // scala.Product
    public String productPrefix() {
        return "SecurityToken";
    }

    @Override // scala.Product
    public int productArity() {
        return 0;
    }

    @Override // scala.Product
    public Object productElement(int i) {
        return Statics.ioobe(i);
    }

    @Override // scala.Equals
    public boolean canEqual(Object obj) {
        return obj instanceof SecurityToken$;
    }

    public int hashCode() {
        return 84478585;
    }

    public String toString() {
        return "SecurityToken";
    }

    private Object writeReplace() {
        return new ModuleSerializationProxy(SecurityToken$.class);
    }

    private static final String formatSubject$1(List list) {
        return list.map(tuple2 -> {
            return tuple2.mo13170_1() + "=" + tuple2.mo13169_2();
        }).mkString(StringArrayPropertyEditor.DEFAULT_SEPARATOR);
    }

    public static final /* synthetic */ boolean $anonfun$checkCertificateSubject$2(Tuple2 tuple2) {
        if (tuple2 == null) {
            throw new MatchError(tuple2);
        }
        String str = (String) tuple2.mo13170_1();
        String nodeidOID = ParsedSecurityToken$.MODULE$.nodeidOID();
        return str != null ? str.equals(nodeidOID) : nodeidOID == null;
    }

    private SecurityToken$() {
    }
}
