package com.normation.rudder.domain.nodes;

import com.normation.errors;
import com.normation.errors$IOResult$;
import com.normation.inventory.domain.Certificate;
import com.normation.inventory.domain.PublicKey;
import com.normation.inventory.domain.SecurityToken$;
import java.io.StringReader;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.X509EncodedKeySpec;
import org.apache.commons.codec.binary.Base64;
import org.apache.commons.codec.digest.MessageDigestAlgorithms;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.util.encoders.Hex;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Option$;
import scala.Some;
import scala.Tuple2;
import zio.UIO$;
import zio.ZIO;
import zio.syntax$;

/* compiled from: NodeInfo.scala */
/* loaded from: input_file:WEB-INF/lib/rudder-core-7.2.4.jar:com/normation/rudder/domain/nodes/NodeKeyHash$.class */
public final class NodeKeyHash$ {
    public static final NodeKeyHash$ MODULE$ = new NodeKeyHash$();

    public ZIO<Object, errors.RudderError, String> getCfengineMD5Digest(PublicKey publicKey) {
        return getCfengineDigestFromCfeKey(publicKey, MessageDigestAlgorithms.MD5);
    }

    public ZIO<Object, errors.RudderError, String> getCfengineSHA256Digest(PublicKey publicKey) {
        return getCfengineDigestFromCfeKey(publicKey, "SHA-256");
    }

    public ZIO<Object, errors.RudderError, String> getCfengineMD5CertDigest(Certificate certificate) {
        return certificate.cert().flatMap(x509CertificateHolder -> {
            return MODULE$.getCfengineDigest(x509CertificateHolder.getSubjectPublicKeyInfo(), MessageDigestAlgorithms.MD5).map(str -> {
                return str;
            });
        });
    }

    public ZIO<Object, errors.RudderError, String> getCfengineSHA256CertDigest(Certificate certificate) {
        return certificate.cert().flatMap(x509CertificateHolder -> {
            return MODULE$.getCfengineDigest(x509CertificateHolder.getSubjectPublicKeyInfo(), "SHA-256").map(str -> {
                return str;
            });
        });
    }

    public ZIO<Object, errors.RudderError, SubjectPublicKeyInfo> getPubkeyInfo(PublicKey publicKey) {
        return errors$IOResult$.MODULE$.effectM(() -> {
            Option apply = Option$.MODULE$.apply(new PEMParser(new StringReader(publicKey.key())));
            if (None$.MODULE$.equals(apply)) {
                return syntax$.MODULE$.ToZio(new errors.Inconsistency("Error when trying to create the PEM parser for agent key")).fail();
            }
            if (!(apply instanceof Some)) {
                throw new MatchError(apply);
            }
            return syntax$.MODULE$.ToZio((PEMParser) ((Some) apply).value()).succeed();
        }).flatMap(pEMParser -> {
            return errors$IOResult$.MODULE$.effect(() -> {
                return (SubjectPublicKeyInfo) pEMParser.readObject();
            }).flatMap(subjectPublicKeyInfo -> {
                return (subjectPublicKeyInfo == null ? syntax$.MODULE$.ToZio(new errors.Inconsistency("Error when reading key (it is likely malformed)")).fail() : UIO$.MODULE$.unit()).map(boxedUnit -> {
                    return subjectPublicKeyInfo;
                });
            });
        });
    }

    public ZIO<Object, errors.RudderError, String> getCfengineDigestFromCfeKey(PublicKey publicKey, String str) {
        return getPubkeyInfo(publicKey).flatMap(subjectPublicKeyInfo -> {
            return MODULE$.getCfengineDigest(subjectPublicKeyInfo, str).map(str2 -> {
                return str2;
            });
        });
    }

    public ZIO<Object, errors.RudderError, String> getCfengineDigest(SubjectPublicKeyInfo subjectPublicKeyInfo, String str) {
        return errors$IOResult$.MODULE$.effectM(() -> {
            ASN1ObjectIdentifier algorithm = subjectPublicKeyInfo.getAlgorithm().getAlgorithm();
            ASN1ObjectIdentifier aSN1ObjectIdentifier = PKCSObjectIdentifiers.rsaEncryption;
            return (aSN1ObjectIdentifier != null ? !aSN1ObjectIdentifier.equals((Object) algorithm) : algorithm != null) ? syntax$.MODULE$.ToZio(new errors.Inconsistency("The CFEngine public key used an unsupported algorithm '" + algorithm.toString() + "'. Only RSA is supported")).fail() : syntax$.MODULE$.ToZio(KeyFactory.getInstance("RSA")).succeed();
        }).flatMap(keyFactory -> {
            return errors$IOResult$.MODULE$.effect(() -> {
                return new X509EncodedKeySpec(subjectPublicKeyInfo.getEncoded());
            }).flatMap(x509EncodedKeySpec -> {
                return errors$IOResult$.MODULE$.effect(() -> {
                    return (RSAPublicKey) keyFactory.generatePublic(x509EncodedKeySpec);
                }).flatMap(rSAPublicKey -> {
                    return errors$IOResult$.MODULE$.effect(() -> {
                        return MessageDigest.getInstance(str);
                    }).flatMap(messageDigest -> {
                        return errors$IOResult$.MODULE$.effect("An error occured with node key hash", () -> {
                            messageDigest.update(Hex.decode(rSAPublicKey.getModulus().toString(16)));
                            messageDigest.update(rSAPublicKey.getPublicExponent().toByteArray());
                            return Hex.toHexString(messageDigest.digest());
                        }).map(str2 -> {
                            return str2;
                        });
                    });
                });
            });
        });
    }

    public ZIO<Object, errors.RudderError, byte[]> sha256Digest(byte[] bArr) {
        return errors$IOResult$.MODULE$.effect(() -> {
            return MessageDigest.getInstance("SHA-256");
        }).flatMap(messageDigest -> {
            return errors$IOResult$.MODULE$.effect("An error occured with node key hash", () -> {
                messageDigest.update(bArr);
                return messageDigest.digest();
            }).map(bArr2 -> {
                return bArr2;
            });
        });
    }

    public ZIO<Object, errors.RudderError, byte[]> getSha256Digest(PublicKey publicKey) {
        return getPubkeyInfo(publicKey).flatMap(subjectPublicKeyInfo -> {
            return errors$IOResult$.MODULE$.effect(() -> {
                return subjectPublicKeyInfo.getEncoded();
            }).flatMap(bArr -> {
                return MODULE$.sha256Digest(bArr).map(bArr -> {
                    return bArr;
                });
            });
        });
    }

    public ZIO<Object, errors.RudderError, byte[]> getSha256Digest(Certificate certificate) {
        return SecurityToken$.MODULE$.parseCertificate(certificate).map(tuple2 -> {
            if (tuple2 == null) {
                throw new MatchError(tuple2);
            }
            Tuple2 tuple2 = new Tuple2(tuple2, (java.security.PublicKey) tuple2.mo13175_1());
            Tuple2 tuple22 = (Tuple2) tuple2.mo13175_1();
            return new Tuple2(tuple2, tuple22);
        }).flatMap(tuple22 -> {
            Tuple2 tuple22;
            if (tuple22 == null || (tuple22 = (Tuple2) tuple22.mo13174_2()) == null) {
                throw new MatchError(tuple22);
            }
            java.security.PublicKey publicKey = (java.security.PublicKey) tuple22.mo13175_1();
            return (publicKey == null ? syntax$.MODULE$.ToZio(new errors.Inconsistency("Error when reading key (it is likely malformed)")).fail() : UIO$.MODULE$.unit()).flatMap(boxedUnit -> {
                return errors$IOResult$.MODULE$.effect(() -> {
                    return publicKey.getEncoded();
                }).flatMap(bArr -> {
                    return MODULE$.sha256Digest(bArr).map(bArr -> {
                        return bArr;
                    });
                });
            });
        });
    }

    public ZIO<Object, errors.RudderError, String> getHexSha256Digest(PublicKey publicKey) {
        return getSha256Digest(publicKey).map(bArr -> {
            return Hex.toHexString(bArr);
        });
    }

    public ZIO<Object, errors.RudderError, String> getHexSha256Digest(Certificate certificate) {
        return getSha256Digest(certificate).map(bArr -> {
            return Hex.toHexString(bArr);
        });
    }

    public ZIO<Object, errors.RudderError, String> getB64Sha256Digest(PublicKey publicKey) {
        return getSha256Digest(publicKey).map(bArr -> {
            return Base64.encodeBase64String(bArr);
        });
    }

    public ZIO<Object, errors.RudderError, String> getB64Sha256Digest(Certificate certificate) {
        return getSha256Digest(certificate).map(bArr -> {
            return Base64.encodeBase64String(bArr);
        });
    }

    private NodeKeyHash$() {
    }
}
