package org.eclipse.hono.service.management.credentials;

import com.fasterxml.jackson.annotation.JsonCreator;
import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonInclude;
import com.fasterxml.jackson.annotation.JsonProperty;
import io.quarkus.runtime.annotations.RegisterForReflection;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.function.Predicate;
import javax.security.auth.x500.X500Principal;
import org.eclipse.hono.util.Strings;

@JsonInclude(JsonInclude.Include.NON_NULL)
@RegisterForReflection
/* loaded from: input_file:org/eclipse/hono/service/management/credentials/X509CertificateCredential.class */
public class X509CertificateCredential extends CommonCredential {
    static final String TYPE = "x509-cert";
    private final List<X509CertificateSecret> secrets;

    private X509CertificateCredential(String str, List<X509CertificateSecret> list) {
        super(str);
        this.secrets = new ArrayList();
        setSecrets(list);
    }

    @JsonCreator(mode = JsonCreator.Mode.PROPERTIES)
    public static X509CertificateCredential fromProperties(@JsonProperty("cert") byte[] bArr, @JsonProperty("auth-id") String str, @JsonProperty("secrets") List<X509CertificateSecret> list) {
        if (bArr != null) {
            return fromCertificate(deserialize(bArr));
        }
        Objects.requireNonNull(str);
        Objects.requireNonNull(list);
        if (list.size() != 1) {
            throw new IllegalArgumentException("list must contain exactly one secret");
        }
        return fromAuthId(str, list);
    }

    public static X509CertificateCredential fromAuthId(String str, List<X509CertificateSecret> list) {
        String str2 = str;
        try {
            str2 = new X500Principal(str).getName("RFC2253");
        } catch (IllegalArgumentException e) {
        }
        return new X509CertificateCredential(str2, list);
    }

    public static X509CertificateCredential fromCertificate(X509Certificate x509Certificate) {
        Objects.requireNonNull(x509Certificate);
        X509CertificateSecret x509CertificateSecret = new X509CertificateSecret();
        x509CertificateSecret.setNotBefore(x509Certificate.getNotBefore().toInstant());
        x509CertificateSecret.setNotAfter(x509Certificate.getNotAfter().toInstant());
        return new X509CertificateCredential(x509Certificate.getSubjectX500Principal().getName("RFC2253"), List.of(x509CertificateSecret));
    }

    private static X509Certificate deserialize(byte[] bArr) {
        try {
            return (X509Certificate) CertificateFactory.getInstance("X.509").generateCertificate(new ByteArrayInputStream(bArr));
        } catch (CertificateException e) {
            throw new IllegalArgumentException("cannot deserialize X.509 certificate", e);
        }
    }

    @Override // org.eclipse.hono.service.management.credentials.CommonCredential
    @JsonIgnore
    public final String getType() {
        return TYPE;
    }

    @Override // org.eclipse.hono.service.management.credentials.CommonCredential
    @JsonProperty("secrets")
    public final List<X509CertificateSecret> getSecrets() {
        return Collections.unmodifiableList(this.secrets);
    }

    public final X509CertificateCredential setSecrets(List<X509CertificateSecret> list) {
        Objects.requireNonNull(list);
        if (list.isEmpty()) {
            throw new IllegalArgumentException("secrets cannot be empty");
        }
        this.secrets.clear();
        this.secrets.addAll(list);
        return this;
    }

    @Override // org.eclipse.hono.service.management.credentials.CommonCredential
    protected Predicate<String> getAuthIdValidator() {
        return str -> {
            return !Strings.isNullOrEmpty(str);
        };
    }
}
