package pt.unl.fct.di.novasys.babel.internal.security;

import java.security.KeyPair;
import java.security.KeyStore;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import pt.unl.fct.di.novasys.babel.core.security.IdFromCertExtractor;
import pt.unl.fct.di.novasys.babel.core.security.SimpleIdentityGenerator;

/* loaded from: input_file:pt/unl/fct/di/novasys/babel/internal/security/BabelCredentialHandler.class */
public class BabelCredentialHandler implements SimpleIdentityGenerator, IdFromCertExtractor {
    private static final int DEFAULT_VALID_CERT_DAYS = 365;

    @Override // pt.unl.fct.di.novasys.babel.core.security.IdentityGenerator
    public KeyStore.PrivateKeyEntry generateCredentials(KeyPair keyPair) {
        return new KeyStore.PrivateKeyEntry(keyPair.getPrivate(), new Certificate[]{CryptUtils.getInstance().createSelfSignedX509Certificate(keyPair, PeerIdEncoder.stringFromPublicKey(keyPair.getPublic()), DEFAULT_VALID_CERT_DAYS)});
    }

    @Override // pt.unl.fct.di.novasys.babel.core.security.IdFromCertExtractor
    public byte[] extractIdentity(Certificate certificate) throws CertificateException {
        if (!(certificate instanceof X509Certificate)) {
            throw new CertificateException("Only knows how to extract id from X509 certificates.");
        }
        X509Certificate x509Certificate = (X509Certificate) certificate;
        PublicKey publicKey = x509Certificate.getPublicKey();
        String withoutEscapeBackslashes = PeerIdEncoder.withoutEscapeBackslashes(CryptUtils.getInstance().getX509CertificatePeerId(x509Certificate));
        byte[] fromPublicKey = PeerIdEncoder.fromPublicKey(publicKey);
        String encodeToString = PeerIdEncoder.encodeToString(fromPublicKey);
        if (withoutEscapeBackslashes.equals(encodeToString)) {
            return fromPublicKey;
        }
        throw new CertificateException("Id in certificate didn't match id derived from public key. Expected: %s Got: %s".formatted(encodeToString, withoutEscapeBackslashes));
    }
}
