package com.appiancorp.apikey.crypto;

import com.appiancorp.apikey.config.ApiKeyServiceProvider;
import com.appiancorp.core.crypto.Cryptographer;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import java.util.Date;
import javax.crypto.SecretKey;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/apikey/crypto/ApiKeySecretRepositoryImpl.class */
public class ApiKeySecretRepositoryImpl implements ApiKeySecretRepository {
    public static final String API_KEY_SECRET = "API-KEY-SECRET";
    private ApiKeyServiceProvider apiKeyServiceProvider;
    private ApiKeySecretInitializer apiKeySecretInitializer;

    public ApiKeySecretRepositoryImpl(ApiKeyServiceProvider apiKeyServiceProvider, ApiKeySecretInitializer apiKeySecretInitializer) {
        this.apiKeyServiceProvider = apiKeyServiceProvider;
        this.apiKeySecretInitializer = apiKeySecretInitializer;
    }

    @Transactional
    public byte[] getApiKeySecret() {
        CertificateService certificateService = this.apiKeyServiceProvider.getCertificateService();
        return decryptApiKeySecret(((CertificateData) SpringSecurityContextHelper.runAsAdmin(() -> {
            CertificateData byAlias = certificateService.getByAlias(API_KEY_SECRET);
            if (isNullOrExpired(byAlias)) {
                this.apiKeySecretInitializer.createSecret();
                byAlias = certificateService.getByAlias(API_KEY_SECRET);
            }
            return byAlias;
        })).getSerializedKey());
    }

    private byte[] decryptApiKeySecret(byte[] bArr) {
        Cryptographer systemCryptographer = this.apiKeyServiceProvider.getSystemCryptographer();
        try {
            return ((SecretKey) Base64.decodeToObject(systemCryptographer.decrypt(new String(bArr, ApiKeySecretInitializerImpl.ENCODING)), ApiKeySecretInitializerImpl.ENCODING)).getEncoded();
        } catch (Exception e) {
            throw new IllegalStateException("Could not decrypt using " + systemCryptographer, e);
        }
    }

    public static boolean isNullOrExpired(CertificateData certificateData) {
        return certificateData == null || certificateData.getDateOfExpiration().before(new Date(System.currentTimeMillis()));
    }
}
