package com.appiancorp.connectedenvironments.service;

import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentsServiceProvider;
import com.appiancorp.security.auth.SpringSecurityContextHelper;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.apache.log4j.Logger;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/connectedenvironments/service/ConnectedEnvironmentsKeysRepository.class */
public class ConnectedEnvironmentsKeysRepository {
    public static final String CE_SELF_PUBLIC = "CE-SELF-PUBLIC";
    public static final String CE_SELF_PRIVATE = "CE-SELF-PRIVATE";
    public static final String ENCODING = "UTF-8";
    private static final Logger LOG = Logger.getLogger(ConnectedEnvironmentsKeysRepository.class);
    private final ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider;
    private final ConnectedEnvironmentsKeysInitializer keysInitializer;

    public ConnectedEnvironmentsKeysRepository(ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider, ConnectedEnvironmentsKeysInitializer connectedEnvironmentsKeysInitializer) {
        this.connectedEnvironmentsServiceProvider = connectedEnvironmentsServiceProvider;
        this.keysInitializer = connectedEnvironmentsKeysInitializer;
    }

    public void initKeys() {
        SpringSecurityContextHelper.runAsAdmin(() -> {
            this.keysInitializer.initKeys(false);
        });
    }

    public RSAPublicKey getPublicKey() throws Exception {
        CertificateService certificateService = this.connectedEnvironmentsServiceProvider.getCertificateService();
        CertificateData byAlias = certificateService.getByAlias(CE_SELF_PUBLIC);
        if (byAlias == null) {
            SpringSecurityContextHelper.runAsAdmin(() -> {
                this.keysInitializer.initKeys(false);
            });
            byAlias = certificateService.getByAlias(CE_SELF_PUBLIC);
        }
        return (RSAPublicKey) deserializePublicKey(byAlias.getSerializedKey());
    }

    @Transactional
    public KeyPair getKeyPair() throws Exception {
        return new KeyPair(getPublicKey(), getPrivateKey());
    }

    private RSAPrivateKey getPrivateKey() throws Exception {
        CertificateService certificateService = this.connectedEnvironmentsServiceProvider.getCertificateService();
        CertificateData byAlias = certificateService.getByAlias(CE_SELF_PRIVATE);
        if (isNullOrExpired(byAlias)) {
            SpringSecurityContextHelper.runAsAdmin(() -> {
                this.keysInitializer.initKeys(true);
            });
            byAlias = certificateService.getByAlias(CE_SELF_PRIVATE);
        }
        return (RSAPrivateKey) deserializePrivateKey(byAlias.getSerializedKey());
    }

    public static boolean isNullOrExpired(CertificateData certificateData) {
        return certificateData == null || certificateData.getDateOfExpiration().before(new Date(System.currentTimeMillis()));
    }

    private PublicKey deserializePublicKey(byte[] bArr) throws Exception {
        return (PublicKey) Base64.decodeToObject(new String(bArr, ENCODING), ENCODING);
    }

    private PrivateKey deserializePrivateKey(byte[] bArr) throws Exception {
        String str = new String(bArr, ENCODING);
        CryptographerProvider systemCryptographerProvider = this.connectedEnvironmentsServiceProvider.getSystemCryptographerProvider();
        try {
            return (PrivateKey) Base64.decodeToObject(systemCryptographerProvider.get().decrypt(str), ENCODING);
        } catch (Exception e) {
            throw new IllegalStateException("Could not decrypt using " + systemCryptographerProvider, e);
        }
    }
}
