package com.appiancorp.connectedenvironments.service;

import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.connectedenvironments.KeyUtils;
import com.appiancorp.connectedenvironments.persistence.ConnectedEnvironmentsServiceProvider;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Date;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.log4j.Logger;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/connectedenvironments/service/ConnectedEnvironmentsKeysInitializer.class */
public class ConnectedEnvironmentsKeysInitializer {
    private static final long EXPIRATION_MILLIS = 31536000000L;
    private static final Logger LOG = Logger.getLogger(ConnectedEnvironmentsKeysInitializer.class);
    private final ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider;

    public ConnectedEnvironmentsKeysInitializer(ConnectedEnvironmentsServiceProvider connectedEnvironmentsServiceProvider) {
        this.connectedEnvironmentsServiceProvider = connectedEnvironmentsServiceProvider;
    }

    @Transactional(propagation = Propagation.REQUIRES_NEW)
    public void initKeys(boolean z) {
        try {
            CertificateService certificateService = this.connectedEnvironmentsServiceProvider.getCertificateService();
            CertificateData byAlias = certificateService.getByAlias(ConnectedEnvironmentsKeysRepository.CE_SELF_PUBLIC);
            if (byAlias != null) {
                if (!z && !ConnectedEnvironmentsKeysRepository.isNullOrExpired(byAlias)) {
                    return;
                } else {
                    deleteExistingKeys(certificateService);
                }
            }
            KeyPair generateKeyPair = KeyUtils.generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            PublicKey publicKey = generateKeyPair.getPublic();
            Date date = new Date();
            java.sql.Date date2 = new java.sql.Date(date.getTime());
            java.sql.Date date3 = new java.sql.Date(date.getTime() + EXPIRATION_MILLIS);
            CertificateData buildCertificateData = buildCertificateData(privateKey, ConnectedEnvironmentsKeysRepository.CE_SELF_PRIVATE, date2, date3, CertificateData.CertificateType.CE_PRIVATE);
            CertificateData buildCertificateData2 = buildCertificateData(publicKey, ConnectedEnvironmentsKeysRepository.CE_SELF_PUBLIC, date2, date3, CertificateData.CertificateType.CE_PUBLIC);
            certificateService.saveCertificateData(buildCertificateData);
            certificateService.saveCertificateData(buildCertificateData2);
        } catch (Exception e) {
            LOG.error("Error initializing keypair", e);
            throw new RuntimeException(e);
        }
    }

    private void deleteExistingKeys(CertificateService certificateService) {
        certificateService.delete((Set) Stream.concat(certificateService.getAllCertificatesByType(CertificateData.CertificateType.CE_PRIVATE).stream(), certificateService.getAllCertificatesByType(CertificateData.CertificateType.CE_PUBLIC).stream()).map(certificateData -> {
            return certificateData.getId();
        }).collect(Collectors.toSet()));
    }

    private <T extends Key> CertificateData buildCertificateData(T t, String str, java.sql.Date date, java.sql.Date date2, CertificateData.CertificateType certificateType) throws Exception {
        byte[] serializeKey = serializeKey(t);
        String hostname = getHostname();
        CertificateData certificateData = new CertificateData();
        certificateData.setAlias(str);
        certificateData.setKeyType(t.getAlgorithm());
        certificateData.setCertType(certificateType);
        certificateData.setDateOfIssue(date);
        certificateData.setDateOfExpiration(date2);
        certificateData.setSerializedKey(serializeKey);
        certificateData.setCommonName(hostname);
        certificateData.setIssuer(hostname);
        certificateData.setSerialNumber(String.valueOf(date.getTime()));
        certificateData.setThumbprint(String.valueOf(t.hashCode()));
        return certificateData;
    }

    private String getHostname() throws URISyntaxException {
        return new URI(((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getBaseUri()).getHost();
    }

    private <T extends Serializable> byte[] serializeKey(T t) throws Exception {
        CryptographerProvider systemCryptographerProvider = this.connectedEnvironmentsServiceProvider.getSystemCryptographerProvider();
        String encodeObject = Base64.encodeObject(t, 2);
        if (t instanceof PrivateKey) {
            return systemCryptographerProvider.get().encrypt(encodeObject).getBytes(ConnectedEnvironmentsKeysRepository.ENCODING);
        }
        if (t instanceof PublicKey) {
            return encodeObject.getBytes(ConnectedEnvironmentsKeysRepository.ENCODING);
        }
        throw new IllegalArgumentException("Unsupported key type: " + t.getClass().getName());
    }
}
