package com.appiancorp.oauth.inbound.crypto;

import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.connectedenvironments.KeyUtils;
import com.appiancorp.crypto.RsaKeysRetrievalRuntimeException;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import com.appiancorp.suite.SuiteConfiguration;
import com.appiancorp.suite.cfg.ConfigurationFactory;
import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.charset.StandardCharsets;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.sql.Date;
import java.time.Instant;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/oauth/inbound/crypto/RsaKeysInitializer.class */
public class RsaKeysInitializer {
    public static final Charset ENCODING = StandardCharsets.UTF_8;
    private static final Logger LOG = LoggerFactory.getLogger(RsaKeysInitializer.class);
    private final RsaKeysCryptoServiceProvider rsaKeysCryptoServiceProvider;

    public RsaKeysInitializer(RsaKeysCryptoServiceProvider rsaKeysCryptoServiceProvider) {
        this.rsaKeysCryptoServiceProvider = rsaKeysCryptoServiceProvider;
    }

    @Transactional(propagation = Propagation.REQUIRES_NEW)
    public void initKeys(long j, String str, String str2, CertificateData.CertificateType certificateType, CertificateData.CertificateType certificateType2) {
        try {
            CertificateService certificateService = this.rsaKeysCryptoServiceProvider.getCertificateService();
            if (certificateService.getByAlias(str) != null) {
                LOG.info("Deleting public private encryption key pair alias {}:{}", str, str2);
                deleteExistingKeys(certificateService, certificateType, certificateType2);
            }
            KeyPair generateKeyPair = KeyUtils.generateKeyPair();
            PrivateKey privateKey = generateKeyPair.getPrivate();
            PublicKey publicKey = generateKeyPair.getPublic();
            long epochMilli = Instant.now().toEpochMilli();
            Date date = new Date(epochMilli);
            Date date2 = new Date(epochMilli + j);
            CertificateData buildCertificateData = buildCertificateData(privateKey, str2, date, date2, certificateType2);
            CertificateData buildCertificateData2 = buildCertificateData(publicKey, str, date, date2, certificateType);
            certificateService.saveCertificateData(buildCertificateData);
            certificateService.saveCertificateData(buildCertificateData2);
        } catch (Exception e) {
            LOG.error("Error initializing keypair", e);
            throw new RsaKeysRetrievalRuntimeException(e);
        }
    }

    private void deleteExistingKeys(CertificateService certificateService, CertificateData.CertificateType certificateType, CertificateData.CertificateType certificateType2) {
        certificateService.delete((Set) Stream.concat(certificateService.getAllCertificatesByType(certificateType2).stream(), certificateService.getAllCertificatesByType(certificateType).stream()).map((v0) -> {
            return v0.getId();
        }).collect(Collectors.toSet()));
    }

    private <T extends Key> CertificateData buildCertificateData(T t, String str, Date date, Date date2, CertificateData.CertificateType certificateType) throws Exception {
        byte[] serializeKey = serializeKey(t);
        String hostname = getHostname();
        CertificateData certificateData = new CertificateData();
        certificateData.setAlias(str);
        certificateData.setKeyType(t.getAlgorithm());
        certificateData.setCertType(certificateType);
        certificateData.setDateOfIssue(date);
        certificateData.setDateOfExpiration(date2);
        certificateData.setSerializedKey(serializeKey);
        certificateData.setCommonName(hostname);
        certificateData.setIssuer(hostname);
        certificateData.setSerialNumber(String.valueOf(date.getTime()));
        certificateData.setThumbprint(String.valueOf(t.hashCode()));
        return certificateData;
    }

    private String getHostname() throws URISyntaxException {
        return new URI(((SuiteConfiguration) ConfigurationFactory.getConfiguration(SuiteConfiguration.class)).getBaseUri()).getHost();
    }

    private <T extends Serializable> byte[] serializeKey(T t) throws Exception {
        CryptographerProvider systemCryptographerProvider = this.rsaKeysCryptoServiceProvider.getSystemCryptographerProvider();
        String encodeObject = Base64.encodeObject(t, 2);
        if (t instanceof PrivateKey) {
            return systemCryptographerProvider.get().encrypt(encodeObject).getBytes(ENCODING);
        }
        if (t instanceof PublicKey) {
            return encodeObject.getBytes(ENCODING);
        }
        throw new IllegalArgumentException("Unsupported key type: " + t.getClass().getName());
    }
}
