package com.appiancorp.oauth.inbound.crypto;

import com.appiancorp.crypto.RsaKeysRepository;
import com.appiancorp.crypto.RsaKeysRetrievalException;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import java.io.UnsupportedEncodingException;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/oauth/inbound/crypto/AbstractRsaKeysRepositoryImpl.class */
public abstract class AbstractRsaKeysRepositoryImpl implements RsaKeysRepository {
    private static final Logger LOG = LoggerFactory.getLogger(AbstractRsaKeysRepositoryImpl.class);
    private final RsaKeysCryptoServiceProvider rsaKeysCryptoServiceProvider;
    private final RsaKeysInitializer keysInitializer;
    private final boolean isEncryptionKeyRotationDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractRsaKeysRepositoryImpl(RsaKeysCryptoServiceProvider rsaKeysCryptoServiceProvider, RsaKeysInitializer rsaKeysInitializer, boolean z) {
        this.rsaKeysCryptoServiceProvider = rsaKeysCryptoServiceProvider;
        this.keysInitializer = rsaKeysInitializer;
        this.isEncryptionKeyRotationDisabled = z;
    }

    abstract long getExpirationLength();

    abstract String getPublicKeyAlias();

    abstract String getPrivateKeyAlias();

    abstract CertificateData.CertificateType getPublicKeyType();

    abstract CertificateData.CertificateType getPrivateKeyType();

    public void initKeys() {
        this.keysInitializer.initKeys(getExpirationLength(), getPublicKeyAlias(), getPrivateKeyAlias(), getPublicKeyType(), getPrivateKeyType());
        LOG.info("Initialized new public private key pair for alias {}:{}", getPublicKeyAlias(), getPrivateKeyAlias());
    }

    @Transactional(rollbackFor = {Exception.class})
    public RSAPublicKey getPublicKey() throws RsaKeysRetrievalException {
        CertificateService certificateService = this.rsaKeysCryptoServiceProvider.getCertificateService();
        CertificateData byAlias = certificateService.getByAlias(getPublicKeyAlias());
        if (shouldKeysBeInitialized(byAlias, true, getPublicKeyAlias())) {
            initKeys();
            byAlias = certificateService.getByAlias(getPublicKeyAlias());
        }
        return (RSAPublicKey) deserializePublicKey(byAlias.getSerializedKey());
    }

    @Transactional(rollbackFor = {Exception.class})
    public KeyPair getKeyPair() throws RsaKeysRetrievalException {
        return new KeyPair(getPublicKey(), getPrivateKey());
    }

    private RSAPrivateKey getPrivateKey() throws RsaKeysRetrievalException {
        CertificateService certificateService = this.rsaKeysCryptoServiceProvider.getCertificateService();
        CertificateData byAlias = certificateService.getByAlias(getPrivateKeyAlias());
        if (shouldKeysBeInitialized(byAlias, this.isEncryptionKeyRotationDisabled, getPrivateKeyAlias())) {
            initKeys();
            byAlias = certificateService.getByAlias(getPrivateKeyAlias());
        }
        return (RSAPrivateKey) deserializePrivateKey(byAlias.getSerializedKey());
    }

    private PublicKey deserializePublicKey(byte[] bArr) {
        return (PublicKey) Base64.decodeToObject(new String(bArr, RsaKeysInitializer.ENCODING), RsaKeysInitializer.ENCODING.name());
    }

    private PrivateKey deserializePrivateKey(byte[] bArr) throws RsaKeysRetrievalException {
        try {
            return (PrivateKey) Base64.decodeToObject(this.rsaKeysCryptoServiceProvider.getSystemCryptographerProvider().get().decrypt(new String(bArr, RsaKeysInitializer.ENCODING)), RsaKeysInitializer.ENCODING.name());
        } catch (UnsupportedEncodingException e) {
            throw new RsaKeysRetrievalException("String encoding issue during private key deserialization", e);
        } catch (Exception e2) {
            throw new RsaKeysRetrievalException("Unexpected error decrypting private key.", e2);
        }
    }

    private boolean shouldKeysBeInitialized(CertificateData certificateData, boolean z, String str) {
        if (certificateData == null) {
            LOG.info("Initializing a new encryption key for public private key pair for {} since one doesn't exist.", str);
            return true;
        }
        if (z) {
            LOG.trace("Skipping initialization since a public private key pair {} exists and rotation is disabled.", str);
            return false;
        }
        if (certificateData.getDateOfExpiration().before(new Date(System.currentTimeMillis()))) {
            LOG.info("Reinitializing public private key pair {} since previous one expired at {}.", str, certificateData.getDateOfExpiration());
            return true;
        }
        LOG.trace("Skipping initialization since a public private key pair {} already exists and yet to expire at {}.", str, certificateData.getDateOfExpiration());
        return false;
    }
}
