package com.appiancorp.security.ssl;

import com.appiancorp.cache.Cache;
import com.appiancorp.common.crypto.CryptographerProvider;
import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.sharepoint.webpart.Base64;
import com.appiancorp.suite.cfg.adminconsole.AdminConsoleAuditLogger;
import com.google.common.base.Charsets;
import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.Lists;
import java.io.File;
import java.io.Serializable;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
import java.sql.Date;
import java.util.ArrayList;
import java.util.Calendar;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.inject.Inject;
import org.apache.log4j.Logger;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/security/ssl/CertificateServiceImpl.class */
public class CertificateServiceImpl implements CertificateService {
    private static final String AUDIT_NAMESPACE_FORMAT = "conf.%s.certificates";
    private static final String AUDIT_PROPERTY_KEY = "subject.distinguishedName";
    static final String AUDIT_UPLOAD_PREVIOUS_VALUE = "<uploaded>";
    private static final String ENCODING = "UTF-8";
    protected final CryptographerProvider systemCryptographerProvider;
    protected final CertificateDataDao certificateDataDao;
    protected final AdminConsoleAuditLogger adminConsoleAuditLogger;
    protected final Cache certificateCache;
    private final PEMProcessor pemProcessor;
    static final Object AUDIT_DELETE_NEW_VALUE = "<deleted>";
    private static final Logger LOG = Logger.getLogger(CertificateServiceImpl.class);

    @Inject
    public CertificateServiceImpl(CertificateDataDao certificateDataDao, CryptographerProvider cryptographerProvider, AdminConsoleAuditLogger adminConsoleAuditLogger, Cache cache, PEMProcessor pEMProcessor) {
        Preconditions.checkNotNull(certificateDataDao);
        Preconditions.checkNotNull(cryptographerProvider);
        this.systemCryptographerProvider = cryptographerProvider;
        this.certificateDataDao = certificateDataDao;
        this.adminConsoleAuditLogger = adminConsoleAuditLogger;
        this.certificateCache = cache;
        this.pemProcessor = pEMProcessor;
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public List<CertificateData> getAllCertificatesByType(CertificateData.CertificateType certificateType) {
        List<CertificateData> list = (List) this.certificateDataDao.getAllByType(certificateType).stream().distinct().collect(Collectors.toList());
        if (list == null) {
            LOG.debug("No certificates present in datastore");
            list = Lists.newArrayList();
        }
        return list;
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public CertificateData getById(Long l) {
        return (CertificateData) this.certificateDataDao.get(l);
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public CertificateData saveCertificateData(PrivateKey privateKey, PublicKey publicKey, CertificateData.CertificateType certificateType, String str, int i) throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(6, i);
        Date date = new Date(calendar.getTimeInMillis());
        Date date2 = new Date(calendar2.getTimeInMillis());
        CertificateData certificateData = new CertificateData();
        certificateData.setCertType(certificateType);
        certificateData.setSerializedCertificateChain(Collections.singletonList(serializeKey(publicKey)));
        certificateData.setSerializedKey(serializeKey(privateKey));
        certificateData.setAlias(str);
        certificateData.setDateOfIssue(date);
        certificateData.setDateOfExpiration(date2);
        certificateData.setCommonName(certificateType.name());
        certificateData.setIssuer(certificateType.name());
        certificateData.setKeyType(privateKey.getAlgorithm());
        certificateData.setSerialNumber("UNSUPPORTED_SERIAL_NUMBER");
        certificateData.setThumbprint("UNSUPPORTED_THUMBPRINT");
        return saveCertificateData(certificateData);
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public CertificateData saveCertificateData(CertificateData certificateData, PrivateKey privateKey, PublicKey publicKey, int i) throws Exception {
        Calendar calendar = Calendar.getInstance();
        Calendar calendar2 = Calendar.getInstance();
        calendar2.add(6, i);
        Date date = new Date(calendar.getTimeInMillis());
        Date date2 = new Date(calendar2.getTimeInMillis());
        certificateData.setSerializedCertificateChain(Collections.singletonList(serializeKey(publicKey)));
        certificateData.setSerializedKey(serializeKey(privateKey));
        certificateData.setDateOfIssue(date);
        certificateData.setDateOfExpiration(date2);
        return saveCertificateData(certificateData);
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public CertificateData saveCertificateData(CertificateData certificateData) {
        CertificateData certificateData2 = (CertificateData) this.certificateDataDao.createOrUpdate(certificateData);
        removeCacheKeysUponModification(getCacheKeysToRemove());
        if (certificateData2.getCertType().shouldLog()) {
            this.adminConsoleAuditLogger.forProperty(getAuditNamespace(certificateData2.getCertType()), AUDIT_PROPERTY_KEY).log(AUDIT_UPLOAD_PREVIOUS_VALUE, certificateData2.getCommonName());
        }
        return certificateData2;
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public void delete(Set<Long> set) {
        removeCacheKeysUponModification(getCacheKeysToRemove());
        Iterator<Long> it = set.iterator();
        while (it.hasNext()) {
            CertificateData certificateData = (CertificateData) this.certificateDataDao.get(it.next());
            if (certificateData.getCertType().shouldLog()) {
                this.adminConsoleAuditLogger.forProperty(getAuditNamespace(certificateData.getCertType()), AUDIT_PROPERTY_KEY).log(certificateData.getCommonName(), AUDIT_DELETE_NEW_VALUE);
            }
        }
        this.certificateDataDao.delete(set);
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public CertificateData importPemFile(File file, String str, CertificateData.CertificateType certificateType) {
        return saveCertificateData(this.pemProcessor.buildCertificateData(file, Optional.fromNullable(Strings.emptyToNull(str)), certificateType));
    }

    private String getAuditNamespace(CertificateData.CertificateType certificateType) {
        return String.format(AUDIT_NAMESPACE_FORMAT, certificateType.toString().toLowerCase());
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public PrivateKey getPrivateKey(String str) {
        CertificateData byAlias = getByAlias(str);
        if (byAlias == null) {
            LOG.debug(String.format("Alias does not exist [%s]", str));
            return null;
        }
        this.certificateCache.put(str, Boolean.TRUE);
        return deserializeAndDecrypt(byAlias.getSerializedKey());
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    public PrivateKey deserializeAndDecrypt(byte[] bArr) throws IllegalStateException {
        try {
            return (PrivateKey) Base64.decodeToObject(this.systemCryptographerProvider.get().decrypt(new String(bArr, Charsets.UTF_8)), Charsets.UTF_8.name());
        } catch (Exception e) {
            throw new IllegalStateException("Could not decrypt using " + this.systemCryptographerProvider, e);
        }
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    public List<X509Certificate> deserializeCertificateChain(List<byte[]> list) {
        ArrayList newArrayList = Lists.newArrayList();
        Iterator<byte[]> it = list.iterator();
        while (it.hasNext()) {
            newArrayList.add((X509Certificate) Base64.decodeToObject(new String(it.next(), Charsets.UTF_8), Charsets.UTF_8.name()));
        }
        return newArrayList;
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    public CertificateData getByAlias(String str) {
        return this.certificateDataDao.getByAlias(str);
    }

    @Override // com.appiancorp.security.ssl.CertificateService
    @Transactional
    public X509Certificate[] getCertificateChain(String str, CertificateData.CertificateType certificateType) {
        X509Certificate[] x509CertificateArr = new X509Certificate[0];
        CertificateData byAlias = getByAlias(str);
        if (byAlias != null && byAlias.getCertType().equals(certificateType)) {
            return (X509Certificate[]) deserializeCertificateChain(byAlias.getSerializedCertificateChain()).toArray(x509CertificateArr);
        }
        LOG.debug(String.format("Alias does not exist [%s]", str));
        return x509CertificateArr;
    }

    private void removeCacheKeysUponModification(List<String> list) {
        for (String str : list) {
            LOG.debug("Removing certificate cache key: " + str);
            this.certificateCache.remove(str);
        }
    }

    protected List<String> getCacheKeysToRemove() {
        return Lists.newArrayList();
    }

    private <T extends Serializable> byte[] serializeKey(T t) throws Exception {
        String encodeObject = Base64.encodeObject(t, 2);
        if (t instanceof PrivateKey) {
            return this.systemCryptographerProvider.get().encrypt(encodeObject).getBytes("UTF-8");
        }
        if (t instanceof PublicKey) {
            return encodeObject.getBytes("UTF-8");
        }
        throw new IllegalArgumentException("Unsupported key type: " + t.getClass().getName());
    }
}
