package com.appiancorp.publicportal.service;

import com.appiancorp.security.ssl.CertificateData;
import com.appiancorp.security.ssl.CertificateService;
import com.appiancorp.sharepoint.webpart.Base64;
import com.google.common.base.Charsets;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.Collections;
import java.util.Date;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;

/* loaded from: input_file:com/appiancorp/publicportal/service/PortalCredentialsStore.class */
public class PortalCredentialsStore {
    private static final Logger LOG = LoggerFactory.getLogger(PortalCredentialsStore.class);
    public static final String LEGACY_CERTIFICATE_ALIAS = "portal-administration-service";
    public static final String BASE_CERTIFICATE_ALIAS = "portal-administration-service-";
    public static final int CERTIFICATE_EXPIRY_DAYS = 30;
    private final CertificateService certificateService;

    public PortalCredentialsStore(CertificateService certificateService) {
        this.certificateService = certificateService;
    }

    @Transactional(rollbackFor = {Exception.class})
    public CertificateData getCertificateData(String str) throws Exception {
        CertificateData byAlias = this.certificateService.getByAlias(BASE_CERTIFICATE_ALIAS + str);
        if (byAlias == null) {
            byAlias = migrateLegacyKey(str);
        }
        return byAlias;
    }

    public boolean isNullOrExpired(CertificateData certificateData) {
        return certificateData == null || certificateData.getDateOfExpiration().before(new Date(System.currentTimeMillis()));
    }

    public PrivateKey getPrivateKey(CertificateData certificateData) {
        if (certificateData == null) {
            return null;
        }
        return this.certificateService.deserializeAndDecrypt(certificateData.getSerializedKey());
    }

    private CertificateData migrateLegacyKey(String str) throws Exception {
        CertificateData byAlias = this.certificateService.getByAlias(LEGACY_CERTIFICATE_ALIAS);
        if (byAlias == null) {
            return null;
        }
        CertificateData storeKeyPair = storeKeyPair(new PortalAuthKeyPair(getPrivateKey(byAlias), getPublicKey(byAlias)), str);
        this.certificateService.delete(Collections.singleton(byAlias.getId()));
        return storeKeyPair;
    }

    private PublicKey getPublicKey(CertificateData certificateData) {
        return (PublicKey) Base64.decodeToObject(new String((byte[]) certificateData.getSerializedCertificateChain().get(0), Charsets.UTF_8), Charsets.UTF_8.name());
    }

    public CertificateData storeKeyPair(PortalAuthKeyPair portalAuthKeyPair, String str) throws Exception {
        return this.certificateService.saveCertificateData(portalAuthKeyPair.getPrivateKey(), portalAuthKeyPair.getPublicKey(), CertificateData.CertificateType.PORTAL_AUTH_PAIR, BASE_CERTIFICATE_ALIAS + str, 30);
    }

    public CertificateData updateKeyPair(CertificateData certificateData, PortalAuthKeyPair portalAuthKeyPair) throws Exception {
        return this.certificateService.saveCertificateData(certificateData, portalAuthKeyPair.getPrivateKey(), portalAuthKeyPair.getPublicKey(), 30);
    }

    public PortalAuthKeyPair generateKeyPair() {
        try {
            return new PortalAuthKeyPair();
        } catch (NoSuchAlgorithmException e) {
            return null;
        }
    }
}
