package won.cryptography.service;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.ssl.TrustStrategy;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.transaction.annotation.Isolation;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import won.cryptography.ssl.AliasFromFingerprintGenerator;
import won.cryptography.ssl.AliasGenerator;
import won.protocol.exception.WonProtocolException;
import won.protocol.service.ApplicationManagementService;

/* loaded from: input_file:won/cryptography/service/RegistrationServerCertificateBased.class */
public class RegistrationServerCertificateBased implements RegistrationServer {

    @Autowired
    private ApplicationManagementService ownerManagementService;
    private TrustStrategy trustStrategy;
    final Logger logger = LoggerFactory.getLogger(getClass());
    private AliasGenerator aliasGenerator = new AliasFromFingerprintGenerator();

    public RegistrationServerCertificateBased(TrustStrategy trustStrategy) {
        this.trustStrategy = trustStrategy;
    }

    @Override // won.cryptography.service.RegistrationServer
    @Transactional(propagation = Propagation.REQUIRES_NEW, isolation = Isolation.READ_COMMITTED)
    public String registerOwner(Object obj) throws WonProtocolException {
        X509Certificate[] x509CertificateArr = {(X509Certificate) obj};
        checkTrusted(x509CertificateArr);
        try {
            String generateAlias = this.aliasGenerator.generateAlias(x509CertificateArr[0]);
            this.logger.info("Public key hash to be used as ownerApplicationId: {}", generateAlias);
            return this.ownerManagementService.registerOwnerApplication(generateAlias);
        } catch (Exception e) {
            this.logger.warn("could not register owner", e);
            throw new WonProtocolException(e);
        }
    }

    @Override // won.cryptography.service.RegistrationServer
    public String registerNode(Object obj) throws WonProtocolException {
        checkTrusted(new X509Certificate[]{(X509Certificate) obj});
        return null;
    }

    private void checkTrusted(X509Certificate[] x509CertificateArr) throws WonProtocolException {
        try {
            if (this.trustStrategy.isTrusted(x509CertificateArr, "CLIENT_CERT")) {
            } else {
                throw new WonProtocolException("Client cannot be trusted!");
            }
        } catch (CertificateException e) {
            throw new WonProtocolException(e);
        }
    }
}
