package io.mosip.kernel.keymanagerservice.helper;

import io.mosip.kernel.core.keymanager.spi.KeyStore;
import io.mosip.kernel.core.logger.spi.Logger;
import io.mosip.kernel.cryptomanager.util.CryptomanagerUtils;
import io.mosip.kernel.keymanagerservice.constant.KeymanagerConstant;
import io.mosip.kernel.keymanagerservice.constant.KeymanagerErrorConstant;
import io.mosip.kernel.keymanagerservice.entity.KeyAlias;
import io.mosip.kernel.keymanagerservice.entity.KeyPolicy;
import io.mosip.kernel.keymanagerservice.exception.InvalidApplicationIdException;
import io.mosip.kernel.keymanagerservice.exception.KeymanagerServiceException;
import io.mosip.kernel.keymanagerservice.logger.KeymanagerLogger;
import io.mosip.kernel.keymanagerservice.repository.KeyAliasRepository;
import io.mosip.kernel.keymanagerservice.repository.KeyPolicyRepository;
import io.mosip.kernel.keymanagerservice.repository.KeyStoreRepository;
import io.mosip.kernel.keymanagerservice.util.KeymanagerUtil;
import java.security.cert.X509Certificate;
import java.time.LocalDateTime;
import java.time.chrono.ChronoLocalDateTime;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.PostConstruct;
import org.cache2k.Cache;
import org.cache2k.Cache2kBuilder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/mosip/kernel/keymanagerservice/helper/KeymanagerDBHelper.class */
public class KeymanagerDBHelper {
    private static final Logger LOGGER = KeymanagerLogger.getLogger(KeymanagerDBHelper.class);

    @Value("${mosip.sign-certificate-refid:SIGN}")
    private String signRefId;

    @Value("${mosip.kernel.keymanager.unique.identifier.autoupdate:true}")
    private boolean autoUpdate;

    @Autowired
    KeyAliasRepository keyAliasRepository;

    @Autowired
    KeyPolicyRepository keyPolicyRepository;

    @Autowired
    KeyStoreRepository keyStoreRepository;

    @Autowired
    KeymanagerUtil keymanagerUtil;

    @Autowired
    KeyStore keyStore;

    @Autowired
    CryptomanagerUtils cryptomanagerUtil;
    private Cache<String, Optional<KeyPolicy>> keyPolicyCache = null;

    @PostConstruct
    public void init() {
        if (this.autoUpdate) {
            LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Updating the thumbprint & key unique identifer completed.");
            createCacheObject();
            addCertificateThumbprints();
            addKeyUniqueIdentifier();
        }
    }

    /* JADX WARN: Type inference failed for: r1v0, types: [io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper$1] */
    private void createCacheObject() {
        this.keyPolicyCache = new Cache2kBuilder<String, Optional<KeyPolicy>>() { // from class: io.mosip.kernel.keymanagerservice.helper.KeymanagerDBHelper.1
        }.name("keyPolicyCache-" + hashCode()).eternal(true).entryCapacity(20L).loaderThreadCount(1).loader(str -> {
            LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Fetching Key Policy for keyPolicyName(Cache): " + str);
            return this.keyPolicyRepository.findByApplicationId(str);
        }).build();
    }

    public void storeKeyInAlias(String str, LocalDateTime localDateTime, String str2, String str3, LocalDateTime localDateTime2, String str4, String str5) {
        LOGGER.info(KeymanagerConstant.SESSIONID, "", "", KeymanagerConstant.STOREKEYALIAS);
        KeyAlias keyAlias = new KeyAlias();
        keyAlias.setAlias(str3);
        keyAlias.setApplicationId(str);
        keyAlias.setReferenceId(str2);
        keyAlias.setKeyGenerationTime(localDateTime);
        keyAlias.setKeyExpiryTime(localDateTime2);
        keyAlias.setCertThumbprint(str4);
        keyAlias.setUniqueIdentifier(str5);
        this.keyAliasRepository.saveAndFlush((KeyAlias) this.keymanagerUtil.setMetaData(keyAlias));
    }

    public void storeKeyInDBStore(String str, String str2, String str3, String str4) {
        io.mosip.kernel.keymanagerservice.entity.KeyStore keyStore = new io.mosip.kernel.keymanagerservice.entity.KeyStore();
        LOGGER.info(KeymanagerConstant.SESSIONID, "", "", KeymanagerConstant.STOREDBKEY);
        keyStore.setAlias(str);
        keyStore.setMasterAlias(str2);
        keyStore.setCertificateData(str3);
        keyStore.setPrivateKey(str4);
        this.keyStoreRepository.saveAndFlush((io.mosip.kernel.keymanagerservice.entity.KeyStore) this.keymanagerUtil.setMetaData(keyStore));
    }

    public Map<String, List<KeyAlias>> getKeyAliases(String str, String str2, LocalDateTime localDateTime) {
        LOGGER.info(KeymanagerConstant.SESSIONID, "", "", KeymanagerConstant.GETALIAS);
        HashMap hashMap = new HashMap();
        List list = (List) this.keyAliasRepository.findByApplicationIdAndReferenceId(str, str2).stream().sorted((keyAlias, keyAlias2) -> {
            return keyAlias.getKeyGenerationTime().compareTo((ChronoLocalDateTime<?>) keyAlias2.getKeyGenerationTime());
        }).collect(Collectors.toList());
        int preExpireDays = getPreExpireDays(str, str2);
        LOGGER.info(KeymanagerConstant.SESSIONID, str, str2, "PreExpireDays found as key policy:" + preExpireDays);
        List list2 = (List) list.stream().filter(keyAlias3 -> {
            return this.keymanagerUtil.isValidTimestamp(localDateTime, keyAlias3, preExpireDays);
        }).collect(Collectors.toList());
        LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.KEYALIAS, Arrays.toString(list.toArray()), KeymanagerConstant.KEYALIAS);
        LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.CURRENTKEYALIAS, Arrays.toString(list2.toArray()), KeymanagerConstant.CURRENTKEYALIAS);
        hashMap.put(KeymanagerConstant.KEYALIAS, list);
        hashMap.put(KeymanagerConstant.CURRENTKEYALIAS, list2);
        return hashMap;
    }

    public LocalDateTime getExpiryPolicy(String str, LocalDateTime localDateTime, List<KeyAlias> list) {
        LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.APPLICATIONID, str, KeymanagerConstant.GETEXPIRYPOLICY);
        Optional<KeyPolicy> keyPolicyFromCache = getKeyPolicyFromCache(str);
        if (keyPolicyFromCache.isPresent()) {
            return localDateTime.plusDays(keyPolicyFromCache.get().getValidityInDays());
        }
        LOGGER.info(KeymanagerConstant.SESSIONID, KeymanagerConstant.KEYPOLICY, keyPolicyFromCache.toString(), "Key Policy not found for this application Id. Throwing exception");
        throw new InvalidApplicationIdException(KeymanagerErrorConstant.APPLICATIONID_NOT_VALID.getErrorCode(), KeymanagerErrorConstant.APPLICATIONID_NOT_VALID.getErrorMessage());
    }

    public Optional<io.mosip.kernel.keymanagerservice.entity.KeyStore> getKeyStoreFromDB(String str) {
        return this.keyStoreRepository.findByAlias(str);
    }

    public Optional<KeyPolicy> getKeyPolicy(String str) {
        Optional<KeyPolicy> keyPolicyFromCache = getKeyPolicyFromCache(str);
        if (keyPolicyFromCache.isPresent() && keyPolicyFromCache.get().isActive()) {
            return keyPolicyFromCache;
        }
        LOGGER.error(KeymanagerConstant.SESSIONID, KeymanagerConstant.KEYPOLICY, keyPolicyFromCache.toString(), "Key Policy not found for this application Id. Key/CSR generation not allowed.");
        throw new InvalidApplicationIdException(KeymanagerErrorConstant.APPLICATIONID_NOT_VALID.getErrorCode(), KeymanagerErrorConstant.APPLICATIONID_NOT_VALID.getErrorMessage());
    }

    public Optional<KeyPolicy> getKeyPolicyFromCache(String str) {
        if (Objects.isNull(this.keyPolicyCache)) {
            createCacheObject();
        }
        return (Optional) this.keyPolicyCache.get(str);
    }

    public io.mosip.kernel.keymanagerservice.entity.KeyStore getKeyAlias(String str, String str2, String str3, String str4) {
        List<KeyAlias> findByCertThumbprint = this.keyAliasRepository.findByCertThumbprint(str);
        if (findByCertThumbprint.isEmpty()) {
            LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "key alias not found for the provided thumbprint, may be cert thumbprint is not updated. Adding thumbprint(s) now.");
            addCertificateThumbprints();
            findByCertThumbprint = this.keyAliasRepository.findByCertThumbprint(str);
        }
        if (findByCertThumbprint.isEmpty()) {
            LOGGER.error(KeymanagerConstant.SESSIONID, "", "", "no key alias found for the provided thumbprint after updating the thumbprints in DB.");
            throw new KeymanagerServiceException(KeymanagerErrorConstant.KEY_NOT_FOUND_BY_THUMBPRINT.getErrorCode(), KeymanagerErrorConstant.KEY_NOT_FOUND_BY_THUMBPRINT.getErrorMessage());
        }
        KeyAlias keyAlias = findByCertThumbprint.get(0);
        if (findByCertThumbprint.size() > 1) {
            List<KeyAlias> findByApplicationIdAndReferenceIdAndCertThumbprint = this.keyAliasRepository.findByApplicationIdAndReferenceIdAndCertThumbprint(str3, str4, str);
            if (findByApplicationIdAndReferenceIdAndCertThumbprint.size() > 1) {
                LOGGER.error(KeymanagerConstant.SESSIONID, "", "", "More than one key alias found for the provided thumbprint.");
                throw new KeymanagerServiceException(KeymanagerErrorConstant.MORE_THAN_ONE_KEY_FOUND.getErrorCode(), KeymanagerErrorConstant.MORE_THAN_ONE_KEY_FOUND.getErrorMessage());
            }
            keyAlias = findByApplicationIdAndReferenceIdAndCertThumbprint.get(0);
        }
        String str5 = keyAlias.getApplicationId() + "-" + keyAlias.getReferenceId();
        String applicationId = keyAlias.getApplicationId();
        if (!str5.equals(str2) && !applicationId.equals(str3)) {
            LOGGER.error(KeymanagerConstant.SESSIONID, "", "", "AppId & Reference Id not matching with the input thumbprint value(helper).");
            throw new KeymanagerServiceException(KeymanagerErrorConstant.APP_ID_REFERENCE_ID_NOT_MATCHING.getErrorCode(), KeymanagerErrorConstant.APP_ID_REFERENCE_ID_NOT_MATCHING.getErrorMessage());
        }
        Optional<io.mosip.kernel.keymanagerservice.entity.KeyStore> keyStoreFromDB = getKeyStoreFromDB(keyAlias.getAlias());
        if (!keyStoreFromDB.isPresent()) {
            LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Key not found in key store for the matched thumbprint. Might has used master key during encryption.");
            return new io.mosip.kernel.keymanagerservice.entity.KeyStore(keyAlias.getAlias(), null, null, null);
        }
        if (Objects.isNull(keyAlias.getUniqueIdentifier())) {
            LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Key Unique identifier not found for the provided key, may be unique identifier is not updated. Adding Unique Identifier(s) now.");
            addKeyUniqueIdentifier();
        }
        return keyStoreFromDB.get();
    }

    private synchronized void addCertificateThumbprints() {
        this.keyAliasRepository.findByCertThumbprintIsNull().stream().filter(keyAlias -> {
            return ((!Objects.isNull(keyAlias.getCertThumbprint()) && !keyAlias.getCertThumbprint().equals("")) || keyAlias.getApplicationId().equals(KeymanagerConstant.KERNEL_APP_ID) || keyAlias.getReferenceId().equals(KeymanagerConstant.KERNEL_IDENTIFY_CACHE)) ? false : true;
        }).forEach(keyAlias2 -> {
            try {
                if (keyAlias2.getReferenceId().isEmpty() || (keyAlias2.getApplicationId().equals(KeymanagerConstant.KERNEL_APP_ID) && keyAlias2.getReferenceId().equals(this.signRefId))) {
                    storeKeyInAlias(keyAlias2.getApplicationId(), keyAlias2.getKeyGenerationTime(), keyAlias2.getReferenceId(), keyAlias2.getAlias(), keyAlias2.getKeyExpiryTime(), this.cryptomanagerUtil.getCertificateThumbprintInHex((X509Certificate) this.keyStore.getCertificate(keyAlias2.getAlias())), this.keymanagerUtil.getUniqueIdentifier(keyAlias2.getApplicationId() + "_" + keyAlias2.getReferenceId() + "_" + keyAlias2.getKeyGenerationTime().format(KeymanagerConstant.DATE_FORMATTER)));
                }
                if (!keyAlias2.getReferenceId().isEmpty()) {
                    Optional<io.mosip.kernel.keymanagerservice.entity.KeyStore> keyStoreFromDB = getKeyStoreFromDB(keyAlias2.getAlias());
                    if (keyStoreFromDB.isPresent()) {
                        String certificateThumbprintInHex = this.cryptomanagerUtil.getCertificateThumbprintInHex((X509Certificate) this.keymanagerUtil.convertToCertificate(keyStoreFromDB.get().getCertificateData()));
                        storeKeyInAlias(keyAlias2.getApplicationId(), keyAlias2.getKeyGenerationTime(), keyAlias2.getReferenceId(), keyAlias2.getAlias(), keyAlias2.getKeyExpiryTime(), certificateThumbprintInHex, this.keymanagerUtil.getUniqueIdentifier((keyAlias2.getApplicationId() + "_" + keyAlias2.getReferenceId() + "_") + (getKeyPolicyFromCache(keyAlias2.getApplicationId()).isPresent() ? keyAlias2.getKeyGenerationTime().format(KeymanagerConstant.DATE_FORMATTER) : certificateThumbprintInHex)));
                    }
                }
                LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Thumbprint added for the key alias: " + keyAlias2.getAlias());
            } catch (Throwable th) {
                LOGGER.debug(KeymanagerConstant.SESSIONID, "", "", "Error Adding Thumbprint for the key alias: " + keyAlias2.getAlias());
            }
        });
    }

    private synchronized void addKeyUniqueIdentifier() {
        this.keyAliasRepository.findByUniqueIdentifierIsNull().stream().filter(keyAlias -> {
            return ((!Objects.isNull(keyAlias.getUniqueIdentifier()) && !keyAlias.getUniqueIdentifier().equals("")) || keyAlias.getApplicationId().equals(KeymanagerConstant.KERNEL_APP_ID) || keyAlias.getReferenceId().equals(KeymanagerConstant.KERNEL_IDENTIFY_CACHE)) ? false : true;
        }).forEach(keyAlias2 -> {
            try {
                if (keyAlias2.getReferenceId().isEmpty() || (keyAlias2.getApplicationId().equals(KeymanagerConstant.KERNEL_APP_ID) && keyAlias2.getReferenceId().equals(this.signRefId))) {
                    storeKeyInAlias(keyAlias2.getApplicationId(), keyAlias2.getKeyGenerationTime(), keyAlias2.getReferenceId(), keyAlias2.getAlias(), keyAlias2.getKeyExpiryTime(), keyAlias2.getCertThumbprint(), this.keymanagerUtil.getUniqueIdentifier(keyAlias2.getApplicationId() + "_" + keyAlias2.getReferenceId() + "_" + keyAlias2.getKeyGenerationTime().format(KeymanagerConstant.DATE_FORMATTER)));
                }
                if (!keyAlias2.getReferenceId().isEmpty() && getKeyStoreFromDB(keyAlias2.getAlias()).isPresent()) {
                    storeKeyInAlias(keyAlias2.getApplicationId(), keyAlias2.getKeyGenerationTime(), keyAlias2.getReferenceId(), keyAlias2.getAlias(), keyAlias2.getKeyExpiryTime(), keyAlias2.getCertThumbprint(), this.keymanagerUtil.getUniqueIdentifier((keyAlias2.getApplicationId() + "_" + keyAlias2.getReferenceId() + "_") + (getKeyPolicyFromCache(keyAlias2.getApplicationId()).isPresent() ? keyAlias2.getKeyGenerationTime().format(KeymanagerConstant.DATE_FORMATTER) : keyAlias2.getCertThumbprint())));
                }
                LOGGER.info(KeymanagerConstant.SESSIONID, "", "", "Unique Identifier added for the key alias: " + keyAlias2.getAlias());
            } catch (Throwable th) {
                LOGGER.debug(KeymanagerConstant.SESSIONID, "", "", "Error Adding Unique Identifier for the key alias: " + keyAlias2.getAlias());
            }
        });
    }

    private int getPreExpireDays(String str, String str2) {
        Optional<KeyPolicy> keyPolicyFromCache = getKeyPolicyFromCache(str);
        if (!keyPolicyFromCache.isPresent()) {
            return 0;
        }
        if (str2.isEmpty() || (str.equals(KeymanagerConstant.KERNEL_APP_ID) && (str2.equals(this.signRefId) || str2.equals(KeymanagerConstant.KERNEL_IDENTIFY_CACHE)))) {
            return keyPolicyFromCache.get().getPreExpireDays();
        }
        Optional<KeyPolicy> keyPolicyFromCache2 = getKeyPolicyFromCache(KeymanagerConstant.BASE_KEY_POLICY_CONST);
        if (keyPolicyFromCache2.isPresent()) {
            return keyPolicyFromCache2.get().getPreExpireDays();
        }
        return 30;
    }
}
