package org.jfrog.access.server.service;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.math.BigInteger;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.util.Base64;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.security.auth.x500.X500Principal;
import javax.security.cert.CertificateEncodingException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.jfrog.access.server.config.AccessConfig;
import org.jfrog.access.server.home.AccessHome;
import org.jfrog.access.server.service.auth.AuthorizationService;
import org.jfrog.access.server.service.backup.Backupable;
import org.jfrog.security.file.PemHelper;
import org.jfrog.security.ssl.CertificateGenerationException;
import org.jfrog.security.ssl.CertificateHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;

@Service
/* loaded from: input_file:WEB-INF/lib/access-server-core-2.0.1.jar:org/jfrog/access/server/service/CertificateServiceImpl.class */
public class CertificateServiceImpl implements CertificateService, Backupable<String> {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CertificateServiceImpl.class);

    @Autowired
    private AccessHome accessHome;

    @Autowired
    private AccessConfig accessConfig;

    @Autowired
    private AuthorizationService authorizationService;
    private PrivateKey privateKey;
    private Certificate rootCertificate;
    private final Object privateKeyLock = new Object();
    private final Object rootCertificateLock = new Object();

    @Override // org.jfrog.access.server.service.CertificateService
    @Nonnull
    public Certificate getRootCertificate() {
        initRootCertificateIfNeeded();
        return this.rootCertificate;
    }

    private void initRootCertificateIfNeeded() {
        if (this.rootCertificate == null) {
            synchronized (this.rootCertificateLock) {
                if (this.rootCertificate == null) {
                    try {
                        this.rootCertificate = PemHelper.readCertificate(this.accessHome.getAccessRootCertFile());
                    } catch (Exception e) {
                        throw new IllegalStateException("Failed to read root certificate.", e);
                    }
                }
            }
        }
    }

    @Override // org.jfrog.access.server.service.CertificateService
    @Nonnull
    public String getCertificateAsPemString(@Nonnull Certificate certificate) {
        StringWriter stringWriter = new StringWriter();
        try {
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            Throwable th = null;
            try {
                try {
                    jcaPEMWriter.writeObject(certificate);
                    jcaPEMWriter.flush();
                    jcaPEMWriter.close();
                    String stringWriter2 = stringWriter.toString();
                    if (jcaPEMWriter != null) {
                        if (0 != 0) {
                            try {
                                jcaPEMWriter.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            jcaPEMWriter.close();
                        }
                    }
                    return stringWriter2;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            throw new IllegalArgumentException("Failed to write certificate in PEM format.", e);
        }
    }

    @Override // org.jfrog.access.server.service.CertificateService
    @Nonnull
    public Certificate createAndSignCertificate(@Nonnull String str, @Nonnull PublicKey publicKey, @Nullable BigInteger bigInteger, @Nullable Long l) throws CertificateGenerationException {
        this.authorizationService.assertAdmin();
        try {
            return CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(CertificateHelper.generateSignedCertificate(new X500Principal("CN=" + this.accessConfig.getAccessServerId().getFormattedName()), getPrivateKey(), new X500Principal("CN=" + str), publicKey, bigInteger == null ? BigInteger.ONE : bigInteger, Long.valueOf(l == null ? Long.MAX_VALUE : l.longValue()).longValue()).getEncoded()));
        } catch (CertificateException | CertificateEncodingException e) {
            throw new RuntimeException("Failed to convert X509 certificate.", e);
        }
    }

    @Override // org.jfrog.access.server.service.CertificateService
    @Nonnull
    public PrivateKey getPrivateKey() {
        initPrivateKeyIfNeeded();
        return this.privateKey;
    }

    private void initPrivateKeyIfNeeded() {
        if (this.privateKey == null) {
            synchronized (this.privateKeyLock) {
                if (this.privateKey == null) {
                    try {
                        this.privateKey = PemHelper.readPrivateKey(this.accessHome.getAccessPrivateKeyFile());
                    } catch (IOException e) {
                        throw new IllegalStateException("Failed to read private key file.", e);
                    }
                }
            }
        }
    }

    @Override // org.jfrog.access.server.service.backup.Backupable
    public String backupKey() {
        return "encryption";
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.jfrog.access.server.service.backup.Backupable
    public String exportContent() {
        try {
            return Base64.getEncoder().encodeToString((FileUtils.readFileToString(this.accessHome.getAccessPrivateKeyFile()) + "$access$" + FileUtils.readFileToString(this.accessHome.getAccessRootCertFile())).getBytes());
        } catch (IOException e) {
            throw new RuntimeException("Failed to export private key and certificate files");
        }
    }

    @Override // org.jfrog.access.server.service.backup.Backupable
    public void importContent(String str) {
        try {
            String str2 = new String(Base64.getDecoder().decode(str));
            String substringBefore = StringUtils.substringBefore(str2, "$access$");
            String substringAfter = StringUtils.substringAfter(str2, "$access$");
            PemHelper.savePrivateKey(this.accessHome.getAccessPrivateKeyFile(), PemHelper.readPrivateKey(substringBefore));
            PemHelper.saveCertificate(this.accessHome.getAccessRootCertFile(), PemHelper.readCertificate(substringAfter));
            this.privateKey = null;
            this.rootCertificate = null;
        } catch (IOException e) {
            throw new RuntimeException("Error while importing private key and root crt", e);
        }
    }

    @Override // org.jfrog.access.server.service.backup.Backupable
    public TypeReference type() {
        return new TypeReference<String>() { // from class: org.jfrog.access.server.service.CertificateServiceImpl.1
        };
    }
}
