package ai.aitia.arrowhead.application.library.config;

import ai.aitia.arrowhead.application.library.ArrowheadService;
import eu.arrowhead.common.SSLProperties;
import eu.arrowhead.common.Utilities;
import eu.arrowhead.common.core.CoreSystem;
import eu.arrowhead.common.exception.AuthException;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.Map;
import javax.annotation.PreDestroy;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.context.event.EventListener;
import org.springframework.core.annotation.Order;
import org.springframework.util.Assert;

/* loaded from: input_file:ai/aitia/arrowhead/application/library/config/ApplicationInitListener.class */
public abstract class ApplicationInitListener {

    @Autowired
    private ArrowheadService arrowheadService;

    @Autowired
    protected SSLProperties sslProperties;
    protected final Logger logger = LogManager.getLogger(ApplicationInitListener.class);

    @EventListener
    @Order(10)
    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, InterruptedException {
        this.logger.info("Security mode: {}", getModeString());
        if (this.sslProperties.isSslEnabled()) {
            KeyStore initializeKeyStore = initializeKeyStore();
            checkServerCertificate(initializeKeyStore, contextRefreshedEvent.getApplicationContext());
            obtainKeys(initializeKeyStore, contextRefreshedEvent.getApplicationContext());
        }
        customInit(contextRefreshedEvent);
    }

    @PreDestroy
    public void destroy() throws InterruptedException {
        customDestroy();
    }

    protected void customInit(ContextRefreshedEvent contextRefreshedEvent) {
    }

    protected void customDestroy() {
    }

    protected String getModeString() {
        return this.sslProperties.isSslEnabled() ? "SECURED" : "NOT SECURED";
    }

    protected void checkCoreSystemReachability(CoreSystem coreSystem) {
        if (this.arrowheadService.echoCoreSystem(coreSystem)) {
            this.logger.info("'{}' core system is reachable.", coreSystem.name());
        } else {
            this.logger.info("'{}' core system is NOT reachable.", coreSystem.name());
        }
    }

    private KeyStore initializeKeyStore() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        this.logger.debug("initializeKeyStore started...");
        Assert.isTrue(this.sslProperties.isSslEnabled(), "SSL is not enabled.");
        Assert.isTrue(!Utilities.isEmpty(this.sslProperties.getKeyStoreType()), "server.ssl.key-store-type is not defined.");
        Assert.notNull(this.sslProperties.getKeyStore(), "server.ssl.key-store is not defined.");
        Assert.isTrue(this.sslProperties.getKeyStore().exists(), "server.ssl.key-store file is not found.");
        Assert.notNull(this.sslProperties.getKeyStorePassword(), "server.ssl.key-store-password is not defined.");
        KeyStore keyStore = KeyStore.getInstance(this.sslProperties.getKeyStoreType());
        keyStore.load(this.sslProperties.getKeyStore().getInputStream(), this.sslProperties.getKeyStorePassword().toCharArray());
        return keyStore;
    }

    private void checkServerCertificate(KeyStore keyStore, ApplicationContext applicationContext) {
        this.logger.debug("checkServerCertificate started...");
        String certCNFromSubject = Utilities.getCertCNFromSubject(Utilities.getSystemCertFromKeyStore(keyStore).getSubjectDN().getName());
        if (!Utilities.isKeyStoreCNArrowheadValid(certCNFromSubject)) {
            this.logger.info("Application system CN ({}) is not compliant with the Arrowhead certificate structure, since it does not have 5 parts, or does not end with \"arrowhead.eu\".", certCNFromSubject);
            throw new AuthException("Server CN (" + certCNFromSubject + ") is not compliant with the Arrowhead certificate structure, since it does not have 5 parts, or does not end with \"arrowhead.eu\".");
        }
        this.logger.info("Application system CN: {}", certCNFromSubject);
        ((Map) applicationContext.getBean("arrowheadContext", Map.class)).put("server.common.name", certCNFromSubject);
    }

    private void obtainKeys(KeyStore keyStore, ApplicationContext applicationContext) {
        this.logger.debug("obtainKeys started...");
        Map map = (Map) applicationContext.getBean("arrowheadContext", Map.class);
        map.put("server.public.key", Utilities.getSystemCertFromKeyStore(keyStore).getPublicKey());
        map.put("server.private.key", Utilities.getPrivateKey(keyStore, this.sslProperties.getKeyPassword()));
    }
}
