package community.solace.spring.boot.starter.solaceclientconfig;

import com.solacesystems.jcsmp.JCSMPProperties;
import com.solacesystems.jcsmp.JCSMPPropertyMap;
import com.solacesystems.jcsmp.impl.JCSMPPropertiesExtension;
import java.io.IOException;
import java.lang.reflect.Field;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.time.Duration;
import java.time.Instant;
import java.time.ZoneId;
import java.time.temporal.ChronoUnit;
import java.time.temporal.TemporalUnit;
import java.util.HashMap;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.FatalBeanException;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.scheduling.TaskScheduler;
import org.springframework.util.StringUtils;

/* loaded from: input_file:community/solace/spring/boot/starter/solaceclientconfig/JCSMPPropertiesPostProcessor.class */
final class JCSMPPropertiesPostProcessor implements BeanPostProcessor {
    private static final Logger LOG = LoggerFactory.getLogger(JCSMPPropertiesPostProcessor.class);
    private final KeyStoreFactory keyStoreFactory;
    private final TaskScheduler taskScheduler;
    private final SslCertInfoProperties sslCertInfoProperties;

    public JCSMPPropertiesPostProcessor(KeyStoreFactory keyStoreFactory, Optional<TaskScheduler> optional, SslCertInfoProperties sslCertInfoProperties) {
        this.keyStoreFactory = keyStoreFactory;
        this.taskScheduler = optional.orElse(null);
        this.sslCertInfoProperties = sslCertInfoProperties;
    }

    public Object postProcessBeforeInitialization(Object obj, String str) throws BeansException {
        try {
            if (!(obj instanceof JCSMPProperties)) {
                return obj;
            }
            LOG.debug("Postprocessing {} bean", obj.getClass());
            return addAuthenticationProperties((JCSMPProperties) obj);
        } catch (IOException | IllegalAccessException | NoSuchFieldException | GeneralSecurityException e) {
            LOG.error("Could not postprocess bean {}", obj.getClass());
            throw new FatalBeanException("Failed to enhance JCSMPProperties on bean " + str, e);
        }
    }

    private JCSMPProperties addAuthenticationProperties(JCSMPProperties jCSMPProperties) throws GeneralSecurityException, IOException, NoSuchFieldException, IllegalAccessException {
        if (clientCertPropertiesArePresent(jCSMPProperties)) {
            LOG.debug("Adding Solace ClientCert properties to JSCMPProperties");
            KeyStore createClientKeyStore = this.keyStoreFactory.createClientKeyStore(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_PRIVATE_KEY), jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_CLIENT_CERT));
            checkValidToPeriodically(this.keyStoreFactory.getValidTo(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_CLIENT_CERT)));
            jCSMPProperties.setProperty("SSL_IN_MEMORY_KEY_STORE", createClientKeyStore);
            jCSMPProperties.setProperty("SSL_KEY_STORE_PASSWORD", this.keyStoreFactory.getClientKeyStorePassword());
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("No Solace ClientCert properties were added to JCSMPProperties. Missing at least one required property: {}, {}, {}", new Object[]{JCSMPPropertiesExtension.SSL_CLIENT_CERT, JCSMPPropertiesExtension.SSL_PRIVATE_KEY, JCSMPPropertiesExtension.SSL_TRUST_CERT});
        }
        if (trustStorePropertiesArePresent(jCSMPProperties)) {
            LOG.debug("Adding Solace TrustStore properties to JSCMPProperties");
            jCSMPProperties.setProperty("SSL_IN_MEMORY_TRUST_STORE", this.keyStoreFactory.createTrustStore(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_TRUST_CERT)));
        } else if (LOG.isDebugEnabled()) {
            LOG.debug("No Solace TrustStore properties were added to JCSMPProperties. Missing at least one required property: {}, {}, {}", new Object[]{JCSMPPropertiesExtension.SSL_CLIENT_CERT, JCSMPPropertiesExtension.SSL_PRIVATE_KEY, JCSMPPropertiesExtension.SSL_TRUST_CERT});
        }
        if ((jCSMPProperties.getProperty("SSL_KEY_STORE") instanceof String) && !StringUtils.hasText((CharSequence) jCSMPProperties.getProperty("SSL_KEY_STORE"))) {
            jCSMPProperties.setProperty("SSL_KEY_STORE", "");
            jCSMPProperties.setProperty("SSL_KEY_STORE_PASSWORD", "internalPassword");
            unsetProperty(jCSMPProperties, "SSL_PRIVATE_KEY_PASSWORD");
            unsetProperty(jCSMPProperties, "SSL_PRIVATE_KEY_ALIAS");
        }
        if ((jCSMPProperties.getProperty("SSL_TRUST_STORE") instanceof String) && !StringUtils.hasText((CharSequence) jCSMPProperties.getProperty("SSL_TRUST_STORE"))) {
            jCSMPProperties.setProperty("SSL_TRUST_STORE", "");
            unsetProperty(jCSMPProperties, "SSL_TRUST_STORE_PASSWORD");
            unsetTrustStore(jCSMPProperties);
        }
        return jCSMPProperties;
    }

    private void checkValidToPeriodically(Instant instant) {
        if (instant == null || !this.sslCertInfoProperties.isEnabled()) {
            return;
        }
        if (this.taskScheduler == null) {
            LOG.warn("Cant verify certificate expiration because taskScheduler is missing");
            return;
        }
        Instant instant2 = Instant.now().atZone(ZoneId.systemDefault()).withHour(9).withMinute(0).withSecond(0).toInstant();
        if (Instant.now().isAfter(instant2)) {
            instant2 = instant2.plus(1L, (TemporalUnit) ChronoUnit.DAYS);
        }
        this.taskScheduler.scheduleAtFixedRate(() -> {
            long days = Duration.between(Instant.now(), instant).toDays();
            if (days < this.sslCertInfoProperties.getErrorInDays()) {
                LOG.error("Your ssl client auth cert, used to auth at solace broker is going to be expired in " + days + "days");
            } else if (days < this.sslCertInfoProperties.getWarnInDays()) {
                LOG.warn("Your ssl client auth cert, used to auth at solace broker is going to be expired in " + days + "days");
            }
        }, instant2, Duration.ofDays(1L));
    }

    private void unsetProperty(JCSMPProperties jCSMPProperties, String str) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = JCSMPPropertyMap.class.getDeclaredField("_properties");
        declaredField.setAccessible(true);
        ((HashMap) declaredField.get(jCSMPProperties)).remove(str);
    }

    private void unsetTrustStore(JCSMPProperties jCSMPProperties) throws NoSuchFieldException, IllegalAccessException {
        Field declaredField = JCSMPPropertyMap.class.getDeclaredField("_isTrustStoreSet");
        declaredField.setAccessible(true);
        declaredField.set(jCSMPProperties, false);
    }

    private boolean clientCertPropertiesArePresent(JCSMPProperties jCSMPProperties) {
        return "AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE".equals(jCSMPProperties.getStringProperty("AUTHENTICATION_SCHEME")) && StringUtils.hasText(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_PRIVATE_KEY)) && StringUtils.hasText(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_CLIENT_CERT));
    }

    private boolean trustStorePropertiesArePresent(JCSMPProperties jCSMPProperties) {
        return "AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE".equals(jCSMPProperties.getStringProperty("AUTHENTICATION_SCHEME")) && StringUtils.hasText(jCSMPProperties.getStringProperty(JCSMPPropertiesExtension.SSL_TRUST_CERT));
    }
}
