package io.micronaut.oraclecloud.certificates.services;

import com.oracle.bmc.certificates.Certificates;
import com.oracle.bmc.certificates.requests.GetCertificateBundleRequest;
import com.oracle.bmc.certificates.responses.GetCertificateBundleResponse;
import io.micronaut.context.annotation.Requirements;
import io.micronaut.context.annotation.Requires;
import io.micronaut.context.event.ApplicationEventPublisher;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.oraclecloud.certificates.OracleCloudCertificationsConfiguration;
import io.micronaut.oraclecloud.certificates.events.CertificateEvent;
import io.micronaut.retry.annotation.Retryable;
import jakarta.inject.Singleton;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import org.bouncycastle.asn1.pkcs.PrivateKeyInfo;
import org.bouncycastle.openssl.PEMException;
import org.bouncycastle.openssl.PEMKeyPair;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
@Requirements({@Requires(classes = {Certificates.class}), @Requires(beans = {Certificates.class}), @Requires(property = "oci.certificates.enabled", value = "true")})
/* loaded from: input_file:io/micronaut/oraclecloud/certificates/services/OracleCloudCertificateService.class */
public class OracleCloudCertificateService {
    private static final Logger LOG = LoggerFactory.getLogger(OracleCloudCertificateService.class);
    private static final String X509_CERT = "X.509";
    private final OracleCloudCertificationsConfiguration oracleCloudCertificationsConfiguration;
    private final Certificates certificates;
    private final ApplicationEventPublisher<CertificateEvent> eventPublisher;

    public OracleCloudCertificateService(OracleCloudCertificationsConfiguration oracleCloudCertificationsConfiguration, Certificates certificates, ApplicationEventPublisher<CertificateEvent> applicationEventPublisher) {
        this.oracleCloudCertificationsConfiguration = oracleCloudCertificationsConfiguration;
        this.certificates = certificates;
        this.eventPublisher = applicationEventPublisher;
    }

    @NonNull
    protected Optional<CertificateEvent> getCertificateEvent() {
        try {
            CertificateFactory certificateFactory = CertificateFactory.getInstance(X509_CERT);
            GetCertificateBundleResponse certificateBundle = this.certificates.getCertificateBundle(GetCertificateBundleRequest.builder().certificateId(this.oracleCloudCertificationsConfiguration.certificateId()).versionNumber(this.oracleCloudCertificationsConfiguration.versionNumber()).certificateVersionName(this.oracleCloudCertificationsConfiguration.certificateVersionName()).certificateBundleType(GetCertificateBundleRequest.CertificateBundleType.CertificateContentWithPrivateKey).build());
            List emptyList = Collections.emptyList();
            if (certificateBundle.getCertificateBundle().getCertChainPem() != null) {
                emptyList = (List) certificateFactory.generateCertificates(new ByteArrayInputStream(certificateBundle.getCertificateBundle().getCertChainPem().getBytes())).stream().map(certificate -> {
                    return (X509Certificate) certificate;
                }).collect(Collectors.toList());
            }
            return Optional.of(new CertificateEvent(getPrivateKey(certificateBundle), (X509Certificate) certificateFactory.generateCertificate(new ByteArrayInputStream(certificateBundle.getCertificateBundle().getCertificatePem().getBytes())), emptyList));
        } catch (CertificateException e) {
            if (LOG.isWarnEnabled()) {
                LOG.warn("Could not create certificate from file", e);
            }
            return Optional.empty();
        }
    }

    private PrivateKey getPrivateKey(GetCertificateBundleResponse getCertificateBundleResponse) {
        try {
            return parsePrivateKey(getCertificateBundleResponse.getCertificateBundle().getPrivateKeyPem());
        } catch (IOException e) {
            return null;
        }
    }

    @Retryable(attempts = "${oci.certificates.refresh.retry.attempts:3}", delay = "${oci.certificates.refresh.retry.delay:1s}")
    public void refreshCertificate() {
        Optional<CertificateEvent> certificateEvent = getCertificateEvent();
        if (certificateEvent.isPresent()) {
            this.eventPublisher.publishEvent(certificateEvent.get());
        } else if (LOG.isErrorEnabled()) {
            LOG.error("Oracle Cloud certificate could not be loaded from service.");
        }
    }

    private PrivateKey parsePrivateKey(String str) throws IOException {
        PrivateKeyInfo privateKeyInfo;
        try {
            PEMParser pEMParser = new PEMParser(new StringReader(str));
            try {
                Object readObject = pEMParser.readObject();
                if (readObject instanceof PEMKeyPair) {
                    privateKeyInfo = ((PEMKeyPair) readObject).getPrivateKeyInfo();
                } else {
                    if (!(readObject instanceof PrivateKeyInfo)) {
                        throw new IllegalStateException("Unexpected value: " + pEMParser.readObject());
                    }
                    privateKeyInfo = (PrivateKeyInfo) readObject;
                }
                PrivateKey privateKey = new JcaPEMKeyConverter().getPrivateKey(privateKeyInfo);
                pEMParser.close();
                return privateKey;
            } finally {
            }
        } catch (PEMException e) {
            throw new IOException("Invalid PEM file", e);
        }
    }
}
