package org.gluu.oxtrust.api.server.api.impl;

import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.responses.ApiResponses;
import java.io.FileInputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import javax.enterprise.context.ApplicationScoped;
import javax.inject.Inject;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Response;
import org.gluu.oxtrust.api.Certificates;
import org.gluu.oxtrust.model.cert.TrustStoreCertificate;
import org.gluu.oxtrust.service.ConfigurationService;
import org.gluu.oxtrust.service.SSLService;
import org.gluu.oxtrust.service.filter.ProtectedApi;
import org.gluu.oxtrust.util.X509CertificateShortInfo;
import org.slf4j.Logger;

@Path("/api/v1/certificates")
@Consumes({"application/json"})
@Produces({"application/json"})
@ApplicationScoped
/* loaded from: input_file:org/gluu/oxtrust/api/server/api/impl/CertificatesWebResource.class */
public class CertificatesWebResource extends BaseWebResource {
    private static final String OPENLDAP_CERTIFICATE_FILE = "/etc/certs/openldap.crt";
    private static final String OPENDJ_CERTIFICATE_FILE = "/etc/certs/opendj.crt";
    private static final String HTTPD_CERTIFICATE_FILE = "/etc/certs/httpd.crt";
    private static final String IDP_SIGNING_CERTIFICATE_FILE = "/etc/certs/idp-signing.crt";
    private static final String IDP_ENCRYPT_CERTIFICATE_FILE = "/etc/certs/idp-encryption.crt";

    @Inject
    private Logger logger;

    @Inject
    private ConfigurationService configurationService;
    private List<X509CertificateShortInfo> trustStoreCertificates;
    private List<X509CertificateShortInfo> internalCertificates;

    @GET
    @Operation(summary = "List certificates", description = "List Gluu Server's certificates. You can get only description of certificates, not keys.")
    @ProtectedApi(scopes = {"oxtrust-api-read"})
    @ApiResponses({@ApiResponse(responseCode = "200", content = {@Content(schema = @Schema(implementation = Certificates[].class))}, description = "Success"), @ApiResponse(responseCode = "500", description = "Server error")})
    public Response listCertificates() {
        log(this.logger, "Processing certificates retrieval request");
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.addAll(trustStoreCertificates());
            arrayList.addAll(internalCertificates());
            return Response.ok(arrayList).build();
        } catch (Exception e) {
            log(this.logger, e);
            return Response.status(Response.Status.INTERNAL_SERVER_ERROR).build();
        }
    }

    private List<X509CertificateShortInfo> trustStoreCertificates() {
        try {
            this.trustStoreCertificates = new ArrayList();
            List<TrustStoreCertificate> trustStoreCertificates = this.configurationService.getConfiguration().getTrustStoreCertificates();
            if (trustStoreCertificates != null) {
                for (TrustStoreCertificate trustStoreCertificate : trustStoreCertificates) {
                    try {
                        for (X509Certificate x509Certificate : SSLService.loadCertificates(trustStoreCertificate.getCertificate().getBytes())) {
                            this.trustStoreCertificates.add(new X509CertificateShortInfo(trustStoreCertificate.getName(), x509Certificate));
                        }
                    } catch (Exception e) {
                        this.logger.error("Certificate load exception", e);
                    }
                }
            }
        } catch (Exception e2) {
            this.logger.error("Load trustStoreCertificates configuration exception", e2);
        }
        return this.trustStoreCertificates;
    }

    private List<X509CertificateShortInfo> internalCertificates() {
        try {
            this.internalCertificates = new ArrayList();
            try {
                for (X509Certificate x509Certificate : SSLService.loadCertificates(new FileInputStream(OPENDJ_CERTIFICATE_FILE))) {
                    this.internalCertificates.add(new X509CertificateShortInfo(OPENDJ_CERTIFICATE_FILE, "OpenDJ SSL", x509Certificate));
                }
            } catch (Exception e) {
                this.logger.warn("OPENDJ certificate load exception");
            }
            try {
                for (X509Certificate x509Certificate2 : SSLService.loadCertificates(new FileInputStream(HTTPD_CERTIFICATE_FILE))) {
                    this.internalCertificates.add(new X509CertificateShortInfo(HTTPD_CERTIFICATE_FILE, "HTTPD SSL", x509Certificate2));
                }
            } catch (Exception e2) {
                this.logger.warn("HTTPD Certificate load exception");
            }
            try {
                for (X509Certificate x509Certificate3 : SSLService.loadCertificates(new FileInputStream(IDP_SIGNING_CERTIFICATE_FILE))) {
                    this.internalCertificates.add(new X509CertificateShortInfo(IDP_SIGNING_CERTIFICATE_FILE, "IDP SIGNING", x509Certificate3));
                }
            } catch (Exception e3) {
                this.logger.warn("IDP SIGNING certificate load exception");
            }
            try {
                for (X509Certificate x509Certificate4 : SSLService.loadCertificates(new FileInputStream(IDP_ENCRYPT_CERTIFICATE_FILE))) {
                    this.internalCertificates.add(new X509CertificateShortInfo(IDP_ENCRYPT_CERTIFICATE_FILE, "IDP ENCRYPTION", x509Certificate4));
                }
            } catch (Exception e4) {
                this.logger.warn("IDP ENCRYPTION certificate load exception");
            }
            try {
                for (X509Certificate x509Certificate5 : SSLService.loadCertificates(new FileInputStream(OPENLDAP_CERTIFICATE_FILE))) {
                    this.internalCertificates.add(new X509CertificateShortInfo(OPENLDAP_CERTIFICATE_FILE, "OpenLDAP ENCRYPTION", x509Certificate5));
                }
            } catch (Exception e5) {
                this.logger.warn("OpenLDAP certificate load exception");
            }
        } catch (Exception e6) {
            this.logger.error("Load internalCertificates configuration exception", e6);
        }
        return this.internalCertificates;
    }
}
