package org.xdi.oxd.licenser.server.service;

import com.google.inject.Inject;
import java.io.File;
import java.net.URL;
import java.util.Collections;
import java.util.List;
import javax.xml.namespace.QName;
import org.apache.commons.lang.StringUtils;
import org.cesecore.util.CryptoProviderTools;
import org.ejbca.core.protocol.ws.client.gen.CertificateResponse;
import org.ejbca.core.protocol.ws.client.gen.EjbcaWS;
import org.ejbca.core.protocol.ws.client.gen.EjbcaWSService;
import org.ejbca.core.protocol.ws.client.gen.UserDataVOWS;
import org.ejbca.core.protocol.ws.client.gen.UserMatch;
import org.gluu.site.ldap.persistence.LdapEntryManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.xdi.oxd.license.client.js.Configuration;
import org.xdi.oxd.license.client.js.LdapLicenseId;
import org.xdi.oxd.licenser.server.ex.EjbcaException;

/* loaded from: input_file:org/xdi/oxd/licenser/server/service/EjbCaService.class */
public class EjbCaService {
    private static final Logger LOG = LoggerFactory.getLogger(LdapStructureChecker.class);
    private static final String TRUST_STORE_NAME = "LicenseServer_TrustStore.jks";
    private static final String KEY_STORE_NAME = "LicenseServer_KeyStore.jks";
    public static final String CANT_FIND_STORES_ERROR = "Failed to find out path keystore and truststore to setup connection to EjbCa. It's expected to have keyStore : <catalina.home>/conf/LicenseServer_KeyStore.jks, and trustStore: <catalina.home>/conf/LicenseServer_TrustStore.jks. Otherwise please set custom path via -Dgluu.ejbca.storePath= java system property (E.g. -Dgluu.ejbca.storePath=/home/yuriyz)";

    @Inject
    LdapEntryManager ldapEntryManager;

    @Inject
    Configuration conf;

    public EjbCaService() {
        if (StringUtils.isBlank(System.getProperty("javax.net.ssl.keyStore"))) {
            fallbackKeyStoreAndTrustStore();
        }
        if (StringUtils.isBlank(System.getProperty("javax.net.ssl.keyStore"))) {
            throw new RuntimeException(CANT_FIND_STORES_ERROR);
        }
        CryptoProviderTools.installBCProvider();
    }

    public EjbcaWSService getService() {
        try {
            String ejbCaWsUrl = this.conf.getEjbCaWsUrl();
            return new EjbcaWSService(new URL(ejbCaWsUrl), new QName("http://ws.protocol.core.ejbca.org/", "EjbcaWSService"));
        } catch (Exception e) {
            LOG.error(e.getMessage(), e);
            throw new RuntimeException(e);
        }
    }

    public EjbcaWS getPort() {
        return getService().getEjbcaWSPort();
    }

    public UserDataVOWS createUser(LdapLicenseId ldapLicenseId) {
        try {
            String licenseId = ldapLicenseId.getLicenseId();
            UserDataVOWS userDataVOWS = new UserDataVOWS();
            userDataVOWS.setCaName("GluuRepoCA");
            userDataVOWS.setCertificateProfileName("EndUser1y");
            userDataVOWS.setClearPwd(false);
            userDataVOWS.setEmail(licenseId + "@gluu.org");
            userDataVOWS.setEndEntityProfileName("Subscription");
            userDataVOWS.setPassword("secret");
            userDataVOWS.setSendNotification(true);
            userDataVOWS.setStatus(10);
            userDataVOWS.setSubjectDN("CN=" + licenseId);
            userDataVOWS.setTokenType("USERGENERATED");
            userDataVOWS.setUsername(licenseId);
            getPort().editUser(userDataVOWS);
            return userDataVOWS;
        } catch (Exception e) {
            handle(e);
            return null;
        }
    }

    public void removeUser(LdapLicenseId ldapLicenseId) {
        try {
            getPort().revokeUser(ldapLicenseId.getLicenseId(), 0, true);
        } catch (Exception e) {
            handle(e);
        }
    }

    private void handle(Exception exc) {
        LOG.error(exc.getMessage(), exc);
        throw new EjbcaException(exc);
    }

    public List<UserDataVOWS> findUser(String str) {
        try {
            UserMatch userMatch = new UserMatch();
            userMatch.setMatchwith(7);
            userMatch.setMatchtype(2);
            userMatch.setMatchvalue(str);
            return getPort().findUser(userMatch);
        } catch (Exception e) {
            handle(e);
            return Collections.emptyList();
        }
    }

    private void fallbackKeyStoreAndTrustStore() {
        System.setProperty("javax.net.ssl.trustStore", getPathToStore() + File.separator + TRUST_STORE_NAME);
        System.setProperty("javax.net.ssl.trustStorePassword", "secret");
        System.setProperty("javax.net.ssl.keyStore", getPathToStore() + File.separator + KEY_STORE_NAME);
        System.setProperty("javax.net.ssl.keyStorePassword", "secret");
    }

    private static String getPathToStore() {
        String str = System.getProperty("catalina.home") + File.separator + "conf" + File.separator;
        if (pathExists(str)) {
            return str;
        }
        String property = System.getProperty("gluu.ejbca.storePath");
        if (pathExists(property)) {
            return property;
        }
        LOG.error(CANT_FIND_STORES_ERROR);
        throw new RuntimeException(CANT_FIND_STORES_ERROR);
    }

    private static boolean pathExists(String str) {
        return new File(str + KEY_STORE_NAME).exists();
    }

    public CertificateResponse signCsr(String str, String str2, String str3, String str4) {
        try {
            return getPort().pkcs10Request(str, str2, str3, "NULL", str4);
        } catch (Exception e) {
            handle(e);
            return null;
        }
    }
}
