package be.fgov.ehealth.technicalconnector.bootstrap.tsl;

import be.ehealth.technicalconnector.config.ConfigFactory;
import be.ehealth.technicalconnector.config.ConfigValidator;
import be.ehealth.technicalconnector.exception.TechnicalConnectorException;
import be.ehealth.technicalconnector.utils.ConnectorIOUtils;
import be.ehealth.technicalconnector.utils.DateUtils;
import be.fgov.ehealth.technicalconnector.bootstrap.tsl.parser.TrustServiceStatusListParser;
import be.fgov.ehealth.technicalconnector.bootstrap.tsl.signature.TrustServiceStatusListSignatureVerifier;
import be.fgov.ehealth.technicalconnector.bootstrap.utils.BootStrapUtils;
import java.io.File;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.util.Properties;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.exception.ExceptionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:be/fgov/ehealth/technicalconnector/bootstrap/tsl/TrustStoreUpdater.class */
public final class TrustStoreUpdater {
    private static final String PROP_CA_STOREPWD = "CAKEYSTORE_PASSWORD";
    private static final String PROP_CA_STORELOCATION = "CAKEYSTORE_LOCATION";
    private static final String CA_QC = "http://uri.etsi.org/TrstSvc/Svctype/CA/QC";
    private static final String CA_PKC = "http://uri.etsi.org/TrstSvc/Svctype/CA/PKC";
    private static final String TSA = "http://uri.etsi.org/TrstSvc/Svctype/TSA";
    private static final String TSL = "http://uri.etsi.org/TrstSvd/Svctype/TLIssuer";
    private static final String NEXT_UPDATE_SUFFIX = "-nextUpdate";
    private static final Logger LOG = LoggerFactory.getLogger(TrustStoreUpdater.class);
    private static Properties shaCache = new Properties();
    private static String shaCacheLocation;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:be/fgov/ehealth/technicalconnector/bootstrap/tsl/TrustStoreUpdater$TrustedServiceType.class */
    public enum TrustedServiceType {
        APPLICATION("tsl-ehpbe-application", "endpoint.tsl.appl"),
        PERSON("tsl-ehpbe-person", "endpoint.tsl.person"),
        TRANSPORT("tsl-ehpbe-transport", "endpoint.tsl.transport");

        private String path;
        private String propKey;

        TrustedServiceType(String str, String str2) {
            this.path = str;
            this.propKey = str2;
        }

        public String getPath() {
            return this.path;
        }

        public String getKey() {
            return this.propKey;
        }
    }

    private TrustStoreUpdater() {
        throw new UnsupportedOperationException();
    }

    public static void launch() throws TechnicalConnectorException {
        init();
        BootStrapUtils.merge(location(TrustServiceStatusListSignatureVerifier.PROP_TSL_STORELOCATION), pwd(TrustServiceStatusListSignatureVerifier.PROP_TSL_STOREPWD), location(PROP_CA_STORELOCATION), pwd(PROP_CA_STOREPWD));
        update("ssl", determineEndpoint(TrustedServiceType.TRANSPORT), location("truststore_location"), pwd("truststore_password"), CA_PKC, CA_QC);
        store();
        update("ca", determineEndpoint(TrustedServiceType.PERSON), location(PROP_CA_STORELOCATION), pwd(PROP_CA_STOREPWD), CA_PKC, CA_QC);
        store();
        update("tsl", determineEndpoint(TrustedServiceType.APPLICATION), location(TrustServiceStatusListSignatureVerifier.PROP_TSL_STORELOCATION), pwd(TrustServiceStatusListSignatureVerifier.PROP_TSL_STOREPWD), CA_PKC, CA_QC, TSL);
        store();
        update("tsa", determineEndpoint(TrustedServiceType.APPLICATION), location("timestamp.signature.keystore.path"), pwd("timestamp.signature.keystore.pwd"), CA_PKC, CA_QC, TSA);
        store();
        BootStrapUtils.merge(location(TrustServiceStatusListSignatureVerifier.PROP_TSL_STORELOCATION), pwd(TrustServiceStatusListSignatureVerifier.PROP_TSL_STOREPWD), location(PROP_CA_STORELOCATION), pwd(PROP_CA_STOREPWD));
        ConfigValidator configValidator = ConfigFactory.getConfigValidator();
        configValidator.invalidate();
        configValidator.reload();
    }

    private static String determineEndpoint(TrustedServiceType trustedServiceType) {
        String property = ConfigFactory.getConfigValidator().getProperty("environment", "prd");
        String property2 = ConfigFactory.getConfigValidator().getProperty(trustedServiceType.getKey());
        if (StringUtils.isNotBlank(property2)) {
            return property2;
        }
        if ("prd".equals(property)) {
            return "https://tsl.ehealth.fgov.be/" + trustedServiceType.getPath();
        }
        if ("acc".equals(property)) {
            return "https://tsl-acpt.ehealth.fgov.be/" + trustedServiceType.getPath();
        }
        if ("int".equals(property)) {
            return "https://tsl-int.ehealth.fgov.be/" + trustedServiceType.getPath();
        }
        throw new IllegalArgumentException("Unsupported Environment [" + property + "]");
    }

    private static void init() {
        InputStream inputStream = null;
        try {
            try {
                shaCacheLocation = ConfigFactory.getConfigValidator().getProperty("truststoreupdater.local.cache", ConnectorIOUtils.getTempFileLocation(TrustStoreUpdater.class.getCanonicalName() + ".properties"));
                inputStream = ConnectorIOUtils.getResourceAsStream(shaCacheLocation);
                shaCache.load(inputStream);
                ConnectorIOUtils.closeQuietly(inputStream);
            } catch (Exception e) {
                LOG.error("Unable to load sha cache", e);
                ConnectorIOUtils.closeQuietly(inputStream);
            }
        } catch (Throwable th) {
            ConnectorIOUtils.closeQuietly(inputStream);
            throw th;
        }
    }

    private static void store() {
        if (StringUtils.isNotEmpty(shaCacheLocation)) {
            FileOutputStream fileOutputStream = null;
            try {
                try {
                    fileOutputStream = new FileOutputStream(new File(shaCacheLocation));
                    shaCache.store(fileOutputStream, "eHealth TSL cache");
                    ConnectorIOUtils.closeQuietly(fileOutputStream);
                } catch (Exception e) {
                    LOG.error("Unable to store fingerprints to cache", e);
                    ConnectorIOUtils.closeQuietly(fileOutputStream);
                }
            } catch (Throwable th) {
                ConnectorIOUtils.closeQuietly(fileOutputStream);
                throw th;
            }
        }
    }

    private static String location(String str) throws TechnicalConnectorException {
        String property = ConfigFactory.getConfigValidator().getProperty(str);
        try {
            ConnectorIOUtils.getResourceAsStream(property);
            return property;
        } catch (TechnicalConnectorException e) {
            String str2 = ConfigFactory.getConfigValidator().getProperty("KEYSTORE_DIR") + ConfigFactory.getConfigValidator().getProperty(str);
            LOG.debug("Trying to obtain location by adding ${KEYSTORE_DIR} [" + str2 + "] Reason " + ExceptionUtils.getRootCauseMessage(e));
            ConnectorIOUtils.getResourceAsStream(str2);
            return str2;
        }
    }

    private static char[] pwd(String str) {
        return ConfigFactory.getConfigValidator().getProperty(str).toCharArray();
    }

    private static void update(String str, String str2, String str3, char[] cArr, String... strArr) throws TechnicalConnectorException {
        String convertStreamToString = ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream(str2 + BootStrapUtils.EXT_SHA2));
        if (shaCache.containsKey(str) && shaCache.getProperty(str).equals(convertStreamToString) && DateUtils.parseDateTime(shaCache.getProperty(str + NEXT_UPDATE_SUFFIX)).isAfterNow()) {
            LOG.info("Truststore already up-to-date. Skipping TSL file [" + str2 + "]");
            return;
        }
        String convertStreamToString2 = ConnectorIOUtils.convertStreamToString(ConnectorIOUtils.getResourceAsStream(str2 + BootStrapUtils.EXT_XML));
        if (!TrustServiceStatusListSignatureVerifier.isValid(convertStreamToString2)) {
            LOG.warn("Invalid TSL file on [" + str2 + "], skipping update");
            return;
        }
        TrustServiceStatusListParser trustServiceStatusListParser = new TrustServiceStatusListParser();
        trustServiceStatusListParser.parse(convertStreamToString2, strArr);
        BootStrapUtils.writeKeyStore(trustServiceStatusListParser.getTrustedList(), str3, cArr);
        if (StringUtils.isEmpty(convertStreamToString)) {
            return;
        }
        shaCache.put(str, convertStreamToString);
        shaCache.put(str + NEXT_UPDATE_SUFFIX, DateUtils.printDateTime(trustServiceStatusListParser.nextUpdate()));
    }
}
