package ca.nrc.cadc.cred.server;

import ca.nrc.cadc.auth.AuthenticationUtil;
import ca.nrc.cadc.auth.SSLUtil;
import ca.nrc.cadc.auth.X509CertificateChain;
import ca.nrc.cadc.db.DBUtil;
import ca.nrc.cadc.profiler.Profiler;
import java.io.IOException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.CertificateException;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import java.util.Date;
import java.util.List;
import java.util.Map;
import javax.naming.NamingException;
import javax.security.auth.x500.X500Principal;
import javax.sql.DataSource;
import org.apache.log4j.Logger;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.SingleColumnRowMapper;

/* loaded from: input_file:ca/nrc/cadc/cred/server/CertificateDAO.class */
public class CertificateDAO {
    private static final Logger log = Logger.getLogger(CertificateDAO.class);
    private final String tableName;
    private final DataSource dataSource;

    /* loaded from: input_file:ca/nrc/cadc/cred/server/CertificateDAO$CertificateSchema.class */
    public static class CertificateSchema {
        private final String dataSourceName;
        private final String certTable;

        public CertificateSchema(String str, String str2, String str3) {
            this.dataSourceName = str;
            StringBuilder sb = new StringBuilder();
            if (str2 != null) {
                sb.append(str2).append(".");
            }
            if (str3 != null) {
                sb.append(str3);
            }
            if (sb.length() > 0) {
                sb.append(".");
            }
            sb.append(X509CertificateChain.class.getSimpleName());
            this.certTable = sb.toString();
        }

        public String getTable() {
            return this.certTable;
        }
    }

    public CertificateDAO(CertificateSchema certificateSchema) {
        this.tableName = certificateSchema.certTable;
        try {
            log.debug("lookup datasource: " + certificateSchema.dataSourceName);
            this.dataSource = DBUtil.findJNDIDataSource(certificateSchema.dataSourceName);
        } catch (NamingException e) {
            throw new RuntimeException("CONFIG: failed to find DataSource " + certificateSchema.dataSourceName);
        }
    }

    DataSource getDataSource() {
        return this.dataSource;
    }

    public void put(X509CertificateChain x509CertificateChain) {
        Profiler profiler = new Profiler(getClass());
        String hashKey = x509CertificateChain.getHashKey();
        String canonizeDistinguishedName = AuthenticationUtil.canonizeDistinguishedName(x509CertificateChain.getPrincipal().getName());
        Date expiryDate = x509CertificateChain.getExpiryDate();
        String certificateString = x509CertificateChain.certificateString();
        byte[] encoded = x509CertificateChain.getPrivateKey().getEncoded();
        byte[] copyOf = Arrays.copyOf(encoded, encoded.length + 1);
        copyOf[copyOf.length - 1] = 1;
        String csrString = x509CertificateChain.getCsrString();
        JdbcTemplate jdbcTemplate = new JdbcTemplate(this.dataSource);
        Date date = new Date();
        if (exists(hashKey)) {
            String str = "update " + this.tableName + " set canon_dn = ?, exp_date = ?, cert_chain = ?, private_key = ?, csr = ?, lastModified = ? where hash_dn=?";
            log.debug("put: " + str);
            jdbcTemplate.update(str, new Object[]{canonizeDistinguishedName, expiryDate, certificateString, copyOf, csrString, date, hashKey}, new int[]{12, 93, 12, -3, 12, 93, 12});
        } else {
            String str2 = "insert into " + this.tableName + " (canon_dn, exp_date, cert_chain, private_key, csr, hash_dn, lastModified) values (?,?,?,?,?,?,?)";
            log.debug("put: " + str2);
            jdbcTemplate.update(str2, new Object[]{canonizeDistinguishedName, expiryDate, certificateString, copyOf, csrString, hashKey, date}, new int[]{12, 93, 12, -3, 12, 12, 93});
        }
        profiler.checkpoint("put");
    }

    public X509CertificateChain get(X500Principal x500Principal) {
        if (x500Principal == null) {
            return null;
        }
        return get(X509CertificateChain.genHashKey(x500Principal));
    }

    public X509CertificateChain get(String str) {
        Profiler profiler = new Profiler(getClass());
        String str2 = "select canon_dn, exp_date, cert_chain, private_key, csr from " + this.tableName + " where hash_dn = ? ";
        log.debug("get: " + str2);
        try {
            Map queryForMap = new JdbcTemplate(this.dataSource).queryForMap(str2, new String[]{str});
            String str3 = (String) queryForMap.get("canon_dn");
            Date date = (Date) queryForMap.get("exp_date");
            String str4 = (String) queryForMap.get("cert_chain");
            byte[] bArr = (byte[]) queryForMap.get("private_key");
            byte[] copyOf = Arrays.copyOf(bArr, bArr.length + 10);
            String str5 = (String) queryForMap.get("csr");
            PrivateKey readPrivateKey = SSLUtil.readPrivateKey(copyOf);
            X500Principal x500Principal = new X500Principal(str3);
            X509CertificateChain x509CertificateChain = str4 != null ? new X509CertificateChain(Arrays.asList(SSLUtil.readCertificateChain(str4.getBytes()))) : new X509CertificateChain(x500Principal, readPrivateKey, str5);
            x509CertificateChain.setCsrString(str5);
            x509CertificateChain.setExpiryDate(date);
            x509CertificateChain.setHashKey(str);
            x509CertificateChain.setKey(readPrivateKey);
            x509CertificateChain.setPrincipal(x500Principal);
            profiler.checkpoint("get");
            return x509CertificateChain;
        } catch (IOException e) {
            throw new RuntimeException("BUG: failed to read certificate chain", e);
        } catch (NoSuchAlgorithmException e2) {
            throw new RuntimeException("BUG: failed to read private key", e2);
        } catch (CertificateException e3) {
            throw new RuntimeException("BUG: failed to read certficate chain", e3);
        } catch (InvalidKeySpecException e4) {
            throw new RuntimeException("BUG: failed to read private key", e4);
        } catch (EmptyResultDataAccessException e5) {
            return null;
        }
    }

    public void delete(String str) {
        Profiler profiler = new Profiler(getClass());
        String str2 = "delete from " + this.tableName + " where hash_dn = ? ";
        log.debug("delete: " + str2);
        new JdbcTemplate(this.dataSource).update(str2, new String[]{str});
        profiler.checkpoint("delete");
    }

    public boolean exists(String str) {
        SingleColumnRowMapper singleColumnRowMapper = new SingleColumnRowMapper(String.class);
        String str2 = "select canon_dn from " + this.tableName + " where hash_dn = ? ";
        log.debug("exists: " + str2);
        List query = new JdbcTemplate(this.dataSource).query(str2, new String[]{str}, singleColumnRowMapper);
        return query != null && query.size() == 1;
    }

    public List<String> getAllHashKeys() {
        Profiler profiler = new Profiler(getClass());
        List<String> query = new JdbcTemplate(this.dataSource).query("select hash_dn from " + this.tableName, new SingleColumnRowMapper(String.class));
        profiler.checkpoint("getAllHashKeys");
        return query;
    }
}
