package net.lightapi.portal.oauth.command.handler;

import com.networknt.config.JsonMapper;
import com.networknt.monad.Failure;
import com.networknt.monad.Result;
import com.networknt.monad.Success;
import com.networknt.rpc.router.ServiceHandler;
import com.networknt.security.KeyUtil;
import com.networknt.status.Status;
import com.networknt.utility.UuidUtil;
import io.undertow.server.HttpServerExchange;
import java.security.KeyPair;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import net.lightapi.portal.HybridQueryClient;
import net.lightapi.portal.command.AbstractCommandHandler;
import org.jose4j.jwk.JsonWebKey;
import org.jose4j.jwk.JsonWebKeySet;
import org.jose4j.jwk.PublicJsonWebKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@ServiceHandler(id = "lightapi.net/oauth/rotateProvider/0.1.0")
/* loaded from: input_file:net/lightapi/portal/oauth/command/handler/RotateProvider.class */
public class RotateProvider extends AbstractCommandHandler {
    private static final Logger logger = LoggerFactory.getLogger(RotateProvider.class);
    private static final String PROVIDER_KEY_TYPE_MISSING = "ERR11639";
    private static final String PROVIDER_KEY_TYPE_INVALID = "ERR11640";
    private static final String KEY_GENERATION_ERROR = "ERR12054";

    protected String getCloudEventType() {
        return "AuthProviderRotatedEvent";
    }

    protected Logger getLogger() {
        return logger;
    }

    protected Result<Map<String, Object>> enrichInput(HttpServerExchange httpServerExchange, Map<String, Object> map) {
        String str = (String) map.get("keyType");
        String str2 = (String) map.get("providerId");
        String str3 = (String) map.get("hostId");
        if (str == null || str.isBlank()) {
            return Failure.of(new Status(PROVIDER_KEY_TYPE_MISSING, new Object[0]));
        }
        if (!str.equals("LC") && !str.equals("TC")) {
            return Failure.of(new Status(PROVIDER_KEY_TYPE_INVALID, new Object[]{str}));
        }
        String str4 = str.equals("LC") ? "LP" : "TP";
        Result providerKey = HybridQueryClient.getProviderKey(httpServerExchange, str3, str2);
        if (providerKey.isFailure()) {
            return Failure.of(providerKey.getError());
        }
        HashMap hashMap = new HashMap();
        List<Map> string2List = JsonMapper.string2List((String) providerKey.getResult());
        try {
            KeyPair generateKeyPair = KeyUtil.generateKeyPair("RSA", 2048);
            String uuidToBase64 = UuidUtil.uuidToBase64(UuidUtil.getUUID());
            PublicJsonWebKey newPublicJwk = PublicJsonWebKey.Factory.newPublicJwk(generateKeyPair.getPublic());
            newPublicJwk.setKeyId(uuidToBase64);
            String serializePublicKey = KeyUtil.serializePublicKey(generateKeyPair.getPublic());
            String serializePrivateKey = KeyUtil.serializePrivateKey(generateKeyPair.getPrivate());
            hashMap.put("publicKey", serializePublicKey);
            hashMap.put("privateKey", serializePrivateKey);
            hashMap.put("kid", uuidToBase64);
            hashMap.put("keyType", str);
            map.put("insert", hashMap);
            ArrayList arrayList = new ArrayList();
            arrayList.add(newPublicJwk);
            for (Map map2 : string2List) {
                if (map2.get("keyType").equals(str)) {
                    HashMap hashMap2 = new HashMap();
                    hashMap2.put("kid", map2.get("kid"));
                    hashMap2.put("keyType", str4);
                    map.put("update", hashMap2);
                    PublicJsonWebKey newPublicJwk2 = PublicJsonWebKey.Factory.newPublicJwk(KeyUtil.deserializePublicKey((String) map2.get("publicKey"), "RSA"));
                    newPublicJwk2.setKeyId((String) map2.get("kid"));
                    arrayList.add(newPublicJwk2);
                } else if (map2.get("keyType").equals(str4)) {
                    HashMap hashMap3 = new HashMap();
                    hashMap3.put("kid", map2.get("kid"));
                    map.put("delete", hashMap3);
                    PublicJsonWebKey newPublicJwk3 = PublicJsonWebKey.Factory.newPublicJwk(KeyUtil.deserializePublicKey((String) map2.get("publicKey"), "RSA"));
                    newPublicJwk3.setKeyId((String) map2.get("kid"));
                    arrayList.add(newPublicJwk3);
                } else {
                    PublicJsonWebKey newPublicJwk4 = PublicJsonWebKey.Factory.newPublicJwk(KeyUtil.deserializePublicKey((String) map2.get("publicKey"), "RSA"));
                    newPublicJwk4.setKeyId((String) map2.get("kid"));
                    arrayList.add(newPublicJwk4);
                }
            }
            map.put("jwk", new JsonWebKeySet(arrayList).toJson(JsonWebKey.OutputControlLevel.PUBLIC_ONLY));
            return Success.of(map);
        } catch (Exception e) {
            return Failure.of(new Status(KEY_GENERATION_ERROR, new Object[]{e.getMessage()}));
        }
    }
}
