package io.gravitee.am.management.service.impl;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.gravitee.am.identityprovider.api.User;
import io.gravitee.am.management.service.AbstractSensitiveProxy;
import io.gravitee.am.management.service.CertificateServiceProxy;
import io.gravitee.am.model.Application;
import io.gravitee.am.model.Certificate;
import io.gravitee.am.model.IdentityProvider;
import io.gravitee.am.model.Reference;
import io.gravitee.am.service.ApplicationService;
import io.gravitee.am.service.AuditService;
import io.gravitee.am.service.CertificatePluginService;
import io.gravitee.am.service.CertificateService;
import io.gravitee.am.service.IdentityProviderService;
import io.gravitee.am.service.exception.CertificateNotFoundException;
import io.gravitee.am.service.exception.CertificatePluginSchemaNotFoundException;
import io.gravitee.am.service.model.NewCertificate;
import io.gravitee.am.service.model.UpdateCertificate;
import io.gravitee.am.service.reporter.builder.AuditBuilder;
import io.gravitee.am.service.reporter.builder.management.CertificateAuditBuilder;
import io.gravitee.am.service.utils.CertificateTimeComparator;
import io.reactivex.rxjava3.core.Completable;
import io.reactivex.rxjava3.core.Flowable;
import io.reactivex.rxjava3.core.Maybe;
import io.reactivex.rxjava3.core.Single;
import java.time.Duration;
import java.util.Comparator;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.tuple.Pair;
import org.springframework.core.env.Environment;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:io/gravitee/am/management/service/impl/CertificateServiceProxyImpl.class */
public class CertificateServiceProxyImpl extends AbstractSensitiveProxy implements CertificateServiceProxy {
    private final CertificateService certificateService;
    private final IdentityProviderService idps;
    private final ApplicationService apps;
    private final CertificatePluginService certificatePluginService;
    private final AuditService auditService;
    private final ObjectMapper objectMapper;
    private final Duration certExpirationWarningThreshold;

    public CertificateServiceProxyImpl(CertificateService certificateService, IdentityProviderService identityProviderService, ApplicationService applicationService, CertificatePluginService certificatePluginService, AuditService auditService, ObjectMapper objectMapper, Environment environment) {
        this.certificateService = certificateService;
        this.idps = identityProviderService;
        this.apps = applicationService;
        this.certificatePluginService = certificatePluginService;
        this.auditService = auditService;
        this.objectMapper = objectMapper;
        this.certExpirationWarningThreshold = Duration.ofDays(getCertWarningThresholdDays(environment));
    }

    private static int getCertWarningThresholdDays(Environment environment) {
        return ((Integer) Stream.of((Object[]) ((String) environment.getProperty("services.certificate.expiryThresholds", String.class, DomainNotifierServiceImpl.DEFAULT_CERTIFICATE_EXPIRY_THRESHOLDS)).trim().split(",")).map((v0) -> {
            return v0.trim();
        }).map(Integer::valueOf).sorted(Comparator.reverseOrder()).toList().get(0)).intValue();
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Maybe<Certificate> findById(String str) {
        return this.certificateService.findById(str).flatMap(certificate -> {
            return filterSensitiveData(certificate).toMaybe();
        });
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Single<List<CertificateEntity>> findByDomainAndUse(String str, String str2) {
        return this.certificateService.findByDomain(str).filter(certificate -> {
            if (StringUtils.isBlank(str2)) {
                return true;
            }
            ObjectMapper objectMapper = this.objectMapper;
            Objects.requireNonNull(objectMapper);
            return certificate.hasUse(str2, objectMapper::readTree);
        }).flatMapSingle(this::filterSensitiveData).toList().map(list -> {
            Set set = (Set) list.stream().filter((v0) -> {
                return v0.isSystem();
            }).sorted(new CertificateTimeComparator()).skip(1L).map((v0) -> {
                return v0.getId();
            }).collect(Collectors.toSet());
            return list.stream().map(certificate2 -> {
                return Pair.of(certificate2, Boolean.valueOf(set.contains(certificate2.getId())));
            }).toList();
        }).flattenAsFlowable(list2 -> {
            return list2;
        }).flatMapSingle(pair -> {
            Certificate certificate2 = (Certificate) pair.getLeft();
            Boolean bool = (Boolean) pair.getRight();
            return Single.zip(getAppsUsing(certificate2).toList(), getIdpsUsing(certificate2).toList(), (list3, list4) -> {
                return CertificateEntity.forList(certificate2, this.certExpirationWarningThreshold, bool.booleanValue(), list3, list4);
            });
        }).sorted(Comparator.comparing((v0) -> {
            return v0.name();
        }, String.CASE_INSENSITIVE_ORDER)).toList();
    }

    private Flowable<IdentityProvider> getIdpsUsing(Certificate certificate) {
        return this.idps.findByCertificate(Reference.domain(certificate.getDomain()), certificate.getId()).map(identityProvider -> {
            IdentityProvider identityProvider = new IdentityProvider();
            identityProvider.setId(identityProvider.getId());
            identityProvider.setName(identityProvider.getName());
            return identityProvider;
        });
    }

    private Flowable<Application> getAppsUsing(Certificate certificate) {
        return this.apps.findByCertificate(certificate.getId()).map(application -> {
            Application application = new Application();
            application.setId(application.getId());
            application.setName(application.getName());
            return application;
        });
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Single<Certificate> create(String str, NewCertificate newCertificate, User user) {
        return this.certificateService.create(str, newCertificate, user, false).flatMap(certificate -> {
            return filterSensitiveData(certificate).doOnSuccess(certificate -> {
                this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_CREATED").certificate(certificate));
            }).doOnError(th -> {
                this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_CREATED").reference(Reference.domain(certificate.getDomain())).throwable(th));
            });
        });
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Single<Certificate> update(String str, String str2, UpdateCertificate updateCertificate, User user) {
        return this.certificateService.findById(str2).switchIfEmpty(Single.error(() -> {
            return new CertificateNotFoundException(str2);
        })).flatMap(certificate -> {
            return filterSensitiveData(certificate).flatMap(certificate -> {
                return updateSensitiveData(updateCertificate, certificate).flatMap(updateCertificate2 -> {
                    return this.certificateService.update(str, str2, updateCertificate2, user);
                }).flatMap(certificate -> {
                    return filterSensitiveData(certificate).doOnSuccess(certificate -> {
                        this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_UPDATED").oldValue(certificate).certificate(certificate));
                    }).doOnError(th -> {
                        this.auditService.report(((CertificateAuditBuilder) AuditBuilder.builder(CertificateAuditBuilder.class)).principal(user).type("CERTIFICATE_UPDATED").reference(Reference.domain(certificate.getDomain())).throwable(th));
                    });
                });
            });
        });
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Completable delete(String str, User user) {
        return this.certificateService.delete(str, user);
    }

    @Override // io.gravitee.am.management.service.CertificateServiceProxy
    public Single<Certificate> rotate(String str, User user) {
        return this.certificateService.rotate(str, user);
    }

    private Single<Certificate> filterSensitiveData(Certificate certificate) {
        return this.certificatePluginService.getSchema(certificate.getType()).switchIfEmpty(Single.error(() -> {
            return new CertificatePluginSchemaNotFoundException(certificate.getType());
        })).map(str -> {
            Certificate certificate2 = new Certificate(certificate);
            JsonNode readTree = this.objectMapper.readTree(str);
            JsonNode readTree2 = this.objectMapper.readTree(certificate2.getConfiguration());
            Objects.requireNonNull(certificate2);
            super.filterSensitiveData(readTree, readTree2, certificate2::setConfiguration);
            return certificate2;
        });
    }

    private Single<UpdateCertificate> updateSensitiveData(UpdateCertificate updateCertificate, Certificate certificate) {
        return this.certificatePluginService.getSchema(certificate.getType()).switchIfEmpty(Single.error(() -> {
            return new CertificatePluginSchemaNotFoundException(certificate.getType());
        })).map(str -> {
            JsonNode readTree = this.objectMapper.readTree(updateCertificate.getConfiguration());
            JsonNode readTree2 = this.objectMapper.readTree(certificate.getConfiguration());
            JsonNode readTree3 = this.objectMapper.readTree(str);
            Objects.requireNonNull(updateCertificate);
            super.updateSensitiveData(readTree, readTree2, readTree3, updateCertificate::setConfiguration);
            return updateCertificate;
        });
    }
}
