package com.marklogic.appdeployer.command.security;

import com.marklogic.appdeployer.ConfigDir;
import com.marklogic.appdeployer.command.AbstractCommand;
import com.marklogic.appdeployer.command.CommandContext;
import com.marklogic.appdeployer.command.SortOrderConstants;
import com.marklogic.mgmt.ManageClient;
import com.marklogic.mgmt.resource.security.CertificateTemplateManager;
import java.io.File;
import java.io.IOException;
import java.util.Iterator;
import java.util.List;
import org.springframework.util.FileCopyUtils;

/* loaded from: input_file:com/marklogic/appdeployer/command/security/InsertCertificateHostsTemplateCommand.class */
public class InsertCertificateHostsTemplateCommand extends AbstractCommand {
    private String publicCertificateFileExtension = ".crt";
    private String privateKeyFileExtension = ".key";

    public InsertCertificateHostsTemplateCommand() {
        setExecuteSortOrder(SortOrderConstants.INSERT_HOST_CERTIFICATES.intValue());
    }

    @Override // com.marklogic.appdeployer.command.Command
    public void execute(CommandContext commandContext) {
        List<String> listItemNameRefs = new CertificateTemplateManager(commandContext.getManageClient()).getAsXml().getListItemNameRefs();
        if (listItemNameRefs == null || listItemNameRefs.isEmpty()) {
            return;
        }
        if (this.logger.isInfoEnabled()) {
            this.logger.info("Looking for host certificates to insert for certificate templates: " + listItemNameRefs);
        }
        Iterator<String> it = listItemNameRefs.iterator();
        while (it.hasNext()) {
            insertHostCertificatesForTemplate(commandContext, it.next());
        }
    }

    protected void insertHostCertificatesForTemplate(CommandContext commandContext, String str) {
        Iterator<ConfigDir> it = commandContext.getAppConfig().getConfigDirs().iterator();
        while (it.hasNext()) {
            File file = new File(it.next().getCertificateTemplatesDir() + File.separator + "host-certificates" + File.separator + str);
            this.logger.info(format("Looking for host certificate files ending in '%s' for template '%s' in: %s", new Object[]{this.publicCertificateFileExtension, str, file.getAbsolutePath()}));
            if (file.exists()) {
                for (File file2 : file.listFiles()) {
                    if (file2.getName().endsWith(this.publicCertificateFileExtension)) {
                        File determinePrivateKeyFile = determinePrivateKeyFile(file2);
                        if (determinePrivateKeyFile.exists()) {
                            this.logger.info("Found public certificate file at: " + file2.getAbsolutePath() + ", and found corresponding private key file at: " + determinePrivateKeyFile.getAbsolutePath());
                            insertHostCertificate(commandContext, str, file2, determinePrivateKeyFile);
                        } else {
                            this.logger.warn("Did not find expected private key file at: " + determinePrivateKeyFile.getAbsolutePath() + "; will ignore public certificate file found at: " + file2.getAbsolutePath());
                        }
                    }
                }
            }
        }
    }

    protected File determinePrivateKeyFile(File file) {
        String absolutePath = file.getAbsolutePath();
        return new File(absolutePath.substring(0, absolutePath.length() - this.publicCertificateFileExtension.length()) + this.privateKeyFileExtension);
    }

    protected void insertHostCertificate(CommandContext commandContext, String str, File file, File file2) {
        if (certificateExists(str, file, commandContext.getManageClient())) {
            this.logger.info(format("Host certificate already exists for certificate template '%s', so not inserting host certificate found at: %s", new Object[]{str, file.getAbsolutePath()}));
            return;
        }
        this.logger.info(format("Inserting host certificate for certificate template '%s'", new Object[]{str}));
        new CertificateTemplateManager(commandContext.getManageClient()).insertHostCertificate(str, copyFileToString(file), copyFileToString(file2));
        this.logger.info(format("Inserted host certificate for certificate template '%s'", new Object[]{str}));
    }

    protected boolean certificateExists(String str, File file, ManageClient manageClient) {
        CertificateTemplateManager certificateTemplateManager = new CertificateTemplateManager(manageClient);
        String str2 = null;
        try {
            str2 = getCertificateHostName(file, manageClient);
        } catch (Exception e) {
            this.logger.warn("Unable to determine host name for public certificate file: " + file + "; cause: " + e.getMessage() + ". Due to this, the check to determine if the certificate exists already will not include a host name but will only be based on the name of the template.");
        }
        if (str2 != null) {
            this.logger.info(format("Checking for existing certificate with name '%s' and host name '%s'", new Object[]{str, str2}));
            return certificateTemplateManager.certificateExists(str, str2);
        }
        this.logger.info(format("Could not determine host name, so checking for existing certificate with name '%s'", new Object[]{str}));
        return certificateTemplateManager.certificateExists(str);
    }

    protected String getCertificateHostName(File file, ManageClient manageClient) {
        return extractHostNameFromEvalResponse((String) manageClient.postForm("/v1/eval", "xquery", makeQueryForHostName(file)).getBody());
    }

    protected String makeQueryForHostName(File file) {
        try {
            return format("xdmp:x509-certificate-extract(\"%s\")/*:subject/*:commonName/fn:string()", new Object[]{new String(FileCopyUtils.copyToByteArray(file))});
        } catch (IOException e) {
            throw new RuntimeException("Unable to read certificate from file: " + file + "; cause: " + e.getMessage());
        }
    }

    protected String extractHostNameFromEvalResponse(String str) {
        int indexOf = str.indexOf("X-Primitive: string");
        if (indexOf < 0) {
            throw new IllegalArgumentException("Unable to extract host name from eval response: " + str + "; did not find: X-Primitive: string");
        }
        String trim = str.substring(indexOf + "X-Primitive: string".length()).trim();
        int indexOf2 = trim.indexOf("--");
        if (indexOf2 < 0) {
            throw new IllegalArgumentException("Unable to extract host name from eval response: " + trim + "; did not find '--' after X-Primitive: string");
        }
        return trim.substring(0, indexOf2).trim();
    }

    public void setPublicCertificateFileExtension(String str) {
        this.publicCertificateFileExtension = str;
    }

    public void setPrivateKeyFileExtension(String str) {
        this.privateKeyFileExtension = str;
    }
}
