package io.gravitee.node.secrets.service.keystoreloader;

import io.gravitee.common.util.KeyStoreUtils;
import io.gravitee.node.api.certificate.KeyStoreBundle;
import io.gravitee.node.api.certificate.KeyStoreLoader;
import io.gravitee.node.api.certificate.KeyStoreLoaderOptions;
import io.gravitee.node.api.secrets.model.SecretEvent;
import io.gravitee.node.api.secrets.model.SecretMap;
import io.gravitee.node.api.secrets.model.SecretMount;
import io.gravitee.node.secrets.service.conf.GraviteeConfigurationSecretResolverDispatcher;
import io.reactivex.rxjava3.disposables.Disposable;
import java.util.ArrayList;
import java.util.List;
import java.util.function.Consumer;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gravitee/node/secrets/service/keystoreloader/SecretProviderKeyStoreLoader.class */
public class SecretProviderKeyStoreLoader implements KeyStoreLoader {
    private static final Logger log = LoggerFactory.getLogger(SecretProviderKeyStoreLoader.class);
    private final List<Consumer<KeyStoreBundle>> listeners = new ArrayList();
    private final GraviteeConfigurationSecretResolverDispatcher secretResolverDispatcher;
    private final KeyStoreLoaderOptions options;
    private Disposable watch;

    public SecretProviderKeyStoreLoader(GraviteeConfigurationSecretResolverDispatcher graviteeConfigurationSecretResolverDispatcher, KeyStoreLoaderOptions keyStoreLoaderOptions) {
        this.secretResolverDispatcher = graviteeConfigurationSecretResolverDispatcher;
        this.options = keyStoreLoaderOptions;
    }

    public void start() {
        SecretMount secretMount = this.secretResolverDispatcher.toSecretMount(this.options.getSecretLocation());
        createBundleAndNotify((SecretMap) this.secretResolverDispatcher.resolve(secretMount).blockingGet(), secretMount);
        if (this.options.isWatch()) {
            this.watch = this.secretResolverDispatcher.watch(secretMount, SecretEvent.Type.UPDATED).subscribe(secretMap -> {
                createBundleAndNotify(secretMap, secretMount);
            }, th -> {
                log.error("cannot create keystore", th);
            });
        }
    }

    private void createBundleAndNotify(SecretMap secretMap, SecretMount secretMount) {
        String upperCase = this.options.getKeyStoreType().toUpperCase();
        boolean z = -1;
        switch (upperCase.hashCode()) {
            case -1933293812:
                if (upperCase.equals("PKCS12")) {
                    z = 2;
                    break;
                }
                break;
            case 73522:
                if (upperCase.equals("JKS")) {
                    z = true;
                    break;
                }
                break;
            case 79096:
                if (upperCase.equals("PEM")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                notifyListeners(new KeyStoreBundle(KeyStoreUtils.initFromPem((String) secretMap.wellKnown(SecretMap.WellKnownSecretKey.CERTIFICATE).map((v0) -> {
                    return v0.asString();
                }).orElseThrow(() -> {
                    return new IllegalArgumentException("no pem certificate found in secret. If a ?keymap has been set make sure it contains ?keymap=certificate:<cert key in secret data>)");
                }), (String) secretMap.wellKnown(SecretMap.WellKnownSecretKey.PRIVATE_KEY).map((v0) -> {
                    return v0.asString();
                }).orElseThrow(() -> {
                    return new IllegalArgumentException("no pem private key found in secret. If a ?keymap has been set make sure it contains ?keymap=private_key:<cert key in secret data>)");
                }), this.options.getKeyStorePassword(), this.options.getDefaultAlias()), this.options.getKeyStorePassword(), this.options.getDefaultAlias()));
                return;
            case true:
            case true:
                notifyListeners(new KeyStoreBundle(KeyStoreUtils.initFromContent(this.options.getKeyStoreType(), (String) secretMap.getSecret(secretMount).map((v0) -> {
                    return v0.asString();
                }).orElseThrow(() -> {
                    return new IllegalArgumentException("no keystore value found for key '%s'".formatted(secretMount.key()));
                }), this.options.getKeyStorePassword()), this.options.getKeyStorePassword(), this.options.getDefaultAlias()));
                return;
            default:
                log.warn("some ssl related secrets were changes but not handled");
                return;
        }
    }

    public void stop() {
        if (this.watch != null) {
            this.watch.dispose();
        }
    }

    public void addListener(Consumer<KeyStoreBundle> consumer) {
        this.listeners.add(consumer);
    }

    private void notifyListeners(KeyStoreBundle keyStoreBundle) {
        this.listeners.forEach(consumer -> {
            consumer.accept(keyStoreBundle);
        });
    }
}
