package io.bitdive.parent.safety_config;

import com.bettercloud.vault.SslConfig;
import com.bettercloud.vault.Vault;
import com.bettercloud.vault.VaultConfig;
import com.bettercloud.vault.VaultException;
import com.bettercloud.vault.json.JsonValue;
import com.bettercloud.vault.response.LogicalResponse;
import io.bitdive.parent.message_producer.LocalCryptoService;
import io.bitdive.parent.parserConfig.YamlParserConfig;
import io.bitdive.parent.trasirovka.agent.utils.LoggerStatusContent;
import java.net.URL;
import java.time.LocalDateTime;
import java.util.HashMap;
import java.util.Iterator;
import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService;
import java.util.concurrent.TimeUnit;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;

/* loaded from: input_file:io/bitdive/parent/safety_config/VaultGettingConfig.class */
public class VaultGettingConfig {
    private static final String ENCRYPTION_KEY_PATH = "transit/export/encryption-key/encryption-key";
    private static final String SIGNING_KEY_PATH = "transit/export/signing-key/signing-key";
    private static Vault vault;
    private static final ScheduledExecutorService scheduler = Executors.newScheduledThreadPool(1);

    /* loaded from: input_file:io/bitdive/parent/safety_config/VaultGettingConfig$VaultConfigRet.class */
    public static class VaultConfigRet {
        private String certificate;
        private String privateKey;
        private String caChain;

        /* loaded from: input_file:io/bitdive/parent/safety_config/VaultGettingConfig$VaultConfigRet$VaultConfigRetBuilder.class */
        public static class VaultConfigRetBuilder {
            private String certificate;
            private String privateKey;
            private String caChain;

            VaultConfigRetBuilder() {
            }

            public VaultConfigRetBuilder certificate(String str) {
                this.certificate = str;
                return this;
            }

            public VaultConfigRetBuilder privateKey(String str) {
                this.privateKey = str;
                return this;
            }

            public VaultConfigRetBuilder caChain(String str) {
                this.caChain = str;
                return this;
            }

            public VaultConfigRet build() {
                return new VaultConfigRet(this.certificate, this.privateKey, this.caChain);
            }

            public String toString() {
                return "VaultGettingConfig.VaultConfigRet.VaultConfigRetBuilder(certificate=" + this.certificate + ", privateKey=" + this.privateKey + ", caChain=" + this.caChain + ")";
            }
        }

        VaultConfigRet(String str, String str2, String str3) {
            this.certificate = str;
            this.privateKey = str2;
            this.caChain = str3;
        }

        public static VaultConfigRetBuilder builder() {
            return new VaultConfigRetBuilder();
        }

        public String getCertificate() {
            return this.certificate;
        }

        public String getPrivateKey() {
            return this.privateKey;
        }

        public String getCaChain() {
            return this.caChain;
        }
    }

    public static void initVaultConnect() {
        try {
            try {
                VaultConfig build = new VaultConfig().address(YamlParserConfig.getProfilingConfig().getMonitoring().getSendFiles().getServerConsumer().getVault().getUrl()).sslConfig(new SslConfig().verify(false).build()).engineVersion(1).build();
                vault = new Vault(build);
                build.token(vault.auth().loginByUserPass(YamlParserConfig.getProfilingConfig().getMonitoring().getSendFiles().getServerConsumer().getVault().getLogin(), YamlParserConfig.getProfilingConfig().getMonitoring().getSendFiles().getServerConsumer().getVault().getPassword()).getAuthClientToken()).build();
                updateAESKey();
                updateRSAPrivateKey();
                startKeyUpdates();
            } catch (VaultException e) {
                throw new RuntimeException(e);
            }
        } catch (Exception e2) {
            throw new RuntimeException(e2);
        }
    }

    public static void startKeyUpdates() {
        scheduler.scheduleAtFixedRate(new Runnable() { // from class: io.bitdive.parent.safety_config.VaultGettingConfig.1
            @Override // java.lang.Runnable
            public void run() {
                try {
                    VaultGettingConfig.updateAESKey();
                    VaultGettingConfig.updateRSAPrivateKey();
                    if (LoggerStatusContent.isDebug()) {
                        System.out.println("keys were successfully updated in " + LocalDateTime.now());
                    }
                } catch (Exception e) {
                    if (LoggerStatusContent.isDebug()) {
                        System.out.println("error successfully updated :" + e.getMessage());
                    }
                }
            }
        }, 0L, 1L, TimeUnit.HOURS);
    }

    public static VaultConfigRet retrieveCertificatesFromVault() throws Exception {
        final URL url = new URL(YamlParserConfig.getProfilingConfig().getMonitoring().getSendFiles().getServerConsumer().getUrl());
        LogicalResponse write = vault.withRetries(5, 1000).logical().write("pki/issue/bitdive", new HashMap<String, Object>() { // from class: io.bitdive.parent.safety_config.VaultGettingConfig.2
            {
                put("common_name", "file-acceptor.bitdive");
                put("alt_names", url.getHost());
                put("ttl", "24h");
            }
        });
        return VaultConfigRet.builder().certificate(write.getData().get("certificate")).privateKey(write.getData().get("private_key")).caChain(write.getData().get("issuing_ca")).build();
    }

    public static Stream<JsonValue> iteratorToStream(Iterator<JsonValue> it) {
        Iterable iterable = () -> {
            return it;
        };
        return StreamSupport.stream(iterable.spliterator(), false);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void updateAESKey() throws VaultException {
        LogicalResponse read = vault.logical().read(ENCRYPTION_KEY_PATH);
        Integer num = (Integer) read.getDataObject().get("keys").asObject().names().stream().map(Integer::parseInt).max((v0, v1) -> {
            return v0.compareTo(v1);
        }).orElse(null);
        LocalCryptoService.addKeySecretKey(num, read.getDataObject().get("keys").asObject().get(String.valueOf(num)).asString());
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void updateRSAPrivateKey() throws Exception {
        LogicalResponse read = vault.logical().read(SIGNING_KEY_PATH);
        Integer num = (Integer) read.getDataObject().get("keys").asObject().names().stream().map(Integer::parseInt).max((v0, v1) -> {
            return v0.compareTo(v1);
        }).orElse(null);
        LocalCryptoService.addKeyPrivateKey(num, read.getDataObject().get("keys").asObject().get(String.valueOf(num)).asString());
    }
}
