package org.kiwiproject.dropwizard.util.health.keystore;

import com.codahale.metrics.health.HealthCheck;
import com.google.common.annotations.VisibleForTesting;
import java.io.FileInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.Spliterator;
import java.util.Spliterators;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import java.util.stream.StreamSupport;
import lombok.Generated;
import org.kiwiproject.base.KiwiStrings;
import org.kiwiproject.dropwizard.util.config.KeystoreConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/kiwiproject/dropwizard/util/health/keystore/ExpiringKeystoreHealthCheck.class */
public class ExpiringKeystoreHealthCheck extends HealthCheck {

    @Generated
    private static final Logger LOG = LoggerFactory.getLogger(ExpiringKeystoreHealthCheck.class);
    private static final String X_509_CERT_TYPE = "X.509";
    private static final boolean USE_SEQUENTIAL_STREAM = false;
    private final KeystoreConfig keystoreConfig;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/kiwiproject/dropwizard/util/health/keystore/ExpiringKeystoreHealthCheck$KeyStoreNotLoadedException.class */
    public static class KeyStoreNotLoadedException extends RuntimeException {
        KeyStoreNotLoadedException(String str, Throwable th) {
            super(KiwiStrings.format("Keystore at path {} not loaded", new Object[]{str}), th);
        }
    }

    public ExpiringKeystoreHealthCheck(KeystoreConfig keystoreConfig) {
        this.keystoreConfig = keystoreConfig;
    }

    protected HealthCheck.Result check() {
        KeystoreHealthResults checkKeyStore = checkKeyStore();
        return checkKeyStore.toResultBuilder().withDetail("path", checkKeyStore.getPath()).withDetail("expirationWarningThreshold", this.keystoreConfig.getExpirationWarningThreshold()).withDetail("validCerts", checkKeyStore.getValidCerts()).withDetail("expiredCerts", checkKeyStore.getExpiredCerts()).withDetail("expiringCerts", checkKeyStore.getExpiringCerts()).build();
    }

    private KeystoreHealthResults checkKeyStore() {
        try {
            FileInputStream fileInputStream = new FileInputStream(this.keystoreConfig.getPath());
            try {
                KeystoreHealthResults checkKeyStore = checkKeyStore(fileInputStream);
                fileInputStream.close();
                return checkKeyStore;
            } finally {
            }
        } catch (Exception e) {
            LOG.error("Error checking keystore: {}", this.keystoreConfig.getPath(), e);
            return KeystoreHealthResults.builder().path(this.keystoreConfig.getPath()).expirationWarningThreshold(this.keystoreConfig.getExpirationWarningThreshold()).exception(e).validCerts(Collections.emptyList()).expiredCerts(Collections.emptyList()).expiringCerts(Collections.emptyList()).build();
        }
    }

    private KeystoreHealthResults checkKeyStore(FileInputStream fileInputStream) throws KeyStoreException, CertificateException, NoSuchAlgorithmException, IOException {
        KeyStore keyStore = KeyStore.getInstance(this.keystoreConfig.getType());
        keyStore.load(fileInputStream, ((String) Optional.ofNullable(this.keystoreConfig.getPass()).orElse("")).toCharArray());
        return checkKeyStore(keyStore);
    }

    private KeystoreHealthResults checkKeyStore(KeyStore keyStore) throws KeyStoreException {
        Instant now = Instant.now();
        Instant plusSeconds = now.plusSeconds(this.keystoreConfig.getExpirationWarningThreshold().toSeconds());
        Stream filter = StreamSupport.stream(keyStoreAliasSpliterator(keyStore), false).map(str -> {
            return toCertificate(str, this.keystoreConfig.getPath(), keyStore);
        }).filter(ExpiringKeystoreHealthCheck::isX509);
        Class<X509Certificate> cls = X509Certificate.class;
        Objects.requireNonNull(X509Certificate.class);
        Map map = (Map) filter.map((v1) -> {
            return r1.cast(v1);
        }).map(x509Certificate -> {
            return BasicCertInfo.from(x509Certificate, now, plusSeconds);
        }).collect(Collectors.groupingBy((v0) -> {
            return v0.getCertStatus();
        }));
        List<BasicCertInfo> list = (List) map.getOrDefault(CertStatus.VALID, Collections.emptyList());
        List<BasicCertInfo> list2 = (List) map.getOrDefault(CertStatus.EXPIRED, Collections.emptyList());
        return KeystoreHealthResults.builder().path(this.keystoreConfig.getPath()).expirationWarningThreshold(this.keystoreConfig.getExpirationWarningThreshold()).validCerts(list).expiredCerts(list2).expiringCerts((List) map.getOrDefault(CertStatus.EXPIRING_SOON, Collections.emptyList())).build();
    }

    private static Spliterator<String> keyStoreAliasSpliterator(KeyStore keyStore) throws KeyStoreException {
        return Spliterators.spliteratorUnknownSize(keyStore.aliases().asIterator(), 16);
    }

    @VisibleForTesting
    static Certificate toCertificate(String str, String str2, KeyStore keyStore) {
        try {
            return (Certificate) Objects.requireNonNull(keyStore.getCertificate(str), (Supplier<String>) () -> {
                return KiwiStrings.format("Certificate for alias {} was null", new Object[]{str});
            });
        } catch (KeyStoreException e) {
            throw new KeyStoreNotLoadedException(str2, e);
        }
    }

    private static boolean isX509(Certificate certificate) {
        return certificate.getType().equals(X_509_CERT_TYPE);
    }
}
