package net.bluemind.system.security.certificate;

import freemarker.template.Configuration;
import io.vertx.core.AbstractVerticle;
import java.io.IOException;
import java.net.URL;
import java.security.SecureRandom;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.LocalTime;
import java.time.ZoneId;
import java.time.ZoneOffset;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.X509TrustManager;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.context.SecurityContext;
import net.bluemind.core.rest.ServerSideServiceProvider;
import net.bluemind.domain.api.Domain;
import net.bluemind.domain.api.IDomains;
import net.bluemind.lib.vertx.VertxPlatform;
import net.bluemind.system.api.ISystemConfiguration;
import net.bluemind.system.api.SysConfKeys;
import net.bluemind.system.security.certificate.CertificateTaskHelper;
import net.bluemind.system.service.certificate.IInCoreSecurityMgmt;
import net.bluemind.utils.Trust;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/security/certificate/CertificateExpirationReport.class */
public class CertificateExpirationReport extends AbstractVerticle {
    private static final Logger logger = LoggerFactory.getLogger(CertificateExpirationReport.class);

    public void start() {
        VertxPlatform.getVertx().setTimer(Duration.between(Instant.now(), LocalDateTime.of(LocalDate.now(ZoneId.of("UTC")).plusDays(1L), LocalTime.MIDNIGHT.plusHours(8L)).toInstant(ZoneOffset.UTC)).toMillis(), (v1) -> {
            execute(v1);
        });
    }

    private void execute(long j) {
        CompletableFuture.runAsync(this::checkExpiration);
        VertxPlatform.executeBlockingPeriodic(TimeUnit.DAYS.toMillis(1L), l -> {
            checkExpiration();
        });
    }

    private void checkExpiration() {
        try {
            HashSet hashSet = new HashSet(((IInCoreSecurityMgmt) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(IInCoreSecurityMgmt.class, new String[0])).getDomainExternalUrls().keySet());
            Optional ofNullable = Optional.ofNullable((String) ((ISystemConfiguration) ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM).instance(ISystemConfiguration.class, new String[0])).getValues().values.get(SysConfKeys.external_url.name()));
            hashSet.getClass();
            ofNullable.ifPresent((v1) -> {
                r1.add(v1);
            });
            Iterator it = hashSet.iterator();
            while (it.hasNext()) {
                URL url = new URL("https://" + ((String) it.next()));
                logger.info("Connecting to {}", url);
                HttpsURLConnection httpsURLConnection = null;
                try {
                    SSLContext sSLContext = SSLContext.getInstance("TLS");
                    sSLContext.init(null, new X509TrustManager[]{Trust.createTrustManager()}, new SecureRandom());
                    HttpsURLConnection.setDefaultSSLSocketFactory(sSLContext.getSocketFactory());
                    httpsURLConnection = (HttpsURLConnection) url.openConnection();
                    httpsURLConnection.setHostnameVerifier(Trust.acceptAllVerifier());
                    httpsURLConnection.connect();
                    for (Certificate certificate : httpsURLConnection.getServerCertificates()) {
                        X509Certificate x509Certificate = (X509Certificate) certificate;
                        Date notAfter = x509Certificate.getNotAfter();
                        String name = x509Certificate.getSubjectX500Principal().getName();
                        String name2 = x509Certificate.getIssuerX500Principal().getName();
                        int differenceDays = CertificateTaskHelper.getDifferenceDays(new Date(), notAfter);
                        switch (differenceDays) {
                            case 1:
                            case 7:
                            case 29:
                                sendAlert(differenceDays, name);
                                break;
                            case 60:
                                if (name2.toLowerCase().contains("o=let's encrypt")) {
                                    break;
                                } else {
                                    sendAlert(differenceDays, name);
                                    break;
                                }
                            default:
                                logger.info("Certificate {} is valid for {} days", name, Integer.valueOf(differenceDays));
                                break;
                        }
                    }
                    if (httpsURLConnection != null) {
                        httpsURLConnection.disconnect();
                    }
                    HttpsURLConnection.setDefaultSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
                } catch (Throwable th) {
                    if (httpsURLConnection != null) {
                        httpsURLConnection.disconnect();
                    }
                    HttpsURLConnection.setDefaultSSLSocketFactory((SSLSocketFactory) SSLSocketFactory.getDefault());
                    throw th;
                }
            }
        } catch (Exception e) {
            logger.warn("Cannot check certificate expiration date", e);
        }
    }

    private void sendAlert(int i, String str) {
        logger.warn("Certificate {} is valid for {} days", str, Integer.valueOf(i));
        try {
            Configuration configuration = new Configuration();
            configuration.setClassForTemplateLoading(getClass(), "/template");
            CertificateTaskHelper.Mail generateMail = CertificateTaskHelper.generateMail(i, str, configuration.getTemplate("CertificateExpired.ftl"), null);
            ServerSideServiceProvider provider = ServerSideServiceProvider.getProvider(SecurityContext.SYSTEM);
            CertificateTaskHelper.sendEmailToSubscriptionContacts(((ISystemConfiguration) provider.instance(ISystemConfiguration.class, new String[0])).getValues().stringValue(SysConfKeys.external_url.name()), (List) ((IDomains) provider.instance(IDomains.class, new String[0])).all().stream().map(itemValue -> {
                return ((Domain) itemValue.value).name;
            }).filter(str2 -> {
                return !str2.equals("global.virt");
            }).collect(Collectors.toList()), generateMail);
        } catch (IOException e) {
            throw new ServerFault(e);
        }
    }
}
