package net.bluemind.system.service.certificate;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import net.bluemind.config.InstallationId;
import net.bluemind.core.api.fault.ServerFault;
import net.bluemind.core.container.model.ItemValue;
import net.bluemind.core.container.service.internal.RBACManager;
import net.bluemind.core.rest.BmContext;
import net.bluemind.core.task.api.TaskRef;
import net.bluemind.core.task.service.ITasksManager;
import net.bluemind.domain.api.Domain;
import net.bluemind.server.api.IServer;
import net.bluemind.server.api.Server;
import net.bluemind.system.api.CertData;
import net.bluemind.system.api.ISecurityMgmt;
import net.bluemind.system.hook.ISystemHook;
import net.bluemind.system.iptables.UpdateFirewallRulesTask;
import net.bluemind.system.service.certificate.engine.CertifEngineFactory;
import net.bluemind.system.service.certificate.engine.ICertifEngine;
import net.bluemind.system.service.certificate.lets.encrypt.GenerateLetsEncryptCertTask;
import net.bluemind.system.service.certificate.lets.encrypt.LetsEncryptCertificate;
import net.bluemind.system.service.helper.SecurityCertificateHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/bluemind/system/service/certificate/SecurityMgmt.class */
public class SecurityMgmt implements ISecurityMgmt, IInCoreSecurityMgmt {
    private static final Logger logger = LoggerFactory.getLogger(SecurityMgmt.class);
    private BmContext context;
    private List<ISystemHook> hooks;
    private RBACManager rbac;
    private SecurityCertificateHelper systemHelper;

    public SecurityMgmt(BmContext bmContext, List<ISystemHook> list) {
        this.context = bmContext;
        this.hooks = list;
        this.rbac = new RBACManager(bmContext);
        this.systemHelper = new SecurityCertificateHelper(bmContext);
    }

    public TaskRef updateFirewallRules() {
        this.rbac.check(new String[]{"manageSystemConf"});
        return ((ITasksManager) this.context.provider().instance(ITasksManager.class, new String[0])).run(new UpdateFirewallRulesTask());
    }

    public void updateCertificate(CertData certData) {
        this.rbac.check(new String[]{"manageCertificate"});
        ICertifEngine iCertifEngine = CertifEngineFactory.get(certData, this.context);
        logger.info("update certificate with {} - {} ", iCertifEngine.getClass().getName(), certData.sslCertificateEngine);
        if (iCertifEngine.authorizeUpdate()) {
            iCertifEngine.doBeforeUpdate();
            iCertifEngine.certificateMgmt(getServers(), this.hooks);
        }
    }

    public TaskRef generateLetsEncrypt(CertData certData) throws ServerFault {
        this.rbac.check(new String[]{"manageCertificate"});
        ICertifEngine iCertifEngine = CertifEngineFactory.get(certData, this.context);
        iCertifEngine.authorizeLetsEncrypt();
        logger.info("generate let's encrypt certificate by {}", this.context.getSecurityContext().getSubject());
        return ((ITasksManager) this.context.provider().instance(ITasksManager.class, new String[0])).run(String.format("generateLetsEncrypt-%s", certData.domainUid), new GenerateLetsEncryptCertTask(new LetsEncryptCertificate(iCertifEngine, this.context), getServers(), this.hooks));
    }

    public String getLetsEncryptTos() throws ServerFault {
        return new LetsEncryptCertificate(this.context).getTermsOfService();
    }

    public void approveLetsEncryptTos(String str) throws ServerFault {
        this.rbac.check(new String[]{"manageCertificate"});
        new LetsEncryptCertificate(this.context).approveTermsOfService(str);
    }

    @Override // net.bluemind.system.service.certificate.IInCoreSecurityMgmt
    public Map<String, ItemValue<Domain>> getLetsEncryptDomainExternalUrls() {
        return getDomainExternalUrlsMap(true);
    }

    @Override // net.bluemind.system.service.certificate.IInCoreSecurityMgmt
    public Map<String, ItemValue<Domain>> getDomainExternalUrls() {
        return getDomainExternalUrlsMap(false);
    }

    private Map<String, ItemValue<Domain>> getDomainExternalUrlsMap(boolean z) {
        HashMap hashMap = new HashMap();
        this.systemHelper.getDomainService().all().forEach(itemValue -> {
            CertifEngineFactory.get(itemValue.uid).ifPresent(iCertifEngine -> {
                if (iCertifEngine == null) {
                    return;
                }
                if (z) {
                    try {
                        iCertifEngine.authorizeLetsEncrypt();
                    } catch (ServerFault unused) {
                        return;
                    }
                }
                Optional.ofNullable(this.systemHelper.getExternalUrl(itemValue.uid)).ifPresent(str -> {
                    hashMap.put(str, itemValue);
                });
            });
        });
        return hashMap;
    }

    private List<ItemValue<Server>> getServers() {
        List<ItemValue<Server>> allComplete = ((IServer) this.context.provider().instance(IServer.class, new String[]{InstallationId.getIdentifier()})).allComplete();
        logger.info("{} Servers found", Integer.valueOf(allComplete.size()));
        return allComplete;
    }
}
