package com.gitlab.credit_reference_platform.crp.gateway.icl.service.impl;

import com.gitlab.credit_reference_platform.crp.gateway.acctmgmt.enum_type.SecretSubType;
import com.gitlab.credit_reference_platform.crp.gateway.acctmgmt.service.ICertificateSecretService;
import com.gitlab.credit_reference_platform.crp.gateway.encryption.utils.CRPEncryptionUtils;
import com.gitlab.credit_reference_platform.crp.gateway.exception.ServiceException;
import com.gitlab.credit_reference_platform.crp.gateway.icl.constant.CRPServiceApiResponseCode;
import com.gitlab.credit_reference_platform.crp.gateway.icl.dao.FileRecordDAO;
import com.gitlab.credit_reference_platform.crp.gateway.icl.dto.FileSymmetricKeyDTO;
import com.gitlab.credit_reference_platform.crp.gateway.icl.dto.ParticipantCertificateDTO;
import com.gitlab.credit_reference_platform.crp.gateway.icl.entity.FileRecord;
import com.gitlab.credit_reference_platform.crp.gateway.icl.enum_type.FileCategory;
import com.gitlab.credit_reference_platform.crp.gateway.icl.message.model.common.EncryptedSymmetricKey;
import com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPConfigurationService;
import com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService;
import com.gitlab.credit_reference_platform.crp.gateway.icl.service.IParticipantService;
import com.gitlab.credit_reference_platform.crp.gateway.messageformat.NamedMessageFormat;
import com.gitlab.vincenthung.commons.security.certificate.reader.CertificateReaderException;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.text.MessageFormat;
import java.time.Instant;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.UUID;
import java.util.regex.Pattern;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.StringUtils;

@Transactional(readOnly = true)
@Service
/* loaded from: input_file:BOOT-INF/lib/crp-gateway-icl-crp-service-2.1.1.jar:com/gitlab/credit_reference_platform/crp/gateway/icl/service/impl/CRPFileServiceImpl.class */
public class CRPFileServiceImpl implements ICRPFileService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) CRPFileServiceImpl.class);

    @Autowired
    private ICRPConfigurationService crpConfigurationService;

    @Autowired
    private ICertificateSecretService certificateSecretService;

    @Autowired
    private IParticipantService participantService;

    @Autowired
    private FileRecordDAO fileRecordDAO;

    @Override // com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService
    @Transactional(readOnly = false, propagation = Propagation.SUPPORTS, rollbackFor = {Throwable.class})
    public void updateFileVersion(String str, Integer num) throws ServiceException {
        FileRecord findByFileName = this.fileRecordDAO.findByFileName(str);
        if (findByFileName == null) {
            throw new ServiceException(CRPServiceApiResponseCode.RECORD_NOT_FOUND_ON_FILE_NAME, "File record not found for updateFileVersion");
        }
        findByFileName.setFileVersion(num);
        this.fileRecordDAO.save(findByFileName);
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService
    public List<EncryptedSymmetricKey> encryptSymmetricKeys(byte[] bArr, List<String> list) throws ServiceException {
        ArrayList arrayList = new ArrayList();
        for (String str : list) {
            ParticipantCertificateDTO participantEncryptionCertificate = this.participantService.getParticipantEncryptionCertificate(str);
            if (participantEncryptionCertificate == null) {
                throw new ServiceException(CRPServiceApiResponseCode.PARTICIPANT_CERT_NOT_FOUND, "Encryption certificate not found for participant: " + str);
            }
            try {
                X509Certificate encryptionCertificate = participantEncryptionCertificate.getEncryptionCertificate();
                if (encryptionCertificate == null) {
                    throw new ServiceException(CRPServiceApiResponseCode.PARTICIPANT_CERT_NOT_FOUND, "Encryption certificate not found for participant: " + str);
                }
                EncryptedSymmetricKey encryptedSymmetricKey = new EncryptedSymmetricKey();
                encryptedSymmetricKey.setEncKey(CRPEncryptionUtils.encryptSymKeyAndBase64Encode(encryptionCertificate.getPublicKey(), bArr));
                encryptedSymmetricKey.setTo(str);
                encryptedSymmetricKey.setPubCert(participantEncryptionCertificate.getEncodedCertificate());
                arrayList.add(encryptedSymmetricKey);
            } catch (CertificateReaderException e) {
                log.error("Failed to read the certificate of participant: [{}]", str, e);
                throw new ServiceException(CRPServiceApiResponseCode.PARTICIPANT_CERT_FORMAT_INCORRECT, "Encryption certificate format incorrect of participant: " + str, e);
            }
        }
        return arrayList;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService
    public FileSymmetricKeyDTO extractSymmetricKey(List<EncryptedSymmetricKey> list) throws ServiceException {
        String participantCode = this.crpConfigurationService.getParticipantCode();
        if (list == null || list.isEmpty()) {
            return null;
        }
        for (EncryptedSymmetricKey encryptedSymmetricKey : list) {
            if (participantCode.equals(encryptedSymmetricKey.getTo())) {
                KeyStore.PrivateKeyEntry activePrivateKeyEntry = this.certificateSecretService.getActivePrivateKeyEntry(SecretSubType.ENCRYPTION_CERTIFICATE);
                String encKey = encryptedSymmetricKey.getEncKey();
                FileSymmetricKeyDTO fileSymmetricKeyDTO = new FileSymmetricKeyDTO();
                fileSymmetricKeyDTO.setPassphrase(CRPEncryptionUtils.base64DecodeAndDecryptSymKey(activePrivateKeyEntry.getPrivateKey(), encKey));
                fileSymmetricKeyDTO.setType("AES");
                return fileSymmetricKeyDTO;
            }
        }
        return null;
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService
    public String getFileName(FileCategory fileCategory) throws ServiceException {
        return getFileName(fileCategory, Instant.now(), null);
    }

    @Override // com.gitlab.credit_reference_platform.crp.gateway.icl.service.ICRPFileService
    public String getFileName(FileCategory fileCategory, Instant instant, String str) throws ServiceException {
        DateTimeFormatter withZone = DateTimeFormatter.ofPattern("yyyyMMddHHmmss").withZone(ZoneId.systemDefault());
        if (instant == null) {
            instant = Instant.now();
        }
        if (!StringUtils.hasText(str)) {
            str = generateFileRemark();
        }
        if (str.length() > 11 || !validateFileRemarks(str)) {
            throw new ServiceException(CRPServiceApiResponseCode.INVALID_FILE_REMARK, MessageFormat.format("Invalid file remarks [{0}]", str));
        }
        HashMap hashMap = new HashMap();
        hashMap.put("fileCategory", fileCategory.getCategoryCode());
        hashMap.put("participantCode", this.crpConfigurationService.getParticipantCode());
        hashMap.put("creationDate", withZone.format(instant));
        hashMap.put("others", str);
        return NamedMessageFormat.format("F{fileCategory}{participantCode}{creationDate}{others}", hashMap);
    }

    private String generateFileRemark() {
        return UUID.randomUUID().toString().substring(25);
    }

    private boolean validateFileRemarks(String str) {
        return Pattern.matches("^[a-zA-Z0-9\\.]{0,11}$", str);
    }
}
