package com.liferay.saml.web.internal.portlet.action;

import com.liferay.portal.kernel.portlet.bridges.mvc.BaseMVCActionCommand;
import com.liferay.portal.kernel.portlet.bridges.mvc.MVCActionCommand;
import com.liferay.portal.kernel.servlet.SessionErrors;
import com.liferay.portal.kernel.util.ParamUtil;
import com.liferay.portal.kernel.util.PropertiesParamUtil;
import com.liferay.portal.kernel.util.UnicodeProperties;
import com.liferay.portal.kernel.util.Validator;
import com.liferay.saml.runtime.certificate.CertificateEntityId;
import com.liferay.saml.runtime.certificate.CertificateTool;
import com.liferay.saml.runtime.configuration.SamlProviderConfigurationHelper;
import com.liferay.saml.runtime.credential.KeyStoreManager;
import com.liferay.saml.runtime.exception.CertificateKeyPasswordException;
import com.liferay.saml.runtime.metadata.LocalEntityManager;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import javax.portlet.ActionRequest;
import javax.portlet.ActionResponse;
import org.osgi.service.component.annotations.Component;
import org.osgi.service.component.annotations.Reference;

@Component(configurationPid = {"com.liferay.saml.runtime.configuration.SamlKeyStoreManagerConfiguration"}, immediate = true, property = {"javax.portlet.name=com_liferay_saml_web_internal_portlet_SamlAdminPortlet", "mvc.command.name=/admin/updateCertificate"}, service = {MVCActionCommand.class})
/* loaded from: input_file:com/liferay/saml/web/internal/portlet/action/UpdateCertificateMVCActionCommand.class */
public class UpdateCertificateMVCActionCommand extends BaseMVCActionCommand {
    private static final String _SHA1_PREFIX = "SHA1with";

    @Reference
    private CertificateTool _certificateTool;

    @Reference(name = "KeyStoreManager", target = "(default=true)")
    private KeyStoreManager _keyStoreManager;

    @Reference
    private LocalEntityManager _localEntityManager;

    @Reference
    private SamlProviderConfigurationHelper _samlProviderConfigurationHelper;

    protected void authenticateCertificate(ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
        this._samlProviderConfigurationHelper.updateProperties(PropertiesParamUtil.getProperties(actionRequest, "settings--"));
        try {
            actionRequest.setAttribute("SAML_X509_CERTIFICATE", this._localEntityManager.getLocalEntityCertificate());
        } catch (Exception e) {
            SessionErrors.add(actionRequest, CertificateKeyPasswordException.class);
        }
        actionResponse.setRenderParameter("mvcRenderCommandName", "/admin/updateCertificate");
    }

    protected void doProcessAction(ActionRequest actionRequest, ActionResponse actionResponse) throws Exception {
        String str = ParamUtil.get(actionRequest, "cmd", "auth");
        if (str.equals("auth")) {
            authenticateCertificate(actionRequest, actionResponse);
        } else if (str.equals("replace")) {
            replaceCertificate(actionRequest);
        }
    }

    protected void replaceCertificate(ActionRequest actionRequest) throws Exception {
        UnicodeProperties properties = PropertiesParamUtil.getProperties(actionRequest, "settings--");
        String localEntityId = this._localEntityManager.getLocalEntityId();
        String property = properties.getProperty("saml.keystore.credential.password");
        if (Validator.isNull(property)) {
            throw new CertificateKeyPasswordException();
        }
        String string = ParamUtil.getString(actionRequest, "certificateCommonName");
        String string2 = ParamUtil.getString(actionRequest, "certificateOrganization");
        String string3 = ParamUtil.getString(actionRequest, "certificateOrganizationUnit");
        String string4 = ParamUtil.getString(actionRequest, "certificateLocality");
        String string5 = ParamUtil.getString(actionRequest, "certificateState");
        String string6 = ParamUtil.getString(actionRequest, "certificateCountry");
        String string7 = ParamUtil.getString(actionRequest, "certificateKeyAlgorithm");
        KeyPair generateKeyPair = this._certificateTool.generateKeyPair(string7, ParamUtil.getInteger(actionRequest, "certificateKeyLength"));
        Calendar calendar = Calendar.getInstance();
        int integer = ParamUtil.getInteger(actionRequest, "certificateValidityDays");
        if (integer == 0) {
            SessionErrors.add(actionRequest, "certificateValidityDays");
            return;
        }
        Calendar calendar2 = (Calendar) calendar.clone();
        calendar2.add(6, integer);
        if (calendar2.get(1) > 9999) {
            SessionErrors.add(actionRequest, "certificateValidityDays");
            return;
        }
        CertificateEntityId certificateEntityId = new CertificateEntityId(string, string2, string3, string4, string5, string6);
        X509Certificate generateCertificate = this._certificateTool.generateCertificate(generateKeyPair, certificateEntityId, certificateEntityId, calendar.getTime(), calendar2.getTime(), _SHA1_PREFIX + string7);
        KeyStore.PrivateKeyEntry privateKeyEntry = new KeyStore.PrivateKeyEntry(generateKeyPair.getPrivate(), new Certificate[]{generateCertificate});
        KeyStore keyStore = this._keyStoreManager.getKeyStore();
        keyStore.setEntry(localEntityId, privateKeyEntry, new KeyStore.PasswordProtection(property.toCharArray()));
        this._keyStoreManager.saveKeyStore(keyStore);
        this._samlProviderConfigurationHelper.updateProperties(properties);
        actionRequest.setAttribute("SAML_X509_CERTIFICATE", generateCertificate);
    }
}
