package com.helger.phoss.smp.ui.secure;

import com.helger.commons.annotation.Nonempty;
import com.helger.commons.datetime.PDTFactory;
import com.helger.commons.datetime.PDTFromString;
import com.helger.commons.datetime.PDTToString;
import com.helger.commons.state.EValidity;
import com.helger.commons.state.IValidityIndicator;
import com.helger.commons.string.StringHelper;
import com.helger.html.hc.html.forms.HCTextArea;
import com.helger.html.hc.html.grouping.HCDiv;
import com.helger.html.hc.html.textlevel.HCSpan;
import com.helger.html.hc.impl.HCNodeList;
import com.helger.peppol.sml.ISMLInfo;
import com.helger.peppol.smlclient.BDMSLClient;
import com.helger.phoss.smp.domain.SMPMetaManager;
import com.helger.phoss.smp.security.SMPKeyManager;
import com.helger.phoss.smp.ui.AbstractSMPWebPage;
import com.helger.phoss.smp.ui.SMPCommonUI;
import com.helger.photon.audit.AuditHelper;
import com.helger.photon.bootstrap4.alert.BootstrapErrorBox;
import com.helger.photon.bootstrap4.alert.BootstrapSuccessBox;
import com.helger.photon.bootstrap4.buttongroup.BootstrapButtonToolbar;
import com.helger.photon.bootstrap4.form.BootstrapForm;
import com.helger.photon.bootstrap4.form.BootstrapFormGroup;
import com.helger.photon.bootstrap4.pages.BootstrapWebPageUIHandler;
import com.helger.photon.bootstrap4.uictrls.datetimepicker.BootstrapDateTimePicker;
import com.helger.photon.core.execcontext.ILayoutExecutionContext;
import com.helger.photon.core.form.FormErrorList;
import com.helger.photon.core.form.RequestField;
import com.helger.photon.uicore.css.CPageParam;
import com.helger.photon.uicore.page.WebPageExecutionContext;
import com.helger.security.certificate.CertificateHelper;
import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.LocalDate;
import java.time.OffsetDateTime;
import java.time.chrono.ChronoLocalDate;
import java.util.Locale;
import javax.annotation.Nonnull;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/phoss-smp-webapp-7.2.6.jar:com/helger/phoss/smp/ui/secure/PageSecureSMLCertificateUpdate.class */
public class PageSecureSMLCertificateUpdate extends AbstractSMPWebPage {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) PageSecureSMLCertificateUpdate.class);
    private static final String FIELD_PM_MIGRATION_DATE = "pmmigdate";
    private static final String FIELD_PM_PUBLIC_CERT = "pmpubcert";
    private static final String SUBACTION_SMP_UPDATE_CERT = "smpupdatecert";

    public PageSecureSMLCertificateUpdate(@Nonnull @Nonempty String str) {
        super(str, "SML certificate update");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.helger.photon.uicore.page.AbstractWebPage
    public IValidityIndicator isValidToDisplayPage(@Nonnull WebPageExecutionContext webPageExecutionContext) {
        if (SMPMetaManager.getSettings().getSMLInfo() == null) {
            webPageExecutionContext.getNodeList().addChild((HCNodeList) warn("This page cannot be shown because the SML configuration is invalid."));
            return EValidity.INVALID;
        }
        if (SMPKeyManager.isKeyStoreValid()) {
            return super.isValidToDisplayPage((PageSecureSMLCertificateUpdate) webPageExecutionContext);
        }
        webPageExecutionContext.getNodeList().addChild((HCNodeList) warn("This page cannot be shown because the overall keystore configuration is invalid."));
        return EValidity.INVALID;
    }

    /* JADX WARN: Multi-variable type inference failed */
    private void _updateSMPCertAtSML(@Nonnull WebPageExecutionContext webPageExecutionContext, @Nonnull FormErrorList formErrorList) {
        HCNodeList nodeList = webPageExecutionContext.getNodeList();
        Locale displayLocale = webPageExecutionContext.getDisplayLocale();
        LocalDate currentLocalDate = PDTFactory.getCurrentLocalDate();
        String asStringTrimmed = webPageExecutionContext.params().getAsStringTrimmed(FIELD_PM_MIGRATION_DATE);
        LocalDate localDateFromString = PDTFromString.getLocalDateFromString(asStringTrimmed, displayLocale);
        String asStringTrimmed2 = webPageExecutionContext.params().getAsStringTrimmed(FIELD_PM_PUBLIC_CERT);
        X509Certificate x509Certificate = null;
        ISMLInfo sMLInfo = SMPMetaManager.getSettings().getSMLInfo();
        if (StringHelper.hasText(asStringTrimmed)) {
            if (localDateFromString == null) {
                formErrorList.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date '" + asStringTrimmed + "' is invalid!");
            } else if (localDateFromString.compareTo((ChronoLocalDate) currentLocalDate) <= 0) {
                formErrorList.addFieldError(FIELD_PM_MIGRATION_DATE, "The certificate migration date must be in the future!");
            }
        }
        if (StringHelper.hasNoText(asStringTrimmed2)) {
            formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "A new public certificate must be provided.");
        } else {
            try {
                x509Certificate = CertificateHelper.convertStringToCertficate(asStringTrimmed2);
            } catch (CertificateException e) {
            }
            if (x509Certificate == null) {
                formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate cannot be parsed as a X.509 certificate.");
            } else {
                try {
                    x509Certificate.checkValidity();
                } catch (CertificateExpiredException e2) {
                    formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate is already expired!");
                    x509Certificate = null;
                } catch (CertificateNotYetValidException e3) {
                }
                if (!asStringTrimmed2.startsWith(CertificateHelper.BEGIN_CERTIFICATE)) {
                    formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must start with '-----BEGIN CERTIFICATE-----' (without the quotes)");
                }
                if (!asStringTrimmed2.endsWith(CertificateHelper.END_CERTIFICATE)) {
                    formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "The provided public certificate value must end with '-----END CERTIFICATE-----' (without the quotes)");
                }
            }
        }
        if (x509Certificate != null) {
            LocalDate createLocalDate = PDTFactory.createLocalDate(x509Certificate.getNotBefore());
            LocalDate createLocalDate2 = PDTFactory.createLocalDate(x509Certificate.getNotAfter());
            if (localDateFromString != null) {
                if (localDateFromString.isBefore(createLocalDate)) {
                    formErrorList.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(localDateFromString, displayLocale) + " must not be before the certificate NotBefore date " + PDTToString.getAsString(createLocalDate, displayLocale) + "!");
                }
                if (localDateFromString.isAfter(createLocalDate2)) {
                    formErrorList.addFieldError(FIELD_PM_MIGRATION_DATE, "The provided certificate migration date " + PDTToString.getAsString(localDateFromString, displayLocale) + " must not be after the certificate NotAfter date " + PDTToString.getAsString(createLocalDate2, displayLocale) + "!");
                }
            } else if (createLocalDate.compareTo((ChronoLocalDate) currentLocalDate) <= 0) {
                formErrorList.addFieldError(FIELD_PM_PUBLIC_CERT, "The effective certificate migration date (" + PDTToString.getAsString(createLocalDate, displayLocale) + " - taken from the new public certificate) must be in the future!");
            }
        }
        if (!formErrorList.isEmpty()) {
            nodeList.addChild((HCNodeList) BootstrapWebPageUIHandler.INSTANCE.createIncorrectInputBox((ILayoutExecutionContext) webPageExecutionContext));
            return;
        }
        try {
            BDMSLClient bDMSLClient = new BDMSLClient(sMLInfo);
            bDMSLClient.setSSLSocketFactory(SMPKeyManager.getInstance().createSSLContext().getSocketFactory());
            bDMSLClient.prepareChangeCertificate(asStringTrimmed2, localDateFromString);
            OffsetDateTime currentOffsetDateTime = PDTFactory.getCurrentOffsetDateTime();
            OffsetDateTime createOffsetDateTime = PDTFactory.createOffsetDateTime(x509Certificate.getNotBefore());
            OffsetDateTime createOffsetDateTime2 = PDTFactory.createOffsetDateTime(x509Certificate.getNotAfter());
            String str = "Successfully prepared migration of SMP certificate at SML '" + sMLInfo.getManagementServiceURL() + "' to be exchanged at " + PDTToString.getAsString(localDateFromString != null ? localDateFromString : createOffsetDateTime.toLocalDate(), displayLocale) + ".";
            LOGGER.info(str);
            nodeList.addChild((HCNodeList) ((BootstrapSuccessBox) ((BootstrapSuccessBox) ((BootstrapSuccessBox) ((BootstrapSuccessBox) ((BootstrapSuccessBox) success().addChild((BootstrapSuccessBox) div(str))).addChild((BootstrapSuccessBox) div("Issuer: " + SMPCommonUI.getCertIssuer(x509Certificate)))).addChild((BootstrapSuccessBox) div("Subject: " + SMPCommonUI.getCertSubject(x509Certificate)))).addChild((BootstrapSuccessBox) div("Serial number: " + SMPCommonUI.getCertSerialNumber(x509Certificate)))).addChild((BootstrapSuccessBox) div("Not before: ").addChild((HCDiv) SMPCommonUI.getNodeCertNotBefore(createOffsetDateTime, currentOffsetDateTime, displayLocale)))).addChild((BootstrapSuccessBox) div("Not after: ").addChild((HCDiv) SMPCommonUI.getNodeCertNotAfter(createOffsetDateTime2, currentOffsetDateTime, displayLocale))));
            AuditHelper.onAuditExecuteSuccess("smp-sml-update-cert", sMLInfo.getManagementServiceURL(), asStringTrimmed2, localDateFromString);
        } catch (Exception e4) {
            String str2 = "Error preparing migration of SMP certificate at SML '" + sMLInfo.getManagementServiceURL() + "'.";
            LOGGER.error(str2, (Throwable) e4);
            nodeList.addChild((HCNodeList) error(str2).addChild((BootstrapErrorBox) SMPCommonUI.getTechnicalDetailsUI(e4)));
            AuditHelper.onAuditExecuteFailure("smp-sml-update-cert", sMLInfo.getManagementServiceURL(), asStringTrimmed2, localDateFromString, e4.getClass(), e4.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.helger.photon.uicore.page.AbstractWebPage
    public void fillContent(@Nonnull WebPageExecutionContext webPageExecutionContext) {
        HCNodeList nodeList = webPageExecutionContext.getNodeList();
        Locale displayLocale = webPageExecutionContext.getDisplayLocale();
        FormErrorList formErrorList = new FormErrorList();
        nodeList.addChild((HCNodeList) info().addChildren(div("Prepare the update of your SMP certificate in the future."), div("Note: this is a custom SML extension that only works with the CEF SML instances!")));
        nodeList.addChild((HCNodeList) warn("This step MUST be performed with the old SMP certificate installed, as long as it is valid"));
        boolean z = true;
        X509Certificate privateKeyCertificate = SMPKeyManager.getInstance().getPrivateKeyCertificate();
        if (privateKeyCertificate != null) {
            try {
                privateKeyCertificate.checkValidity();
                nodeList.addChild((HCNodeList) success("Your SMP certificate is still valid until " + PDTToString.getAsString(PDTFactory.createLocalDateTime(privateKeyCertificate.getNotAfter()), displayLocale) + "."));
            } catch (CertificateExpiredException e) {
                nodeList.addChild((HCNodeList) error("Your SMP certificate is already expired. This functionality works only if your SMP certificate is NOT expired yet. Please contact EC-EDELIVERY-SUPPORT@ec.europa.eu with your SMP ID, the new certificate and the requested exchange date!"));
                z = false;
            } catch (CertificateNotYetValidException e2) {
                nodeList.addChild((HCNodeList) warn("Your SMP certificate is not valid yet. For this page to work you need to have your old certificate (the one that will expire soon) configured. Most likely the certificate change will not work."));
            }
        }
        if (webPageExecutionContext.hasAction(CPageParam.ACTION_PERFORM) && webPageExecutionContext.hasSubAction(SUBACTION_SMP_UPDATE_CERT)) {
            _updateSMPCertAtSML(webPageExecutionContext, formErrorList);
        }
        if (z) {
            BootstrapForm createFormFileUploadSelf = getUIHandler().createFormFileUploadSelf(webPageExecutionContext);
            createFormFileUploadSelf.setLeft(-1, -1, 12, -1, 2);
            createFormFileUploadSelf.addChild((BootstrapForm) warn("It is your responsibility to actually perform the update of the certificate in this SMP at the specified time! This does NOT happen automatically."));
            BootstrapDateTimePicker create = BootstrapDateTimePicker.create(FIELD_PM_MIGRATION_DATE, (LocalDate) null, displayLocale);
            create.setMinDate(PDTFactory.getCurrentLocalDate().plusDays(1L));
            createFormFileUploadSelf.addFormGroup(new BootstrapFormGroup().setLabel("Certificate migration date").setCtrl(create).setHelpText("The SML will replace the certificate at this date at 02:00am Brussels Time. It must be in the future and within the validity period of the provided new public certificate. If not provided, the 'valid from' part of the new certificate is used.").setErrorList(formErrorList.getListOfField(FIELD_PM_MIGRATION_DATE)));
            createFormFileUploadSelf.addFormGroup(new BootstrapFormGroup().setLabelMandatory("New public certificate").setCtrl(new HCTextArea(new RequestField(FIELD_PM_PUBLIC_CERT)).setRows(10)).setHelpText(((HCSpan) ((HCSpan) span("Paste the public part of your new certificate here (using PEM encoding). Do NOT paste your new private key here. Must start with ").addChild((HCSpan) code(CertificateHelper.BEGIN_CERTIFICATE))).addChild(" and end with ")).addChild((HCSpan) code(CertificateHelper.END_CERTIFICATE))).setErrorList(formErrorList.getListOfField(FIELD_PM_PUBLIC_CERT)));
            BootstrapButtonToolbar bootstrapButtonToolbar = (BootstrapButtonToolbar) createFormFileUploadSelf.addAndReturnChild(new BootstrapButtonToolbar(webPageExecutionContext));
            bootstrapButtonToolbar.addHiddenField(CPageParam.PARAM_ACTION, CPageParam.ACTION_PERFORM);
            bootstrapButtonToolbar.addHiddenField(CPageParam.PARAM_SUBACTION, SUBACTION_SMP_UPDATE_CERT);
            bootstrapButtonToolbar.addSubmitButton("Prepare certificate update");
            nodeList.addChild((HCNodeList) createFormFileUploadSelf);
        }
    }
}
