package org.graylog2.cluster.certificates;

import com.mongodb.client.MongoCollection;
import com.mongodb.client.MongoDatabase;
import com.mongodb.client.model.Filters;
import com.mongodb.client.model.IndexOptions;
import com.mongodb.client.model.Indexes;
import com.mongodb.client.model.UpdateOptions;
import com.mongodb.client.model.Updates;
import com.mongodb.client.result.UpdateResult;
import java.util.Optional;
import javax.inject.Inject;
import org.bson.Document;
import org.bson.conversions.Bson;
import org.graylog.security.certutil.keystore.storage.location.KeystoreMongoCollection;
import org.graylog.security.certutil.keystore.storage.location.KeystoreMongoCollections;
import org.graylog.security.certutil.keystore.storage.location.KeystoreMongoLocation;
import org.graylog2.database.MongoConnection;
import org.graylog2.security.encryption.EncryptedValue;
import org.graylog2.security.encryption.EncryptedValueService;

/* loaded from: input_file:org/graylog2/cluster/certificates/CertificatesService.class */
public class CertificatesService {
    private static final String ENCRYPTED_VALUE_SUBFIELD = "encrypted_value";
    private static final String SALT_SUBFIELD = "salt";
    private final MongoDatabase mongoDatabase;
    private final EncryptedValueService encryptionService;

    @Inject
    public CertificatesService(MongoConnection mongoConnection, EncryptedValueService encryptedValueService) {
        this.mongoDatabase = mongoConnection.getMongoDatabase();
        this.encryptionService = encryptedValueService;
        KeystoreMongoCollections.ALL_KEYSTORE_COLLECTIONS.forEach(keystoreMongoCollection -> {
            this.mongoDatabase.getCollection(keystoreMongoCollection.collectionName()).createIndex(Indexes.ascending(new String[]{keystoreMongoCollection.identifierField()}), new IndexOptions().unique(true));
        });
    }

    public boolean writeCert(KeystoreMongoLocation keystoreMongoLocation, String str) {
        KeystoreMongoCollection collection = keystoreMongoLocation.collection();
        MongoCollection collection2 = this.mongoDatabase.getCollection(collection.collectionName());
        EncryptedValue encrypt = this.encryptionService.encrypt(str);
        UpdateResult updateOne = collection2.updateOne(Filters.eq(collection.identifierField(), keystoreMongoLocation.nodeId()), Updates.combine(new Bson[]{Updates.set(collection.identifierField(), keystoreMongoLocation.nodeId()), Updates.set(collection.encryptedCertificateField() + ".encrypted_value", encrypt.value()), Updates.set(collection.encryptedCertificateField() + ".salt", encrypt.salt())}), new UpdateOptions().upsert(true));
        return updateOne.getModifiedCount() > 0 || updateOne.getUpsertedId() != null;
    }

    public boolean hasCert(KeystoreMongoLocation keystoreMongoLocation) {
        KeystoreMongoCollection collection = keystoreMongoLocation.collection();
        Document document = (Document) this.mongoDatabase.getCollection(collection.collectionName()).find(Filters.eq(collection.identifierField(), keystoreMongoLocation.nodeId())).first();
        return (document == null || ((Document) document.get(collection.encryptedCertificateField(), Document.class)) == null) ? false : true;
    }

    public Optional<String> readCert(KeystoreMongoLocation keystoreMongoLocation) {
        Document document;
        KeystoreMongoCollection collection = keystoreMongoLocation.collection();
        Document document2 = (Document) this.mongoDatabase.getCollection(collection.collectionName()).find(Filters.eq(collection.identifierField(), keystoreMongoLocation.nodeId())).first();
        return (document2 == null || (document = (Document) document2.get(collection.encryptedCertificateField(), Document.class)) == null) ? Optional.empty() : Optional.ofNullable(this.encryptionService.decrypt(EncryptedValue.builder().value(document.getString(ENCRYPTED_VALUE_SUBFIELD)).salt(document.getString(SALT_SUBFIELD)).isDeleteValue(false).isKeepValue(false).build()));
    }

    public boolean removeCert(KeystoreMongoLocation keystoreMongoLocation) {
        KeystoreMongoCollection collection = keystoreMongoLocation.collection();
        return this.mongoDatabase.getCollection(collection.collectionName()).deleteOne(Filters.eq(collection.identifierField(), keystoreMongoLocation.nodeId())).getDeletedCount() > 0;
    }
}
