package com.cumulocity.opcua.client.gateway.identitiy;

import c8y.ua.IdentityConfig;
import com.cumulocity.opcua.client.IdentityTools;
import com.cumulocity.opcua.client.Tools;
import com.cumulocity.opcua.client.gateway.encryption.EncryptionService;
import com.prosysopc.ua.stack.transport.security.KeyPair;
import com.prosysopc.ua.stack.utils.CertificateUtils;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/classes/com/cumulocity/opcua/client/gateway/identitiy/IdentityToolsImpl.class */
public class IdentityToolsImpl implements IdentityTools {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) IdentityToolsImpl.class);

    @Value("${gateway.applicationIdentity.validityTime:3650}")
    private int validityTime;

    @Autowired
    private EncryptionService encryptionService;

    @Override // com.cumulocity.opcua.client.IdentityTools
    public IdentityConfig generateApplicationIdentityConfig() throws IOException, GeneralSecurityException {
        IdentityConfig identityConfig = new IdentityConfig();
        KeyPair createApplicationInstanceCertificate = CertificateUtils.createApplicationInstanceCertificate("cumulocity-opcua-gateway", "cumulocity", Tools.APP_URN, this.validityTime, new String[0]);
        identityConfig.setCert(new String(Base64.getEncoder().encode(createApplicationInstanceCertificate.getCertificate().getEncoded())));
        identityConfig.setPk(encryptPrivateKey(createApplicationInstanceCertificate.getPrivateKey().getEncodedPrivateKey()).orElseThrow(GeneralSecurityException::new));
        identityConfig.setPkIsAESGCMEncrypted(Boolean.TRUE);
        return identityConfig;
    }

    @Override // com.cumulocity.opcua.client.IdentityTools
    public Optional<String> encryptPrivateKey(byte[] bArr) {
        try {
            return Optional.of(EncryptionService.encryptAESGCM(this.encryptionService.getPasswordFromCredentials(), this.encryptionService.fetchSalt(), this.encryptionService.fetchIv(), bArr));
        } catch (Exception e) {
            log.error("Error while encrypting private key");
            return Optional.empty();
        }
    }
}
