package com.google.cloud.alloydb;

import com.google.api.gax.rpc.ApiException;
import com.google.cloud.alloydb.v1beta.AlloyDBAdminClient;
import com.google.cloud.alloydb.v1beta.GenerateClientCertificateRequest;
import com.google.cloud.alloydb.v1beta.GenerateClientCertificateResponse;
import com.google.cloud.alloydb.v1beta.InstanceName;
import com.google.protobuf.ByteString;
import com.google.protobuf.Duration;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringWriter;
import java.security.KeyPair;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Future;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.openssl.jcajce.JcaPEMWriter;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.pkcs.PKCS10CertificationRequest;
import org.bouncycastle.pkcs.jcajce.JcaPKCS10CertificationRequestBuilder;
import org.bouncycastle.util.io.pem.PemObject;

/* loaded from: input_file:com/google/cloud/alloydb/DefaultConnectionInfoRepository.class */
class DefaultConnectionInfoRepository implements ConnectionInfoRepository {
    private static final String CERTIFICATE_REQUEST = "CERTIFICATE REQUEST";
    private static final String SHA_256_WITH_RSA = "SHA256WithRSA";
    private static final String X_509 = "X.509";
    private final ExecutorService executor;
    private final AlloyDBAdminClient alloyDBAdminClient;

    /* JADX INFO: Access modifiers changed from: package-private */
    public DefaultConnectionInfoRepository(ExecutorService executorService, AlloyDBAdminClient alloyDBAdminClient) {
        this.executor = executorService;
        this.alloyDBAdminClient = alloyDBAdminClient;
    }

    @Override // com.google.cloud.alloydb.ConnectionInfoRepository
    public ConnectionInfo getConnectionInfo(InstanceName instanceName, KeyPair keyPair) throws ExecutionException, InterruptedException, CertificateException, ApiException {
        Future submit = this.executor.submit(() -> {
            return getConnectionInfo(instanceName);
        });
        Future submit2 = this.executor.submit(() -> {
            return getGenerateClientCertificateResponse(instanceName, keyPair);
        });
        com.google.cloud.alloydb.v1beta.ConnectionInfo connectionInfo = (com.google.cloud.alloydb.v1beta.ConnectionInfo) submit.get();
        GenerateClientCertificateResponse generateClientCertificateResponse = (GenerateClientCertificateResponse) submit2.get();
        X509Certificate parseCertificate = parseCertificate(generateClientCertificateResponse.getPemCertificateBytes());
        List asByteStringList = generateClientCertificateResponse.getPemCertificateChainList().asByteStringList();
        ArrayList arrayList = new ArrayList();
        Iterator it = asByteStringList.iterator();
        while (it.hasNext()) {
            arrayList.add(parseCertificate((ByteString) it.next()));
        }
        return new ConnectionInfo(connectionInfo.getIpAddress(), connectionInfo.getInstanceUid(), parseCertificate, arrayList);
    }

    private com.google.cloud.alloydb.v1beta.ConnectionInfo getConnectionInfo(InstanceName instanceName) {
        return this.alloyDBAdminClient.getConnectionInfo(instanceName);
    }

    private GenerateClientCertificateResponse getGenerateClientCertificateResponse(InstanceName instanceName, KeyPair keyPair) {
        StringWriter stringWriter = new StringWriter();
        try {
            PemObject pemObject = new PemObject(CERTIFICATE_REQUEST, createPKCS10(keyPair).getEncoded());
            JcaPEMWriter jcaPEMWriter = new JcaPEMWriter(stringWriter);
            jcaPEMWriter.writeObject(pemObject);
            jcaPEMWriter.close();
            return this.alloyDBAdminClient.generateClientCertificate(GenerateClientCertificateRequest.newBuilder().setParent(getParent(instanceName)).setCertDuration(Duration.newBuilder().setSeconds(3600L)).setPemCsr(stringWriter.toString()).build());
        } catch (OperatorCreationException | IOException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    private String getParent(InstanceName instanceName) {
        return String.format("projects/%s/locations/%s/clusters/%s", instanceName.getProject(), instanceName.getLocation(), instanceName.getCluster());
    }

    private PKCS10CertificationRequest createPKCS10(KeyPair keyPair) throws OperatorCreationException, IOException {
        return new JcaPKCS10CertificationRequestBuilder(new X500Name("CN=alloydb-proxy"), keyPair.getPublic()).build(new JcaContentSignerBuilder(SHA_256_WITH_RSA).build(keyPair.getPrivate()));
    }

    private X509Certificate parseCertificate(ByteString byteString) throws CertificateException {
        return (X509Certificate) CertificateFactory.getInstance(X_509).generateCertificate(new ByteArrayInputStream(byteString.toByteArray()));
    }
}
