package no.digipost.monitoring.certificate;

import io.micrometer.core.instrument.MeterRegistry;
import io.micrometer.core.instrument.Tag;
import io.micrometer.core.instrument.binder.MeterBinder;
import java.security.KeyStoreException;
import java.security.cert.X509Certificate;
import java.time.Clock;
import java.time.Duration;
import java.time.Instant;
import java.time.LocalDate;
import java.time.LocalDateTime;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import java.util.Objects;

/* loaded from: input_file:no/digipost/monitoring/certificate/CertificateExpiryMetrics.class */
public final class CertificateExpiryMetrics implements MeterBinder {
    public static final int DEFAULT_DAYS_TO_EXPIRY_WARN_THRESHOLD = 60;
    private final List<MonitoredX509Certificate> monitoredX509Certificates;
    private final Clock clock;
    private final int daysToExpiryWarnThreshold;

    /* loaded from: input_file:no/digipost/monitoring/certificate/CertificateExpiryMetrics$ValidityStatus.class */
    enum ValidityStatus {
        INVALID(-1),
        EXPIRING(0),
        VALID(1);

        private int i;

        ValidityStatus(int i) {
            this.i = i;
        }

        public int code() {
            return this.i;
        }
    }

    public CertificateExpiryMetrics(List<MonitoredX509Certificate> list, Clock clock) {
        this(list, clock, 60);
    }

    public CertificateExpiryMetrics(List<MonitoredX509Certificate> list, Clock clock, int i) {
        this.clock = clock;
        this.daysToExpiryWarnThreshold = i;
        this.monitoredX509Certificates = (List) Objects.requireNonNull(list, "monitoredX509Certificates can not be null");
    }

    public void bindTo(MeterRegistry meterRegistry) {
        try {
            Iterator<MonitoredX509Certificate> it = this.monitoredX509Certificates.iterator();
            while (it.hasNext()) {
                registerGauge(meterRegistry, it.next());
            }
        } catch (KeyStoreException e) {
            throw new IllegalStateException(e);
        }
    }

    private void registerGauge(MeterRegistry meterRegistry, MonitoredX509Certificate monitoredX509Certificate) throws KeyStoreException {
        X509Certificate x509Certificate = monitoredX509Certificate.certificate;
        List asList = Arrays.asList(Tag.of("alias", monitoredX509Certificate.description.orElse(x509Certificate.getSerialNumber().toString())), Tag.of("issuer", x509Certificate.getIssuerX500Principal().getName()), Tag.of("subject", x509Certificate.getSubjectX500Principal().getName()), Tag.of("notAfter", x509Certificate.getNotAfter().toString()), Tag.of("notBefore", x509Certificate.getNotBefore().toString()));
        meterRegistry.gauge("cert_expiry", asList, x509Certificate, x509Certificate2 -> {
            return Duration.between(Instant.now(this.clock), x509Certificate2.getNotAfter().toInstant()).getSeconds();
        });
        meterRegistry.gauge("certificates_status", asList, x509Certificate, x509Certificate3 -> {
            long between = ChronoUnit.DAYS.between(LocalDate.now(this.clock), LocalDateTime.ofInstant(x509Certificate3.getNotAfter().toInstant(), this.clock.getZone()).toLocalDate());
            return between > ((long) this.daysToExpiryWarnThreshold) ? ValidityStatus.VALID.code() : between <= 0 ? ValidityStatus.INVALID.code() : ValidityStatus.EXPIRING.code();
        });
    }
}
