package de.adorsys.datasafe.encrypiton.impl.keystore;

import com.google.common.collect.ImmutableMap;
import de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService;
import de.adorsys.datasafe.encrypiton.api.types.encryption.KeyCreationConfig;
import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyID;
import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyStoreAccess;
import de.adorsys.datasafe.encrypiton.api.types.keystore.KeyStoreAuth;
import de.adorsys.datasafe.encrypiton.api.types.keystore.PublicKeyIDWithPublicKey;
import de.adorsys.datasafe.encrypiton.api.types.keystore.SecretKeyEntry;
import de.adorsys.datasafe.types.api.context.annotations.RuntimeDelegate;
import de.adorsys.datasafe.types.api.types.ReadStorePassword;
import de.adorsys.keymanagement.api.Juggler;
import de.adorsys.keymanagement.api.config.keystore.KeyStoreConfig;
import de.adorsys.keymanagement.api.persist.SerDe;
import de.adorsys.keymanagement.api.types.KeySetTemplate;
import de.adorsys.keymanagement.api.types.template.generated.Encrypting;
import de.adorsys.keymanagement.api.types.template.generated.Secret;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Function;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.SecretKeySpec;
import javax.inject.Inject;
import lombok.Generated;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@RuntimeDelegate
/* loaded from: input_file:BOOT-INF/lib/datasafe-encryption-impl-2.0.1.jar:de/adorsys/datasafe/encrypiton/impl/keystore/KeyStoreServiceImpl.class */
public class KeyStoreServiceImpl implements KeyStoreService {

    @Generated
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreServiceImpl.class);
    private final KeyStoreConfig config;
    private final String passwordStoreEncAlgo;
    private final Juggler juggler;

    @Inject
    public KeyStoreServiceImpl(KeyStoreConfig keyStoreConfig, Juggler juggler) {
        this.config = keyStoreConfig;
        this.passwordStoreEncAlgo = this.config.getPasswordKeysAlgo();
        this.juggler = juggler;
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public KeyStore createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig keyCreationConfig) {
        return createKeyStore(keyStoreAuth, keyCreationConfig, ImmutableMap.of(new KeyID("PATH_SECRET" + UUID.randomUUID().toString()), Optional.empty(), new KeyID("PATH_CTR_SECRET_" + UUID.randomUUID().toString()), Optional.empty(), new KeyID("PRIVATE_SECRET" + UUID.randomUUID().toString()), Optional.empty()));
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public KeyStore createKeyStore(KeyStoreAuth keyStoreAuth, KeyCreationConfig keyCreationConfig, Map<KeyID, Optional<SecretKeyEntry>> map) {
        log.debug("start create keystore ");
        KeyCreationConfig.EncryptingKeyCreationCfg encrypting = keyCreationConfig.getEncrypting();
        Supplier<char[]> supplier = () -> {
            return keyStoreAuth.getReadKeyPassword().getValue();
        };
        KeyStore generate = this.juggler.toKeystore().generate(this.juggler.generateKeys().fromTemplate(KeySetTemplate.builder().generatedEncryptionKeys(Encrypting.with().algo(encrypting.getAlgo()).sigAlgo(encrypting.getSigAlgo()).keySize(Integer.valueOf(encrypting.getSize())).prefix("ENC").password(supplier).build().repeat(keyCreationConfig.getEncKeyNumber())).generatedSecretKeys((Iterable) map.keySet().stream().map(keyID -> {
            return Secret.with().prefix(keyID.getValue()).password(supplier).build();
        }).collect(Collectors.toList())).build()));
        log.debug("finished create keystore ");
        return generate;
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public KeyStore updateKeyStoreReadKeyPassword(KeyStore keyStore, KeyStoreAuth keyStoreAuth, KeyStoreAuth keyStoreAuth2) {
        Function<String, char[]> function = str -> {
            return keyStoreAuth.getReadKeyPassword().getValue();
        };
        return this.juggler.toKeystore().generate(this.juggler.readKeys().fromKeyStore(keyStore, function).copyToKeySet(str2 -> {
            return keyStoreAuth2.getReadKeyPassword().getValue();
        }), () -> {
            return null;
        });
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public List<PublicKeyIDWithPublicKey> getPublicKeys(KeyStoreAccess keyStoreAccess) {
        log.debug("get public keys");
        ArrayList arrayList = new ArrayList();
        KeyStore keyStore = keyStoreAccess.getKeyStore();
        Enumeration<String> aliases = keyStore.aliases();
        while (aliases.hasMoreElements()) {
            String nextElement = aliases.nextElement();
            X509Certificate x509Certificate = (X509Certificate) keyStore.getCertificate(nextElement);
            if (x509Certificate != null) {
                boolean[] keyUsage = x509Certificate.getKeyUsage();
                if (keyUsage[2] || keyUsage[3] || keyUsage[4]) {
                    arrayList.add(new PublicKeyIDWithPublicKey(new KeyID(nextElement), x509Certificate.getPublicKey()));
                }
            }
        }
        return arrayList;
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public PrivateKey getPrivateKey(KeyStoreAccess keyStoreAccess, KeyID keyID) {
        return (PrivateKey) keyStoreAccess.getKeyStore().getKey(keyID.getValue(), keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue());
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public SecretKeySpec getSecretKey(KeyStoreAccess keyStoreAccess, KeyID keyID) {
        return (SecretKeySpec) keyStoreAccess.getKeyStore().getKey(keyID.getValue(), keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue());
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public void addPasswordBasedSecretKey(KeyStoreAccess keyStoreAccess, String str, char[] cArr) {
        keyStoreAccess.getKeyStore().setKeyEntry(str, SecretKeyFactory.getInstance(this.passwordStoreEncAlgo).generateSecret(new PBEKeySpec(cArr)), keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue(), null);
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public void removeKey(KeyStoreAccess keyStoreAccess, String str) {
        keyStoreAccess.getKeyStore().deleteEntry(str);
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public byte[] serialize(KeyStore keyStore, ReadStorePassword readStorePassword) {
        SerDe serializeDeserialize = this.juggler.serializeDeserialize();
        Objects.requireNonNull(readStorePassword);
        return serializeDeserialize.serialize(keyStore, readStorePassword::getValue);
    }

    @Override // de.adorsys.datasafe.encrypiton.api.keystore.KeyStoreService
    public KeyStore deserialize(byte[] bArr, ReadStorePassword readStorePassword) {
        SerDe serializeDeserialize = this.juggler.serializeDeserialize();
        Objects.requireNonNull(readStorePassword);
        return serializeDeserialize.deserialize(bArr, readStorePassword::getValue);
    }
}
