package de.adorsys.opba.protocol.facade.config.encryption.impl.psu;

import de.adorsys.datasafe.business.impl.service.DefaultDatasafeServices;
import de.adorsys.datasafe.directory.api.config.DFSConfig;
import de.adorsys.datasafe.directory.api.profile.operations.ProfileOperations;
import de.adorsys.datasafe.inbox.api.InboxService;
import de.adorsys.datasafe.privatestore.api.PasswordClearingInputStream;
import de.adorsys.datasafe.privatestore.api.PasswordClearingOutputStream;
import de.adorsys.datasafe.privatestore.api.PrivateSpaceService;
import de.adorsys.datasafe.types.api.actions.ReadRequest;
import de.adorsys.datasafe.types.api.actions.WriteRequest;
import de.adorsys.opba.db.domain.entity.psu.Psu;
import de.adorsys.opba.db.domain.entity.sessions.AuthSession;
import de.adorsys.opba.protocol.facade.config.encryption.PsuEncryptionServiceProvider;
import de.adorsys.opba.protocol.facade.config.encryption.datasafe.BaseDatasafeDbStorageService;
import de.adorsys.opba.protocol.facade.config.encryption.impl.PairIdPsuAspspTuple;
import de.adorsys.opba.protocol.facade.services.EncryptionKeySerde;
import java.beans.ConstructorProperties;
import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.UUID;
import java.util.function.BiConsumer;
import java.util.function.Supplier;
import lombok.Generated;

/* loaded from: input_file:BOOT-INF/lib/opba-banking-protocol-facade-0.30.0.1.jar:de/adorsys/opba/protocol/facade/config/encryption/impl/psu/PsuSecureStorage.class */
public class PsuSecureStorage {
    private final DefaultDatasafeServices datasafeServices;
    private final DFSConfig config;
    private final PsuEncryptionServiceProvider encryptionServiceProvider;
    private final EncryptionKeySerde serde;

    public void registerPsu(Psu psu, Supplier<char[]> supplier) {
        userProfile().createDocumentKeystore(psu.getUserIdAuth(supplier), this.config.defaultPrivateTemplate(psu.getUserIdAuth(supplier)).buildPrivateProfile());
    }

    public PrivateKey getOrCreateKeyFromPrivateForAspsp(Supplier<char[]> supplier, AuthSession authSession, BiConsumer<UUID, PublicKey> biConsumer) {
        try {
            PasswordClearingInputStream read = this.datasafeServices.privateService().read(ReadRequest.forDefaultPrivate(authSession.getPsu().getUserIdAuth(supplier), new PairIdPsuAspspTuple(authSession).toDatasafePathWithoutPsuAndId()));
            try {
                PrivateKey readPrivateKey = this.serde.readPrivateKey(read);
                if (read != null) {
                    read.close();
                }
                return readPrivateKey;
            } catch (Throwable th) {
                if (read != null) {
                    try {
                        read.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
                throw th;
            }
        } catch (BaseDatasafeDbStorageService.DbStorageEntityNotFoundException e) {
            return generateAndSaveAspspSecretKey(supplier, authSession, biConsumer);
        }
    }

    public PrivateKey createOneTimePrivateKey(Supplier<char[]> supplier, AuthSession authSession, BiConsumer<UUID, PublicKey> biConsumer) {
        return generateAndSaveAspspSecretKey(supplier, authSession, biConsumer);
    }

    private PrivateKey generateAndSaveAspspSecretKey(Supplier<char[]> supplier, AuthSession authSession, BiConsumer<UUID, PublicKey> biConsumer) {
        UUID randomUUID = UUID.randomUUID();
        KeyPair generateKeyPair = this.encryptionServiceProvider.generateKeyPair();
        PasswordClearingOutputStream write = this.datasafeServices.privateService().write(WriteRequest.forDefaultPrivate(authSession.getPsu().getUserIdAuth(supplier), new PairIdPsuAspspTuple(randomUUID, authSession).toDatasafePathWithoutPsu()));
        try {
            this.serde.writePrivateKey(generateKeyPair.getPrivate(), write);
            if (write != null) {
                write.close();
            }
            biConsumer.accept(randomUUID, generateKeyPair.getPublic());
            return generateKeyPair.getPrivate();
        } finally {
        }
    }

    @Generated
    @ConstructorProperties({"datasafeServices", "config", "encryptionServiceProvider", "serde"})
    public PsuSecureStorage(DefaultDatasafeServices defaultDatasafeServices, DFSConfig dFSConfig, PsuEncryptionServiceProvider psuEncryptionServiceProvider, EncryptionKeySerde encryptionKeySerde) {
        this.datasafeServices = defaultDatasafeServices;
        this.config = dFSConfig;
        this.encryptionServiceProvider = psuEncryptionServiceProvider;
        this.serde = encryptionKeySerde;
    }

    @Generated
    public PrivateSpaceService privateService() {
        return this.datasafeServices.privateService();
    }

    @Generated
    public InboxService inboxService() {
        return this.datasafeServices.inboxService();
    }

    @Generated
    public ProfileOperations userProfile() {
        return this.datasafeServices.userProfile();
    }
}
