package de.adorsys.sts.keymanagement.service;

import de.adorsys.keymanagement.api.Juggler;
import de.adorsys.keymanagement.api.persist.KeyStoreCreator;
import de.adorsys.keymanagement.api.types.KeySetTemplate;
import de.adorsys.keymanagement.api.types.source.KeySet;
import de.adorsys.keymanagement.api.types.template.provided.ProvidedKey;
import de.adorsys.keymanagement.api.types.template.provided.ProvidedKeyPair;
import de.adorsys.sts.keymanagement.model.GeneratedStsEntry;
import de.adorsys.sts.keymanagement.model.KeyState;
import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.PasswordCallbackHandler;
import de.adorsys.sts.keymanagement.model.StsKeyEntryImpl;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.service.KeyManagementProperties;
import de.adorsys.sts.keymanagement.util.DateTimeUtils;
import java.security.KeyStore;
import java.security.SecureRandom;
import java.time.Clock;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.UUID;
import org.apache.commons.lang3.RandomStringUtils;

/* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-impl-1.0.5.jar:de/adorsys/sts/keymanagement/service/KeyStoreGeneratorImpl.class */
public class KeyStoreGeneratorImpl implements KeyStoreGenerator {
    private final Clock clock;
    private final Juggler juggler;
    private final KeyPairGenerator encKeyPairGenerator;
    private final KeyPairGenerator signKeyPairGenerator;
    private final SecretKeyGenerator secretKeyGenerator;
    private final String keyStoreType;
    private final String serverKeyPairAliasPrefix;
    private final PasswordCallbackHandler keyPassHandler;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyPairProperties encKeyPairsProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyPairProperties signKeyPairsProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.SecretKeyProperties secretKeyProperties;

    public KeyStoreGeneratorImpl(Juggler juggler, Clock clock, KeyPairGenerator keyPairGenerator, KeyPairGenerator keyPairGenerator2, SecretKeyGenerator secretKeyGenerator, KeyManagementProperties keyManagementProperties) {
        this.juggler = juggler;
        this.clock = clock;
        this.encKeyPairGenerator = keyPairGenerator;
        this.signKeyPairGenerator = keyPairGenerator2;
        this.secretKeyGenerator = secretKeyGenerator;
        KeyManagementProperties.KeyStoreProperties keystore = keyManagementProperties.getKeystore();
        this.keyStoreType = keystore.getType();
        this.serverKeyPairAliasPrefix = keystore.getAliasPrefix();
        String password = keystore.getPassword();
        this.encKeyPairsProperties = keyManagementProperties.getKeystore().getKeys().getEncKeyPairs();
        this.signKeyPairsProperties = keyManagementProperties.getKeystore().getKeys().getSignKeyPairs();
        this.secretKeyProperties = keyManagementProperties.getKeystore().getKeys().getSecretKeys();
        this.keyPassHandler = new PasswordCallbackHandler(password.toCharArray());
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public StsKeyStore generate() {
        KeySetTemplate.KeySetTemplateBuilder builder = KeySetTemplate.builder();
        for (int i = 0; i < this.signKeyPairsProperties.getInitialCount().intValue(); i++) {
            GeneratedStsEntry<ProvidedKeyPair> generateSignatureKeyEntryForInstantUsage = generateSignatureKeyEntryForInstantUsage();
            builder = builder.providedPair(generateSignatureKeyEntryForInstantUsage.getKey()).providedPair(generateSignatureKeyEntryForFutureUsage(generateSignatureKeyEntryForInstantUsage.getEntry().getNotAfter()).getKey());
        }
        for (int i2 = 0; i2 < this.encKeyPairsProperties.getInitialCount().intValue(); i2++) {
            GeneratedStsEntry<ProvidedKeyPair> generateEncryptionKeyEntryForInstantUsage = generateEncryptionKeyEntryForInstantUsage();
            builder = builder.providedPair(generateEncryptionKeyEntryForInstantUsage.getKey()).providedPair(generateEncryptionKeyEntryForFutureUsage(generateEncryptionKeyEntryForInstantUsage.getEntry().getNotAfter()).getKey());
        }
        for (int i3 = 0; i3 < this.secretKeyProperties.getInitialCount().intValue(); i3++) {
            GeneratedStsEntry<ProvidedKey> generateSecretKeyEntryForInstantUsage = generateSecretKeyEntryForInstantUsage();
            builder = builder.providedKey(generateSecretKeyEntryForInstantUsage.getKey()).providedKey(generateSecretKeyEntryForFutureUsage(generateSecretKeyEntryForInstantUsage.getEntry().getNotAfter()).getKey());
        }
        KeyStoreCreator keystore = this.juggler.toKeystore();
        KeySet fromTemplate = this.juggler.generateKeys().fromTemplate(builder.build());
        PasswordCallbackHandler passwordCallbackHandler = this.keyPassHandler;
        passwordCallbackHandler.getClass();
        KeyStore generate = keystore.generate(fromTemplate, passwordCallbackHandler::getPassword);
        return StsKeyStore.builder().keyStore(generate).view(this.juggler.readKeys().fromKeyStore(generate, str -> {
            return this.keyPassHandler.getPassword();
        }).entries()).lastUpdate(now()).build();
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry generateKeyEntryForFutureUsage(KeyUsage keyUsage, ZonedDateTime zonedDateTime) {
        GeneratedStsEntry<ProvidedKeyPair> generateSecretKeyEntryForFutureUsage;
        if (keyUsage == KeyUsage.Encryption) {
            generateSecretKeyEntryForFutureUsage = generateEncryptionKeyEntryForFutureUsage(zonedDateTime);
        } else if (keyUsage == KeyUsage.Signature) {
            generateSecretKeyEntryForFutureUsage = generateSignatureKeyEntryForFutureUsage(zonedDateTime);
        } else {
            if (keyUsage != KeyUsage.SecretKey) {
                throw new IllegalArgumentException("unknown KeyUsage: " + keyUsage.name());
            }
            generateSecretKeyEntryForFutureUsage = generateSecretKeyEntryForFutureUsage(zonedDateTime);
        }
        return generateSecretKeyEntryForFutureUsage;
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKeyPair> generateSignatureKeyEntryForInstantUsage() {
        ProvidedKeyPair generateSignKeyPair = generateSignKeyPair();
        ZonedDateTime now = now();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateSignKeyPair.generateName()).createdAt(now).notBefore(now).validityInterval(this.signKeyPairsProperties.getValidityInterval()).legacyInterval(this.signKeyPairsProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.signKeyPairsProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.signKeyPairsProperties.getLegacyInterval())).keyUsage(KeyUsage.Signature).state(KeyState.VALID).build();
        return new GeneratedStsEntry<>(build, generateSignKeyPair.toBuilder().metadata(build).build());
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKeyPair> generateSignatureKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        ProvidedKeyPair generateSignKeyPair = generateSignKeyPair();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateSignKeyPair.generateName()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.signKeyPairsProperties.getValidityInterval()).legacyInterval(this.signKeyPairsProperties.getLegacyInterval()).keyUsage(KeyUsage.Signature).state(KeyState.CREATED).build();
        return new GeneratedStsEntry<>(build, generateSignKeyPair.toBuilder().metadata(build).build());
    }

    private ProvidedKeyPair generateSignKeyPair() {
        String str = this.serverKeyPairAliasPrefix + UUID.randomUUID().toString();
        KeyPairGenerator keyPairGenerator = this.signKeyPairGenerator;
        PasswordCallbackHandler passwordCallbackHandler = this.keyPassHandler;
        passwordCallbackHandler.getClass();
        return keyPairGenerator.generateSignatureKey(str, passwordCallbackHandler::getPassword);
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKeyPair> generateEncryptionKeyEntryForInstantUsage() {
        ProvidedKeyPair generateEncryptionKeyPair = generateEncryptionKeyPair();
        ZonedDateTime now = now();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateEncryptionKeyPair.generateName()).createdAt(now).notBefore(now).validityInterval(this.encKeyPairsProperties.getValidityInterval()).legacyInterval(this.encKeyPairsProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.encKeyPairsProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.encKeyPairsProperties.getLegacyInterval())).keyUsage(KeyUsage.Encryption).state(KeyState.VALID).build();
        return new GeneratedStsEntry<>(build, generateEncryptionKeyPair.toBuilder().metadata(build).build());
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKeyPair> generateEncryptionKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        ProvidedKeyPair generateEncryptionKeyPair = generateEncryptionKeyPair();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateEncryptionKeyPair.generateName()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.encKeyPairsProperties.getValidityInterval()).legacyInterval(this.encKeyPairsProperties.getLegacyInterval()).keyUsage(KeyUsage.Encryption).state(KeyState.CREATED).build();
        return new GeneratedStsEntry<>(build, generateEncryptionKeyPair.toBuilder().metadata(build).build());
    }

    private ProvidedKeyPair generateEncryptionKeyPair() {
        KeyPairGenerator keyPairGenerator = this.encKeyPairGenerator;
        String secureRandomAlias = getSecureRandomAlias();
        PasswordCallbackHandler passwordCallbackHandler = this.keyPassHandler;
        passwordCallbackHandler.getClass();
        return keyPairGenerator.generateEncryptionKey(secureRandomAlias, passwordCallbackHandler::getPassword);
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKey> generateSecretKeyEntryForInstantUsage() {
        ProvidedKey generateSecretKey = generateSecretKey();
        ZonedDateTime now = now();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateSecretKey.generateName()).createdAt(now).notBefore(now).validityInterval(this.secretKeyProperties.getValidityInterval()).legacyInterval(this.secretKeyProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.secretKeyProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.secretKeyProperties.getLegacyInterval())).keyUsage(KeyUsage.SecretKey).state(KeyState.VALID).build();
        return new GeneratedStsEntry<>(build, generateSecretKey.toBuilder().metadata(build).build());
    }

    @Override // de.adorsys.sts.keymanagement.service.KeyStoreGenerator
    public GeneratedStsEntry<ProvidedKey> generateSecretKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        ProvidedKey generateSecretKey = generateSecretKey();
        StsKeyEntryImpl build = StsKeyEntryImpl.builder().alias(generateSecretKey.generateName()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.secretKeyProperties.getValidityInterval()).legacyInterval(this.secretKeyProperties.getLegacyInterval()).keyUsage(KeyUsage.SecretKey).state(KeyState.CREATED).build();
        return new GeneratedStsEntry<>(build, generateSecretKey.toBuilder().metadata(build).build());
    }

    private ProvidedKey generateSecretKey() {
        SecretKeyGenerator secretKeyGenerator = this.secretKeyGenerator;
        String secureRandomAlias = getSecureRandomAlias();
        PasswordCallbackHandler passwordCallbackHandler = this.keyPassHandler;
        passwordCallbackHandler.getClass();
        return secretKeyGenerator.generate(secureRandomAlias, passwordCallbackHandler::getPassword);
    }

    private String getSecureRandomAlias() {
        return this.serverKeyPairAliasPrefix + RandomStringUtils.random(5, 0, 0, true, true, null, new SecureRandom()).toUpperCase();
    }

    private ZonedDateTime now() {
        return this.clock.instant().atZone(ZoneOffset.UTC);
    }
}
