package de.adorsys.keymanagement.bouncycastle.adapter.services.persist;

import de.adorsys.keymanagement.api.config.keystore.KeyStoreConfig;
import de.adorsys.keymanagement.api.keystore.KeyStoreOper;
import de.adorsys.keymanagement.api.metadata.KeyMetadataOper;
import de.adorsys.keymanagement.api.metadata.NoOpMetadataPersistence;
import de.adorsys.keymanagement.api.types.source.KeySet;
import de.adorsys.keymanagement.api.types.template.ProvidedKeyTemplate;
import de.adorsys.keymanagement.api.types.template.provided.ProvidedKey;
import de.adorsys.keymanagement.api.types.template.provided.ProvidedKeyEntry;
import de.adorsys.keymanagement.api.types.template.provided.ProvidedKeyPair;
import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.security.KeyStore;
import java.security.Provider;
import java.security.cert.Certificate;
import java.util.function.Supplier;
import javax.annotation.Nullable;
import javax.crypto.SecretKey;
import javax.inject.Inject;
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
import org.bouncycastle.crypto.util.PBKDF2Config;
import org.bouncycastle.crypto.util.PBKDFConfig;
import org.bouncycastle.crypto.util.ScryptConfig;
import org.bouncycastle.jcajce.BCFKSLoadStoreParameter;

@SuppressFBWarnings(value = {"PZLA_PREFER_ZERO_LENGTH_ARRAYS"}, justification = "Null usage for password")
/* loaded from: input_file:BOOT-INF/lib/bouncycastle-adapter-0.0.10.jar:de/adorsys/keymanagement/bouncycastle/adapter/services/persist/DefaultKeyStoreOperImpl.class */
public class DefaultKeyStoreOperImpl implements KeyStoreOper {
    private final Provider provider;
    private final KeyMetadataOper metadataOper;
    private final KeyStoreConfig config;

    @Inject
    public DefaultKeyStoreOperImpl(Provider provider, KeyMetadataOper keyMetadataOper, @Nullable KeyStoreConfig keyStoreConfig) {
        this.provider = provider;
        this.metadataOper = keyMetadataOper;
        this.config = null == keyStoreConfig ? KeyStoreConfig.builder().build() : keyStoreConfig;
    }

    @Override // de.adorsys.keymanagement.api.persist.KeyStoreCreator
    public DefaultKeyStoreOperImpl withConfig(KeyStoreConfig keyStoreConfig) {
        return new DefaultKeyStoreOperImpl(this.provider, this.metadataOper, keyStoreConfig);
    }

    @Override // de.adorsys.keymanagement.api.persist.KeyStoreCreator
    public KeyStore generate(KeySet keySet) {
        return generate(keySet, () -> {
            return null;
        });
    }

    @Override // de.adorsys.keymanagement.api.persist.KeyStoreCreator
    public KeyStore generate(KeySet keySet, Supplier<char[]> supplier) {
        return generate(keySet, supplier, this.metadataOper);
    }

    @Override // de.adorsys.keymanagement.api.persist.KeyStoreCreator
    public KeyStore generateWithoutMetadata(KeySet keySet) {
        return generate(keySet, () -> {
            return null;
        }, new NoOpMetadataPersistence());
    }

    @Override // de.adorsys.keymanagement.api.persist.KeyStoreCreator
    public KeyStore generateWithoutMetadata(KeySet keySet, Supplier<char[]> supplier) {
        return generate(keySet, supplier, new NoOpMetadataPersistence());
    }

    @Override // de.adorsys.keymanagement.api.keystore.KeyStoreOper
    public String addToKeyStoreAndGetName(KeyStore keyStore, ProvidedKeyTemplate providedKeyTemplate, Supplier<char[]> supplier) {
        if (providedKeyTemplate instanceof ProvidedKeyEntry) {
            return doAddToKeyStoreAndGetName(keyStore, (ProvidedKeyEntry) providedKeyTemplate, supplier);
        }
        if (providedKeyTemplate instanceof ProvidedKeyPair) {
            return doAddToKeyStoreAndGetName(keyStore, (ProvidedKeyPair) providedKeyTemplate, supplier);
        }
        if (providedKeyTemplate instanceof ProvidedKey) {
            return doAddToKeyStoreAndGetName(keyStore, (ProvidedKey) providedKeyTemplate, supplier);
        }
        throw new IllegalArgumentException("Unsupported entry: " + providedKeyTemplate.getClass());
    }

    private KeyStore generate(KeySet keySet, Supplier<char[]> supplier, KeyMetadataOper keyMetadataOper) {
        String type = this.config.getType();
        KeyStore createBCFKSKeystore = "BCFKS".equals(type) ? createBCFKSKeystore(this.config) : createKeyStoreByType(type);
        KeyStore keyStore = createBCFKSKeystore;
        keySet.getKeyEntries().forEach(providedKeyEntry -> {
            keyMetadataOper.persistMetadata(doAddToKeyStoreAndGetName(keyStore, providedKeyEntry, (Supplier<char[]>) supplier), providedKeyEntry.getMetadata(), keyStore);
        });
        KeyStore keyStore2 = createBCFKSKeystore;
        keySet.getKeys().forEach(providedKey -> {
            keyMetadataOper.persistMetadata(doAddToKeyStoreAndGetName(keyStore2, providedKey, (Supplier<char[]>) supplier), providedKey.getMetadata(), keyStore2);
        });
        KeyStore keyStore3 = createBCFKSKeystore;
        keySet.getKeyPairs().forEach(providedKeyPair -> {
            keyMetadataOper.persistMetadata(doAddToKeyStoreAndGetName(keyStore3, providedKeyPair, (Supplier<char[]>) supplier), providedKeyPair.getMetadata(), keyStore3);
        });
        return createBCFKSKeystore;
    }

    private String doAddToKeyStoreAndGetName(KeyStore keyStore, ProvidedKeyEntry providedKeyEntry, Supplier<char[]> supplier) {
        String generateName = providedKeyEntry.generateName();
        keyStore.setEntry(generateName, providedKeyEntry.getEntry(), getPasswordProtection(providedKeyEntry, supplier));
        return generateName;
    }

    private String doAddToKeyStoreAndGetName(KeyStore keyStore, ProvidedKeyPair providedKeyPair, Supplier<char[]> supplier) {
        String generateName = providedKeyPair.generateName();
        keyStore.setKeyEntry(generateName, providedKeyPair.getPrivate(), getPassword(providedKeyPair, supplier), (Certificate[]) providedKeyPair.getCertificates().toArray(new Certificate[0]));
        return generateName;
    }

    private String doAddToKeyStoreAndGetName(KeyStore keyStore, ProvidedKey providedKey, Supplier<char[]> supplier) {
        String generateName = providedKey.generateName();
        keyStore.setEntry(generateName, new KeyStore.SecretKeyEntry((SecretKey) providedKey.getKey()), getPasswordProtection(providedKey, supplier));
        return generateName;
    }

    private KeyStore.PasswordProtection getPasswordProtection(ProvidedKeyTemplate providedKeyTemplate, Supplier<char[]> supplier) {
        return new KeyStore.PasswordProtection(getPassword(providedKeyTemplate, supplier));
    }

    private char[] getPassword(ProvidedKeyTemplate providedKeyTemplate, Supplier<char[]> supplier) {
        if (null != providedKeyTemplate.getPassword()) {
            return providedKeyTemplate.getPassword().get();
        }
        char[] cArr = supplier.get();
        if (null == cArr) {
            throw new IllegalArgumentException("Key-password is missing and default key password is not set");
        }
        return cArr;
    }

    private KeyStore createBCFKSKeystore(KeyStoreConfig keyStoreConfig) {
        KeyStore keyStore = KeyStore.getInstance(keyStoreConfig.getType(), this.provider);
        BCFKSLoadStoreParameter.EncryptionAlgorithm valueOf = BCFKSLoadStoreParameter.EncryptionAlgorithm.valueOf(keyStoreConfig.getEncryptionAlgo());
        keyStore.load(new BCFKSLoadStoreParameter.Builder().withStoreEncryptionAlgorithm(valueOf).withStorePBKDFConfig(pbkdfConfig(keyStoreConfig.getPbkdf())).withStoreMacAlgorithm(BCFKSLoadStoreParameter.MacAlgorithm.valueOf(keyStoreConfig.getMacAlgo())).build());
        return keyStore;
    }

    private KeyStore createKeyStoreByType(String str) {
        KeyStore keyStore = KeyStore.getInstance(str, this.provider);
        keyStore.load(null, null);
        return keyStore;
    }

    private static PBKDFConfig pbkdfConfig(KeyStoreConfig.PBKDF pbkdf) {
        if (null != pbkdf.getPbkdf2()) {
            return new PBKDF2Config.Builder().withIterationCount(pbkdf.getPbkdf2().getIterCount()).withSaltLength(pbkdf.getPbkdf2().getSaltLength()).withPRF((AlgorithmIdentifier) PBKDF2Config.class.getDeclaredField(pbkdf.getPbkdf2().getAlgo()).get(PBKDF2Config.class)).build();
        }
        if (pbkdf.getScrypt() != null) {
            return new ScryptConfig.Builder(pbkdf.getScrypt().getCost(), pbkdf.getScrypt().getBlockSize(), pbkdf.getScrypt().getParallelization()).withSaltLength(pbkdf.getScrypt().getSaltLength()).build();
        }
        throw new IllegalArgumentException("Unknown PBKDF type");
    }
}
