package de.adorsys.sts.keymanagement.service;

import com.google.common.collect.Streams;
import com.googlecode.cqengine.attribute.Attribute;
import com.googlecode.cqengine.attribute.SimpleAttribute;
import com.googlecode.cqengine.attribute.support.SimpleFunction;
import com.googlecode.cqengine.query.Query;
import com.googlecode.cqengine.query.QueryFactory;
import com.googlecode.cqengine.query.option.QueryOptions;
import de.adorsys.keymanagement.api.types.ResultCollection;
import de.adorsys.keymanagement.api.types.entity.KeyEntry;
import de.adorsys.keymanagement.api.types.template.ProvidedKeyTemplate;
import de.adorsys.keymanagement.api.view.EntryView;
import de.adorsys.sts.keymanagement.config.KeyManagementRotationProperties;
import de.adorsys.sts.keymanagement.model.GeneratedStsEntry;
import de.adorsys.sts.keymanagement.model.KeyRotationResult;
import de.adorsys.sts.keymanagement.model.KeyState;
import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.StsKeyEntry;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.util.DateTimeUtils;
import java.time.Clock;
import java.time.Instant;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;

/* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-impl-1.1.22.jar:de/adorsys/sts/keymanagement/service/KeyRotationServiceImpl.class */
public class KeyRotationServiceImpl implements KeyRotationService {
    private final SimpleFunction<KeyEntry, StsKeyEntry> STS = keyEntry -> {
        return (StsKeyEntry) keyEntry.getMeta();
    };
    private final Attribute<KeyEntry, KeyState> STATE = new SimpleAttribute<KeyEntry, KeyState>() { // from class: de.adorsys.sts.keymanagement.service.KeyRotationServiceImpl.1
        @Override // com.googlecode.cqengine.attribute.SimpleAttribute
        public KeyState getValue(KeyEntry keyEntry, QueryOptions queryOptions) {
            return KeyRotationServiceImpl.this.STS.apply(keyEntry).getState();
        }
    };
    private final Attribute<KeyEntry, Instant> NOT_BEFORE = new SimpleAttribute<KeyEntry, Instant>() { // from class: de.adorsys.sts.keymanagement.service.KeyRotationServiceImpl.2
        @Override // com.googlecode.cqengine.attribute.SimpleAttribute
        public Instant getValue(KeyEntry keyEntry, QueryOptions queryOptions) {
            return KeyRotationServiceImpl.this.STS.apply(keyEntry).getNotBefore().toInstant();
        }
    };
    private final Attribute<KeyEntry, Instant> NOT_AFTER = new SimpleAttribute<KeyEntry, Instant>() { // from class: de.adorsys.sts.keymanagement.service.KeyRotationServiceImpl.3
        @Override // com.googlecode.cqengine.attribute.SimpleAttribute
        public Instant getValue(KeyEntry keyEntry, QueryOptions queryOptions) {
            return KeyRotationServiceImpl.this.STS.apply(keyEntry).getNotAfter().toInstant();
        }
    };
    private final Attribute<KeyEntry, Instant> EXPIRE_AT = new SimpleAttribute<KeyEntry, Instant>() { // from class: de.adorsys.sts.keymanagement.service.KeyRotationServiceImpl.4
        @Override // com.googlecode.cqengine.attribute.SimpleAttribute
        public Instant getValue(KeyEntry keyEntry, QueryOptions queryOptions) {
            return KeyRotationServiceImpl.this.STS.apply(keyEntry).getExpireAt().toInstant();
        }
    };
    private final Attribute<KeyEntry, KeyUsage> USAGE = new SimpleAttribute<KeyEntry, KeyUsage>() { // from class: de.adorsys.sts.keymanagement.service.KeyRotationServiceImpl.5
        @Override // com.googlecode.cqengine.attribute.SimpleAttribute
        public KeyUsage getValue(KeyEntry keyEntry, QueryOptions queryOptions) {
            return KeyRotationServiceImpl.this.STS.apply(keyEntry).getKeyUsage();
        }
    };
    private final KeyStoreGenerator keyStoreGenerator;
    private final Clock clock;
    private final KeyManagementRotationProperties.KeyRotationProperties encryptionKeyPairRotationProperties;
    private final KeyManagementRotationProperties.KeyRotationProperties signatureKeyPairRotationProperties;
    private final KeyManagementRotationProperties.KeyRotationProperties secretKeyRotationProperties;

    public KeyRotationServiceImpl(KeyStoreGenerator keyStoreGenerator, Clock clock, KeyManagementRotationProperties keyManagementRotationProperties) {
        this.keyStoreGenerator = keyStoreGenerator;
        this.clock = clock;
        this.encryptionKeyPairRotationProperties = keyManagementRotationProperties.getEncKeyPairs();
        this.signatureKeyPairRotationProperties = keyManagementRotationProperties.getSignKeyPairs();
        this.secretKeyRotationProperties = keyManagementRotationProperties.getSecretKeys();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // de.adorsys.sts.keymanagement.service.KeyRotationService
    public KeyRotationResult rotate(StsKeyStore stsKeyStore) {
        ZonedDateTime now = now();
        EntryView<?> view = stsKeyStore.getView();
        Map<KeyUsage, Integer> rotationEnabledForWithCount = rotationEnabledForWithCount();
        Set<KeyUsage> keySet = rotationEnabledForWithCount.keySet();
        List<String> moveCreatedToValidAndReplenish = moveCreatedToValidAndReplenish(now, view, keySet);
        moveValidToLegacy(now.toInstant(), view, keySet);
        return KeyRotationResult.builder().generatedKeys(generateMissingValid(rotationEnabledForWithCount, view)).removedKeys(moveLegacyToExpiredAndDrop(now.toInstant(), view, keySet)).futureKeys(moveCreatedToValidAndReplenish).build();
    }

    private List<String> moveCreatedToValidAndReplenish(ZonedDateTime zonedDateTime, EntryView<Query<KeyEntry>> entryView, Collection<KeyUsage> collection) {
        ResultCollection<KeyEntry> collection2 = entryView.retrieve((EntryView<Query<KeyEntry>>) QueryFactory.and(QueryFactory.equal(this.STATE, KeyState.CREATED), QueryFactory.lessThan(this.NOT_BEFORE, zonedDateTime.toInstant()), QueryFactory.in(this.USAGE, collection))).toCollection();
        entryView.update((Collection) collection2.stream().map(keyEntry -> {
            return keyEntry.aliasWithMeta(StsKeyEntry.class);
        }).map(aliasWithMeta -> {
            return aliasWithMeta.toBuilder().metadata(toValid(zonedDateTime, (StsKeyEntry) aliasWithMeta.getMetadata())).build();
        }).collect(Collectors.toList()));
        ArrayList arrayList = new ArrayList();
        Iterator<KeyEntry> it = collection2.iterator();
        while (it.hasNext()) {
            StsKeyEntry stsKeyEntry = (StsKeyEntry) it.next().getMeta();
            arrayList.add(this.keyStoreGenerator.generateKeyEntryForFutureUsage(stsKeyEntry.getKeyUsage(), stsKeyEntry.getNotAfter()));
        }
        entryView.add((Collection<ProvidedKeyTemplate>) arrayList.stream().map(generatedStsEntry -> {
            return generatedStsEntry.getKey();
        }).collect(Collectors.toList()));
        return (List) arrayList.stream().map(generatedStsEntry2 -> {
            return generatedStsEntry2.getEntry().getAlias();
        }).collect(Collectors.toList());
    }

    private void moveValidToLegacy(Instant instant, EntryView<Query<KeyEntry>> entryView, Collection<KeyUsage> collection) {
        entryView.update((Collection) entryView.retrieve((EntryView<Query<KeyEntry>>) QueryFactory.and(QueryFactory.equal(this.STATE, KeyState.VALID), QueryFactory.lessThan(this.NOT_AFTER, instant), QueryFactory.in(this.USAGE, collection))).toCollection().stream().map(keyEntry -> {
            return keyEntry.aliasWithMeta(StsKeyEntry.class);
        }).map(aliasWithMeta -> {
            return aliasWithMeta.toBuilder().metadata(toLegacy((StsKeyEntry) aliasWithMeta.getMetadata())).build();
        }).collect(Collectors.toList()));
    }

    private List<String> moveLegacyToExpiredAndDrop(Instant instant, EntryView<Query<KeyEntry>> entryView, Collection<KeyUsage> collection) {
        ResultCollection<KeyEntry> collection2 = entryView.retrieve((EntryView<Query<KeyEntry>>) QueryFactory.and(QueryFactory.equal(this.STATE, KeyState.LEGACY), QueryFactory.lessThan(this.EXPIRE_AT, instant), QueryFactory.in(this.USAGE, collection))).toCollection();
        entryView.remove((Collection) collection2);
        ResultCollection<KeyEntry> collection3 = entryView.retrieve((EntryView<Query<KeyEntry>>) QueryFactory.and(QueryFactory.equal(this.STATE, KeyState.EXPIRED), QueryFactory.in(this.USAGE, collection))).toCollection();
        entryView.remove((Collection) collection3);
        return (List) Streams.concat(collection2.stream(), collection3.stream()).map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.toList());
    }

    private List<String> generateMissingValid(Map<KeyUsage, Integer> map, EntryView<Query<KeyEntry>> entryView) {
        ArrayList arrayList = new ArrayList();
        for (Map.Entry<KeyUsage, Integer> entry : map.entrySet()) {
            int size = entryView.retrieve((EntryView<Query<KeyEntry>>) QueryFactory.and(QueryFactory.equal(this.STATE, KeyState.VALID), QueryFactory.equal(this.USAGE, entry.getKey()))).toCollection().size();
            for (int i = 0; i < entry.getValue().intValue() - size; i++) {
                arrayList.add(generateKey(entry.getKey()));
            }
        }
        entryView.add((Collection<ProvidedKeyTemplate>) arrayList.stream().map(generatedStsEntry -> {
            return generatedStsEntry.getKey();
        }).collect(Collectors.toList()));
        return (List) arrayList.stream().map(generatedStsEntry2 -> {
            return generatedStsEntry2.getEntry().getAlias();
        }).collect(Collectors.toList());
    }

    private Map<KeyUsage, Integer> rotationEnabledForWithCount() {
        HashMap hashMap = new HashMap();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            hashMap.put(KeyUsage.Encryption, this.encryptionKeyPairRotationProperties.getMinKeys());
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            hashMap.put(KeyUsage.Signature, this.signatureKeyPairRotationProperties.getMinKeys());
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            hashMap.put(KeyUsage.SecretKey, this.secretKeyRotationProperties.getMinKeys());
        }
        return hashMap;
    }

    private StsKeyEntry toLegacy(StsKeyEntry stsKeyEntry) {
        stsKeyEntry.setState(KeyState.LEGACY);
        return stsKeyEntry;
    }

    private StsKeyEntry toValid(ZonedDateTime zonedDateTime, StsKeyEntry stsKeyEntry) {
        stsKeyEntry.setNotAfter(DateTimeUtils.addMillis(zonedDateTime, stsKeyEntry.getValidityInterval()));
        stsKeyEntry.setExpireAt(DateTimeUtils.addMillis(zonedDateTime, stsKeyEntry.getLegacyInterval()));
        stsKeyEntry.setState(KeyState.VALID);
        return stsKeyEntry;
    }

    private GeneratedStsEntry generateKey(KeyUsage keyUsage) {
        if (keyUsage == KeyUsage.Signature) {
            return this.keyStoreGenerator.generateSignatureKeyEntryForInstantUsage();
        }
        if (keyUsage == KeyUsage.Encryption) {
            return this.keyStoreGenerator.generateEncryptionKeyEntryForInstantUsage();
        }
        if (keyUsage == KeyUsage.SecretKey) {
            return this.keyStoreGenerator.generateSecretKeyEntryForInstantUsage();
        }
        throw new IllegalArgumentException("Unknown KeyUsage: " + keyUsage);
    }

    private ZonedDateTime now() {
        return this.clock.instant().atZone(ZoneOffset.UTC);
    }
}
