package de.adorsys.sts.keymanagement.service;

import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.StsKeyEntry;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.service.KeyManagementProperties;
import java.beans.ConstructorProperties;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;

/* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.16.0-1.jar:de/adorsys/sts/keymanagement/service/KeyRotationService.class */
public class KeyRotationService {
    private final KeyStoreFilter keyStoreFilter;
    private final KeyStoreGenerator keyStoreGenerator;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties encryptionKeyPairRotationProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties signatureKeyPairRotationProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties secretKeyRotationProperties;

    /* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.16.0-1.jar:de/adorsys/sts/keymanagement/service/KeyRotationService$KeyRotationResult.class */
    public static class KeyRotationResult {
        private final List<String> removedKeys;
        private final List<String> generatedKeys;

        /* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.16.0-1.jar:de/adorsys/sts/keymanagement/service/KeyRotationService$KeyRotationResult$KeyRotationResultBuilder.class */
        public static class KeyRotationResultBuilder {
            private List<String> removedKeys;
            private List<String> generatedKeys;

            KeyRotationResultBuilder() {
            }

            public KeyRotationResultBuilder removedKeys(List<String> list) {
                this.removedKeys = list;
                return this;
            }

            public KeyRotationResultBuilder generatedKeys(List<String> list) {
                this.generatedKeys = list;
                return this;
            }

            public KeyRotationResult build() {
                return new KeyRotationResult(this.removedKeys, this.generatedKeys);
            }

            public String toString() {
                return "KeyRotationService.KeyRotationResult.KeyRotationResultBuilder(removedKeys=" + this.removedKeys + ", generatedKeys=" + this.generatedKeys + ")";
            }
        }

        @ConstructorProperties({"removedKeys", "generatedKeys"})
        KeyRotationResult(List<String> list, List<String> list2) {
            this.removedKeys = list;
            this.generatedKeys = list2;
        }

        public static KeyRotationResultBuilder builder() {
            return new KeyRotationResultBuilder();
        }

        public List<String> getRemovedKeys() {
            return this.removedKeys;
        }

        public List<String> getGeneratedKeys() {
            return this.generatedKeys;
        }
    }

    public KeyRotationService(KeyStoreFilter keyStoreFilter, KeyStoreGenerator keyStoreGenerator, KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties keyRotationProperties, KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties keyRotationProperties2, KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyRotationProperties keyRotationProperties3) {
        this.keyStoreFilter = keyStoreFilter;
        this.keyStoreGenerator = keyStoreGenerator;
        this.encryptionKeyPairRotationProperties = keyRotationProperties;
        this.signatureKeyPairRotationProperties = keyRotationProperties2;
        this.secretKeyRotationProperties = keyRotationProperties3;
    }

    public KeyRotationResult rotate(StsKeyStore stsKeyStore) {
        return KeyRotationResult.builder().generatedKeys(generateAndAddMissingKeys(stsKeyStore)).removedKeys(removeExpiredKeys(stsKeyStore)).build();
    }

    private List<String> removeExpiredKeys(StsKeyStore stsKeyStore) {
        ArrayList arrayList = new ArrayList();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.Encryption));
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.Signature));
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.SecretKey));
        }
        return arrayList;
    }

    private List<String> removeExpiredKeys(StsKeyStore stsKeyStore, KeyUsage keyUsage) {
        Stream stream = new ArrayList(stsKeyStore.getKeyEntries().values()).stream();
        KeyStoreFilter keyStoreFilter = this.keyStoreFilter;
        keyStoreFilter.getClass();
        return (List) stream.filter(keyStoreFilter::isInvalid).filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == keyUsage;
        }).map(stsKeyEntry2 -> {
            return removeKey(stsKeyStore, stsKeyEntry2);
        }).collect(Collectors.toList());
    }

    private List<String> generateAndAddMissingKeys(StsKeyStore stsKeyStore) {
        List<StsKeyEntry> generateMissingKeys = generateMissingKeys(stsKeyStore.getKeyEntries().values());
        ArrayList arrayList = new ArrayList();
        for (StsKeyEntry stsKeyEntry : generateMissingKeys) {
            stsKeyStore.addKey(stsKeyEntry);
            arrayList.add(stsKeyEntry.getAlias());
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingEncryptionKeys(collection));
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingSignatureKeys(collection));
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingSecretKeys(collection));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingEncryptionKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        Stream<StsKeyEntry> stream = collection.stream();
        KeyStoreFilter keyStoreFilter = this.keyStoreFilter;
        keyStoreFilter.getClass();
        long count = stream.filter(keyStoreFilter::isValid).filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.Encryption;
        }).count();
        for (int i = 0; i < this.encryptionKeyPairRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.Encryption));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingSignatureKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        Stream<StsKeyEntry> stream = collection.stream();
        KeyStoreFilter keyStoreFilter = this.keyStoreFilter;
        keyStoreFilter.getClass();
        long count = stream.filter(keyStoreFilter::isValid).filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.Signature;
        }).count();
        for (int i = 0; i < this.signatureKeyPairRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.Signature));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingSecretKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        Stream<StsKeyEntry> stream = collection.stream();
        KeyStoreFilter keyStoreFilter = this.keyStoreFilter;
        keyStoreFilter.getClass();
        long count = stream.filter(keyStoreFilter::isValid).filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.SecretKey;
        }).count();
        for (int i = 0; i < this.secretKeyRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.SecretKey));
        }
        return arrayList;
    }

    private String removeKey(StsKeyStore stsKeyStore, StsKeyEntry stsKeyEntry) {
        String alias = stsKeyEntry.getAlias();
        stsKeyStore.removeKey(alias);
        return alias;
    }

    private StsKeyEntry generateKey(KeyUsage keyUsage) {
        StsKeyEntry generateSecretKey;
        if (keyUsage == KeyUsage.Signature) {
            generateSecretKey = this.keyStoreGenerator.generateSignKeyPair();
        } else if (keyUsage == KeyUsage.Encryption) {
            generateSecretKey = this.keyStoreGenerator.generateEncryptionKeyPair();
        } else {
            if (keyUsage != KeyUsage.SecretKey) {
                throw new RuntimeException("Unknown KeyUsage: " + keyUsage);
            }
            generateSecretKey = this.keyStoreGenerator.generateSecretKey();
        }
        return generateSecretKey;
    }
}
