package org.adorsys.encobject.serverdata;

import com.nimbusds.jose.jwk.JWKSet;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.UUID;
import javax.security.auth.callback.CallbackHandler;
import org.adorsys.encobject.domain.ObjectHandle;
import org.adorsys.encobject.filesystem.FsPersistenceFactory;
import org.adorsys.encobject.service.ContainerExistsException;
import org.adorsys.encobject.service.ContainerPersistence;
import org.adorsys.encobject.service.MissingKeyAlgorithmException;
import org.adorsys.encobject.service.MissingKeystoreAlgorithmException;
import org.adorsys.encobject.service.MissingKeystoreProviderException;
import org.adorsys.encobject.service.ObjectNotFoundException;
import org.adorsys.encobject.service.UnknownContainerException;
import org.adorsys.encobject.service.WrongKeystoreCredentialException;
import org.adorsys.envutils.EnvProperties;
import org.adorsys.jjwk.serverkey.KeyConverter;
import org.adorsys.jjwk.serverkey.KeyStoreUtils;
import org.adorsys.jjwk.serverkey.ServerKeyManager;
import org.adorsys.jjwk.serverkey.ServerKeyPropertiesConstants;
import org.adorsys.jjwk.serverkey.ServerKeysHolder;
import org.adorsys.jjwk.serverkey.SingleKeyUsageSelfSignedCertBuilder;
import org.adorsys.jkeygen.keypair.KeyPairBuilder;
import org.adorsys.jkeygen.keystore.KeyPairData;
import org.adorsys.jkeygen.keystore.KeyPairEntry;
import org.adorsys.jkeygen.keystore.KeystoreBuilder;
import org.adorsys.jkeygen.keystore.SecretKeyData;
import org.adorsys.jkeygen.keystore.SecretKeyEntry;
import org.adorsys.jkeygen.pwd.PasswordCallbackHandler;
import org.adorsys.jkeygen.secretkey.SecretKeyBuilder;
import org.apache.commons.lang3.BooleanUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.juli.JdkLoggerFormatter;
import org.bouncycastle.asn1.x500.X500NameBuilder;
import org.bouncycastle.asn1.x500.style.BCStyle;

/* loaded from: input_file:BOOT-INF/lib/encobject-jcloud-0.8.0.jar:org/adorsys/encobject/serverdata/AbstractServerKeyManagerConfig.class */
public abstract class AbstractServerKeyManagerConfig {
    protected ServerKeyManager serverKeyManager;
    private static int[] keyUsageSignature = {64};
    private static int[] keyUsageEncryption = {32, 16, 8};

    public abstract ServerKeyManager getServerKeyManager();

    protected abstract FsPersistenceFactory getFsPersistenceFactory();

    protected void initServerKeyManager(String str) {
        KeyStore createKeystore;
        ContainerPersistence containerPersistence = getFsPersistenceFactory().getContainerPersistence();
        String envOrSysProp = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_CONTAINER, str + "_serverkey_container");
        if (!containerPersistence.containerExists(envOrSysProp)) {
            try {
                containerPersistence.creteContainer(envOrSysProp);
            } catch (ContainerExistsException e) {
                throw new IllegalStateException(e);
            }
        }
        String envOrSysProp2 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_NAME, str + "_keystore");
        String envOrSysProp3 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYPAIR_NAME, str + " Key Pair");
        String envOrSysProp4 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYALIAS_PREFIX, str + "-");
        String envOrSysProp5 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.KEYSTORE_PASSWORD, true);
        if (StringUtils.isBlank(envOrSysProp5)) {
            throw new IllegalStateException("Missing environment property KEYSTORE_PASSWORD");
        }
        String envOrSysProp6 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.RESET_KEYSTORE, true);
        char[] charArray = envOrSysProp5.toCharArray();
        char[] charArray2 = envOrSysProp5.toCharArray();
        PasswordCallbackHandler passwordCallbackHandler = new PasswordCallbackHandler(charArray);
        PasswordCallbackHandler passwordCallbackHandler2 = new PasswordCallbackHandler(charArray2);
        ObjectHandle objectHandle = new ObjectHandle(envOrSysProp, envOrSysProp2);
        if (BooleanUtils.toBoolean(envOrSysProp6)) {
            createKeystore = createKeystore(envOrSysProp2, passwordCallbackHandler2, envOrSysProp3, envOrSysProp4, passwordCallbackHandler, objectHandle);
        } else {
            try {
                createKeystore = getFsPersistenceFactory().getKeystorePersistence().loadKeystore(objectHandle, passwordCallbackHandler2);
            } catch (IOException | CertificateException | MissingKeyAlgorithmException | MissingKeystoreAlgorithmException | MissingKeystoreProviderException | UnknownContainerException | WrongKeystoreCredentialException e2) {
                throw new IllegalStateException(e2);
            } catch (ObjectNotFoundException e3) {
                createKeystore = createKeystore(envOrSysProp2, passwordCallbackHandler2, envOrSysProp3, envOrSysProp4, passwordCallbackHandler, objectHandle);
            }
        }
        JWKSet exportPrivateKeys = KeyConverter.exportPrivateKeys(createKeystore, charArray2);
        this.serverKeyManager = new ServerKeyManager(new ServerKeysHolder(exportPrivateKeys, exportPrivateKeys.toPublicJWKSet()));
    }

    private KeyStore createKeystore(String str, CallbackHandler callbackHandler, String str2, String str3, CallbackHandler callbackHandler2, ObjectHandle objectHandle) {
        KeyStore newKeystore = newKeystore(Integer.parseInt(EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_SIGN_KEY_COUNT, "5")), Integer.parseInt(EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_ENCRYPT_KEY_COUNT, "5")), Integer.parseInt(EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_SECRET_KEY_COUNT, "5")), str, callbackHandler2, str2, str3);
        try {
            getFsPersistenceFactory().getKeystorePersistence().saveKeyStore(newKeystore, callbackHandler, objectHandle);
            return newKeystore;
        } catch (NoSuchAlgorithmException | CertificateException | UnknownContainerException e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyStore newKeystore(int i, int i2, int i3, String str, CallbackHandler callbackHandler, String str2, String str3) {
        try {
            String envOrSysProp = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_TYPE, "UBER");
            KeystoreBuilder withStoreType = new KeystoreBuilder().withStoreType(envOrSysProp);
            for (int i4 = 0; i4 < i; i4++) {
                withStoreType = withStoreType.withKeyEntry(newKeyPair(str2, str3 + UUID.randomUUID().toString(), callbackHandler, keyUsageSignature));
            }
            for (int i5 = 0; i5 < i2; i5++) {
                withStoreType = withStoreType.withKeyEntry(newKeyPair(str2, str3 + RandomStringUtils.randomAlphanumeric(5).toUpperCase(), callbackHandler, keyUsageEncryption));
            }
            for (int i6 = 0; i6 < i3; i6++) {
                withStoreType = withStoreType.withKeyEntry(newSecretKey(str3 + RandomStringUtils.randomAlphanumeric(5).toUpperCase(), callbackHandler));
            }
            return KeyStoreUtils.loadKeyStore(new ByteArrayInputStream(withStoreType.withStoreId(str).build(callbackHandler)), str, envOrSysProp, callbackHandler);
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    private KeyPairEntry newKeyPair(String str, String str2, CallbackHandler callbackHandler, int[] iArr) {
        String envOrSysProp = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_KEYPAIR_ALGO, "RSA");
        String envOrSysProp2 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_KEYPAIR_SIZE, "2048");
        String envOrSysProp3 = EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_RSA_SIGN_ALGO, "SHA256withRSA");
        return KeyPairData.builder().keyPairs(new SingleKeyUsageSelfSignedCertBuilder().withSubjectDN(new X500NameBuilder(BCStyle.INSTANCE).addRDN(BCStyle.CN, str).build()).withSignatureAlgo(envOrSysProp3).withNotAfterInDays(Integer.valueOf(JdkLoggerFormatter.LOG_LEVEL_WARN)).withCa(false).withKeyUsages(iArr).build(new KeyPairBuilder().withKeyAlg(envOrSysProp).withKeyLength(Integer.valueOf(Integer.parseInt(envOrSysProp2))).build())).passwordSource(callbackHandler).build();
    }

    public static SecretKeyEntry newSecretKey(String str, CallbackHandler callbackHandler) {
        return SecretKeyData.builder().secretKey(new SecretKeyBuilder().withKeyAlg(EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_SECRET_KEY_ALGO, "AES")).withKeyLength(Integer.valueOf(Integer.parseInt(EnvProperties.getEnvOrSysProp(ServerKeyPropertiesConstants.SERVER_KEYSTORE_SECRET_KEY_SIZE, "256")))).build()).alias(str).passwordSource(callbackHandler).build();
    }
}
