package de.adorsys.sts.keymanagement.service;

import de.adorsys.sts.keymanagement.config.KeyManagementRotationProperties;
import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.StsKeyEntry;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.util.DateTimeUtils;
import java.time.Clock;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import liquibase.sqlgenerator.core.MarkChangeSetRanGenerator;

/* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.28.0.jar:de/adorsys/sts/keymanagement/service/KeyRotationService.class */
public class KeyRotationService {
    private final KeyStoreGenerator keyStoreGenerator;
    private final Clock clock;
    private final KeyManagementRotationProperties.KeyRotationProperties encryptionKeyPairRotationProperties;
    private final KeyManagementRotationProperties.KeyRotationProperties signatureKeyPairRotationProperties;
    private final KeyManagementRotationProperties.KeyRotationProperties secretKeyRotationProperties;

    /* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.28.0.jar:de/adorsys/sts/keymanagement/service/KeyRotationService$KeyRotationResult.class */
    public static class KeyRotationResult {
        private List<String> removedKeys;
        private List<String> futureKeys;
        private List<String> generatedKeys;

        /* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.28.0.jar:de/adorsys/sts/keymanagement/service/KeyRotationService$KeyRotationResult$KeyRotationResultBuilder.class */
        public static class KeyRotationResultBuilder {
            private boolean removedKeys$set;
            private List<String> removedKeys;
            private boolean futureKeys$set;
            private List<String> futureKeys;
            private boolean generatedKeys$set;
            private List<String> generatedKeys;

            KeyRotationResultBuilder() {
            }

            public KeyRotationResultBuilder removedKeys(List<String> list) {
                this.removedKeys = list;
                this.removedKeys$set = true;
                return this;
            }

            public KeyRotationResultBuilder futureKeys(List<String> list) {
                this.futureKeys = list;
                this.futureKeys$set = true;
                return this;
            }

            public KeyRotationResultBuilder generatedKeys(List<String> list) {
                this.generatedKeys = list;
                this.generatedKeys$set = true;
                return this;
            }

            public KeyRotationResult build() {
                List<String> list = this.removedKeys;
                if (!this.removedKeys$set) {
                    list = KeyRotationResult.access$100();
                }
                List<String> list2 = this.futureKeys;
                if (!this.futureKeys$set) {
                    list2 = KeyRotationResult.access$200();
                }
                List<String> list3 = this.generatedKeys;
                if (!this.generatedKeys$set) {
                    list3 = KeyRotationResult.access$300();
                }
                return new KeyRotationResult(list, list2, list3);
            }

            public String toString() {
                return "KeyRotationService.KeyRotationResult.KeyRotationResultBuilder(removedKeys=" + this.removedKeys + ", futureKeys=" + this.futureKeys + ", generatedKeys=" + this.generatedKeys + MarkChangeSetRanGenerator.CLOSE_BRACKET;
            }
        }

        private static List<String> $default$removedKeys() {
            return new ArrayList();
        }

        private static List<String> $default$futureKeys() {
            return new ArrayList();
        }

        private static List<String> $default$generatedKeys() {
            return new ArrayList();
        }

        KeyRotationResult(List<String> list, List<String> list2, List<String> list3) {
            this.removedKeys = list;
            this.futureKeys = list2;
            this.generatedKeys = list3;
        }

        public static KeyRotationResultBuilder builder() {
            return new KeyRotationResultBuilder();
        }

        public List<String> getRemovedKeys() {
            return this.removedKeys;
        }

        public List<String> getFutureKeys() {
            return this.futureKeys;
        }

        public List<String> getGeneratedKeys() {
            return this.generatedKeys;
        }

        static /* synthetic */ List access$100() {
            return $default$removedKeys();
        }

        static /* synthetic */ List access$200() {
            return $default$futureKeys();
        }

        static /* synthetic */ List access$300() {
            return $default$generatedKeys();
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-0.28.0.jar:de/adorsys/sts/keymanagement/service/KeyRotationService$KeyStateUpdates.class */
    public static class KeyStateUpdates {
        public List<StsKeyEntry> newValidKeys;
        public List<StsKeyEntry> newLegacyKeys;
        public List<StsKeyEntry> newExpiredKeys;

        private KeyStateUpdates() {
            this.newValidKeys = new ArrayList();
            this.newLegacyKeys = new ArrayList();
            this.newExpiredKeys = new ArrayList();
        }

        public void merge(KeyStateUpdates keyStateUpdates) {
            this.newValidKeys.addAll(keyStateUpdates.newValidKeys);
            this.newLegacyKeys.addAll(keyStateUpdates.newLegacyKeys);
            this.newExpiredKeys.addAll(keyStateUpdates.newExpiredKeys);
        }
    }

    public KeyRotationService(KeyStoreGenerator keyStoreGenerator, Clock clock, KeyManagementRotationProperties keyManagementRotationProperties) {
        this.keyStoreGenerator = keyStoreGenerator;
        this.clock = clock;
        this.encryptionKeyPairRotationProperties = keyManagementRotationProperties.getEncKeyPairs();
        this.signatureKeyPairRotationProperties = keyManagementRotationProperties.getSignKeyPairs();
        this.secretKeyRotationProperties = keyManagementRotationProperties.getSecretKeys();
    }

    public KeyRotationResult rotate(StsKeyStore stsKeyStore) {
        return KeyRotationResult.builder().generatedKeys(generateAndAddMissingKeys(stsKeyStore)).removedKeys(removeExpiredKeys(stsKeyStore)).futureKeys(createKeysForFutureUsage(stsKeyStore, updateKeyStates(stsKeyStore))).build();
    }

    private List<String> createKeysForFutureUsage(StsKeyStore stsKeyStore, KeyStateUpdates keyStateUpdates) {
        ArrayList arrayList = new ArrayList();
        for (StsKeyEntry stsKeyEntry : keyStateUpdates.newValidKeys) {
            StsKeyEntry generateKeyEntryForFutureUsage = this.keyStoreGenerator.generateKeyEntryForFutureUsage(stsKeyEntry.getKeyUsage(), stsKeyEntry.getNotAfter());
            stsKeyStore.addKey(generateKeyEntryForFutureUsage);
            arrayList.add(generateKeyEntryForFutureUsage.getAlias());
        }
        return arrayList;
    }

    private KeyStateUpdates updateKeyStates(StsKeyStore stsKeyStore) {
        KeyStateUpdates keyStateUpdates = new KeyStateUpdates();
        ZonedDateTime now = now();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            keyStateUpdates.merge(updateEncryptionKeyEntryStates(stsKeyStore, now));
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            keyStateUpdates.merge(updateSignatureKeyEntryStates(stsKeyStore, now));
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            keyStateUpdates.merge(updateSecretKeyEntryStates(stsKeyStore, now));
        }
        return keyStateUpdates;
    }

    private KeyStateUpdates updateEncryptionKeyEntryStates(StsKeyStore stsKeyStore, ZonedDateTime zonedDateTime) {
        return updateKeyEntryStatesForCollection(zonedDateTime, (List) stsKeyStore.getKeyEntries().values().stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.Encryption;
        }).collect(Collectors.toList()));
    }

    private KeyStateUpdates updateSignatureKeyEntryStates(StsKeyStore stsKeyStore, ZonedDateTime zonedDateTime) {
        return updateKeyEntryStatesForCollection(zonedDateTime, (List) stsKeyStore.getKeyEntries().values().stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.Signature;
        }).collect(Collectors.toList()));
    }

    private KeyStateUpdates updateSecretKeyEntryStates(StsKeyStore stsKeyStore, ZonedDateTime zonedDateTime) {
        return updateKeyEntryStatesForCollection(zonedDateTime, (List) stsKeyStore.getKeyEntries().values().stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getKeyUsage() == KeyUsage.SecretKey;
        }).collect(Collectors.toList()));
    }

    private KeyStateUpdates updateKeyEntryStatesForCollection(ZonedDateTime zonedDateTime, List<StsKeyEntry> list) {
        KeyStateUpdates keyStateUpdates = new KeyStateUpdates();
        List<StsKeyEntry> list2 = (List) list.stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getState() == StsKeyEntry.State.CREATED;
        }).filter(stsKeyEntry2 -> {
            return stsKeyEntry2.getNotBefore().isBefore(zonedDateTime);
        }).collect(Collectors.toList());
        for (StsKeyEntry stsKeyEntry3 : list2) {
            ZonedDateTime addMillis = DateTimeUtils.addMillis(zonedDateTime, stsKeyEntry3.getValidityInterval());
            stsKeyEntry3.setNotAfter(addMillis);
            stsKeyEntry3.setExpireAt(DateTimeUtils.addMillis(addMillis, stsKeyEntry3.getValidityInterval()));
            stsKeyEntry3.setState(StsKeyEntry.State.VALID);
        }
        keyStateUpdates.newValidKeys = list2;
        List<StsKeyEntry> list3 = (List) list.stream().filter(stsKeyEntry4 -> {
            return stsKeyEntry4.getState() == StsKeyEntry.State.VALID;
        }).filter(stsKeyEntry5 -> {
            return zonedDateTime.isAfter(stsKeyEntry5.getNotAfter());
        }).collect(Collectors.toList());
        Iterator<StsKeyEntry> it = list3.iterator();
        while (it.hasNext()) {
            it.next().setState(StsKeyEntry.State.LEGACY);
        }
        keyStateUpdates.newLegacyKeys = list3;
        List<StsKeyEntry> list4 = (List) list.stream().filter(stsKeyEntry6 -> {
            return stsKeyEntry6.getState() == StsKeyEntry.State.LEGACY;
        }).filter(stsKeyEntry7 -> {
            return zonedDateTime.isAfter(stsKeyEntry7.getExpireAt());
        }).collect(Collectors.toList());
        Iterator<StsKeyEntry> it2 = list4.iterator();
        while (it2.hasNext()) {
            it2.next().setState(StsKeyEntry.State.EXPIRED);
        }
        keyStateUpdates.newExpiredKeys = list4;
        return keyStateUpdates;
    }

    private List<String> removeExpiredKeys(StsKeyStore stsKeyStore) {
        ArrayList arrayList = new ArrayList();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.Encryption));
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.Signature));
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(removeExpiredKeys(stsKeyStore, KeyUsage.SecretKey));
        }
        return arrayList;
    }

    private List<String> removeExpiredKeys(StsKeyStore stsKeyStore, KeyUsage keyUsage) {
        return (List) new ArrayList(stsKeyStore.getKeyEntries().values()).stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getState() == StsKeyEntry.State.EXPIRED;
        }).filter(stsKeyEntry2 -> {
            return stsKeyEntry2.getKeyUsage() == keyUsage;
        }).map(stsKeyEntry3 -> {
            return removeKey(stsKeyStore, stsKeyEntry3);
        }).collect(Collectors.toList());
    }

    private List<String> generateAndAddMissingKeys(StsKeyStore stsKeyStore) {
        List<StsKeyEntry> generateMissingKeys = generateMissingKeys(stsKeyStore.getKeyEntries().values());
        ArrayList arrayList = new ArrayList();
        for (StsKeyEntry stsKeyEntry : generateMissingKeys) {
            stsKeyStore.addKey(stsKeyEntry);
            arrayList.add(stsKeyEntry.getAlias());
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        if (this.encryptionKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingEncryptionKeys(collection));
        }
        if (this.signatureKeyPairRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingSignatureKeys(collection));
        }
        if (this.secretKeyRotationProperties.isEnabled().booleanValue()) {
            arrayList.addAll(generateMissingSecretKeys(collection));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingEncryptionKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        long count = collection.stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getState() == StsKeyEntry.State.VALID;
        }).filter(stsKeyEntry2 -> {
            return stsKeyEntry2.getKeyUsage() == KeyUsage.Encryption;
        }).count();
        for (int i = 0; i < this.encryptionKeyPairRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.Encryption));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingSignatureKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        long count = collection.stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getState() == StsKeyEntry.State.VALID;
        }).filter(stsKeyEntry2 -> {
            return stsKeyEntry2.getKeyUsage() == KeyUsage.Signature;
        }).count();
        for (int i = 0; i < this.signatureKeyPairRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.Signature));
        }
        return arrayList;
    }

    private List<StsKeyEntry> generateMissingSecretKeys(Collection<StsKeyEntry> collection) {
        ArrayList arrayList = new ArrayList();
        long count = collection.stream().filter(stsKeyEntry -> {
            return stsKeyEntry.getState() == StsKeyEntry.State.VALID;
        }).filter(stsKeyEntry2 -> {
            return stsKeyEntry2.getKeyUsage() == KeyUsage.SecretKey;
        }).count();
        for (int i = 0; i < this.secretKeyRotationProperties.getMinKeys().intValue() - count; i++) {
            arrayList.add(generateKey(KeyUsage.SecretKey));
        }
        return arrayList;
    }

    private String removeKey(StsKeyStore stsKeyStore, StsKeyEntry stsKeyEntry) {
        String alias = stsKeyEntry.getAlias();
        stsKeyStore.removeKey(alias);
        return alias;
    }

    private StsKeyEntry generateKey(KeyUsage keyUsage) {
        StsKeyEntry generateSecretKeyEntryForInstantUsage;
        if (keyUsage == KeyUsage.Signature) {
            generateSecretKeyEntryForInstantUsage = this.keyStoreGenerator.generateSignatureKeyEntryForInstantUsage();
        } else if (keyUsage == KeyUsage.Encryption) {
            generateSecretKeyEntryForInstantUsage = this.keyStoreGenerator.generateEncryptionKeyEntryForInstantUsage();
        } else {
            if (keyUsage != KeyUsage.SecretKey) {
                throw new IllegalArgumentException("Unknown KeyUsage: " + keyUsage);
            }
            generateSecretKeyEntryForInstantUsage = this.keyStoreGenerator.generateSecretKeyEntryForInstantUsage();
        }
        return generateSecretKeyEntryForInstantUsage;
    }

    private ZonedDateTime now() {
        return this.clock.instant().atZone(ZoneOffset.UTC);
    }
}
