package de.adorsys.sts.keymanagement.service;

import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKSet;
import de.adorsys.sts.common.model.KeyAndJwk;
import de.adorsys.sts.common.util.ImmutableLists;
import de.adorsys.sts.keymanagement.model.KeyState;
import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.ServerKeysHolder;
import de.adorsys.sts.keymanagement.model.StsKeyEntry;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.persistence.KeyStoreRepository;
import de.adorsys.sts.keymanagement.util.StsServerKeyMap;
import java.security.Key;
import java.util.List;
import java.util.function.Predicate;
import java.util.stream.Collectors;

/* loaded from: input_file:BOOT-INF/lib/sts-keymanagement-impl-1.1.25.jar:de/adorsys/sts/keymanagement/service/KeyManagementService.class */
public class KeyManagementService implements ServerKeyMapProvider {
    private static final JWKSet EMPTY_JWK_SET = new JWKSet((List<JWK>) ImmutableLists.emptyList());
    private static final ServerKeysHolder EMPTY_KEYS = new ServerKeysHolder(EMPTY_JWK_SET, EMPTY_JWK_SET);
    private final KeyStoreRepository repository;
    private final KeyConversionService keyConversionService;

    public KeyManagementService(KeyStoreRepository keyStoreRepository, KeyConversionService keyConversionService) {
        this.repository = keyStoreRepository;
        this.keyConversionService = keyConversionService;
    }

    @Override // de.adorsys.sts.keymanagement.service.ServerKeyMapProvider
    public KeyAndJwk randomSecretKey() {
        return getSecretKeys().randomSecretKey();
    }

    @Override // de.adorsys.sts.keymanagement.service.ServerKeyMapProvider
    public KeyAndJwk randomSignKey() {
        return getPrivateKeys().randomSignKey();
    }

    @Override // de.adorsys.sts.keymanagement.service.ServerKeyMapProvider
    public Key getKey(String str) {
        return new StsServerKeyMap(loadKeys().getPrivateKeySet()).getKey(str);
    }

    private ServerKeysHolder loadKeys() {
        return this.repository.exists() ? this.keyConversionService.export(this.repository.load()) : EMPTY_KEYS;
    }

    @Override // de.adorsys.sts.keymanagement.service.ServerKeyMapProvider
    public JWKSet getPublicKeys() {
        if (!this.repository.exists()) {
            return EMPTY_JWK_SET;
        }
        StsKeyStore load = this.repository.load();
        ServerKeysHolder export = this.keyConversionService.export(load);
        List list = (List) load.getEntries().values().stream().filter(this::hasUsablePublicKey).map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.toList());
        return new JWKSet((List<JWK>) export.getPublicKeySet().getKeys().stream().filter(jwk -> {
            return list.contains(jwk.getKeyID());
        }).collect(Collectors.toList()));
    }

    private StsServerKeyMap getPrivateKeys() {
        return new StsServerKeyMap(getFilteredPrivateKeys(this::hasUsablePrivateKey));
    }

    private StsServerKeyMap getSecretKeys() {
        return new StsServerKeyMap(getFilteredPrivateKeys(this::isUsableSecretKey));
    }

    private JWKSet getFilteredPrivateKeys(Predicate<StsKeyEntry> predicate) {
        if (!this.repository.exists()) {
            return EMPTY_JWK_SET;
        }
        StsKeyStore load = this.repository.load();
        ServerKeysHolder export = this.keyConversionService.export(load);
        List list = (List) load.getEntries().values().stream().filter(predicate).map((v0) -> {
            return v0.getAlias();
        }).collect(Collectors.toList());
        return new JWKSet((List<JWK>) export.getPrivateKeySet().getKeys().stream().filter(jwk -> {
            return list.contains(jwk.getKeyID());
        }).collect(Collectors.toList()));
    }

    private boolean hasUsablePublicKey(StsKeyEntry stsKeyEntry) {
        return (stsKeyEntry.getKeyUsage() == KeyUsage.Encryption && stsKeyEntry.getState() == KeyState.VALID) || (stsKeyEntry.getKeyUsage() == KeyUsage.Signature && (stsKeyEntry.getState() == KeyState.VALID || stsKeyEntry.getState() == KeyState.LEGACY));
    }

    private boolean hasUsablePrivateKey(StsKeyEntry stsKeyEntry) {
        return (stsKeyEntry.getKeyUsage() == KeyUsage.Signature && stsKeyEntry.getState() == KeyState.VALID) || (stsKeyEntry.getKeyUsage() == KeyUsage.Encryption && (stsKeyEntry.getState() == KeyState.VALID || stsKeyEntry.getState() == KeyState.LEGACY));
    }

    private boolean isUsableSecretKey(StsKeyEntry stsKeyEntry) {
        return stsKeyEntry.getKeyUsage() == KeyUsage.SecretKey && stsKeyEntry.getState() == KeyState.VALID;
    }
}
