package de.adorsys.docusafe2.business.impl.keystore;

import com.nimbusds.jose.jwk.ECKey;
import com.nimbusds.jose.jwk.JWK;
import com.nimbusds.jose.jwk.JWKMatcher;
import com.nimbusds.jose.jwk.JWKSelector;
import com.nimbusds.jose.jwk.JWKSet;
import com.nimbusds.jose.jwk.KeyUse;
import com.nimbusds.jose.jwk.PasswordLookup;
import com.nimbusds.jose.jwk.RSAKey;
import de.adorsys.common.exceptions.BaseExceptionHandler;
import de.adorsys.common.utils.HexUtil;
import de.adorsys.docusafe2.business.api.keystore.KeyStoreService;
import de.adorsys.docusafe2.business.api.keystore.exceptions.SymmetricEncryptionException;
import de.adorsys.docusafe2.business.api.keystore.types.KeyID;
import de.adorsys.docusafe2.business.api.keystore.types.KeySource;
import de.adorsys.docusafe2.business.api.keystore.types.KeySourceAndKeyID;
import de.adorsys.docusafe2.business.api.keystore.types.KeyStoreAccess;
import de.adorsys.docusafe2.business.api.keystore.types.KeyStoreAuth;
import de.adorsys.docusafe2.business.api.keystore.types.KeyStoreCreationConfig;
import de.adorsys.docusafe2.business.api.keystore.types.KeyStoreType;
import de.adorsys.docusafe2.business.api.keystore.types.PublicKeyJWK;
import de.adorsys.docusafe2.business.api.keystore.types.SecretKeyIDWithKey;
import java.security.KeyStore;
import java.security.cert.Certificate;
import java.security.interfaces.ECPublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Enumeration;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import javax.crypto.SecretKey;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/adorsys/docusafe2/business/impl/keystore/KeyStoreServiceImpl.class */
public class KeyStoreServiceImpl implements KeyStoreService {
    private static final Logger LOGGER = LoggerFactory.getLogger(KeyStoreServiceImpl.class);

    public KeyStore createKeyStore(KeyStoreAuth keyStoreAuth, KeyStoreType keyStoreType, KeyStoreCreationConfig keyStoreCreationConfig) {
        try {
            LOGGER.debug("start create keystore ");
            if (keyStoreCreationConfig == null) {
                keyStoreCreationConfig = new KeyStoreCreationConfig(5, 5, 5);
            }
            String convertBytesToHexString = HexUtil.convertBytesToHexString(UUID.randomUUID().toString().getBytes());
            LOGGER.debug("keystoreid = " + convertBytesToHexString);
            LOGGER.debug("meaning of keystoreid = " + new String(HexUtil.convertHexStringToBytes(convertBytesToHexString)));
            KeyStore generate = new KeyStoreGenerator(keyStoreCreationConfig, keyStoreType, convertBytesToHexString, keyStoreAuth.getReadKeyPassword()).generate();
            LOGGER.debug("finished create keystore ");
            return generate;
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }

    public KeySourceAndKeyID getKeySourceAndKeyIDForPublicKey(KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("getKeySourceAndKeyIDForPublicKey ");
        JWKSet load = load(keyStoreAccess.getKeyStore(), null);
        return new KeySourceAndKeyID(new KeyStoreBasedPublicKeySourceImpl(load), new KeyID(JwkExport.randomKey(selectEncKeys(load)).getKeyID()));
    }

    public PublicKeyJWK getPublicKeyJWK(KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("getPublicKeyJWK ");
        return new PublicKeyJWK(JwkExport.randomKey(selectEncKeys(load(keyStoreAccess.getKeyStore(), null))));
    }

    public KeySource getKeySourceForPrivateKey(KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("get keysource for private key of");
        return new KeyStoreBasedPrivateKeySourceImpl(keyStoreAccess.getKeyStore(), keyStoreAccess.getKeyStoreAuth().getReadKeyPassword());
    }

    public KeySourceAndKeyID getKeySourceAndKeyIDForSecretKey(KeyStoreAccess keyStoreAccess) {
        LOGGER.debug("get keysource for secret key of ");
        return new KeySourceAndKeyID(new KeyStoreBasedSecretKeySourceImpl(keyStoreAccess.getKeyStore(), new PasswordCallbackHandler(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue().toCharArray())), getRandomSecretKeyIDWithKey(keyStoreAccess).getKeyID());
    }

    public SecretKeyIDWithKey getRandomSecretKeyIDWithKey(KeyStoreAccess keyStoreAccess) {
        JWKSet exportKeys = JwkExport.exportKeys(keyStoreAccess.getKeyStore(), new PasswordCallbackHandler(keyStoreAccess.getKeyStoreAuth().getReadKeyPassword().getValue().toCharArray()));
        if (exportKeys.getKeys().isEmpty()) {
            throw new SymmetricEncryptionException("did not find any keys in keystore with id: ");
        }
        try {
            KeyAndJwk randomSecretKey = new ServerKeyMap(exportKeys).randomSecretKey();
            return new SecretKeyIDWithKey(new KeyID(new KeyID(randomSecretKey.jwk.getKeyID()).getValue()), (SecretKey) randomSecretKey.key);
        } catch (IndexOutOfBoundsException e) {
            throw new SymmetricEncryptionException("did not find any secret keys in keystore with id: ");
        }
    }

    private List<JWK> selectEncKeys(JWKSet jWKSet) {
        return new JWKSelector(new JWKMatcher.Builder().keyUse(KeyUse.ENCRYPTION).build()).select(jWKSet);
    }

    private JWKSet load(KeyStore keyStore, PasswordLookup passwordLookup) {
        try {
            LinkedList linkedList = new LinkedList();
            Enumeration<String> aliases = keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                char[] charArray = passwordLookup == null ? "".toCharArray() : passwordLookup.lookupPassword(nextElement);
                Certificate certificate = keyStore.getCertificate(nextElement);
                if (certificate != null) {
                    Certificate[] certificateArr = {certificate};
                    if (certificate.getPublicKey() instanceof RSAPublicKey) {
                        linkedList.add(new RSAKey.Builder(RSAKey.parse(V3CertificateUtils.convert(certificateArr).get(0))).keyID(nextElement).keyStore(keyStore).build());
                    } else if (certificate.getPublicKey() instanceof ECPublicKey) {
                        linkedList.add(new ECKey.Builder(ECKey.parse(V3CertificateUtils.convert(certificateArr).get(0))).keyID(nextElement).keyStore(keyStore).build());
                    }
                }
            }
            JWKSet jWKSet = new JWKSet(linkedList);
            if (jWKSet.getKeys().isEmpty()) {
            }
            return jWKSet;
        } catch (Exception e) {
            throw BaseExceptionHandler.handle(e);
        }
    }
}
