package de.adorsys.sts.keymanagement.service;

import de.adorsys.sts.keymanagement.model.KeyUsage;
import de.adorsys.sts.keymanagement.model.StsKeyEntry;
import de.adorsys.sts.keymanagement.model.StsKeyStore;
import de.adorsys.sts.keymanagement.service.KeyManagementProperties;
import de.adorsys.sts.keymanagement.util.DateTimeUtils;
import java.time.Clock;
import java.time.ZoneOffset;
import java.time.ZonedDateTime;
import java.util.HashMap;
import java.util.UUID;
import javax.security.auth.callback.CallbackHandler;
import org.adorsys.jkeygen.keystore.KeyEntry;
import org.adorsys.jkeygen.keystore.KeyPairEntry;
import org.adorsys.jkeygen.keystore.KeyStoreType;
import org.adorsys.jkeygen.keystore.KeystoreBuilder;
import org.adorsys.jkeygen.keystore.SecretKeyEntry;
import org.adorsys.jkeygen.pwd.PasswordCallbackHandler;
import org.apache.commons.lang3.RandomStringUtils;

/* loaded from: input_file:de/adorsys/sts/keymanagement/service/KeyStoreGenerator.class */
public class KeyStoreGenerator {
    private final Clock clock;
    private final KeyPairGenerator encKeyPairGenerator;
    private final KeyPairGenerator signKeyPairGenerator;
    private final SecretKeyGenerator secretKeyGenerator;
    private final KeyStoreType keyStoreType;
    private final String serverKeyPairAliasPrefix;
    private final CallbackHandler keyPassHandler;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyPairProperties encKeyPairsProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.KeyPairProperties signKeyPairsProperties;
    private final KeyManagementProperties.KeyStoreProperties.KeysProperties.SecretKeyProperties secretKeyProperties;

    public KeyStoreGenerator(Clock clock, KeyPairGenerator keyPairGenerator, KeyPairGenerator keyPairGenerator2, SecretKeyGenerator secretKeyGenerator, KeyManagementProperties keyManagementProperties) {
        this.clock = clock;
        this.encKeyPairGenerator = keyPairGenerator;
        this.signKeyPairGenerator = keyPairGenerator2;
        this.secretKeyGenerator = secretKeyGenerator;
        KeyManagementProperties.KeyStoreProperties keystore = keyManagementProperties.getKeystore();
        this.keyStoreType = new KeyStoreType(keystore.getType());
        this.serverKeyPairAliasPrefix = keystore.getAliasPrefix();
        String password = keystore.getPassword();
        this.encKeyPairsProperties = keyManagementProperties.getKeystore().getKeys().getEncKeyPairs();
        this.signKeyPairsProperties = keyManagementProperties.getKeystore().getKeys().getSignKeyPairs();
        this.secretKeyProperties = keyManagementProperties.getKeystore().getKeys().getSecretKeys();
        this.keyPassHandler = new PasswordCallbackHandler(password.toCharArray());
    }

    public StsKeyStore generate() {
        HashMap hashMap = new HashMap();
        try {
            KeystoreBuilder withStoreType = new KeystoreBuilder().withStoreType(this.keyStoreType);
            for (int i = 0; i < this.signKeyPairsProperties.getInitialCount().intValue(); i++) {
                StsKeyEntry generateSignatureKeyEntryForInstantUsage = generateSignatureKeyEntryForInstantUsage();
                KeystoreBuilder withKeyEntry = withStoreType.withKeyEntry(generateSignatureKeyEntryForInstantUsage.getKeyEntry());
                hashMap.put(generateSignatureKeyEntryForInstantUsage.getAlias(), generateSignatureKeyEntryForInstantUsage);
                StsKeyEntry generateSignatureKeyEntryForFutureUsage = generateSignatureKeyEntryForFutureUsage(generateSignatureKeyEntryForInstantUsage.getNotAfter());
                withStoreType = withKeyEntry.withKeyEntry(generateSignatureKeyEntryForFutureUsage.getKeyEntry());
                hashMap.put(generateSignatureKeyEntryForFutureUsage.getAlias(), generateSignatureKeyEntryForFutureUsage);
            }
            for (int i2 = 0; i2 < this.encKeyPairsProperties.getInitialCount().intValue(); i2++) {
                StsKeyEntry generateEncryptionKeyEntryForInstantUsage = generateEncryptionKeyEntryForInstantUsage();
                KeystoreBuilder withKeyEntry2 = withStoreType.withKeyEntry(generateEncryptionKeyEntryForInstantUsage.getKeyEntry());
                hashMap.put(generateEncryptionKeyEntryForInstantUsage.getAlias(), generateEncryptionKeyEntryForInstantUsage);
                StsKeyEntry generateEncryptionKeyEntryForFutureUsage = generateEncryptionKeyEntryForFutureUsage(generateEncryptionKeyEntryForInstantUsage.getNotAfter());
                withStoreType = withKeyEntry2.withKeyEntry(generateEncryptionKeyEntryForFutureUsage.getKeyEntry());
                hashMap.put(generateEncryptionKeyEntryForFutureUsage.getAlias(), generateEncryptionKeyEntryForFutureUsage);
            }
            for (int i3 = 0; i3 < this.secretKeyProperties.getInitialCount().intValue(); i3++) {
                StsKeyEntry generateSecretKeyEntryForInstantUsage = generateSecretKeyEntryForInstantUsage();
                KeystoreBuilder withKeyEntry3 = withStoreType.withKeyEntry(generateSecretKeyEntryForInstantUsage.getKeyEntry());
                hashMap.put(generateSecretKeyEntryForInstantUsage.getAlias(), generateSecretKeyEntryForInstantUsage);
                StsKeyEntry generateSecretKeyEntryForFutureUsage = generateSecretKeyEntryForFutureUsage(generateSecretKeyEntryForInstantUsage.getNotAfter());
                withStoreType = withKeyEntry3.withKeyEntry(generateSecretKeyEntryForFutureUsage.getKeyEntry());
                hashMap.put(generateSecretKeyEntryForFutureUsage.getAlias(), generateSecretKeyEntryForFutureUsage);
            }
            return StsKeyStore.builder().keyEntries(hashMap).keyStore(withStoreType.build()).lastUpdate(now()).build();
        } catch (Exception e) {
            throw new IllegalStateException(e);
        }
    }

    public StsKeyEntry generateKeyEntryForFutureUsage(KeyUsage keyUsage, ZonedDateTime zonedDateTime) {
        StsKeyEntry generateSecretKeyEntryForFutureUsage;
        if (keyUsage == KeyUsage.Encryption) {
            generateSecretKeyEntryForFutureUsage = generateEncryptionKeyEntryForFutureUsage(zonedDateTime);
        } else if (keyUsage == KeyUsage.Signature) {
            generateSecretKeyEntryForFutureUsage = generateSignatureKeyEntryForFutureUsage(zonedDateTime);
        } else {
            if (keyUsage != KeyUsage.SecretKey) {
                throw new RuntimeException("unknown KeyUsage: " + keyUsage.name());
            }
            generateSecretKeyEntryForFutureUsage = generateSecretKeyEntryForFutureUsage(zonedDateTime);
        }
        return generateSecretKeyEntryForFutureUsage;
    }

    public StsKeyEntry generateSignatureKeyEntryForInstantUsage() {
        KeyEntry generateSignKeyPair = generateSignKeyPair();
        ZonedDateTime now = now();
        return StsKeyEntry.builder().alias(generateSignKeyPair.getAlias()).createdAt(now).notBefore(now).validityInterval(this.signKeyPairsProperties.getValidityInterval()).legacyInterval(this.signKeyPairsProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.signKeyPairsProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.signKeyPairsProperties.getLegacyInterval())).keyUsage(KeyUsage.Signature).state(StsKeyEntry.State.VALID).keyEntry(generateSignKeyPair).build();
    }

    public StsKeyEntry generateSignatureKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        KeyEntry generateSignKeyPair = generateSignKeyPair();
        return StsKeyEntry.builder().alias(generateSignKeyPair.getAlias()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.signKeyPairsProperties.getValidityInterval()).legacyInterval(this.signKeyPairsProperties.getLegacyInterval()).keyUsage(KeyUsage.Signature).state(StsKeyEntry.State.CREATED).keyEntry(generateSignKeyPair).build();
    }

    private KeyPairEntry generateSignKeyPair() {
        return this.signKeyPairGenerator.generateSignatureKey(this.serverKeyPairAliasPrefix + UUID.randomUUID().toString(), this.keyPassHandler);
    }

    public StsKeyEntry generateEncryptionKeyEntryForInstantUsage() {
        KeyEntry generateEncryptionKeyPair = generateEncryptionKeyPair();
        ZonedDateTime now = now();
        return StsKeyEntry.builder().alias(generateEncryptionKeyPair.getAlias()).createdAt(now).notBefore(now).validityInterval(this.encKeyPairsProperties.getValidityInterval()).legacyInterval(this.encKeyPairsProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.encKeyPairsProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.encKeyPairsProperties.getLegacyInterval())).keyUsage(KeyUsage.Encryption).state(StsKeyEntry.State.VALID).keyEntry(generateEncryptionKeyPair).build();
    }

    public StsKeyEntry generateEncryptionKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        KeyEntry generateEncryptionKeyPair = generateEncryptionKeyPair();
        return StsKeyEntry.builder().alias(generateEncryptionKeyPair.getAlias()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.encKeyPairsProperties.getValidityInterval()).legacyInterval(this.encKeyPairsProperties.getLegacyInterval()).keyUsage(KeyUsage.Encryption).state(StsKeyEntry.State.CREATED).keyEntry(generateEncryptionKeyPair).build();
    }

    private KeyPairEntry generateEncryptionKeyPair() {
        return this.encKeyPairGenerator.generateEncryptionKey(this.serverKeyPairAliasPrefix + RandomStringUtils.randomAlphanumeric(5).toUpperCase(), this.keyPassHandler);
    }

    public StsKeyEntry generateSecretKeyEntryForInstantUsage() {
        KeyEntry generateSecretKey = generateSecretKey();
        ZonedDateTime now = now();
        return StsKeyEntry.builder().alias(generateSecretKey.getAlias()).createdAt(now).notBefore(now).validityInterval(this.secretKeyProperties.getValidityInterval()).legacyInterval(this.secretKeyProperties.getLegacyInterval()).notAfter(DateTimeUtils.addMillis(now, this.secretKeyProperties.getValidityInterval())).expireAt(DateTimeUtils.addMillis(now, this.secretKeyProperties.getLegacyInterval())).keyUsage(KeyUsage.SecretKey).state(StsKeyEntry.State.VALID).keyEntry(generateSecretKey).build();
    }

    public StsKeyEntry generateSecretKeyEntryForFutureUsage(ZonedDateTime zonedDateTime) {
        KeyEntry generateSecretKey = generateSecretKey();
        return StsKeyEntry.builder().alias(generateSecretKey.getAlias()).createdAt(now()).notBefore(zonedDateTime).validityInterval(this.secretKeyProperties.getValidityInterval()).legacyInterval(this.secretKeyProperties.getLegacyInterval()).keyUsage(KeyUsage.SecretKey).state(StsKeyEntry.State.CREATED).keyEntry(generateSecretKey).build();
    }

    private SecretKeyEntry generateSecretKey() {
        return this.secretKeyGenerator.generate(this.serverKeyPairAliasPrefix + RandomStringUtils.randomAlphanumeric(5).toUpperCase(), this.keyPassHandler);
    }

    private ZonedDateTime now() {
        return this.clock.instant().atZone(ZoneOffset.UTC);
    }
}
