package se.swedenconnect.security.credential;

import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Optional;
import java.util.UUID;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.io.Resource;
import org.springframework.util.Assert;
import se.swedenconnect.security.credential.factory.KeyStoreFactoryBean;
import se.swedenconnect.security.credential.monitoring.DefaultCredentialTestFunction;

/* loaded from: classes3.dex */
public class KeyStoreCredential extends AbstractReloadablePkiCredential {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) KeyStoreCredential.class);
    private String alias;
    private char[] keyPassword;
    private KeyStore keyStore;
    private KeyStoreFactoryBean keyStoreFactory;
    private boolean loaded;
    private char[] password;

    public KeyStoreCredential() {
        this.keyStoreFactory = null;
        this.loaded = false;
    }

    public KeyStoreCredential(KeyStore keyStore, String str, char[] cArr) {
        this.keyStoreFactory = null;
        this.loaded = false;
        setKeyStore(keyStore);
        setAlias(str);
        setKeyPassword(cArr);
    }

    public KeyStoreCredential(Resource resource, String str, String str2, char[] cArr, String str3, char[] cArr2) {
        this.keyStoreFactory = null;
        this.loaded = false;
        setResource(resource);
        setType(str);
        setProvider(str2);
        setPassword(cArr);
        setAlias(str3);
        setKeyPassword(cArr2);
    }

    public KeyStoreCredential(Resource resource, String str, char[] cArr, String str2, char[] cArr2) {
        this(resource, str, null, cArr, str2, cArr2);
    }

    public KeyStoreCredential(Resource resource, char[] cArr, String str, char[] cArr2) {
        this(resource, KeyStore.getDefaultType(), null, cArr, str, cArr2);
    }

    private synchronized void load() throws Exception {
        if (this.loaded) {
            return;
        }
        this.loaded = true;
        if (this.keyStore == null) {
            KeyStoreFactoryBean keyStoreFactoryBean = this.keyStoreFactory;
            if (keyStoreFactoryBean == null) {
                throw new IllegalArgumentException("Missing parameters for creating KeyStore");
            }
            keyStoreFactoryBean.afterPropertiesSet();
            KeyStore keyStore = (KeyStore) this.keyStoreFactory.getObject();
            this.keyStore = keyStore;
            if ("PKCS11".equals(keyStore.getType()) && getTestFunction() == null) {
                DefaultCredentialTestFunction defaultCredentialTestFunction = new DefaultCredentialTestFunction();
                defaultCredentialTestFunction.setProvider((String) Optional.ofNullable(this.keyStore.getProvider()).map(KeyStoreCredential$$ExternalSyntheticLambda2.INSTANCE).orElse(null));
                setTestFunction(defaultCredentialTestFunction);
            }
        }
        loadPrivateKey();
        if (super.getCertificate() == null) {
            Assert.hasText(this.alias, "Property 'alias' must be set");
            X509Certificate x509Certificate = (X509Certificate) this.keyStore.getCertificate(this.alias);
            if (x509Certificate == null) {
                throw new CertificateException("No certificate found at entry " + this.alias);
            }
            setCertificate(x509Certificate);
            log.debug("Certificate loaded from entry '{}'", this.alias);
        }
    }

    private synchronized void loadPrivateKey() throws Exception {
        Assert.hasText(this.alias, "Property 'alias' must be set");
        if (this.keyPassword == null) {
            if (this.password == null) {
                throw new IllegalArgumentException("No key password assigned");
            }
            log.debug("No key password assigned, assuming same password as for keystore ...");
            this.keyPassword = this.password;
        }
        Key key = this.keyStore.getKey(this.alias, this.keyPassword);
        if (!PrivateKey.class.isInstance(key)) {
            throw new KeyStoreException("No private key found at entry " + this.alias);
        }
        super.setPrivateKey((PrivateKey) PrivateKey.class.cast(key));
        log.trace("Private key loaded from entry '{}'", this.alias);
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void afterPropertiesSet() throws Exception {
        load();
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void destroy() {
        char[] cArr = this.password;
        if (cArr != null) {
            Arrays.fill(cArr, (char) 0);
        }
        char[] cArr2 = this.keyPassword;
        if (cArr2 != null) {
            Arrays.fill(cArr2, (char) 0);
        }
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public synchronized X509Certificate getCertificate() {
        if (!this.loaded) {
            log.warn("KeyStoreCredential '{}' has not been loaded ...", getName());
            try {
                load();
            } catch (Exception e) {
                log.error("Failed to load KeyStoreCredential '{}'", getName(), e);
                throw new SecurityException("Failed to load KeyStoreCredential - " + e.getMessage(), e);
            }
        }
        return super.getCertificate();
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    protected String getDefaultName() {
        if (this.alias == null) {
            return "KeyStoreCredential-" + UUID.randomUUID().toString();
        }
        if ("PKCS11".equalsIgnoreCase((String) Optional.ofNullable(this.keyStore).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda0
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                String type;
                type = ((KeyStore) obj).getType();
                return type;
            }
        }).orElse((String) Optional.ofNullable(this.keyStoreFactory).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda4
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                return ((KeyStoreFactoryBean) obj).getType();
            }
        }).orElse(null)))) {
            String str = (String) Optional.ofNullable(this.keyStore).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda1
                @Override // java.util.function.Function
                public final Object apply(Object obj) {
                    Provider provider;
                    provider = ((KeyStore) obj).getProvider();
                    return provider;
                }
            }).map(KeyStoreCredential$$ExternalSyntheticLambda2.INSTANCE).orElse(null);
            if (str == null) {
                str = (String) Optional.ofNullable(this.keyStoreFactory).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda3
                    @Override // java.util.function.Function
                    public final Object apply(Object obj) {
                        return ((KeyStoreFactoryBean) obj).getProvider();
                    }
                }).orElse(null);
            }
            if (str != null) {
                return str + "-" + this.alias;
            }
        }
        return this.alias;
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public synchronized PrivateKey getPrivateKey() {
        if (!this.loaded) {
            log.warn("KeyStoreCredential '{}' has not been loaded ...", getName());
            try {
                load();
            } catch (Exception e) {
                log.error("Failed to load KeyStoreCredential '{}'", getName(), e);
                throw new SecurityException("Failed to load KeyStoreCredential - " + e.getMessage(), e);
            }
        }
        return super.getPrivateKey();
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential, se.swedenconnect.security.credential.PkiCredential
    public PublicKey getPublicKey() {
        X509Certificate certificate = getCertificate();
        if (certificate != null) {
            return certificate.getPublicKey();
        }
        return null;
    }

    @Override // se.swedenconnect.security.credential.ReloadablePkiCredential
    public synchronized void reload() throws Exception {
        KeyStore keyStore = this.keyStore;
        if (keyStore == null) {
            throw new SecurityException("Error in reload - KeyStoreCredential has not been initialized yet");
        }
        if ("PKCS11".equalsIgnoreCase(keyStore.getType())) {
            try {
                Logger logger = log;
                logger.trace("Reloading private key of credential '{}' ...", getName());
                this.keyStore.load(null, this.password);
                loadPrivateKey();
                logger.trace("Reloading private key of credential '{}' successful", getName());
            } catch (Exception e) {
                log.trace("Failed to reload private key - {}", e.getMessage(), e);
                throw e;
            }
        }
    }

    public void setAlias(String str) {
        this.alias = str;
    }

    public void setKeyPassword(char[] cArr) {
        this.keyPassword = (char[]) Optional.ofNullable(cArr).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda5
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                char[] copyOf;
                copyOf = Arrays.copyOf(r1, ((char[]) obj).length);
                return copyOf;
            }
        }).orElse(null);
    }

    public void setKeyStore(KeyStore keyStore) {
        this.keyStore = keyStore;
    }

    public void setPassword(char[] cArr) {
        if (this.keyStoreFactory == null) {
            this.keyStoreFactory = new KeyStoreFactoryBean();
        }
        this.keyStoreFactory.setPassword(cArr);
        this.password = (char[]) Optional.ofNullable(cArr).map(new Function() { // from class: se.swedenconnect.security.credential.KeyStoreCredential$$ExternalSyntheticLambda6
            @Override // java.util.function.Function
            public final Object apply(Object obj) {
                char[] copyOf;
                copyOf = Arrays.copyOf(r1, ((char[]) obj).length);
                return copyOf;
            }
        }).orElse(null);
    }

    public void setPkcs11Configuration(String str) {
        if (this.keyStoreFactory == null) {
            this.keyStoreFactory = new KeyStoreFactoryBean();
        }
        this.keyStoreFactory.setPkcs11Configuration(str);
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void setPrivateKey(PrivateKey privateKey) {
        throw new IllegalArgumentException("Assigning the private key for a KeyStoreCredential is not allowed");
    }

    public void setProvider(String str) {
        if (this.keyStoreFactory == null) {
            this.keyStoreFactory = new KeyStoreFactoryBean();
        }
        this.keyStoreFactory.setProvider(str);
    }

    @Override // se.swedenconnect.security.credential.AbstractPkiCredential
    public void setPublicKey(PublicKey publicKey) {
        throw new IllegalArgumentException("Assigning the public key for a KeyStoreCredential is not allowed");
    }

    public void setResource(Resource resource) {
        if (this.keyStoreFactory == null) {
            this.keyStoreFactory = new KeyStoreFactoryBean();
        }
        this.keyStoreFactory.setResource(resource);
    }

    public void setType(String str) {
        if (this.keyStoreFactory == null) {
            this.keyStoreFactory = new KeyStoreFactoryBean();
        }
        this.keyStoreFactory.setType(str);
    }
}
