package se.swedenconnect.security.credential.bundle;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.io.IOException;
import java.io.InputStream;
import java.security.KeyException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.cert.CertificateException;
import java.util.HashMap;
import java.util.Objects;
import java.util.function.Function;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.KeyStoreReloader;
import se.swedenconnect.security.credential.PkiCredential;
import se.swedenconnect.security.credential.config.ConfigurationResourceLoader;
import se.swedenconnect.security.credential.config.CredentialBundlesConfiguration;
import se.swedenconnect.security.credential.config.DefaultConfigurationResourceLoader;
import se.swedenconnect.security.credential.factory.KeyStoreFactory;
import se.swedenconnect.security.credential.factory.PkiCredentialFactory;
import se.swedenconnect.security.credential.pkcs11.Pkcs11KeyStoreReloader;

/* loaded from: input_file:se/swedenconnect/security/credential/bundle/ConfigurationCredentialBundleRegistrar.class */
public class ConfigurationCredentialBundleRegistrar implements CredentialBundleRegistrar {
    private static final Logger log = LoggerFactory.getLogger(ConfigurationCredentialBundleRegistrar.class);
    private final CredentialBundlesConfiguration configuration;
    private final ConfigurationResourceLoader resourceLoader;

    /* loaded from: input_file:se/swedenconnect/security/credential/bundle/ConfigurationCredentialBundleRegistrar$FileBasedKeyStoreReloader.class */
    private static class FileBasedKeyStoreReloader implements KeyStoreReloader {
        private final String location;
        private final String password;
        private final ConfigurationResourceLoader resourceLoader;

        public FileBasedKeyStoreReloader(@Nonnull String str, @Nonnull String str2, @Nonnull ConfigurationResourceLoader configurationResourceLoader) {
            this.location = str;
            this.password = str2;
            this.resourceLoader = configurationResourceLoader;
        }

        @Override // se.swedenconnect.security.credential.KeyStoreReloader
        public void reload(@Nonnull KeyStore keyStore) throws KeyStoreException {
            try {
                InputStream stream = this.resourceLoader.getStream(this.location);
                try {
                    keyStore.load(stream, this.password.toCharArray());
                    if (stream != null) {
                        stream.close();
                    }
                } finally {
                }
            } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
                throw new KeyStoreException(e.getMessage(), e);
            }
        }
    }

    public ConfigurationCredentialBundleRegistrar(@Nonnull CredentialBundlesConfiguration credentialBundlesConfiguration) {
        this.configuration = (CredentialBundlesConfiguration) Objects.requireNonNull(credentialBundlesConfiguration, "configuration must not be null");
        this.resourceLoader = new DefaultConfigurationResourceLoader();
    }

    public ConfigurationCredentialBundleRegistrar(@Nonnull CredentialBundlesConfiguration credentialBundlesConfiguration, @Nonnull ConfigurationResourceLoader configurationResourceLoader) {
        this.configuration = (CredentialBundlesConfiguration) Objects.requireNonNull(credentialBundlesConfiguration, "configuration must not be null");
        this.resourceLoader = (ConfigurationResourceLoader) Objects.requireNonNull(configurationResourceLoader, "resourceLoader must not be null");
    }

    public static void loadConfiguration(@Nonnull CredentialBundlesConfiguration credentialBundlesConfiguration, @Nullable ConfigurationResourceLoader configurationResourceLoader, @Nonnull CredentialBundleRegistry credentialBundleRegistry) throws IllegalArgumentException {
        (configurationResourceLoader != null ? new ConfigurationCredentialBundleRegistrar(credentialBundlesConfiguration, configurationResourceLoader) : new ConfigurationCredentialBundleRegistrar(credentialBundlesConfiguration)).register(credentialBundleRegistry);
    }

    @Override // se.swedenconnect.security.credential.bundle.CredentialBundleRegistrar
    public void register(@Nonnull CredentialBundleRegistry credentialBundleRegistry) throws IllegalArgumentException {
        HashMap hashMap = new HashMap();
        HashMap hashMap2 = new HashMap();
        this.configuration.keystore().ifPresent(map -> {
            map.forEach((str, storeConfiguration) -> {
                log.debug("Loading key store for entry '{}' ...", str);
                try {
                    KeyStore loadKeyStore = KeyStoreFactory.loadKeyStore(storeConfiguration, this.resourceLoader);
                    log.debug("Loaded key store for entry '{}', registering it ...", str);
                    credentialBundleRegistry.registerKeyStore(str, loadKeyStore);
                    hashMap.put(str, loadKeyStore);
                    if (KeyStoreFactory.PKCS11_KEYSTORE_TYPE.equalsIgnoreCase(loadKeyStore.getType())) {
                        hashMap2.put(str, new Pkcs11KeyStoreReloader(storeConfiguration.password().toCharArray()));
                    } else {
                        hashMap2.put(str, new FileBasedKeyStoreReloader(storeConfiguration.location().orElse(null), storeConfiguration.password(), this.resourceLoader));
                    }
                } catch (IOException | KeyStoreException | NoSuchProviderException e) {
                    String formatted = "Error while loading key store for entry '%s' - %s".formatted(str, e.getMessage());
                    log.info("{}", formatted, e);
                    throw new IllegalArgumentException(formatted, e);
                }
            });
        });
        this.configuration.pem().ifPresent(map2 -> {
            map2.forEach((str, pemCredentialConfiguration) -> {
                log.debug("Loading PEM credential '{}' ...", str);
                try {
                    PkiCredential createCredential = PkiCredentialFactory.createCredential(pemCredentialConfiguration, this.resourceLoader);
                    log.debug("Loaded credential for entry '{}', registering it ...", str);
                    credentialBundleRegistry.registerCredential(str, createCredential);
                } catch (IOException | KeyException | CertificateException e) {
                    String formatted = "Error while loading credential for entry '%s' - %s".formatted(str, e.getMessage());
                    log.info("{}", formatted, e);
                    throw new IllegalArgumentException(formatted, e);
                }
            });
        });
        this.configuration.jks().ifPresent(map3 -> {
            map3.forEach((str, storeCredentialConfiguration) -> {
                log.debug("Loading JKS credential '{}' ...", str);
                try {
                    ConfigurationResourceLoader configurationResourceLoader = this.resourceLoader;
                    Objects.requireNonNull(hashMap);
                    Function function = (v1) -> {
                        return r2.get(v1);
                    };
                    Objects.requireNonNull(hashMap2);
                    PkiCredential createCredential = PkiCredentialFactory.createCredential(storeCredentialConfiguration, configurationResourceLoader, function, (v1) -> {
                        return r3.get(v1);
                    });
                    log.debug("Loaded credential for entry '{}', registering it ...", str);
                    credentialBundleRegistry.registerCredential(str, createCredential);
                } catch (IOException | KeyStoreException | NoSuchProviderException | CertificateException e) {
                    String formatted = "Error while loading credential for entry '%s' - %s".formatted(str, e.getMessage());
                    log.info("{}", formatted, e);
                    throw new IllegalArgumentException(formatted, e);
                }
            });
        });
    }
}
