package se.swedenconnect.security.credential.container;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.io.IOException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.cert.CertificateException;
import java.util.Objects;
import se.swedenconnect.security.credential.KeyStoreCredential;
import se.swedenconnect.security.credential.PkiCredential;
import se.swedenconnect.security.credential.factory.KeyStoreFactory;
import se.swedenconnect.security.credential.pkcs11.FilePkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.Pkcs11Configuration;
import se.swedenconnect.security.credential.pkcs11.Pkcs11ConfigurationException;

/* loaded from: input_file:se/swedenconnect/security/credential/container/HsmPkiCredentialContainer.class */
public class HsmPkiCredentialContainer extends AbstractKeyStorePkiCredentialContainer {
    public HsmPkiCredentialContainer(@Nonnull Provider provider, @Nonnull String str) throws KeyStoreException {
        super(provider, (String) Objects.requireNonNull(str, "hsmPin must not be null"));
    }

    public HsmPkiCredentialContainer(@Nonnull Pkcs11Configuration pkcs11Configuration, @Nonnull String str) throws KeyStoreException {
        this(((Pkcs11Configuration) Objects.requireNonNull(pkcs11Configuration, "p11Configuration must not be null")).getProvider(), str);
    }

    public HsmPkiCredentialContainer(@Nonnull String str, @Nonnull String str2) throws KeyStoreException {
        this(getProviderFromConfigFile((String) Objects.requireNonNull(str, "p11ConfigurationFile must not be null")), str2);
    }

    @Override // se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
    @Nonnull
    protected KeyStore createKeyStore(@Nonnull Provider provider, @Nullable char[] cArr) throws KeyStoreException {
        try {
            KeyStore keyStore = KeyStore.getInstance(KeyStoreFactory.PKCS11_KEYSTORE_TYPE, provider);
            keyStore.load(null, cArr);
            return keyStore;
        } catch (IOException | NoSuchAlgorithmException | CertificateException e) {
            throw new KeyStoreException("Failed to load PKCS#11 keystore", e);
        }
    }

    @Override // se.swedenconnect.security.credential.container.AbstractKeyStorePkiCredentialContainer
    @Nonnull
    public PkiCredential getCredentialFromAlias(@Nonnull String str) throws PkiCredentialContainerException {
        try {
            KeyStoreCredential keyStoreCredential = new KeyStoreCredential(getKeyStore(), str, getPassword());
            keyStoreCredential.setName(str);
            return keyStoreCredential;
        } catch (Exception e) {
            throw new PkiCredentialContainerException("Failed to load PKCS#11 credential", e);
        }
    }

    @Nonnull
    private static Provider getProviderFromConfigFile(@Nonnull String str) throws KeyStoreException {
        try {
            FilePkcs11Configuration filePkcs11Configuration = new FilePkcs11Configuration(str);
            filePkcs11Configuration.init();
            return filePkcs11Configuration.getProvider();
        } catch (Pkcs11ConfigurationException e) {
            throw new KeyStoreException("Failed to load PKCS#11 provider from " + str, e);
        }
    }
}
