package se.swedenconnect.security.credential.container;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.math.BigInteger;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.SecureRandom;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import se.swedenconnect.security.credential.container.keytype.KeyGenType;
import se.swedenconnect.security.credential.container.keytype.KeyPairGeneratorFactory;
import se.swedenconnect.security.credential.container.keytype.KeyPairGeneratorFactoryRegistry;

/* loaded from: input_file:se/swedenconnect/security/credential/container/AbstractPkiCredentialContainer.class */
public abstract class AbstractPkiCredentialContainer implements PkiCredentialContainer {
    private static final Logger log = LoggerFactory.getLogger(AbstractPkiCredentialContainer.class);
    public static final String[] DEFAULT_SUPPORTED_KEY_TYPES = {KeyGenType.EC_P256, KeyGenType.EC_P384, KeyGenType.EC_P521, KeyGenType.RSA_3072, KeyGenType.RSA_4096};
    private final Provider provider;
    private Duration keyValidity = Duration.ofMinutes(15);
    private final SecureRandom RNG = new SecureRandom();
    private List<String> supportedKeyTypes = Arrays.asList(DEFAULT_SUPPORTED_KEY_TYPES);

    public AbstractPkiCredentialContainer(@Nonnull Provider provider) {
        this.provider = (Provider) Objects.requireNonNull(provider, "provider must not be null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public BigInteger generateAlias() {
        return new BigInteger(64, this.RNG);
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    public void cleanup() throws PkiCredentialContainerException {
        if (getKeyValidity() == null) {
            return;
        }
        for (String str : listCredentials()) {
            try {
                if (isExpired(str)) {
                    deleteCredential(str);
                }
            } catch (PkiCredentialContainerException e) {
                log.warn("Failed to clean up credential with alias '{}'", str, e);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean isExpired(@Nonnull String str) throws PkiCredentialContainerException {
        Instant expiryTime = getExpiryTime(str);
        if (expiryTime == null) {
            return false;
        }
        return expiryTime.isBefore(Instant.now());
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    public void setKeyValidity(@Nullable Duration duration) {
        this.keyValidity = duration;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nullable
    public Duration getKeyValidity() {
        return this.keyValidity;
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    public void setSupportedKeyTypes(@Nonnull List<String> list) {
        this.supportedKeyTypes = (List) Optional.ofNullable(list).filter(list2 -> {
            return !list2.isEmpty();
        }).orElseThrow(() -> {
            return new IllegalArgumentException("supportedKeyTypes must not be null or empty");
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public Provider getProvider() {
        return this.provider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Nonnull
    public KeyPairGeneratorFactory getKeyGeneratorFactory(@Nonnull String str) throws NoSuchAlgorithmException {
        try {
            return (KeyPairGeneratorFactory) this.supportedKeyTypes.stream().filter(str2 -> {
                return str2.equalsIgnoreCase(str);
            }).map(KeyPairGeneratorFactoryRegistry::getFactory).findFirst().orElseThrow(() -> {
                return new NoSuchAlgorithmException("%s is not supported by this container".formatted(str));
            });
        } catch (IllegalArgumentException e) {
            throw new NoSuchAlgorithmException("No matching key generation factory found for " + str);
        }
    }
}
