package se.swedenconnect.security.credential.container;

import jakarta.annotation.Nonnull;
import jakarta.annotation.Nullable;
import java.security.KeyException;
import java.security.KeyPair;
import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
import java.time.Duration;
import java.time.Instant;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import se.swedenconnect.security.credential.BasicCredential;

/* loaded from: input_file:se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer.class */
public class InMemoryPkiCredentialContainer extends AbstractPkiCredentialContainer {
    private final Map<String, ExtendedBasicCredential> credentials;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:se/swedenconnect/security/credential/container/InMemoryPkiCredentialContainer$ExtendedBasicCredential.class */
    public static class ExtendedBasicCredential extends BasicCredential {
        private final Instant validTo;

        public ExtendedBasicCredential(@Nonnull KeyPair keyPair, @Nonnull String str, @Nullable Duration duration) {
            super(keyPair);
            super.setName(str);
            this.validTo = duration != null ? Instant.now().plusMillis(duration.toMillis()) : null;
        }

        public Instant getExpiryTime() {
            return this.validTo;
        }

        @Override // se.swedenconnect.security.credential.AbstractPkiCredential
        public void setName(@Nonnull String str) {
            throw new IllegalArgumentException("The credential name can not be set");
        }
    }

    public InMemoryPkiCredentialContainer(@Nonnull String str) {
        super(Security.getProvider(str));
        this.credentials = new ConcurrentHashMap();
    }

    public InMemoryPkiCredentialContainer(@Nonnull Provider provider) {
        super(provider);
        this.credentials = new ConcurrentHashMap();
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    @Nonnull
    public String generateCredential(@Nonnull String str) throws KeyException, NoSuchAlgorithmException {
        KeyPair generateKeyPair = getKeyGeneratorFactory(str).getKeyPairGenerator(getProvider()).generateKeyPair();
        String bigInteger = generateAlias().toString(16);
        try {
            this.credentials.put(bigInteger, new ExtendedBasicCredential(generateKeyPair, bigInteger, getKeyValidity()));
            return bigInteger;
        } catch (Exception e) {
            throw new KeyException("Failed to initialize credential", e);
        }
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    @Nonnull
    public ManagedPkiCredential getCredential(@Nonnull String str) throws PkiCredentialContainerException {
        ExtendedBasicCredential extendedBasicCredential = this.credentials.get(str);
        if (extendedBasicCredential == null) {
            throw new PkiCredentialContainerException(String.format("Credential with alias '%s' was not found", str));
        }
        if (!isExpired(str)) {
            return new ManagedPkiCredential(extendedBasicCredential, pkiCredential -> {
                deleteCredential(str);
            }, null);
        }
        deleteCredential(str);
        throw new PkiCredentialContainerException("Requested credential has expired - Destroying credential");
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    public void deleteCredential(@Nonnull String str) {
        this.credentials.remove(str);
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    @Nullable
    public Instant getExpiryTime(@Nonnull String str) throws PkiCredentialContainerException {
        return ((ExtendedBasicCredential) Optional.ofNullable(this.credentials.get(str)).orElseThrow(() -> {
            return new PkiCredentialContainerException("Credential with alias '%s' was not found".formatted(str));
        })).getExpiryTime();
    }

    @Override // se.swedenconnect.security.credential.container.PkiCredentialContainer
    @Nonnull
    public List<String> listCredentials() {
        return this.credentials.keySet().stream().toList();
    }
}
